[问题] ROS 双PPPOE指定设备出口与HAIRPIN NAT qscgy4 PTT批踢踢实业坊

[问题] ROS 双PPPOE指定设备出口与HAIRPIN NAT

楼主: qscgy4 (有点厉害) 2022-03-22 16:42:29

是这样，
我有个RB750Gr3，
架构大概如下，
https://imgur.com/PMakKy6
我希望手机在内网，
可以透过 my_domain_B 连回NAS，
可是摸了好几天还是不会弄，
请求协助。
/ip firewall address-list
add address=192.168.1.0/24 list=LAN_IP
add address=my_domain_A list=WAN_IP
add address=my_domain_B list=NEXTCLOUD_WAN_IP
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 \
new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe1_conn \
new-routing-mark=normal_wan passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 \
new-connection-mark=pppoe2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe2_conn \
new-routing-mark=nextcloud_wan passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="HAIRPIN NAT" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Local to WAN" out-interface-list=\
WAN
add action=masquerade chain=srcnat comment="Local to LAN" disabled=yes \
out-interface-list=LAN
add action=dst-nat chain=dstnat comment="IP CAM_WANin" dst-address-list=\
WAN_IP dst-port=9999 protocol=tcp to-addresses=192.168.1.7 to-ports=8888
add action=dst-nat chain=dstnat comment=NextCloud_WANin dst-address-list=\
NEXTCLOUD_WAN_IP dst-port=80 protocol=tcp to-addresses=192.168.1.12 \
to-ports=80
add action=dst-nat chain=dstnat dst-address-list=NEXTCLOUD_WAN_IP dst-port=\
443 protocol=tcp to-addresses=192.168.1.12 to-ports=443
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=normal_wan
add distance=1 gateway=pppoe-out2 routing-mark=nextcloud_wan
add distance=1 gateway=pppoe-out1
add distance=2 gateway=pppoe-out2
/ip route rule
add src-address=192.168.1.12/32 table=nextcloud_wan
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1 password=USRPWD1 \
use-peer-dns=yes user=USER1
add disabled=no interface=ether1 name=pppoe-out2 password=USRPWD2 \
use-peer-dns=yes user=USER2

作者: lianpig5566 (家庭教师杀手里包恩) 2022-03-22 17:09:00

没特殊需求的话，直接去设static dns，把该domain直接对应到internal ip会不会比较快？https://i.imgur.com/NSJS8ph.png 我自己是设MANGLE

作者: tomsawyer (安安) 2022-03-23 07:43:00

你是要全指给nas还是单port? 这好像会有loopback问题

作者: fonzae (fonzae) 2022-03-24 01:37:00

无法理解，为何要dual wan去转送，没意义https://i.imgur.com/HrAIEzp.jpg相同桥接，进来的位置若属于local一率转送内部srv

继续阅读

[问题] 3层楼mesh选择shenzue [情报]到PC买DLINK M32送1000P币chung23058 [问题] 多隔间路由器选择paipai8 [业代] 凯擘-北桃园-有线电视/网络方案rexlook [情报] Cyclops Blink攻击受影响的华硕无线APEijiHoba [问题] 租屋处网络选择w320230 [情报] MOD接在ASUS XD6 MESH子机的设定方式fizecat [问题] 想买totolink wifi路由器还有后门问题吗dinosaur8484 [问题] 小乌龟底下两台AP两个网段互通疑问DsLove710 Fw: [新闻] 俄国僵尸网络程式瞄准华硕路由器GrandPrix