¹ÌÅ©·Îƽ RB4011 °øÀ¯±â - CRS305 ½ºÀ§Ä¡ ÇÏ´Ü¿¡ ¹°¸° NAS Æ÷Æ®Æ÷¿öµù ¾î·Æ±º¿ä.
안녕하세요!
위 그림과 같이 설치...사실 선만 연결되어 있습니다. RB4011과 CRS305는 SFP+로 연결되어 있고 CRS305와 나스, 맥미니도 SFP+로 연결되어 있습니다.
현재 가장 시급히 해야 할 것이 외부에서 나스로 접근하기 위한 포트포워딩입니다.
전에 넷기어 R7000 공유기 사용시에는 공유기와 나스가 다이렉트로 연결되어 있어서 포트포워딩에 어려움이 없었습니다만,
미크로틱 설정메뉴도 매우 낯설고, 또 공유기와 나스 사이에 CRS305도 연결되어 있어서 포트포워딩을 어디서부터 시작해야할 지 난감합니다.ㅠ
1. 포트포워딩 설정시. RB4011 공유기 뿐만 아니라 CRS305 스위치도 해줘야 하는가요?
RB4011 공유기 설정메뉴 어디에서도 나스의 IP 주소나 Mac 주소가 보이지 않아 CRS305에서도 설정을 해줘야 하는지 의문이 듭니다.
2. 예를 들어 RB4011 공유기의 IP가 X.X.X.1, 공유기 Gateway가 X.X.X.2, CRS305가 X.X.X.3, 나스가 X.X.X.4 이라고 가정하면,
설정을 어떻게 해줘야 할까요?
이 계통에는 완전 초보라 고수님들의 귀한 답변을 고대합니다. 답변 미리 깊히 감사드립니다.^^
±×³É ¾ÆÀÌÇǸ¸ ºÐ¸®ÇØÁÖ´Â ½ºÀ§Ä¡¶ó¸é »óÀ§ÀÇ ¶ó¿ìÅ͸¦ ¸¸Á®ÁÖ¼¼¾ßµÇ±¸¿ä
4011Àº ´ç¿¬È÷ Æ÷¿öµùÇØÁּžߵDZ¸¿ä~
305´Â Á¦°¡ ±â±â¸¦ À߸ð¸£Áö¸¸ ½ºÀ§Ä¡¸ðµå¶ó°íÇÑ´Ù¸é ¾ÈÇØÁּŵµµÇ±¸¿ä
¶Ç ´Ù½Ã ³»ºÎ¸ÁÀ» ¸¸µå´Â ¼¼ÆÃÀ̶ó¸é À̰͵µ Æ÷¿öµùÇØÁּžߵ˴ϴÙ~
2¹øÀ̶ó°íÇÑ´Ù¸é ¾Æ¸¶µµ 4011 È¥ÀÚ ¶ó¿ìÆÃÀ» ±¸¼ºÇϴ°Ͱ°Àºµ¥ ÀϹÝÀûÀ¸·Î 4011¸¸ ¼¼ÆÃÇØÁֽɵ˴ϴÙ
¹ÌÅ©·ÎƽÀº ¿£ÅÍÇÁ¶óÀÌÁî±Þ Àåºñ·Î ¾ÆÀÌÇÇŸÀÓó·³ ¸¸¸¸ÇÏ°Ô º¸½Ã¸é ¾ÈµÇ´Âµ¥.. (±×·¡µµ ¹ÌÅ©·ÎƽÀº ½¬¿îÆíÀÔ´Ï´Ù.)
³×Æ®¿öÅ© Áö½Äµµ ¾øÀÌ ¹ÌÅ©·ÎƽÀ» ¼ÂÆÃÇÏ´Â°Ç °ÅÀÇ ºÒ°¡´ÉÇÕ´Ï´Ù.
¹ÌÅ©·Îƽ ROS¿¡¼´Â ½ºÀ§Ä¡¸¦ ¶ó¿ìÅÍ·Î »ç¿ëÇÒ ¼ö ÀÖ±ä ÇÏÁö¸¸ º¸ÅëÀº ÀÌ·¸°Ô »ç¿ëÇÏÁö ¾Ê½À´Ï´Ù. (½ºÀ§Ä¡´Â ½ºÀ§Ä¡ÀÏ »Ó..)
µû¶ó¼ ½ºÀ§Ä¡¿¡¼´Â Æ÷Æ®Æ÷¿öµùÀ» ¼³Á¤ÇÒ ¼ö ¾ø½À´Ï´Ù. (ÇÒ ÇÊ¿äµµ ¾ø°í¿ä.)
RB4011¿¡¼¸¸ Æ÷Æ®Æ÷¿öµù ¼³Á¤ÇÏ¸é µË´Ï´Ù.
RB4011¿¡ ³ª½º°¡ ´ÙÀÌ·ºÆ®·Î ¹°¸°°Ô ¾Æ´Ï´Ï ÀÎÅÍÆäÀ̽º ¸®½ºÆ®¿¡ º¸ÀÌÁö ¾Ê´Â°Ç ´ç¿¬ÇÕ´Ï´Ù.
DHCP¸¦ »ç¿ëÇϽô°Š°°À¸´Ï DHCP ¼¹ö¿¡¼ ¾ÆÀÌÇǸ¦ º¸½Ã¸é µË´Ï´Ù.
2¹ø.
Æ÷Æ®Æ÷¿öµùÀº IP Firewall¿¡¼ dst-nat·Î ¼³Á¤ÇÏ½Ã¸é µÇ´Âµ¥,
³»ºÎ¿¡¼ ¿ÜºÎ¾ÆÀÌÇÇ·Î Á¢¼ÓÇÒ ¶§ ÆÐŶÀÌ Æó±âµÇ´Â Çö»óÀ» ¸·À¸·Á¸é
src-natÀ¸·Î Çì¾îÇÉ ¼ÂÆà Ãß°¡ÀûÀ¸·Î ÇØÁà¾ß ÇÕ´Ï´Ù.
NAT ¼ÂÆÃ
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
Æ÷Æ®Æ÷¿öµù
http://www.mikrotik.co.kr/tn/?mod=document&uid=47&page_id=1569
Çì¾îÇÉ
http://www.mikrotik.co.kr/wiki/index.php/%EB%A9%94%EB%89%B4%EC%96%BC:Hairpin_NAT
´Ù¸¥°Ô ±Ã±ÝÇÏ¸é °ø½Ä À§Å° Âü°íÇϼ¼¿ä.
https://wiki.mikrotik.com/wiki/Manual:TOC
¹ÌÅ©·Îƽ¿¡¼ IGMP°¡ ¾ÈµÇ´Â°Ç ¾Æ´Ñµ¥ °øÀθÁ¿¡ ¹°·Á¾ß ¾ÈÁ¤ÀûÀÔ´Ï´Ù.
¸ÕÀú, ºí·Î±× ±Û¿¡¼ ù ¹ø° ¼³Á¤³»¿ëÀº ¾îµð¿¡ ÇÊ¿äÇÑ °ÍÀÎÁö¿ä? WANÀ¸·Î ¼³Á¤ÇÏ¸é ºÓÀº ±Û¾¾·Î ¿¡·¯°¡ ³ª°í Bridge·Î ¼³Á¤Ç϶ó°í ¾È³»¸¦ Çϴµ¥ ¹«¾ùÀÌ ¹®Á¦Àϱî¿ä?
IP>Firewall>NAT> "+"·Î RuleÀ» Ãß°¡ÇÑ´Ù.
1. General TAB, Chain : srcnat, Out.Interface : WAN(Modem°ú ¿¬°áµÈ Æ÷Æ® ÁöÁ¤)
2. Action TAB, Action : masquerade
µÑ°·Î, ¸»¾¸ÇϽŠ³»¿ë´ë·Î ¼³Á¤À» ¸¶ÃÆÁö¸¸ ¿©ÀüÈ÷ Æ÷Æ®Æ÷¿öµùÀº ¾ÈµÇ°í ÀÖ½À´Ï´Ù. Ȥ½Ã ´õ ¼ÕºÁ¾ß ÇÒ °÷Àº ¾øÀ»±î¿ä? ´ä´äÇÑ ¸¶À½¿¡ ¶Ç ºÎŹÀ» µå¸³´Ï´Ù. °¨»çÇÕ´Ï´Ù.^^
Æ÷Æ®Æ÷¿öµù¼³Á¤Àº ºí·Î±× ÇØ´ç±Û ¾Æ·¡ ºÎºÐ¿¡ ³ª¿Í ÀÖ½À´Ï´Ù.
¾Æ ±×¸®°í NAT¼³Á¤¿¡¼ ¾Æ¿ôÀÎÅÍÆäÀ̽º´Â KT ModemÀÌ ¿¬°áµÈ Æ÷Æ®¸¦ ÁöÁ¤ÇØÁּžßÇÕ´Ï´Ù. Àú °°Àº°æ¿ì ºê¸´Áö·Î ¼³Á¤ÇÏ°í À̸§À» WanÀ¸·Î ÇÑ °Í »ÓÀ̰ŵç¿ä. ºê¸´Áö ¼³Á¤À» ¾ÈÇÏ¼Ì´Ù¸é ±×³É ÇØ´ç Æ÷Æ®¸¦ ÁöÁ¤ÇÏ½Ã¸é µË´Ï´Ù.
¾Æ·¡ ÅؽºÆ®´Â ¼³Á¤°ªÀ» ExportÇØ º» °ÍÀÔ´Ï´Ù. Æ÷Æ®Æ÷¿öµùÀº ¸Å¿ì ´Ü¼øÇѵ¥ Ȥ½Ã Æ÷Æ®Æ÷¿öµù ¸»°í ´Ù¸¥ ºÎºÐ¿¡¼ À߸ø ¼³Á¤µÈ °ÍÀº ¾øÀ»±î¿ä?
¿¹¸¦ µé¸é Æ÷Æ®ÀÇ ±ÇÇÑ ¶Ç´Â ¿ëµµ µî¿¡ ÀÖ¾î¼ À߸øÀÌ ÀִٰųªÇÏ´Â...
Âü°í·Î 4011°ú 305´Â SFP+·Î µ¿Ãà ÄÉÀ̺í·Î ¿¬°áµÇ¾î ÀÖ°í, 305 ÇÏ´Ü¿¡ ³ª½º¿Í PC°¡ ¿ª½Ã SFP+ Áöºò ±¤ÄÉÀ̺í·Î ºÙ¾î ÀÖ½À´Ï´Ù.
¾Æ¹«¸® Çصµ ¾ÈµÇ¾î º°ÀǺ° »ý°¢ÀÌ ´Ù µì´Ï´Ù¸¸...
¼³¸¶ 4011ÀÌ °¡Á¤¿ëÀ̶ó Firewall¿¡¼ ¹º°¡ µðÆúÆ®·Î Á¦ÇÑÀ» °É¾î³õ´Â °ÍÀº ¾Æ´Ï°ÚÁö¿ä?
±×¸®°í ¹ÌÅ©·Îƽ ½º¸¶Æ®Æù ¾îÇÿ¡¼ µ¿ÀϸÁ ¿ÍÀÌÆÄÀÌ¿¡ ¿¬°áµÈ »óÅ¿¡¼ °øÀ¯±â(192.168.88.1)¿¡ Á¢±ÙÀÌ °¡´ÉÇѵ¥,
¿ÜºÎ ȸ¼±(LTE)·Î KT °øÀÎIP(¿¹¸¦ µé¸é, 14.42.xxx.xxx)¿¡ Á¢±ÙÇÏ·ÁÇϸé Á¢±ÙÀÌ ¾ÈµÇ°í Àִµ¥, ¹«¾ð°¡ ´Ü¼°¡ µÇÁö ¾ÊÀ»±î¿ä?
µÎ¼¾øÀÌ »ý°¢³ª´Â ´ë·Î Àû½À´Ï´Ù. ÀÌÇظ¦ ºÎŹµå¸³´Ï´Ù. °¨»çÇÕ´Ï´Ù.
# dec/22/2019 23:37:44 by RouterOS 6.46.1
# software id = xxxxxx
#
# model = RB4011iGS+5HacQ2HnD
# serial number = xxxxxxxxx
/interface bridge
add admin-mac=xxxxxxxxxxxx auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="korea republic" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge secondary-channel=auto \
ssid=JH-Mik5G wireless-protocol=802.11
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="korea republic" disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=JH-Mik2.4G wireless-protocol=\
802.11
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
xxxxxxxxxxxx wpa2-pre-shared-key=xxxxxxxxxxxxxxxx
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
!192.168.88.1 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=Https dst-address=!192.168.88.1 \
dst-address-type=local dst-port=443 protocol=tcp to-addresses=\
192.168.88.249 to-ports=443
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=80 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
/system clock
set time-zone-name=Asia/Seoul
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
DHCP Client¿¡ µé¾î°¡¼ ¹ÌÅ©·ÎƽÀÌ ¹ÞÀº ¾ÆÀÌÇÇ°¡ 192.168·Î ½ÃÀÛÇÏ´ÂÁö È®ÀÎÇغ¸¼¼¿ä.
¸Â´Ù¸é KT ¸ðµ©À» ºê¸´Áö¸ðµå·Î ¹Ù²ãº¸¼¼¿ä
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=Http dst-address=!192.168.88.1 \
dst-address-type=local dst-port=80 protocol=tcp to-addresses=\
192.168.88.249 to-ports=80
¿©±â¼ to-ports°¡ µÑ´Ù 80À¸·Î µÇÀִµ¥ ÀüÀÚ¸¦ 8080À¸·Î ¼öÁ¤Çغ¸¼¼¿ä.
(»ç½Ç dst-port¿Í to-ports°¡ °°´Ù¸é to-ports´Â ¾È½áµµ µÇ±ä ÇÕ´Ï´Ù.)