Mikrotik GRE szívás

Urak,

Már két napja szívok egy GRE tunnellel, ami kiépül és tudok mindent ott pingelni, de valamiért nem tudok egy weblapot sem megnyitni a túloldalon. MTU-val próbálkoztam, de semmi eredménye nem volt. Van valami épkézláb ötlet, amit kipróbálhatnék?

Itt a konfig:

[admin@MikroTik] > export
# jan/13/2014 11:05:22 by RouterOS 6.7
# software id = NT31-Y7JL
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=1Gbps
set [ find default-name=ether2 ] name=ether2-master-local speed=1Gbps
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local speed=1Gbps
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local speed=1Gbps
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local speed=1Gbps
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=\
ether1-gateway name=Telekom password=valami use-peer-dns=yes user=\
xxx@fixip
/ip neighbor discovery
set Telekom discover=no
/interface gre
add local-address=195.xx.xx.xx name=B remote-address=195.xx.xx.157
/ip neighbor discovery
set BHT discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=172.xx.xx.1/24 comment="default configuration" interface=\
ether2-master-local network=172.xx.xx.0
add address=30.xx.xx.14/30 interface=B network=30.xx.xx.12
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-relay
add dhcp-server=10.xx.xx.xx8 disabled=no interface=ether2-master-local name=\
"IP helper B"
/ip dhcp-server config
set store-leases-disk=1m
/ip dns
set allow-remote-requests=yes servers=84.2.44.1,84.2.46.1
/ip dns static
add address=172.xx.xx.1 name=router
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add action=add-dst-to-address-list chain=output content="530 Login incorrect" \
dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list chain=output content="530 Login incorrect" \
dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=drop chain=input comment=" drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input comment=" " connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input comment=" " connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input comment=" " connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input comment=" " connection-state=new \
dst-port=22 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=Telekom to-addresses=0.0.0.0
/ip proxy
set parent-proxy=0.0.0.0
/ip route
add distance=1 dst-address=10.xx.1.0/24 gateway=30.xx.xx.13
add distance=1 dst-address=10.xx.3.0/24 gateway=30.xx.xx.13
add distance=1 dst-address=10.xx.1.0/24 gateway=30.xx.xx.13
add distance=1 dst-address=10.xx.3.0/24 gateway=30.xx.xx.13
add distance=1 dst-address=10.xx.9.0/24 gateway=30.xx.xx.13
/ip service
set api disabled=yes
/ip smb
set domain=Workgroup enabled=yes
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=MikroTik_B
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set Telekom disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
set BHT disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp=148.6.0.1
/tool sniffer
set filter-interface=ether3-slave-local filter-mac-address=\
00:00:00:00:00:00/00:00:00:00:00:00 filter-stream=yes
[admin@MikroTik] >

4161 megtekintés

Ha a mikrotik helyére betolsz egy sima mezei linuxot akkor jól működik?
Ha ott sem akkor tcpdump + wireshark-kal ess neki :)
Ha igen akkor mikrotik környékén lesz a nyűg...
---------------------------------------------------
Hell is empty and all the devils are here.
-- Wm. Shakespeare, "The Tempest"

0 szavazat

A hozzászóláshoz be kell jelentkezni

Nem tudok most linuxot betolni, mert nincs itt olyan gép....
biztosan a Mikrotikkal lehet a gond, mert van egy másik ilyen tunneljük, ami megy rendesen. Ott Netscreen van.

0 szavazat