Diferencia entre revisiones de «QMp al Jardí Botànic de Barcelona»
De Guifi.net - Wiki Hispano
(→Configuración nodos mesh) |
|||
(No se muestran 5 ediciones intermedias realizadas por 2 usuarios) | |||
Línea 1: | Línea 1: | ||
− | Esta instalación permite a los usuarios | + | Esta instalación permite a los usuarios del [http://guifi.net/bcnjardibotanic Jardí Botànic de Barcelona] conectarse a una red de nodos [[MANET]] en modo [[roaming]] para acceder a una [[aplicación web]] sobre el propio Jardí Botànic. Desde la nube MANET es posible acceder a los servicios de guifi.net. Si el destino es hacia una IP que no sea de Guifi.net es redirigido al [[hotspot]] que lo lleva al [[servidor]]. |
= Estructura básica = | = Estructura básica = | ||
− | * Supernodo Guifi.net con 1 Rocket M5 + 1 Nanobridge 22db + 1 | + | * Supernodo Guifi.net con 1 [[Ubiquiti Rocket M5]] + 1 [[Ubiquiti Nanobridge]] con plato de 22db + 1 [[Mikrotik RouterBoard 750]]GL |
− | * 1 servidor con contenedores openvz accesibles desde guifi.net | + | * 1 servidor con contenedores [[openvz]] accesibles desde guifi.net |
− | * Red | + | * Red MANET con [[qMp]] de inicialmente 3 nodos y en total 6-7. |
= Configuración RB750GL = | = Configuración RB750GL = | ||
Línea 15: | Línea 15: | ||
** Creamos el NAT a la IP válida de guifi que le asignaremos al nodo mesh "NI". | ** Creamos el NAT a la IP válida de guifi que le asignaremos al nodo mesh "NI". | ||
− | = Configuración nodos | + | = Configuración de nodos MANET con qMp = |
− | * La instalación inicial consiste en 3 nodos | + | * La instalación inicial consiste en 3 nodos MANET, 1 que es el que va conectado a la RB que lo llamaremos "NI" (nodo internet). |
* Inicialmente montamos y configuramos todos los nodos por igual: [[Instalaci%C3%B3n_de_qMp_en_RouterStation_Pro]] | * Inicialmente montamos y configuramos todos los nodos por igual: [[Instalaci%C3%B3n_de_qMp_en_RouterStation_Pro]] | ||
* Nos vamos a wizard y los ponemos todos en modo "roaming". | * Nos vamos a wizard y los ponemos todos en modo "roaming". | ||
* Definimos el mismo essid para todos (guifi.net-qMp-JB para la malla mesh a 5GHz wlan0 y JardiBotanic para los AP a 2,4GHz wlan1) | * Definimos el mismo essid para todos (guifi.net-qMp-JB para la malla mesh a 5GHz wlan0 y JardiBotanic para los AP a 2,4GHz wlan1) | ||
* Desactivamos el hotspot en todos los dispositivos mesh (ya que el hotspot lo llevará la RB) | * Desactivamos el hotspot en todos los dispositivos mesh (ya que el hotspot lo llevará la RB) | ||
− | root@qmpc2:~# | + | root@qmpc2:~# /etc/init.d/tinyproxy disable |
− | root@qmpc2:~# | + | root@qmpc2:~# /etc/init.d/tinyproxy stop |
* Añadimos un par de líneas al fichero /etc/hosts | * Añadimos un par de líneas al fichero /etc/hosts | ||
root@qmpc2:~# cat /etc/hosts | root@qmpc2:~# cat /etc/hosts | ||
Línea 51: | Línea 51: | ||
La instalación en realidad no tiene salida a internet, así que tendremos que desactivar el gwck, que es un servicio que verifica cada x tiempo que el nodo tiene salida a internet | La instalación en realidad no tiene salida a internet, así que tendremos que desactivar el gwck, que es un servicio que verifica cada x tiempo que el nodo tiene salida a internet | ||
− | root@qmpc2:~# | + | root@qmpc2:~# /etc/init.d/gwck disable |
− | root@qmpc2:~# | + | root@qmpc2:~# /etc/init.d/gwck stop |
root@qmpc2:~# qmpcontrol offer_default_gw | root@qmpc2:~# qmpcontrol offer_default_gw | ||
Línea 66: | Línea 66: | ||
Y reiniciamos el firewall | Y reiniciamos el firewall | ||
− | root@qmpc2:~# | + | root@qmpc2:~# /etc/init.d/firewall restart |
Ahora podemos entrar a los otros nodos mesh y verificamos que pueden hacer ping a internet. | Ahora podemos entrar a los otros nodos mesh y verificamos que pueden hacer ping a internet. | ||
− | == Mapa | + | == Mapa [[OpenStreetMaps]] == |
En la versión actual de qMp la funcionalidad de mapa aún no funciona en motivo de un bug, pero igualmente los dejaremos preparados para que puedan cargar el mapa OSM sin estar en guifi. | En la versión actual de qMp la funcionalidad de mapa aún no funciona en motivo de un bug, pero igualmente los dejaremos preparados para que puedan cargar el mapa OSM sin estar en guifi. | ||
Línea 105: | Línea 105: | ||
</pre> | </pre> | ||
− | == Configuración hotspot | + | == Hotspot == |
+ | === Configuración del hotspot en la RB (antigua)=== | ||
<pre> | <pre> | ||
Línea 567: | Línea 568: | ||
set accounting=yes default-group=read interim-update=0s use-radius=no | set accounting=yes default-group=read interim-update=0s use-radius=no | ||
</pre> | </pre> | ||
+ | |||
+ | === Configuración del hotspot en las MonsterBox (actual) === | ||
+ | Recuerda que para que funcione el hotspot tienen que estar funcionando todos estos factores: | ||
+ | # Has de estar conectado a la interfaz AP de las [[MonsterBox]] y ésta debe tener el HotSpot activado | ||
+ | # La MonsterBox tiene que poder resolver DNS de internet | ||
+ | ## Debe tener acceso a las otras MonsterBox para llegar hasta internet, aunque sea sólo para esto | ||
+ | ## El DNS debe resolver | ||
+ | # Debe llegar a la red coorporativa | ||
+ | # La máquina virtual http://172.31.5.68 (10.139.6.179) debe estar funcionando | ||
= Agradecimientos/Colaboradores = | = Agradecimientos/Colaboradores = |
Última revisión de 18:13 5 oct 2014
Esta instalación permite a los usuarios del Jardí Botànic de Barcelona conectarse a una red de nodos MANET en modo roaming para acceder a una aplicación web sobre el propio Jardí Botànic. Desde la nube MANET es posible acceder a los servicios de guifi.net. Si el destino es hacia una IP que no sea de Guifi.net es redirigido al hotspot que lo lleva al servidor.
Contenido
Estructura básica
- Supernodo Guifi.net con 1 Ubiquiti Rocket M5 + 1 Ubiquiti Nanobridge con plato de 22db + 1 Mikrotik RouterBoard 750GL
- 1 servidor con contenedores openvz accesibles desde guifi.net
- Red MANET con qMp de inicialmente 3 nodos y en total 6-7.
Configuración RB750GL
- La boca 1 (ether1) se destina a la comunicación con el server, el server y la RB los separan un tramo de fibra óptica.
- Las bocas 2 y 3 se destinan a comunicación del supernodo con guifi
- La boca 5 (wlan4) se destina a la comunicación con los nodos mesh
- Definimos una IP válida de guifi en wlan4
- Creamos el NAT a la IP válida de guifi que le asignaremos al nodo mesh "NI".
Configuración de nodos MANET con qMp
- La instalación inicial consiste en 3 nodos MANET, 1 que es el que va conectado a la RB que lo llamaremos "NI" (nodo internet).
- Inicialmente montamos y configuramos todos los nodos por igual: Instalación_de_qMp_en_RouterStation_Pro
- Nos vamos a wizard y los ponemos todos en modo "roaming".
- Definimos el mismo essid para todos (guifi.net-qMp-JB para la malla mesh a 5GHz wlan0 y JardiBotanic para los AP a 2,4GHz wlan1)
- Desactivamos el hotspot en todos los dispositivos mesh (ya que el hotspot lo llevará la RB)
root@qmpc2:~# /etc/init.d/tinyproxy disable root@qmpc2:~# /etc/init.d/tinyproxy stop
- Añadimos un par de líneas al fichero /etc/hosts
root@qmpc2:~# cat /etc/hosts 127.0.0.1 localhost. 10.228.192.210 openstreetmap.org 10.139.88.73 jardi.botanic.hs
- Añadimos el /etc/hosts a los ficheros a no tocar al hacer un update del sistema (línea 17)
root@qmpc2:~# vi /etc/config/qmp option 'preserve' '/etc/config/qmp /etc/shadow /etc/passwd /etc/rc.local /etc/firewall.user /etc/dropbear/* /etc/config/b6m-spread /etc/hosts'
- Separamos uno que lo llamaremos "GW" o "NI".
Configuración adicional "NI"
Configuración red
- qMp > Xarxa:
- LAN Devices: eth0, eth1 y wlan1
- WAN Devices: eth0
- MESH Devices: wlan0
- qMp > Xarxa > Advanced Networking:
- Force internet: Yes
- Nameservers: Ponemos un DNS válido dentro de guifi.net (recordad, no sale a internet)
- Administració > Xarxa > Interfícies > WAN0:
- La ponemos a estática y definimos la IP que comunicará con la RB
- Reiniciamos el dispositivo
root@qmpc2:~# reboot
Anunciar salida a guifi
La instalación en realidad no tiene salida a internet, así que tendremos que desactivar el gwck, que es un servicio que verifica cada x tiempo que el nodo tiene salida a internet
root@qmpc2:~# /etc/init.d/gwck disable root@qmpc2:~# /etc/init.d/gwck stop root@qmpc2:~# qmpcontrol offer_default_gw
También tendremos que comentar una línea del firewall ( /etc/firewall.user )
root@qmpc2:~# cat /etc/firewall.user # This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. #iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 10.0.0.0/8 -j RETURN iptables -t nat -A POSTROUTING -j MASQUERADE
Y reiniciamos el firewall
root@qmpc2:~# /etc/init.d/firewall restart
Ahora podemos entrar a los otros nodos mesh y verificamos que pueden hacer ping a internet.
Mapa OpenStreetMaps
En la versión actual de qMp la funcionalidad de mapa aún no funciona en motivo de un bug, pero igualmente los dejaremos preparados para que puedan cargar el mapa OSM sin estar en guifi.
En una maquina de guifi que tiene aceso a internet añadimos un nuevo virtualhost de apache con este contenido:
<VirtualHost *:80> ServerName openstreetmap.org ServerAlias *.openstreetmap.org ProxyRequests off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyPass / http://openstreetmap.org/ ProxyPassReverse / http://openstreetmap.org/ </VirtualHost>
y habilitamos proxy_http & reiniciamos apache
root@fermat:~# a2enmod proxy_http && service apache2 restart
en los nodos mesh o en el DNS le decimos que openstreetmap.org en realidad es la IP del servidor al que acabamos de añadir el proxy_http
root@qmpc2:~# cat /etc/hosts 127.0.0.1 localhost. 10.228.192.210 openstreetmap.org
Hotspot
Configuración del hotspot en la RB (antigua)
# jun/29/2012 15:45:36 by RouterOS 5.11 # software id = KQP1-MFE4 # /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 \ name=lan/lan priority=0x8000 protocol-mode=none transmit-hold-count=6 /interface ethernet set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C4:33:48 \ master-port=none mtu=1500 name=ether1 speed=100Mbps set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether2 ;; ROCKET M5 ;; BARCELONA" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:49 master-port=none mtu=1500 name=wlan1 speed=\ 100Mbps set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether3 ;; NANOBRIDGE 5 ;; ZF" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:4A master-port=none mtu=1500 name=wlan2 speed=\ 100Mbps set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether4 ;; ROCKET M2 ;; CLIENTS" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:4B master-port=none mtu=1500 name=wlan3 speed=\ 100Mbps set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether5 ;; NODE MESH" disabled=no full-duplex=yes l2mtu=1598 mac-address=\ 00:0C:42:C4:33:4C master-port=none mtu=1500 name=wlan4 speed=100Mbps /interface ethernet switch set switch1 mirror-source=none mirror-target=none name=switch1 /ip dhcp-server add authoritative=after-2sec-delay bootp-support=static disabled=yes \ interface=wlan4 lease-time=3d name=dhcp2 /ip hotspot profile set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \ http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \ name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \ use-radius=no add dns-name=Jardi.Botanic.hs hotspot-address=10.139.88.73 html-directory=\ hotspot http-cookie-lifetime=4h http-proxy=0.0.0.0:0 login-by=\ cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 \ split-user-domain=no use-radius=no /ip hotspot add disabled=no idle-timeout=5m interface=wlan4 keepalive-timeout=none name=\ hotspot1 profile=hsprof1 /ip hotspot user profile set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\ 100 status-autorefresh=1m transparent-proxy=no add idle-timeout=none keepalive-timeout=45m name=Intranet_JB shared-users=2 \ status-autorefresh=1m transparent-proxy=no /ip ipsec proposal set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \ name=default pfs-group=modp1024 /ip pool add name=dhcp_wlan3 ranges=10.228.199.68-10.228.199.126 add name=hs-pool-5 ranges=10.139.88.74-10.139.88.78 /ip dhcp-server add address-pool=dhcp_wlan3 authoritative=after-2sec-delay bootp-support=\ static disabled=no interface=wlan3 lease-time=1h name=dhcp1 add address-pool=hs-pool-5 authoritative=after-2sec-delay bootp-support=\ static disabled=no interface=wlan4 lease-time=1h name=dhcp3 /ppp profile set default change-tcp-mss=yes name=default only-one=default use-compression=\ default use-encryption=default use-mpls=default use-vj-compression=\ default set default-encryption change-tcp-mss=yes name=default-encryption only-one=\ default use-compression=default use-encryption=yes use-mpls=default \ use-vj-compression=default /queue type set default kind=pfifo name=default pfifo-limit=50 set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50 set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \ sfq-perturb=5 set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \ red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10 set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\ 5 set only-hardware-queue kind=none name=only-hardware-queue set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\ multi-queue-ethernet-default set default-small kind=pfifo name=default-small pfifo-limit=10 /routing bgp instance set default as=35670 client-to-client-reflection=yes disabled=no \ ignore-as-path-len=no name=default out-filter=ospf-out \ redistribute-connected=yes redistribute-ospf=no redistribute-other-bgp=\ yes redistribute-rip=no redistribute-static=no router-id=10.228.199.33 \ routing-table="" /routing ospf instance set default disabled=no distribute-default=never in-filter=ospf-in \ metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\ auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \ redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \ redistribute-rip=no redistribute-static=no router-id=0.0.0.0 /routing ospf area set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\ default /snmp set contact=guifi@guifi.net enabled=yes engine-id="" location=BCNJardiBotanic \ trap-target=0.0.0.0 trap-version=1 /snmp community set public address=0.0.0.0/0 authentication-password="" \ authentication-protocol=MD5 encryption-password="" encryption-protocol=\ DES name=public read-access=yes security=none write-access=no /system logging action set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \ disk-stop-on-full=no name=disk target=disk set echo name=echo remember=yes target=echo set remote bsd-syslog=no name=remote remote-port=514 syslog-facility=daemon \ syslog-severity=auto target=remote /system routerboard settings set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\ 400MHz force-backup-booter=no silent-boot=no set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\ 400MHz force-backup-booter=no silent-boot=no /user group set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\ eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\ ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\ winbox,password,web,sniff,sensitive,api" skin=default /interface bridge port add disabled=no edge=auto external-fdb=auto horizon=none interface=ether1 \ path-cost=10 point-to-point=auto priority=0x80 add disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 \ path-cost=10 point-to-point=auto priority=0x80 /interface bridge settings set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ no /interface ethernet switch port set ether1 vlan-mode=disabled set wlan1 vlan-mode=disabled set wlan2 vlan-mode=disabled set wlan3 vlan-mode=disabled set wlan4 vlan-mode=disabled set switch1_cpu vlan-mode=disabled /interface l2tp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=\ default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled /interface ovpn-server server set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:5C:FA:D4:61:97 \ max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no /interface pptp-server server set authentication=mschap1,mschap2 default-profile=default-encryption \ enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled /interface sstp-server server set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\ default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\ disabled port=443 verify-client-certificate=no /ip accounting set account-local-traffic=no enabled=no threshold=256 /ip accounting web-access set accessible-via-web=no address=0.0.0.0/0 /ip address add address=192.168.1.19/24 comment=BACKUP disabled=no interface=ether1 \ network=192.168.1.0 add address=10.228.199.33/29 disabled=no interface=lan/lan network=\ 10.228.199.32 add address=172.25.48.169/29 comment=\ "ROCKET M5 ;; BARCELONA peer_bcnrossello208" disabled=no interface=wlan1 \ network=172.25.48.168 add address=172.25.48.177/29 comment="ROCKET M2 ;; CLIENTS" disabled=no \ interface=wlan3 network=172.25.48.176 add address=10.228.199.65/26 comment="CLIENTS NETWORK" disabled=no interface=\ wlan3 network=10.228.199.64 add address=172.25.48.185/29 comment="NANOBRIDGE ZF" disabled=no interface=\ wlan2 network=172.25.48.184 add address=10.228.199.34/29 disabled=yes interface=lan/lan network=\ 10.228.199.32 add address=172.31.5.5/24 comment="LAN INTERNA JARDI BOTANIC" disabled=no \ interface=ether1 network=172.31.5.0 add address=10.139.6.177/28 comment=SERVERS disabled=no interface=ether1 \ network=10.139.6.176 add address=10.228.201.225/29 comment="CLIENTS T1 ;; TEMPORAL" disabled=no \ interface=wlan1 network=10.228.201.224 add address=172.25.49.145/29 comment="WDS BCNOSI52" disabled=no interface=\ wlan1 network=172.25.49.144 add address=172.25.32.29/30 comment=MESSHHH disabled=yes interface=wlan4 \ network=172.25.32.28 add address=10.139.88.73/29 comment=MESSHHH disabled=no interface=wlan4 \ network=10.139.88.72 add address=172.30.93.114/16 comment=MESSSSSSSSSSSHHHHHHHHHHHHH disabled=no \ interface=wlan4 network=172.30.0.0 /ip dhcp-client add comment="default configuration" default-route-distance=1 disabled=yes \ interface=ether1 add default-route-distance=0 disabled=yes interface=wlan4 /ip dhcp-server config set store-leases-disk=5m /ip dhcp-server lease add address=10.139.88.74 disabled=yes mac-address=00:15:6D:C9:C1:C2 server=\ dhcp3 /ip dhcp-server network add address=10.139.88.72/29 comment="hotspot network" gateway=10.139.88.73 add address=10.228.199.64/26 dns-server=10.228.199.65 domain=guifi.net \ gateway=10.228.199.65 add address=172.25.32.28/30 gateway=172.25.32.29 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 servers=172.30.22.1,10.139.6.130 /ip dns static add address=192.168.88.1 disabled=no name=router ttl=1d /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \ tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \ tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \ tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s /ip firewall filter add action=passthrough chain=unused-hs-chain comment=\ "place hotspot rules here" disabled=yes add action=reject chain=input comment="no permetre acces xarxa jb" disabled=\ no dst-address=172.31.5.0/24 in-interface=wlan2 reject-with=\ icmp-net-prohibited src-address=10.0.0.0/8 add action=reject chain=input comment="no permetre acces xarxa jb" disabled=\ no dst-address=172.31.5.0/24 in-interface=wlan1 reject-with=\ icmp-net-prohibited src-address=10.0.0.0/8 /ip firewall nat add action=src-nat chain=srcnat comment=old disabled=yes dst-address=\ !172.16.0.0/12 protocol=!ospf src-address=172.16.0.0/12 to-addresses=\ 10.228.199.33 add action=src-nat chain=srcnat comment=old disabled=yes dst-address=\ !192.168.0.0/16 src-address=192.168.0.0/16 to-addresses=10.228.199.33 add action=src-nat chain=srcnat disabled=no dst-address=!172.16.0.0/12 \ protocol=!ospf src-address=172.16.0.0/12 to-addresses=10.228.199.33 add action=src-nat chain=srcnat disabled=no dst-address=!192.168.0.0/16 \ src-address=192.168.0.0/16 to-addresses=10.228.199.33 add action=dst-nat chain=dstnat comment="ROCKET M5" disabled=no dst-address=\ 10.228.199.34 to-addresses=172.25.48.171 add action=dst-nat chain=dstnat comment=NANOBRIDGE disabled=no dst-address=\ 10.228.199.35 to-addresses=172.25.48.187 add action=dst-nat chain=dstnat comment="ROCKET M2" disabled=no dst-address=\ 10.228.199.36 to-addresses=172.25.48.178 add action=dst-nat chain=dstnat comment="NANOBRIDGE ZF TEMPORAL" disabled=yes \ dst-address=10.228.199.37 to-addresses=172.25.48.188 add action=dst-nat chain=dstnat comment=MESSSHHHH disabled=no dst-address=\ 10.228.199.37 to-addresses=10.139.88.74 add action=passthrough chain=unused-hs-chain comment=\ "place hotspot rules here" disabled=yes add action=masquerade chain=srcnat disabled=yes out-interface=wlan4 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=yes src-address=172.25.32.28/30 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=yes src-address=10.139.88.72/29 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=no src-address=10.139.88.72/29 /ip firewall service-port set ftp disabled=no ports=21 set tftp disabled=no ports=69 set irc disabled=no ports=6667 set h323 disabled=no set sip disabled=no ports=5060,5061 sip-direct-media=yes set pptp disabled=no /ip hotspot ip-binding add comment=JM disabled=yes mac-address=00:19:D2:BE:C9:CB type=bypassed add comment=Black disabled=yes mac-address=00:21:6A:A5:21:78 type=bypassed /ip hotspot service-port set ftp disabled=no ports=21 /ip hotspot user add disabled=no name=admin password=1234 profile=Intranet_JB /ip hotspot walled-garden add action=allow comment="place hotspot rules here" disabled=yes /ip hotspot walled-garden ip add action=accept comment="permetre acc\E9s al server" disabled=no \ dst-address=10.139.6.179 server=hotspot1 add action=accept comment="permetre acc\E9s a guifi" disabled=no dst-address=\ 10.0.0.0/8 server=hotspot1 add action=accept comment="permetre acc\E9s a la RB" disabled=no dst-address=\ 10.139.88.73 server=hotspot1 /ip neighbor discovery set ether1 disabled=yes set wlan1 disabled=no set wlan2 disabled=no set wlan3 disabled=no set wlan4 disabled=no set lan/lan disabled=no /ip proxy set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \ cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\ 600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \ parent-proxy-port=0 port=8080 serialize-connections=no src-address=\ 0.0.0.0 /ip service set telnet disabled=no port=23 set ftp disabled=no port=21 set www disabled=no port=80 set ssh disabled=no port=22 set www-ssl certificate=none disabled=yes port=443 set api disabled=yes port=8728 set winbox disabled=no port=8291 /ip socks set connection-idle-timeout=2m enabled=no max-connections=200 port=1080 /ip ssh set forwarding-enabled=no /ip traffic-flow set active-flow-timeout=30m cache-entries=4k enabled=no \ inactive-flow-timeout=15s interfaces=all /ip upnp set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes /mpls set dynamic-label-range=16-1048575 propagate-ttl=yes /mpls interface add disabled=no interface=all mpls-mtu=1508 /mpls ldp set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \ lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \ use-explicit-null=no /port firmware set directory=firmware /ppp aaa set accounting=yes interim-update=0s use-radius=no /queue interface set ether1 queue=ethernet-default set wlan1 queue=ethernet-default set wlan2 queue=ethernet-default set wlan3 queue=ethernet-default set wlan4 queue=ethernet-default /radius incoming set accept=no port=3799 /routing bfd interface set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5 /routing bgp network add disabled=no network=10.228.199.32/29 synchronize=yes add disabled=no network=10.228.199.64/26 synchronize=yes add disabled=no network=10.228.201.224/29 synchronize=yes add disabled=no network=10.139.6.176/28 synchronize=yes /routing bgp peer add address-families=ip as-override=no default-originate=never disabled=no \ hold-time=3m in-filter=ospf-in instance=default multihop=no name=\ BCNrossello208RB1100 nexthop-choice=default out-filter=ospf-out passive=\ no remote-address=172.25.48.170 remote-as=26325 remove-private-as=no \ route-reflect=no tcp-md5-key="" ttl=1 use-bfd=no add address-families=ip as-override=no default-originate=never disabled=no \ hold-time=3m in-filter=ospf-in instance=default multihop=no name=\ BCNosi52RB750 nexthop-choice=default out-filter=ospf-out passive=no \ remote-address=172.25.49.146 remote-as=38104 remove-private-as=no \ route-reflect=no tcp-md5-key="" ttl=1 use-bfd=no /routing filter add action=discard chain=ebgp-in comment=\ "1. Discard insert non 10.x routes from BGP peer" disabled=yes \ invert-match=no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=discard chain=ebgp-out comment=\ "2. Discard send non 10.x routes to BGP peer" disabled=yes invert-match=\ no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=accept chain=ospf-in comment=\ "3. Accept insert 10.x routes from OSPF neighbor" disabled=yes \ invert-match=no prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-in comment=\ "4. Accept insert 172.x routes from OSPF neighbor" disabled=yes \ invert-match=no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-in comment=\ "5. Discard insert non 10.x and 172.x from OSPF neighbor" disabled=yes \ invert-match=no add action=accept chain=ospf-out comment=\ "6. Allow send 10.x routes to OSPF neighbor" disabled=yes invert-match=no \ prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-out comment=\ "7. Allow send 172.x routes to OSPF neighbor" disabled=yes invert-match=\ no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-out comment=\ "8. Discard send non 10.x and 172.x to OSPF neighbor" disabled=yes \ invert-match=no add action=discard chain=ebgp-in comment=\ "1. Discard insert non 10.x routes from BGP peer" disabled=no \ invert-match=no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=discard chain=ebgp-out comment=\ "2. Discard send non 10.x routes to BGP peer" disabled=no invert-match=no \ prefix=!10.0.0.0/8 prefix-length=!8-32 add action=accept chain=ospf-in comment=\ "3. Accept insert 10.x routes from OSPF neighbor" disabled=no \ invert-match=no prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-in comment=\ "4. Accept insert 172.x routes from OSPF neighbor" disabled=no \ invert-match=no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-in comment=\ "5. Discard insert non 10.x and 172.x from OSPF neighbor" disabled=no \ invert-match=no add action=accept chain=ospf-out comment=\ "6. Allow send 10.x routes to OSPF neighbor" disabled=no invert-match=no \ prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-out comment=\ "7. Allow send 172.x routes to OSPF neighbor" disabled=no invert-match=no \ prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-out comment=\ "8. Discard send non 10.x and 172.x to OSPF neighbor" disabled=no \ invert-match=no /routing mme set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \ gateway-selection=no-gateway origination-interval=5s preferred-gateway=\ 0.0.0.0 timeout=1m ttl=50 /routing ospf interface add authentication=none authentication-key="" authentication-key-id=1 cost=10 \ dead-interval=40s disabled=no hello-interval=10s instance-id=0 \ network-type=default passive=no priority=1 retransmit-interval=5s \ transmit-delay=1s use-bfd=no /routing rip set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \ metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \ redistribute-connected=no redistribute-ospf=no redistribute-static=no \ routing-table=main timeout-timer=3m update-timer=30s /store add disabled=no disk=system name=web-proxy1 type=web-proxy /system clock set time-zone-name=manual /system clock manual set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\ "jan/01/1970 00:00:00" time-zone=+00:00 /system console add disabled=no term=vt102 /system health set /system identity set name=BCNJardiBotanic-RB750 /system logging add action=memory disabled=no prefix="" topics=info add action=memory disabled=no prefix="" topics=error add action=memory disabled=no prefix="" topics=warning add action=echo disabled=no prefix="" topics=critical /system note set note="" show-at-login=yes /system ntp client set enabled=yes mode=unicast primary-ntp=10.138.27.98 secondary-ntp=\ 10.138.27.194 /system resource irq set 0 cpu=auto set 1 cpu=auto /system upgrade mirror set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\ 0.0.0.0 user="" /system watchdog set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ none watchdog-timer=yes /tool bandwidth-server set allocate-udp-ports-from=2000 authenticate=no enabled=yes max-sessions=100 /tool e-mail set address=0.0.0.0 from=<> password="" port=25 user="" /tool graphing set page-refresh=300 store-every=5min /tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes /tool mac-server set (unknown) disabled=no interface=wlan1 set (unknown) disabled=no interface=wlan2 set (unknown) disabled=no interface=wlan3 set (unknown) disabled=no interface=wlan4 /tool mac-server ping set enabled=yes /tool sms set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" /tool sniffer set file-limit=1000KiB file-name="" filter-stream=yes interface=all \ memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\ no streaming-server=0.0.0.0 /tool traffic-generator set latency-distribution-scale=10 test-id=0 /user aaa set accounting=yes default-group=read interim-update=0s use-radius=no
Configuración del hotspot en las MonsterBox (actual)
Recuerda que para que funcione el hotspot tienen que estar funcionando todos estos factores:
- Has de estar conectado a la interfaz AP de las MonsterBox y ésta debe tener el HotSpot activado
- La MonsterBox tiene que poder resolver DNS de internet
- Debe tener acceso a las otras MonsterBox para llegar hasta internet, aunque sea sólo para esto
- El DNS debe resolver
- Debe llegar a la red coorporativa
- La máquina virtual http://172.31.5.68 (10.139.6.179) debe estar funcionando
Agradecimientos/Colaboradores
- p4u: qMp
- joanm: xsf
- pablog: marsupi
- al: marsupi
- Blackhold: marsupi