Нет маршрутизации между VLANами

Тема в разделе "Маршрутизация", создана пользователем Gungster, 24 дек 2018.

  1. Gungster

    Gungster Новый участник

    Собственно настроил кучку VLANов, присвоил адреса, поднял DHCP сервер для VLANов. Компы кахдого из VLANов получают адреса, видят друг друга, можно выходить в тырнет, а вот компы из соседних VLANов не видно и шлюзы VLANов тоже не видно. Если делать трассировку до хостов в соседнем VLANе, то трафик улетает в тырнет через шлюз 213.79.123.113, а вот где моя ошибка - вот это для меня вопрос.

    Код:
    [sysadmin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0    ;;; Emergency RDP 1C
      chain=dstnat action=netmap to-addresses=192.168.0.4 to-ports=3389 protocol=tcp in-interface=ether3-WAN3 dst-port=60086 log=no log-prefix=""

1    ;;; Emergency RDP Autodealer
      chain=dstnat action=netmap to-addresses=192.168.0.241 to-ports=3389 protocol=tcp in-interface=ether4-WAN4 dst-port=60087 log=no log-prefix=""

2    ;;; to SecurOS Mobile Client
      chain=dstnat action=netmap to-addresses=192.168.102.10 to-ports=7777 protocol=tcp in-interface=ether2-WAN2 dst-port=7777

3    chain=srcnat action=masquerade to-addresses=192.168.210.2 out-interface=all-ppp log=no log-prefix=""

4    chain=srcnat action=src-nat to-addresses=213.79.123.121 out-interface=ether1-WAN1

5    chain=srcnat action=src-nat to-addresses=213.79.123.120 out-interface=ether2-WAN2

6    chain=srcnat action=src-nat to-addresses=213.79.123.119 out-interface=ether3-WAN3

7    chain=srcnat action=src-nat to-addresses=213.79.123.118 out-interface=ether4-WAN4
[sysadmin@MikroTik] > ip firewall filter pri
Flags: X - disabled, I - invalid, D - dynamic
0    ;;; BOGON Drop
      chain=input action=drop src-address-list=BOGON in-interface=ether1-WAN1 log=no log-prefix=""

1    ;;; BOGON Drop
      chain=input action=drop src-address-list=BOGON in-interface=ether4-WAN4 log=no log-prefix=""

2    ;;; BOGON Drop
      chain=input action=drop src-address-list=BOGON in-interface=ether3-WAN3 log=no log-prefix=""

3    ;;; BOGON Drop
      chain=input action=drop src-address-list=BOGON in-interface=ether2-WAN2 log=no log-prefix=""

4    ;;; Ping
      chain=input action=accept protocol=icmp log=no log-prefix=""

5    ;;; DNS
      chain=input action=accept protocol=udp in-interface-list=!lst-WAN dst-port=53 log=no log-prefix=""

6    ;;; L2TP
      chain=input action=accept protocol=udp in-interface=ether1-WAN1 dst-port=1701 log=no log-prefix=""

7    chain=forward action=accept out-interface=all-ppp log=no log-prefix=""

8    chain=input action=accept connection-state=established,related log=no log-prefix=""

9    chain=forward action=accept connection-state=established,related log=no log-prefix=""

10    ;;; Access to Mikrotik only from our local network
      chain=input action=accept src-address=192.168.0.0/16 log=no log-prefix=""

11 XI  ;;; Access to Internet from our local network
      chain=forward action=accept src-address=192.168.0.0/16 log=no log-prefix=""

12    chain=forward action=accept connection-state=established,related log=no log-prefix=""

13 XI  chain=forward action=accept dst-address=192.168.0.0/16 log=no log-prefix=""

14    chain=input action=drop connection-state=invalid log=no log-prefix=""

15    chain=input action=drop connection-state=new in-interface=!CISCO3750 log=no log-prefix=""

[sysadmin@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0    chain=prerouting action=mark-connection new-connection-mark=con-WAN1 src-address-list=LA

1    chain=prerouting action=mark-connection new-connection-mark=con-WAN2 src-address-list=IP

2    chain=prerouting action=mark-connection new-connection-mark=con-WAN3 src-address-list=AS

3    chain=prerouting action=mark-connection new-connection-mark=con-WAN4 src-address-list=AA

4    chain=prerouting action=mark-routing new-routing-mark=WAN1 passthrough=yes src-address-list=LA connection-mark=con-WAN1 in-interface-list=!lst-WAN

5    chain=prerouting action=mark-routing new-routing-mark=WAN2 passthrough=yes src-address-list=IP connection-mark=con-WAN2 in-interface-list=!lst-WAN

6    chain=prerouting action=mark-routing new-routing-mark=WAN3 passthrough=yes src-address-list=AS connection-mark=con-WAN3 in-interface-list=!lst-WAN

7    chain=prerouting action=mark-routing new-routing-mark=WAN4 passthrough=yes src-address-list=AA connection-mark=con-WAN4 in-interface-list=!lst-WAN

8    chain=prerouting action=mark-routing new-routing-mark=rm_to_G passthrough=yes dst-address=192.168.32.0/24 log=no log-prefix=""

9    chain=prerouting action=mark-routing new-routing-mark=rm_to_M passthrough=yes dst-address=192.168.37.0/24 log=no log-prefix=""

10    chain=prerouting action=mark-routing new-routing-mark=rm_to_PZ passthrough=yes dst-address=192.168.34.0/24 log=no log-prefix=""

11    chain=prerouting action=mark-routing new-routing-mark=rm_to_U passthrough=yes dst-address=192.168.38.0/24 log=no log-prefix=""

12    chain=prerouting action=mark-routing new-routing-mark=rm_to_Uc passthrough=yes dst-address=192.168.36.0/24 log=no log-prefix=""

13    chain=prerouting action=mark-routing new-routing-mark=rm_to_S passthrough=yes dst-address=192.168.35.0/24 log=no log-prefix=""

14    chain=prerouting action=mark-routing new-routing-mark=rm_to_A passthrough=yes dst-address=192.168.31.0/24 log=no log-prefix=""

15    chain=prerouting action=mark-routing new-routing-mark=rm_to_H passthrough=yes dst-address=192.168.39.0/24 log=no log-prefix=""

[sysadmin@MikroTik] >
[sysadmin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0 A S  0.0.0.0/0                          213.79.123.113%...        1
1 A S  0.0.0.0/0                          213.79.123.113%...        1
2 A S  0.0.0.0/0                          213.79.123.113%...        1
3 A S  0.0.0.0/0                          213.79.123.113%...        1
12 A S  0.0.0.0/0                          213.79.123.113%...        1
                                           213.79.123.113%...
                                           213.79.123.113%...
                                           213.79.123.113%...
13 ADC  192.168.0.0/24     192.168.0.254   bridge-VLAN0              0
14 ADC  192.168.2.0/24     192.168.2.254   bridge-VLAN2              0
15 ADC  192.168.3.0/24     192.168.3.254   bridge-VLAN3              0
16 ADC  192.168.15.0/24    192.168.15.254  bridge-VLAN15             0
17 ADC  192.168.100.0/24   192.168.100.254 bridge-VLAN100            0
18 ADC  192.168.101.0/24   192.168.101.254 bridge-VLAN101            0
19 ADC  192.168.102.0/24   192.168.102.254 bridge-VLAN102            0
20 ADC  192.168.210.0/24   192.168.210.254 bridge-VLAN210            0
21 ADC  192.168.220.0/24   192.168.220.254 ether5                    0
22 ADC  213.59.123.113/32  213.79.123.121  ether1-WAN1               0
                                           ether2-WAN2      
                                           ether3-WAN3      
                                           ether4-WAN4
     
    Gungster, 24 дек 2018
    #1
    Модернизация IT-инфраструктуры сети магазинов
    Модернизация IT-инфраструктуры сети магазинов
    Проект создания беспроводной сети wi-fi в ресторане
    Проект создания беспроводной сети wi-fi в ресторане
    Wi-Fi в аренду для презентации
    Wi-Fi в аренду для презентации