viss02
Član broj: 100217 Poruke: 340 *.dynamic.sbb.rs.
|
Zdravo,
Imam neki cudan problem, naime imam utisak kao da mikrotik sam izlazi na internet i pristupa nekim IP adresama.
Konfiguracija je ovakva:
wan1
wan2
|
|
Mikrotik 1 (onaj sa koga je log)
|
|
Mikrotik 2 --- Neki serveri (naj koji pravi konekcije)
|
|
Mikrotik 3 --- Ostatak mreze
Mikrotik 1 je load balanc-er i fail-over, jedino na njemu imam nat pravila.
Mikrotik 2 je tu da bude izmedju servera i MT 3 na kome je ostata mreze i tu je haos :)
Ne znam koji me je djavo terao, ali jedne noci na MT1 napravim pravila da se loguje sav saobracaj sa 192.168.0.0/24, 192.168.1.0/24 i 192.168.168.2.0/24
Inace ove klase koristim samo za opremu, nema korisnika, i bla bla, znaci samo MT i ubiquiti.
Posle nekog vremena udjem u log i imam sta da vidim :) evo ga deo log-a.
Feb/02/2016 21:35:36 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:46406->5.9.89.229:80, len 52
Feb/02/2016 21:35:38 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:43771->5.22.190.103:443, len 52
Feb/02/2016 21:35:52 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:46406->5.9.89.229:80, len 52
Feb/02/2016 21:36:08 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:43771->5.22.190.103:443, len 52
Feb/02/2016 21:36:25 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:46406->5.9.89.229:80, len 52
Feb/02/2016 21:39:44 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN,PSH), 192.168.0.101:44780->31.13.91.36:443, len 1262
Feb/02/2016 21:40:49 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN,PSH), 192.168.0.101:53026->31.13.91.6:443, len 574
Feb/02/2016 21:45:00 firewall,info forward: in:ether5 - Izlaz out:ether2 - WAN1, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,RST), 192.168.1.254:49863->54.68.121.62:80, len 40
Feb/02/2016 21:51:15 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,RST), 192.168.1.254:49878->37.187.167.43:1935, len 40
Feb/02/2016 22:54:09 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN,PSH), 192.168.0.101:35440->31.13.91.2:443, len 128
Feb/02/2016 23:11:59 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN,PSH), 192.168.0.101:41820->31.13.64.37:443, len 128
Feb/02/2016 23:48:40 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (RST), 192.168.0.100:37586->5.22.190.209:443, len 40
Feb/02/2016 23:49:52 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (RST), 192.168.0.100:45711->216.58.209.174:443, len 40
Feb/03/2016 00:02:27 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:32846->216.58.211.10:443, len 52
Feb/03/2016 00:02:27 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:60017->216.58.209.194:443, len 52
Feb/03/2016 00:02:28 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:60017->216.58.209.194:443, len 52
Feb/03/2016 00:02:28 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:32846->216.58.211.10:443, len 52
Feb/03/2016 00:02:28 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:60017->216.58.209.194:443, len 52
Feb/03/2016 00:02:29 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:32846->216.58.211.10:443, len 52
Feb/03/2016 00:02:30 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:60017->216.58.209.194:443, len 52
Feb/03/2016 00:02:31 firewall,info forward: in:ether5 - Izlaz out:ether3 - WAN2, src-mac 00:0c:xx:xx:xx:xx, proto TCP (ACK,FIN), 192.168.0.101:32846->216.58.211.10:443, len 52
Mac adresa (deo sam sakrio) je ista ona koju MT2 ima na interfejsu kojim je povezan sa MT1.
Na mrezi nemam uredjaj kome je dodeljena IP adresa 192.168.0.101 niti 192.168.0.100 koja se pominje u log-u. Ponekad, mada retko, vidim i 192.168.1.254.
O ovim adresama ne znam nista (ne odgovaraju na ping, nema ih u arp-u). Mikrotik Cloud je iskljucen svuda, discovery je svuda iskljucen. Na MT2 nemam masquerade, web proxy je iskljucen. Svi mikrotikovi su routerboard modeli, osim jednog koji je x86 ali nije pirat. Verzije su ponegde 5.26, na vecini je 6.nesto.
Da li neko moze da mi kaze o cemu se radi?
|