Chirurgia spinală minim invazivă
Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical. Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale. www.neurohope.ro |
Infrastructura pentru 3 IP-uri publice
Last Updated: Feb 28 2022 01:30, Started by
Dalvi
, Feb 20 2021 11:51
·
0
#1
Posted 20 February 2021 - 11:51
Buna,
Suntem o firma mica cu resurse si skill-uri minimale. Avem 3 IP-uri publice, prin PPPoE. Configuratia actuala e asa: ONT -> Switch - 3 routere consumer care fac PPPoE si de acolo clienti Initial am nimerit la RDS un tehnician OK care mi-a deblocat 3 porturi pe ONT (Huawei) si am scapat de switch-ul de dupa. Cel curent a zis ca NU se poate. ONT-ul e in modul bridge. Mai am un cisco catalyst 2960s-48fps mostenit. Si nu ma prea pricep la manageriat switch-uri. Imi inchipui ca pot separa grupuri de porturi pe el. Dar probabil nu stie el PPPoE. https://www.cisco.co...itch/model.html Care ar fi configuratia/investitia minima ca sa am cele 3 conexiuni cu un nr de clienti si sa scap de matzaraia cu mini switch-uri/routere? Multumesc. |
#2
Posted 20 February 2021 - 13:12
Depinde de ce soluție ai prefera să utilizezi, Mikrotik, Fortigate, Unifi, depinde de ce buget ai și de ce așteptări ai de la rețea.
Dacă vrei mai multe detalii, mă poți contacta în privat. |
#3
Posted 20 February 2021 - 13:29
In principiu imi inchipui ca as vrea un singur echipament care sa faca cele 3 conexiuni PPPoE si optional sa aiba cateva porturi pentru fiecare LAN.
Fara optiunea asta, probabil fac 3 VLAN-uri pe switch-ul CISCO si ies de acolo. In cel mai rau caz, probabil pot face treaba asta direct din server, folosind din cele 4 porturi Ethernet pe care le are. Acum are un Windows Server pe el, dar probabil ca trec pe Ubuntu (unde ma pricep si mai putin). Asteptari: - buget redus (inteleg ca MikroTik e ala, nu se poate si cu DD-WRT?) - VPN pt conectat din afara in LAN-ul local - mai tarziu poate load balancing cu alt ISP - set it and forget it |
#4
Posted 20 February 2021 - 15:17
Nu stiu daca se poate ce doresti tu. Adica un singur echipament L3 care pe care sa ai cele 3 conexiuni PPPoE. Este destul de posibil ca cei de la RDS sa verifice daca adresa L2 (MAC) este "conectata" adica exista deja o sesiune PPPoE activa care are ca sursa acea adresa si atunci sa nu mai permita alte conexiuni PPPoE de pe acelasi dispozitiv. O solutie, nu este testata asa ca nu am idee daca functioneaza sau nu, ar fi un router CIsco sau de la alt producator care sa permita sa setezi conexiunea PPPoE pe o interfata de loopback si interfetele alea de loopback sa aibe ca interfata de transmisie interfata fizica catre RDS. Dar, dupa cum am spus, nu am testat o asa solutie cum nu am testat nici daca se pot utilliza mai multe conturi PPPoE pe acelasi dispozitiv in acelasi timp.
PS: Ca parere personala eu as renunta la ideea de a folosi prostia de bubuntu. FreeBSD, Slackware, ArchLinux, CentOS 7. Daca folosesti o distributie GNU/Linux atunci pui OpenVPN si il configurezi sa foloesti certificate si / sau user / parola per client si impingi prin VPN rute catre prefixele din LAN. Set it and forget it inseamna ceva enterprise deci mai scump ca o solutie in house folosind soft open source. Desi si folosind o solutie open source daca solutia e implementata corect poti ajunge la acelasi rezultat. 2960 este switch L2 deci in nici un caz nu ai cum sa il folosesti sa creezi conexiuni PPPoE pe el. dar poti folosi acel server de care ai mentionat ca sa ai cele 3 conexiuni PPPoE pe el si a 4a placa de retea sa fie tagged catre switch si pe switch sa ai VLAN-uri in functie de ce doresti sa faci. Exemplu: ppp0 cu vlan 100 si porturile gi0/10 - 0/19, ppp1 cu vlan101 si porturile gi0/20 - 0/29 si ppp2 cu vlan102 si porturile gi0/30 - 0/39. Unde: pppX este interfata ppp (interfata creata la conectarea PPPoE, 0 e prima, 1 a e doua si 2 e a treia. Edited by MembruAnonim, 20 February 2021 - 15:19. |
#5
Posted 20 February 2021 - 18:11
Care-i cerinta principala de rezolvat, pentru care aveti nevoie de mai multe IPuri?
|
#6
Posted 11 March 2021 - 00:23
Am avut si eu problema asta cu abonament business Digi care vine cu 3 conturi separate de pppoe si 3 IP-uri dedicate.
Cu un router Mikrotik merge sa definesti toate 3 conturi de pppoe pe el, si apoi sa le "trimiti" in anumite directii in reteaua ta, ori in functie de cablurile conectate in Mikrotik (eth2, eth3, eth4), ori dupa IP-uri locale, etc, sunt multe metode. Sunt ceva reguli de facut prin Mikrotik, dar odata setat, e foarte OK. Routerele Mikrotik cam toate stiu sa faca asta, si cele de 150 RON. Mai il alegi doar in functie de CPU si RAM eventual, sau alte functii necesare (wifi, display, etc). Edited by adrianTNT, 11 March 2021 - 00:25. |
#7
Posted 27 February 2022 - 21:53
Buna @adrianTNT.
Acum am routerul, as aprecia daca mi-ai spune de reguli. Am definit 3 interfete PPPoE, 3 VLAN-uri (cred), Pun mai jos configul meu cenzurat, ca sa vezi alocarea porturilor pe VLAN-uri. Ideea e sa directionez fiecare IP public catre propriul subnet/server. Multumesc! # feb/27/2022 21:39:29 by RouterOS 6.49.3 # software id = 8M9R-5B02 # # model = RB3011UiAS # serial number = E7E90F0F9E2E /interface bridge add admin-mac=DC:2C:6E:65:1A:C5 auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] name=ether01-WAN1 set [ find default-name=ether2 ] name=ether02-WAN2 set [ find default-name=ether3 ] name=ether03 set [ find default-name=ether4 ] name=ether04 set [ find default-name=ether5 ] name=ether05 set [ find default-name=ether6 ] name=ether06 set [ find default-name=ether7 ] name=ether07 set [ find default-name=ether8 ] name=ether08 set [ find default-name=ether9 ] name=ether09 /interface pppoe-client add add-default-route=yes interface=ether01-WAN1 keepalive-timeout=disabled \ name=pppoe-out1-54 user=A add add-default-route=yes interface=ether01-WAN1 keepalive-timeout=disabled \ name=pppoe-out2-55 user=B add add-default-route=yes disabled=no interface=ether01-WAN1 name=\ pppoe-out3-56 use-peer-dns=yes user=C /interface vlan add interface=ether03 name=vlan1A-54 vlan-id=1 add interface=ether04 name=vlan1B-54 vlan-id=1 add interface=ether05 name=vlan1C-54 vlan-id=1 add interface=ether06 name=vlan2A-55 vlan-id=2 add interface=ether07 name=vlan2B-55 vlan-id=2 add interface=ether08 name=vlan3A-56 vlan-id=3 add interface=ether09 name=vlan3B-56 vlan-id=3 add interface=ether10 name=vlan3C-56 vlan-id=3 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp ranges=192.168.0.100-192.168.0.199 add name=vpn ranges=192.168.89.2-192.168.89.255 /ip dhcp-server add add-arp=yes address-pool=dhcp always-broadcast=yes disabled=no interface=\ bridge name=defconf /ppp profile set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn /interface bridge port add bridge=bridge comment=defconf interface=ether02-WAN2 add bridge=bridge comment=defconf interface=ether03 add bridge=bridge comment=defconf interface=ether04 add bridge=bridge comment=defconf interface=ether05 add bridge=bridge comment=defconf interface=ether06 add bridge=bridge comment=defconf interface=ether07 add bridge=bridge comment=defconf interface=ether08 add bridge=bridge comment=defconf interface=ether09 add bridge=bridge comment=defconf interface=ether10 add bridge=bridge comment=defconf interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface ethernet switch vlan add comment="IP 54" independent-learning=yes ports=ether03,ether04,ether05 \ switch=switch1 vlan-id=1 add comment="IP 55" independent-learning=yes ports=ether06,ether07 switch=\ switch2 vlan-id=2 add comment="IP 56" independent-learning=yes ports=ether08,ether09,ether10 \ switch=switch2 vlan-id=3 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether01-WAN1 list=WAN add interface=pppoe-out3-56 list=WAN /interface pptp-server server set enabled=yes /interface sstp-server server set default-profile=default-encryption enabled=yes /ip accounting set account-local-traffic=yes enabled=yes /ip address add address=192.168.0.1/24 comment=defconf interface=bridge network=\ 192.168.0.0 /ip cloud set ddns-enabled=yes /ip dhcp-client add comment=defconf interface=ether01-WAN1 /ip dhcp-server lease add address=192.168.0.105 client-id=0:8:f1:ea:f4:95:16:0:0:0 mac-address=\ 08:F1:EA:F4:95:16 server=defconf add address=192.168.0.127 client-id=1:8c:89:a5:3f:87:fa mac-address=\ 8C:89:A5:3F:87:FA add address=192.168.0.124 client-id=1:88:d7:f6:57:23:3e mac-address=\ 88:D7:F6:57:23:3E server=defconf add address=192.168.0.100 mac-address=98:F2:B3:26:2B:0F add address=192.168.0.125 client-id=1:d4:3d:7e:63:97:f1 mac-address=\ D4:3D:7E:63:97:F1 server=defconf add address=192.168.0.123 client-id=1:e0:3f:49:79:49:c8 mac-address=\ E0:3F:49:79:49:C8 server=defconf add address=192.168.0.122 client-id=1:88:d7:f6:57:23:2f mac-address=\ 88:D7:F6:57:23:2F server=defconf add address=192.168.0.203 client-id=1:8c:b8:4a:80:98:f7 mac-address=\ 8C:B8:4A:80:98:F7 server=defconf add address=192.168.0.141 client-id=1:ec:e5:12:13:d7:f3 mac-address=\ EC:E5:12:13:D7:F3 server=defconf add address=192.168.0.126 client-id=1:50:2b:73:c5:d:7c mac-address=\ 50:2B:73:C5:0D:7C server=defconf add address=192.168.0.133 client-id=1:0:22:58:58:11:2f mac-address=\ 00:22:58:58:11:2F server=defconf add address=192.168.0.132 client-id=1:3c:2a:f4:37:19:e0 mac-address=\ 3C:2A:F4:37:19:E0 server=defconf add address=192.168.0.131 client-id=1:9c:ae:d3:ea:29:c6 mac-address=\ 9C:AE:D3:EA:29:C6 server=defconf add address=192.168.0.205 client-id=1:8c:25:5:ca:f7:58 mac-address=\ 8C:25:05:CA:F7:58 server=defconf add address=192.168.0.206 mac-address=10:7B:44:68:92:03 server=defconf add address=192.168.0.204 client-id=1:82:cc:88:c7:16:f mac-address=\ 82:CC:88:C7:16:0F server=defconf add address=192.168.0.121 mac-address=98:29:A6:8F:BE:71 server=defconf /ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24 add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.0.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp add action=accept chain=input dst-port=8291 protocol=tcp add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \ protocol=udp add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=dst-nat chain=dstnat comment="SB Server e pe vechiul IP" \ dst-address=x.x.x.x dst-port=22 log=yes log-prefix=vlad_ protocol=tcp \ to-addresses=192.168.0.103 to-ports=22 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\ 192.168.89.0/24 /lcd set time-interval=hour /ppp secret add name=vpn /system clock set time-zone-name=Europe/Bucharest /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN adrianTNT, on 11 martie 2021 - 00:23, said:
Am avut si eu problema asta cu abonament business Digi care vine cu 3 conturi separate de pppoe si 3 IP-uri dedicate. Cu un router Mikrotik merge sa definesti toate 3 conturi de pppoe pe el, si apoi sa le "trimiti" in anumite directii in reteaua ta, ori in functie de cablurile conectate in Mikrotik (eth2, eth3, eth4), ori dupa IP-uri locale, etc, sunt multe metode. Sunt ceva reguli de facut prin Mikrotik, dar odata setat, e foarte OK. Routerele Mikrotik cam toate stiu sa faca asta, si cele de 150 RON. Mai il alegi doar in functie de CPU si RAM eventual, sau alte functii necesare (wifi, display, etc). |
#8
Posted 28 February 2022 - 01:30
Salut Dalvi
Prin vlans nu am facut, banuiesc ca ar fi una din metode dar nu retin de ce nu am facut prin metoda aia, probabil ceva nu mi-a iesit. Eu am facut prin "routing mark" se pune o eticheta pe traficul care intra in router si se directioneaza prin reteaua locala in functie de etichetele astea. Atasez imaginea, sper ca iti ajuta. Mai mult de atat, poate te ajuta cei de pe forum la Mikrotik, stiu de toate oamenii pe acolo Pe langa ce apare in imagine, cred ca iti ajuta sa fie dezactivat "detect internet", tin minte ca te incurca daca ai multe reguli manuale. mikrotik_setup_multiple_ISP_EDITED.jpg 216.2K 34 downloads |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users