Pristup na router z internetu (skript na no-ip)
ak som povolil pristup z webu (aspon docasne), aj na port 80 - cez web, aj port 8278 - aplikacia android. Je mi jasne , ze je to potencionalna diera do systemu, a chcem sa spytat, ako to co najlepsie osetrit. Nemozem to dat na pristup iba z jednej IP kvoli operatorovi . . .
Druha otazka, mam nastavene no-ip, spustany skript cez scheduler, vsetko funguje - odskusane ruznou zmenou IP na no-ip, ale . . . ale skript aktualizuje IP aj ked nemusi - v logu vypisuje ze povodna IP nieje zhodna s aktualnou - ale je, chyba bude niekde v skripte, v porovnani. Moze niekto jednym ockom na to pozriet?
Nasiel som aj ddns priamo od mikrotiku a na mikrotik, ale je tam uvedene ze beta, takze no-ip zatial zaloha . . .
# No-IP automatic Dynamic DNS update
#--------------- Change Values in this section to match your setup ------------------
# No-IP User account info
:local noipuser "meno"
:local noippass "heslo"
# Set the hostname or label of network to be updated.
# Hostnames with spaces are unsupported. Replace the value in the quotations below with your host names.
# To specify multiple hosts, separate them with commas.
:local noiphost "pristup.ddns.net"
# Change to the name of interface that gets the dynamic IP address
:local inetinterface "ether1-gateway"
#------------------------------------------------- -----------------------------------
# No more changes need
:global previousIP
:if ([/interface get $inetinterface value-name=running]) do={
# Get the current IP on the interface
:global currentIP [/ip address get [find interface="$inetinterface" disabled=no] address]
# Strip the net mask off the IP address
:for i from=( [:len $currentIP] - 1) to=0 do={
:if ( [:pick $currentIP $i] = "/") do={
:set currentIP [:pick $currentIP 0 $i]
}
}
:if ($currentIP != $previousIP) do={
:log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed"
:set previousIP $currentIP
# The update URL. Note the "\3F" is hex for question mark (?). Required since ? is a special character in commands.
:local url "[url]http://dynupdate.no-ip.com/nic/update[/url]\3Fmyip=$currentIP"
:local noiphostarray
:set noiphostarray [:toarray $noiphost]
:foreach host in=$noiphostarray do={
:log info "No-IP: Sending update for $host"
/tool fetch url=($url . "&hostname=$host") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
:log info "No-IP: Host $host updated on No-IP with IP $currentIP"
}
} else={
:log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed"
}
} else={
:log info "No-IP: $inetintrface is not currently running, so therefore will not update."
}