sanek100 Posted December 16, 2015 (edited) · Report post Здравствуйте, дело в следущем на Микротике поднят PPTP Server, клиенты подключаются, интернет у них работает, но не один сайт не работает, как только vpn клиент отключают, сайты работают, в чем может быть проблема? раньше все работало до обновления 6.33.3 НАстройки делали по Этому мануалу сайты на клиентских компах тоже пингуются, но все равно не открываются. Edited December 16, 2015 by sanek100 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Mindaugas Posted December 16, 2015 · Report post Firewall, src-nat i t.d. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
sanek100 Posted December 21, 2015 (edited) · Report post Firewall, src-nat i t.d. Проверял все хорошо, но сайты так и не открываются, пробывал настроить PPTP сервер на 2011UAS-2HnD, работает без шаманства, у меня же стоит RB2011UiAS , клиенты подключаются, но сайты не открываются. Вот конфиг моего роутера: # dec/21/2015 17:48:48 by RouterOS 6.33.3 # software id = 9DME-MSEY # /interface bridge add admin-mac=E4:8D:8C:2A:79:31 auto-mac=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] name=ether1-gateway set [ find default-name=ether2 ] name=ether2-getaway set [ find default-name=ether3 ] arp=proxy-arp name=ether3-master-local set [ find default-name=ether4 ] master-port=ether3-master-local name=\ ether4-slave-local set [ find default-name=ether5 ] master-port=ether3-master-local name=\ ether5-slave-local set [ find default-name=ether6 ] name=ether6-master-local set [ find default-name=ether7 ] master-port=ether6-master-local name=\ ether7-slave-local set [ find default-name=ether8 ] master-port=ether6-master-local name=\ ether8-slave-local set [ find default-name=ether9 ] master-port=ether6-master-local name=\ ether9-slave-local set [ find default-name=ether10 ] master-port=ether6-master-local name=\ ether10-slave-local /interface pppoe-client add add-default-route=yes default-route-distance=1 disabled=no interface=\ ether1-gateway max-mru=1360 max-mtu=1360 mrru=1600 name=ISP1 password=\ FQz54A2aM2 user=lozhkinaa add add-default-route=yes default-route-distance=2 disabled=no interface=\ ether2-getaway max-mru=1480 max-mtu=1480 mrru=1600 name=ISP2 password=\ FbjzMv2oxB user=pe1016973 /ip neighbor discovery set ether1-gateway discover=no /ip pool add name=default-dhcp ranges=10.0.0.20-10.0.0.100 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=\ 3d name=dhcp /interface bridge port add bridge=bridge-local interface=ether6-master-local add bridge=bridge-local interface=sfp1 add bridge=bridge-local interface=ether3-master-local /ip address add address=10.0.0.1/24 comment="default configuration" interface=\ bridge-local network=10.0.0.0 /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid interface=\ ether1-gateway /ip dhcp-server lease add address=10.0.0.20 client-id=1:0:16:e6:8b:13:a0 mac-address=\ 00:16:E6:8B:13:A0 server=dhcp add address=10.0.0.21 client-id=1:0:1e:67:52:28:18 mac-address=\ 00:1E:67:52:28:18 server=dhcp add address=10.0.0.22 client-id=1:0:15:17:5e:61:78 mac-address=\ 00:15:17:5E:61:78 server=dhcp add address=10.0.0.23 client-id=1:0:1e:67:6:32:84 mac-address=\ 00:1E:67:06:32:84 server=dhcp add address=10.0.0.25 client-id=1:24:a4:3c:ec:ac:86 mac-address=\ 24:A4:3C:EC:AC:86 server=dhcp add address=10.0.0.32 client-id=1:2:29:1:0:d:b mac-address=02:29:01:00:0D:0B \ server=dhcp add address=10.0.0.33 client-id=1:2:44:0:0:d:b mac-address=02:44:00:00:0D:0B \ server=dhcp add address=10.0.0.26 client-id=1:24:a4:3c:ec:a7:98 mac-address=\ 24:A4:3C:EC:A7:98 server=dhcp add address=10.0.0.27 client-id=1:4c:5e:c:ce:79:42 mac-address=\ 4C:5E:0C:CE:79:42 server=dhcp add address=10.0.0.24 client-id=1:0:0:0:4:44:44 mac-address=00:00:00:04:44:44 \ server=dhcp /ip dhcp-server network add address=10.0.0.0/24 comment="default configuration" dns-server=\ 77.88.8.7,77.88.8.3 gateway=10.0.0.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip firewall filter add chain=input dst-port=1723 protocol=tcp add chain=input protocol=gre add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=\ established,related add action=drop chain=input comment="default configuration" in-interface=\ ether1-gateway add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=established,related add chain=forward comment="default configuration" connection-state=\ established,related add action=drop chain=forward comment="default configuration" \ connection-state=invalid add action=drop chain=forward comment="default configuration" \ connection-nat-state=!dstnat connection-state=new in-interface=\ ether1-gateway /ip firewall nat add action=masquerade chain=srcnat out-interface=ISP1 add action=masquerade chain=srcnat out-interface=ISP2 add action=netmap chain=dstnat dst-port=51413 protocol=tcp to-addresses=\ 10.0.0.32 to-ports=51413 add action=netmap chain=dstnat comment=PLEX dst-port=32400 protocol=tcp \ to-addresses=10.0.0.33 to-ports=32400 add action=netmap chain=dstnat comment=1C_SG dst-port=55389 protocol=tcp \ to-addresses=10.0.0.21 to-ports=3389 add action=dst-nat chain=dstnat comment=1C_BS dst-port=56389 protocol=tcp \ to-addresses=10.0.0.23 to-ports=3389 add action=dst-nat chain=dstnat comment=FTP dst-port=21 protocol=tcp \ to-addresses=10.0.0.22 to-ports=21 add action=dst-nat chain=dstnat dst-port=88 protocol=tcp to-addresses=\ 10.0.1.2 to-ports=88 add action=dst-nat chain=dstnat dst-port=81 protocol=tcp to-addresses=\ 10.0.0.23 to-ports=80 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add local-address=10.0.0.1 name=dvr password=dvr remote-address=10.0.1.3 \ service=pptp /system clock set time-zone-name=Europe/Moscow /system ntp client set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=91.226.136.155 /system routerboard settings set cpu-frequency=750MHz /system scheduler add interval=5m name=DDNS on-event=DDNS policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\ startup /system script add name=DDNS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="delay 4\ 5\r\ \n \r\ \n:local username \"fvilkin\"\r\ \n:local password \"198005\"\r\ \n:local hostname \"apostol.dyndns.info\" \r\ \n\r\ \n:global dyndnsForce\r\ \n:global previousIP\r\ \n\r\ \n# print some debug info\r\ \n#:log info (\"dyndns-update: username = \$username\")\r\ \n#:log info (\"dyndns-update: password = \$password\")\r\ \n#:log info (\"dyndns-update: hostname = \$hostname\")\r\ \n#:log info (\"dyndns-update: previousIP = \$previousIP\")\r\ \n\r\ \n# get the current IP address from the internet (in case of double-nat)\r\ \n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-\ path=\"/dyndns.checkip.html\"\r\ \n:local result [/file get dyndns.checkip.html contents]\r\ \n\r\ \n# parse the current IP result\r\ \n:local resultLen [:len \$result]\r\ \n:local startLoc [:find \$result \": \" -1]\r\ \n:set startLoc (\$startLoc + 2)\r\ \n:local endLoc [:find \$result \"</body>\" -1]\r\ \n:local currentIP [:pick \$result \$startLoc \$endLoc]\r\ \n#:log info \"dyndns-update: currentIP = \$currentIP\"\r\ \n\r\ \n# Determine if dyndns update is needed\r\ \n# more dyndns updater request details available at http://www.dyndns.com\ /developers/specs/syntax.html\r\ \n:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\r\ \n:set dyndnsForce false\r\ \n:set previousIP \$currentIP\r\ \n/tool fetch user=\$username password=\$password mode=http address=\"memb\ ers.dyndns.org\" src-path=\"/nic/update\?hostname=\$hostname&myip=\$curren\ tIP\" dst-path=\"/dyndns.txt\"\r\ \n:local result [/file get dyndns.txt contents]\r\ \n# :log info (\"dyndns-update: Dyndns update needed\")\r\ \n# :log info (\"dyndns-update: Dyndns Update Result: \".\$result)\r\ \n:put (\"Dyndns Update Result: \".\$result)\r\ \n} else={\r\ \n# :log info (\"dyndns-update: No dyndns update needed\")\r\ \n}" /tool mac-server set [ find default=yes ] disabled=yes add interface=ether2-getaway add interface=ether3-master-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=ether6-master-local add interface=ether7-slave-local add interface=ether8-slave-local add interface=ether9-slave-local add interface=ether10-slave-local add interface=sfp1 add interface=bridge-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-getaway add interface=ether3-master-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=ether6-master-local add interface=ether7-slave-local add interface=ether8-slave-local add interface=ether9-slave-local add interface=ether10-slave-local add interface=sfp1 add interface=bridge-local /tool netwatch add down-script="delay 60\r\ \n\r\ \n/tool e-mail send server=64.233.161.108 port=587 start-tls=yes user=fvil\ kin@gmail.com password=Sanek19800504 to=79688907630@sms.beemail.ru from=\"\ HOME<fvilkin@gmail.com>\" subject=\"MikroTik: \$[/system clock get date], \ \$[/system clock get time]\" body=\"Perekluchenie na P-T-K. \\nData: \$[/\ system clock get date]\\nTime: \$[/system clock get time]\";" host=\ 46.249.16.226 interval=3m up-script="/tool e-mail send server=64.233.161.1\ 08 port=587 start-tls=yes user=fvilkin@gmail.com password=Sanek19800504 to\ =79688907630@sms.beemail.ru from=\"HOME<fvilkin@gmail.com>\" subject=\"Mik\ roTik: \$[/system clock get date], \$[/system clock get time]\" body=\"Per\ ekluchenie na KVARC. \\nData: \$[/system clock get date]\\nTime: \$[/syst\ em clock get time]\";" Edited December 21, 2015 by sanek100 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...