[sanek100]

Здравствуйте, дело в следущем на Микротике поднят PPTP Server, клиенты подключаются, интернет у них работает, но не один сайт не работает, как только vpn клиент отключают, сайты работают, в чем может быть проблема? раньше все работало до обновления 6.33.3

 

НАстройки делали по Этому мануалу

 

сайты на клиентских компах тоже пингуются, но все равно не открываются.

Изменено 16 декабря, 2015 пользователем sanek100

[Mindaugas]

Firewall, src-nat i t.d.

[sanek100]

Firewall, src-nat i t.d.

 

Проверял все хорошо, но сайты так и не открываются, пробывал настроить PPTP сервер на 2011UAS-2HnD, работает без шаманства, у меня же стоит RB2011UiAS , клиенты подключаются, но сайты не открываются.

 

Вот конфиг моего роутера:

 

# dec/21/2015 17:48:48 by RouterOS 6.33.3

# software id = 9DME-MSEY

#

/interface bridge

add admin-mac=E4:8D:8C:2A:79:31 auto-mac=no name=bridge-local

/interface ethernet

set [ find default-name=ether1 ] name=ether1-gateway

set [ find default-name=ether2 ] name=ether2-getaway

set [ find default-name=ether3 ] arp=proxy-arp name=ether3-master-local

set [ find default-name=ether4 ] master-port=ether3-master-local name=\

ether4-slave-local

set [ find default-name=ether5 ] master-port=ether3-master-local name=\

ether5-slave-local

set [ find default-name=ether6 ] name=ether6-master-local

set [ find default-name=ether7 ] master-port=ether6-master-local name=\

ether7-slave-local

set [ find default-name=ether8 ] master-port=ether6-master-local name=\

ether8-slave-local

set [ find default-name=ether9 ] master-port=ether6-master-local name=\

ether9-slave-local

set [ find default-name=ether10 ] master-port=ether6-master-local name=\

ether10-slave-local

/interface pppoe-client

add add-default-route=yes default-route-distance=1 disabled=no interface=\

ether1-gateway max-mru=1360 max-mtu=1360 mrru=1600 name=ISP1 password=\

FQz54A2aM2 user=lozhkinaa

add add-default-route=yes default-route-distance=2 disabled=no interface=\

ether2-getaway max-mru=1480 max-mtu=1480 mrru=1600 name=ISP2 password=\

FbjzMv2oxB user=pe1016973

/ip neighbor discovery

set ether1-gateway discover=no

/ip pool

add name=default-dhcp ranges=10.0.0.20-10.0.0.100

/ip dhcp-server

add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=\

3d name=dhcp

/interface bridge port

add bridge=bridge-local interface=ether6-master-local

add bridge=bridge-local interface=sfp1

add bridge=bridge-local interface=ether3-master-local

/ip address

add address=10.0.0.1/24 comment="default configuration" interface=\

bridge-local network=10.0.0.0

/ip dhcp-client

add comment="default configuration" dhcp-options=hostname,clientid interface=\

ether1-gateway

/ip dhcp-server lease

add address=10.0.0.20 client-id=1:0:16:e6:8b:13:a0 mac-address=\

00:16:E6:8B:13:A0 server=dhcp

add address=10.0.0.21 client-id=1:0:1e:67:52:28:18 mac-address=\

00:1E:67:52:28:18 server=dhcp

add address=10.0.0.22 client-id=1:0:15:17:5e:61:78 mac-address=\

00:15:17:5E:61:78 server=dhcp

add address=10.0.0.23 client-id=1:0:1e:67:6:32:84 mac-address=\

00:1E:67:06:32:84 server=dhcp

add address=10.0.0.25 client-id=1:24:a4:3c:ec:ac:86 mac-address=\

24:A4:3C:EC:AC:86 server=dhcp

add address=10.0.0.32 client-id=1:2:29:1:0:d:b mac-address=02:29:01:00:0D:0B \

server=dhcp

add address=10.0.0.33 client-id=1:2:44:0:0:d:b mac-address=02:44:00:00:0D:0B \

server=dhcp

add address=10.0.0.26 client-id=1:24:a4:3c:ec:a7:98 mac-address=\

24:A4:3C:EC:A7:98 server=dhcp

add address=10.0.0.27 client-id=1:4c:5e:c:ce:79:42 mac-address=\

4C:5E:0C:CE:79:42 server=dhcp

add address=10.0.0.24 client-id=1:0:0:0:4:44:44 mac-address=00:00:00:04:44:44 \

server=dhcp

/ip dhcp-server network

add address=10.0.0.0/24 comment="default configuration" dns-server=\

77.88.8.7,77.88.8.3 gateway=10.0.0.1

/ip dns

set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall filter

add chain=input dst-port=1723 protocol=tcp

add chain=input protocol=gre

add chain=input comment="default configuration" protocol=icmp

add chain=input comment="default configuration" connection-state=\

established,related

add action=drop chain=input comment="default configuration" in-interface=\

ether1-gateway

add action=fasttrack-connection chain=forward comment="default configuration" \

connection-state=established,related

add chain=forward comment="default configuration" connection-state=\

established,related

add action=drop chain=forward comment="default configuration" \

connection-state=invalid

add action=drop chain=forward comment="default configuration" \

connection-nat-state=!dstnat connection-state=new in-interface=\

ether1-gateway

/ip firewall nat

add action=masquerade chain=srcnat out-interface=ISP1

add action=masquerade chain=srcnat out-interface=ISP2

add action=netmap chain=dstnat dst-port=51413 protocol=tcp to-addresses=\

10.0.0.32 to-ports=51413

add action=netmap chain=dstnat comment=PLEX dst-port=32400 protocol=tcp \

to-addresses=10.0.0.33 to-ports=32400

add action=netmap chain=dstnat comment=1C_SG dst-port=55389 protocol=tcp \

to-addresses=10.0.0.21 to-ports=3389

add action=dst-nat chain=dstnat comment=1C_BS dst-port=56389 protocol=tcp \

to-addresses=10.0.0.23 to-ports=3389

add action=dst-nat chain=dstnat comment=FTP dst-port=21 protocol=tcp \

to-addresses=10.0.0.22 to-ports=21

add action=dst-nat chain=dstnat dst-port=88 protocol=tcp to-addresses=\

10.0.1.2 to-ports=88

add action=dst-nat chain=dstnat dst-port=81 protocol=tcp to-addresses=\

10.0.0.23 to-ports=80

/ip service

set telnet disabled=yes

set ftp disabled=yes

set www disabled=yes

set ssh disabled=yes

set api disabled=yes

set api-ssl disabled=yes

/ppp secret

add local-address=10.0.0.1 name=dvr password=dvr remote-address=10.0.1.3 \

service=pptp

/system clock

set time-zone-name=Europe/Moscow

/system ntp client

set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=91.226.136.155

/system routerboard settings

set cpu-frequency=750MHz

/system scheduler

add interval=5m name=DDNS on-event=DDNS policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\

startup

/system script

add name=DDNS owner=admin policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive source="delay 4\

5\r\

\n \r\

\n:local username \"fvilkin\"\r\

\n:local password \"198005\"\r\

\n:local hostname \"apostol.dyndns.info\" \r\

\n\r\

\n:global dyndnsForce\r\

\n:global previousIP\r\

\n\r\

\n# print some debug info\r\

\n#:log info (\"dyndns-update: username = \$username\")\r\

\n#:log info (\"dyndns-update: password = \$password\")\r\

\n#:log info (\"dyndns-update: hostname = \$hostname\")\r\

\n#:log info (\"dyndns-update: previousIP = \$previousIP\")\r\

\n\r\

\n# get the current IP address from the internet (in case of double-nat)\r\

\n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-\

path=\"/dyndns.checkip.html\"\r\

\n:local result [/file get dyndns.checkip.html contents]\r\

\n\r\

\n# parse the current IP result\r\

\n:local resultLen [:len \$result]\r\

\n:local startLoc [:find \$result \": \" -1]\r\

\n:set startLoc (\$startLoc + 2)\r\

\n:local endLoc [:find \$result \"</body>\" -1]\r\

\n:local currentIP [:pick \$result \$startLoc \$endLoc]\r\

\n#:log info \"dyndns-update: currentIP = \$currentIP\"\r\

\n\r\

\n# Determine if dyndns update is needed\r\

\n# more dyndns updater request details available at http://www.dyndns.com\

/developers/specs/syntax.html\r\

\n:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\r\

\n:set dyndnsForce false\r\

\n:set previousIP \$currentIP\r\

\n/tool fetch user=\$username password=\$password mode=http address=\"memb\

ers.dyndns.org\" src-path=\"/nic/update\?hostname=\$hostname&myip=\$curren\

tIP\" dst-path=\"/dyndns.txt\"\r\

\n:local result [/file get dyndns.txt contents]\r\

\n# :log info (\"dyndns-update: Dyndns update needed\")\r\

\n# :log info (\"dyndns-update: Dyndns Update Result: \".\$result)\r\

\n:put (\"Dyndns Update Result: \".\$result)\r\

\n} else={\r\

\n# :log info (\"dyndns-update: No dyndns update needed\")\r\

\n}"

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2-getaway

add interface=ether3-master-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=ether9-slave-local

add interface=ether10-slave-local

add interface=sfp1

add interface=bridge-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2-getaway

add interface=ether3-master-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=ether9-slave-local

add interface=ether10-slave-local

add interface=sfp1

add interface=bridge-local

/tool netwatch

add down-script="delay 60\r\

\n\r\

\n/tool e-mail send server=64.233.161.108 port=587 start-tls=yes user=fvil\

kin@gmail.com password=Sanek19800504 to=79688907630@sms.beemail.ru from=\"\

HOME<fvilkin@gmail.com>\" subject=\"MikroTik: \$[/system clock get date], \

\$[/system clock get time]\" body=\"Perekluchenie na P-T-K. \\nData: \$[/\

system clock get date]\\nTime: \$[/system clock get time]\";" host=\

46.249.16.226 interval=3m up-script="/tool e-mail send server=64.233.161.1\

08 port=587 start-tls=yes user=fvilkin@gmail.com password=Sanek19800504 to\

=79688907630@sms.beemail.ru from=\"HOME<fvilkin@gmail.com>\" subject=\"Mik\

roTik: \$[/system clock get date], \$[/system clock get time]\" body=\"Per\

ekluchenie na KVARC. \\nData: \$[/system clock get date]\\nTime: \$[/syst\

em clock get time]\";"

 

 

Изменено 21 декабря, 2015 пользователем sanek100