Answer the question
In order to leave comments, you need to log in
Mikrotik has internet, but PC doesn't. Why?
Ребят посмотрите конфиг. по моему трабл в фаерволе. так же не поднимается IP sec. у кого будут какие мысли?
# sep/12/2019 19:38:34 by RouterOS 6.44.3
# software id = KY39-QEVS
#
# model = 2011UiAS-2HnD
# serial number = ***********
/interface bridge
add admin-mac=*************** auto-mac=no comment=defconf name=bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=bridge1 max-mru=1492 max-mtu=\
1400 name=pppoe-out1 password=*********** use-peer-dns=yes user=\
*************
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=russia3 disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid=******* wireless-protocol=802.11
/interface eoip
add allow-fast-path=no ipsec-secret=******* !keepalive local-address=\
************** **mac-address=*************** name=eoip-tunnel1 \
remote-address=***************** tunnel-id=**
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
********* wpa2-pre-shared-key=*********
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=profile1 \
supplicant-identity="" wpa-pre-shared-key=********* wpa2-pre-shared-key=\
**********
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge1 interface=eoip-tunnel1
add bridge=bridge1 interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=pppoe-out1 list=WAN
/ip address
add address=192.168.0.250/24 comment=defconf interface=bridge network=\
192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=bridge
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
add address-pool=dhcp disabled=no interface=bridge name=server1 relay=\
192.168.0.250
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.2
/ip dns
set allow-remote-requests=yes servers=192.168.0.250
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
# no interface
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=pppoe-out1
add action=accept chain=srcnat dst-address=************* src-address=\
*************
/ip pool
add name=dhcp next-pool=dhcp ranges=192.168.0.2-192.168.0.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set enabled=no touch-screen=disabled
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"
/system clock
set time-zone-name=Asia/Yekaterinburg
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Answer the question
In order to leave comments, you need to log in
Где WAN?
/ip address
add address=192.168.0.250/24 comment=defconf interface=bridge network=\
192.168.0.0
Почему DNS во внутреннюю сетку ссылается?
/ip dns
set allow-remote-requests=yes servers=192.168.0.250
Какого тут делает DHCP-CLIENT ?
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=bridge
add bridge=bridge1 interface=eoip-tunnel1
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question