Липса на интернет

[plamon]

 Здравейте, днес конфигурирах един рутер към pppoe интернет свързаност, имайте предвид, че това е първият ми Микротик. Проблемът е, че след рутера няма интернет, раздава си адрес, маска, гейт, dns, но няма интернет. От терминала на самия рутер има пинг до произволни сайтове. Бихте ли казали къде бъркам?

	# feb/18/2016 17:40:57 by RouterOS 6.30.4

	# software id = 6HX7-KV8P

	#

	/interface bridge

	add name=bridge-local

	/interface ethernet

	set [ find default-name=ether1 ] comment=WAN

	set [ find default-name=ether2 ] comment=LAN name=ether2-master

	set [ find default-name=ether3 ] name=ether3-slave

	set [ find default-name=ether4 ] name=ether4-slave

	set [ find default-name=ether5 ] name=ether5-slave

	set [ find default-name=ether6 ] comment=LAN

	/interface pppoe-client

	add add-default-route=yes disabled=no interface=ether1 max-mru=1480 max-mtu=\

	    1480 mrru=1600 name=internet password= use-peer-dns=yes user=\

	/ip neighbor discovery

	set ether1 comment=WAN

	set ether2-master comment=LAN

	set ether6 comment=LAN

	/interface wireless security-profiles

	add authentication-types=wpa2-psk eap-methods="" management-protection=\

	    allowed mode=dynamic-keys name=profile1 supplicant-identity="" \

	    wpa2-pre-shared-key=""

	/interface wireless

	set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \

	    l2mtu=1600 mode=ap-bridge security-profile=profile1 ssid=

	/ip pool

	add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.20

	/ip dhcp-server

	add address-pool=dhcp_pool1 disabled=no interface=bridge-local lease-time=\

	    3d19h30m name=dhcp1

	/interface bridge port

	add bridge=bridge-local interface=ether2-master

	add bridge=bridge-local interface=wlan1

	add bridge=bridge-local interface=ether3-slave

	add bridge=bridge-local interface=ether4-slave

	add bridge=bridge-local interface=ether5-slave

	/ip address

	add address=192.168.3.1/24 interface=bridge-local network=192.168.3.0

	/ip dhcp-server network

	add address=192.168.3.0/24 gateway=192.168.3.1

	/ip dns

	set allow-remote-requests=yes

	/ip firewall filter

	add chain=input dst-port=1723 protocol=tcp

	add chain=input protocol=gre

	add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \

	    protocol=tcp src-address-list=ssh_blacklist

	add action=add-src-to-address-list address-list=ssh_blacklist \

	    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage3

	add action=add-src-to-address-list address-list=ssh_stage3 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage2

	add action=add-src-to-address-list address-list=ssh_stage2 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage1

	add chain=input comment="SSH traffic monitor" dst-port=22 protocol=tcp

	add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 \

	    protocol=tcp src-address-list=black_list

	add action=add-src-to-address-list address-list=black_list \

	    address-list-timeout=1d chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage3

	add action=add-src-to-address-list address-list=telnet_stage3 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage2

	add action=add-src-to-address-list address-list=telnet_stage2 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage1

	add chain=input dst-port=1723 protocol=tcp

	add chain=input protocol=gre

	add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \

	    protocol=tcp src-address-list=ssh_blacklist

	add action=add-src-to-address-list address-list=ssh_blacklist \

	    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage3

	add action=add-src-to-address-list address-list=ssh_stage3 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage2

	add action=add-src-to-address-list address-list=ssh_stage2 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=22 \

	    protocol=tcp src-address-list=ssh_stage1

	add chain=input comment="SSH traffic monitor" dst-port=22 protocol=tcp

	add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 \

	    protocol=tcp src-address-list=black_list

	add action=add-src-to-address-list address-list=black_list \

	    address-list-timeout=1d chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage3

	add action=add-src-to-address-list address-list=telnet_stage3 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage2

	add action=add-src-to-address-list address-list=telnet_stage2 \

	    address-list-timeout=1m chain=input connection-state=new dst-port=23 \

	    protocol=tcp src-address-list=telnet_stage1

	/ip firewall nat

	add action=masquerade chain=srcnat out-interface=ether1

	add action=masquerade chain=srcnat out-interface=ether1

	/lcd interface pages

	set 0 interfaces="sfp1,ether1,ether2-master,ether3-slave,ether4-slave,ether5-s\

	    lave,ether6,ether7,ether8,ether9,ether10"

	/system clock

	set time-zone-name=Europe/Sofia

	/system routerboard settings

	set protected-routerboot=disabled

	/tool romon port



	

 

[111111]

има 2 броя NAT правила

а и не се вижда ип адрес към интернет

има и други дублиращи се правила

[JohnTRIVOLTA]

промени едното нат правило да е за pppoe и виж как е:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=pppoe-out1

[plamon]

Благодаря с промяната на правилото стана.

Махнал съм и другите дублиращи се.

Благодаря!