Роутер используется дома для раздачи инета на устройства и для обкатки всяких правил и скриптов (из этой темы в основном:
https://forum.mikrotik.com/viewtopic.php?f=9&t=136666) перед запуском на работе в продакшн.
Ни proxy, ни hotspot не настроены. Обычный роутер для wifi, телевизора и стационарного компьютера.
ping pay.rkc-gku.ru что говорит?
Вот это я не смотрел раньше, не пингуется.
На производстве, другой провайдер, все пингуется и работает.
Все пересмотрел, настройки дома и на работе одинаковые, кроме внешних адресов... ничего не понимаю
P.S.: озадачил сразу провайдера
Вот правила Firewall filter и raw (в момент когда оно работало, это все присутствовало. отключать пробовал. На работе то оно все пашет):
Код: Выделить всё
/ip firewall filter
add action=log chain=input disabled=yes
add action=log chain=input disabled=yes
add action=jump chain=input comment="Check for bad stuff in \"Attack\" chain" \
jump-target=Attacks
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="Drop DNS request FROM WAN" dst-port=53 \
in-interface=ether1-WAN protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: IGMP ip-TV" dst-port=1234 \
protocol=udp
add action=accept chain=input comment="WinBox from WAN" dst-address=\
5.53.16.61 dst-port=8291 in-interface=ether1-WAN protocol=tcp \
src-address=62.105.28.218
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=log chain=forward disabled=yes
add action=log chain=forward disabled=yes
add action=jump chain=forward comment=\
"Check for bad stuff in \"Attack\" chain" jump-target=Attacks
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment="defconf: IGMP ip-TV" dst-port=1234 \
protocol=udp
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=log chain=Attacks disabled=yes
add action=log chain=Attacks disabled=yes
add action=drop chain=Attacks comment="Drop connections FROM BOGON network" \
in-interface=ether1-WAN src-address-list=BOGON
add action=drop chain=Attacks comment=Port_scanner_drop src-address-list=\
"port scanners"
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=Attacks in-interface=ether1-WAN protocol=\
tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=fin,syn
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=fin,rst
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=fin,!ack
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=fin,urg
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=syn,rst
add action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \
tcp-flags=rst,urg
add action=drop chain=Attacks comment="Invalid TCP source port (0)" protocol=\
tcp src-port=0
add action=drop chain=Attacks comment="Invalid TCP destination port (0)" \
dst-port=0 protocol=tcp
add action=drop chain=Attacks comment="Invalid UDP source port (0)" protocol=\
udp src-port=0
add action=drop chain=Attacks comment="Invalid UDP destination port (0)" \
dst-port=0 protocol=udp
add action=return chain=Attacks comment="Return to the chain that jumped"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=netmap chain=dstnat disabled=yes dst-address=5.53.16.61 dst-port=\
9091 in-interface=ether1-WAN protocol=tcp to-addresses=192.168.0.55
/ip firewall raw
add action=drop chain=prerouting comment="Drop FROM intrusBL list" \
src-address-list=intrusBL
add action=drop chain=prerouting comment="Drop TO intrusBL list" \
dst-address-list=intrusBL