Зависает NAT

Обсуждение ПО и его настройки
Ответить
vokchaks
Сообщения: 16
Зарегистрирован: 14 ноя 2012, 01:11

есть Mikrotik RB951G-2HnD с версией 5.25
подключен к Yota

Через 10-15 мин работы вся работа через nat (КРОМЕ PING-а) останавливается
не важно включен web-proxy или не включен.
Если включен - то получаем ошибку

ERROR: Gateway Timeout

--------------------------------------------------------------------------------

While trying to retrieve the URL http://www.ixbt.com/news/hard/index.shtml?16/87/37:
•Connection timed out

Your cache administrator is webmaster.


--------------------------------------------------------------------------------

Generated Wed, 29 May 2013 05:58:14 GMT by 192.168.11.32 (Mikrotik HttpProxy)

Если кто сталкивался помогите пожалуйста
Все настройки firewall - привожу ниже

[admin@MikroTik] /ip firewall> export
# may/29/2013 17:03:17 by RouterOS 5.25
# software id = 3XVM-MZQT
#
/ip firewall address-list
add address=192.168.11.0/27 disabled=no list=Internet
add address=192.168.12.0/24 disabled=no list=Internet
add address=192.168.14.0/24 disabled=no list=Internet
add address=192.168.11.99 disabled=no list=Internet
add address=192.168.11.115 disabled=no list=Internet
add address=192.168.11.141 disabled=no list=Internet
add address=192.168.11.117 disabled=no list=Internet
add address=192.168.11.142 disabled=no list=Internet
add address=192.168.11.129 disabled=no list=Internet
add address=192.168.11.136 disabled=no list=Internet
add address=192.168.11.111 disabled=no list=Internet
add address=192.168.11.145 disabled=no list=Internet
add address=192.168.11.121 disabled=no list=Internet
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=lte1
add action=accept chain=forward comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=forward comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=\
invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=PING disabled=no out-interface=lte1
protocol=icmp
add action=masquerade chain=srcnat disabled=no out-interface=lte1 src-address=
192.168.11.142
add action=redirect chain=dstnat comment="default configuration" disabled=no \
dst-port=80 protocol=tcp src-address-list=Internet to-ports=8080
add action=masquerade chain=srcnat comment="default configuration" disabled=no
dst-port=80,443 out-interface=lte1 protocol=tcp src-address-list=Internet
add action=masquerade chain=srcnat comment=NCP-500 disabled=no out-interface=\
lte1 protocol=udp src-address=192.168.11.20
add action=masquerade chain=srcnat disabled=no out-interface=lte1 protocol=udp
src-address=192.168.11.21
add action=dst-nat chain=dstnat comment=XPENOLOGY disabled=no dst-port=9900 \
in-interface=lte1 port="" protocol=tcp to-addresses=192.168.11.15 to-ports
5000
add action=dst-nat chain=dstnat comment=SYNOLOGY disabled=no dst-port=9901 \
in-interface=lte1 protocol=tcp to-addresses=192.168.11.14 to-ports=9900
add action=dst-nat chain=dstnat comment="CAM AV2105" disabled=no dst-port=9902
in-interface=lte1 protocol=tcp to-addresses=192.168.14.2 to-ports=80
add action=dst-nat chain=dstnat comment="CAM AV3105" disabled=no dst-port=9903
in-interface=lte1 protocol=tcp to-addresses=192.168.14.10 to-ports=80
add action=dst-nat chain=dstnat comment="CAM AV2105M" disabled=no dst-port=990
in-interface=lte1 protocol=tcp to-addresses=192.168.14.18 to-ports=80
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no


Ответить