Господа знатоки, есть проблема с которой уже голову сломал.
Есть сайт https://task.ensoft.ru/ в личном кабинете которого, требуется выгружать файлы небольшего размера (до 5 мб), так вот они то выгружаются, то не выгружаются. Рандомно.
При этом через, например, TPlink все работает.
Конфигурация простая, без наворотов фильтров и т.п.
Сталкивался ли кто-нибудь с такой проблемой? Если да, то как решали?
проблемы с загрузкой на сайт
-
KARaS'b
- Сообщения: 1199
- Зарегистрирован: 29 сен 2011, 09:16
Конфигурация простая но вы ее не показали, поэтому вам нужна помощь экстрасенсов, а не форумчан.
-
deman9001
- Сообщения: 2
- Зарегистрирован: 16 сен 2020, 17:35
Согласен, исправляюсь
Код: Выделить всё
# sep/17/2020 13:19:20 by RouterOS 6.46.2
# software id = BZD8-WPUA
#
# model = 2011UiAS-2HnD
# serial number = XXXXXXXXXX
/interface bridge
add admin-mac=64:D1:54:77:8C:F4 auto-mac=no dhcp-snooping=yes fast-forward=no \
name=LAN_1003
/interface ethernet
set [ find default-name=ether1 ] mac-address=64:D1:54:77:8C:F7 name=ether1_1G \
speed=100Mbps
set [ find default-name=ether2 ] mac-address=64:D1:54:77:8C:F6 name=ether2_1G \
speed=100Mbps
set [ find default-name=ether3 ] mac-address=64:D1:54:77:8C:F5 name=ether3_1G \
speed=100Mbps
set [ find default-name=ether4 ] mac-address=64:D1:54:77:8C:F4 name=ether4_1G \
speed=100Mbps
set [ find default-name=ether5 ] comment=SERVER mac-address=D4:CA:6D:BF:06:4A \
name=ether5_1G_SERVER speed=100Mbps
set [ find default-name=ether6 ] name=ether6_100M
set [ find default-name=ether7 ] name=ether7_100M
set [ find default-name=ether8 ] name=ether8_100M
set [ find default-name=ether9 ] comment=WAN name=ether9_100M_WAN
set [ find default-name=ether10 ] comment=1005 name=ether10_100M_1005_MT
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether9_100M_WAN max-mru=1492 \
max-mtu=1400 mrru=1500 name=RTK password=xxxxxx use-peer-dns=yes user=\
fttx0806
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
xxxxxx supplicant-identity="" wpa2-pre-shared-key=xxxx67
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n channel-width=\
20/40mhz-Ce country=russia disabled=no distance=indoors frequency=auto \
hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=full \
preamble-mode=long radio-name=2.4GHz security-profile=xxxxx ssid=xxxxxx \
tx-power-mode=all-rates-fixed wds-default-bridge=LAN_1003 wds-mode=\
dynamic-mesh wireless-protocol=802.11 wmm-support=enabled wps-mode=\
disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool ranges=192.168.0.101-192.168.0.130
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool authoritative=after-2sec-delay \
disabled=no interface=LAN_1003 name=dhcp_server
/ppp profile
add local-address=10.0.0.1 name=adm remote-address=10.0.0.2
/queue simple
add disabled=yes dst=ether9_100M_WAN max-limit=50M/19M name=Parent target=""
add disabled=yes limit-at=1M/1M max-limit=2M/2M name=SIP packet-marks=sip \
parent=Parent priority=1/1 target=192.168.0.0/24
add disabled=yes dst=ether9_100M_WAN limit-at=10M/10M max-limit=50M/19M name=\
1005-PC07 parent=Parent priority=1/1 target=192.168.0.116/32
add disabled=yes dst=ether9_100M_WAN limit-at=10M/10M max-limit=50M/19M name=\
1005-PC08 parent=Parent priority=1/1 target=192.168.0.119/32
add disabled=yes max-limit=50M/19M name=WEB packet-marks=web parent=Parent \
priority=2/2 target=192.168.0.0/24
add disabled=yes limit-at=10M/10M max-limit=20M/10M name=ALL packet-marks=\
no-mark parent=Parent target=192.168.0.0/24
/queue type
add kind=pcq name=PCQ_Download pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-limit=100KiB pcq-src-address6-mask=64
add kind=pcq name=PCQ_Upload pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=PCQ_Download_no_inet pcq-classifier=dst-address \
pcq-dst-address-mask=24 pcq-dst-address6-mask=64 pcq-limit=100KiB \
pcq-rate=1 pcq-src-address-mask=24 pcq-src-address6-mask=64
add kind=pcq name=PCQ_Upload_no_inet pcq-classifier=src-address \
pcq-dst-address-mask=24 pcq-dst-address6-mask=64 pcq-rate=1 \
pcq-src-address-mask=24 pcq-src-address6-mask=64
/system logging action
set 1 disk-file-name=flash/log
/user group
add name=support policy="local,reboot,read,write,test,winbox,web,!telnet,!ssh,\
!ftp,!policy,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=LAN_1003 interface=ether5_1G_SERVER
add bridge=LAN_1003 interface=ether2_1G
add bridge=LAN_1003 interface=ether1_1G
add bridge=LAN_1003 interface=ether4_1G
add bridge=LAN_1003 interface=ether3_1G
add bridge=LAN_1003 interface=ether6_100M
add bridge=LAN_1003 interface=ether7_100M
add bridge=LAN_1003 interface=ether8_100M
add bridge=LAN_1003 interface=wlan1
add bridge=LAN_1003 interface=ether10_100M_1005_MT
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether4_1G list=discover
add interface=ether3_1G list=discover
add interface=ether2_1G list=discover
add interface=ether1_1G list=discover
add list=discover
add list=discover
add interface=LAN_1003 list=discover
add interface=LAN_1003 list=mactel
add interface=LAN_1003 list=mac-winbox
/interface pptp-server server
set default-profile=adm
/interface wireless access-list
add comment="PHONE" disabled=yes mac-address=80:EA:96:17:5E:D7 \
vlan-mode=no-tag
/interface wireless cap
set bridge=LAN_1003 caps-man-addresses=192.168.0.1 interfaces=wlan1
/ip accounting
set enabled=yes
/ip accounting web-access
set accessible-via-web=yes
/ip address
add address=192.168.0.1/24 comment=defconf interface=LAN_1003 network=\
192.168.0.0
add address=x.x.x.x/27 disabled=yes interface=ether9_100M_WAN \
network=x.x.x.x
/ip dhcp-server lease
add address=192.168.0.104 always-broadcast=yes client-id=1:2c:59:e5:d1:84:4f \
comment=1003-HP425 mac-address=2C:59:E5:D1:84:4F server=dhcp_server
add address=192.168.0.105 always-broadcast=yes client-id=1:f4:f2:6d:56:ee:55 \
comment=1003-PC02 mac-address=F4:F2:6D:56:EE:55 server=dhcp_server
add address=192.168.0.106 comment=1003-HP506 mac-address=18:60:24:C6:A9:6E \
server=dhcp_server
add address=192.168.0.109 always-broadcast=yes client-id=1:0:21:91:94:50:49 \
comment=1003-PC05 mac-address=00:21:91:94:50:49 server=dhcp_server
add address=192.168.0.103 client-id=1:c8:60:0:6:db:b0 comment=1003-PC03 \
mac-address=C8:60:00:06:DB:B0 server=dhcp_server
add address=192.168.0.102 client-id=1:f0:c1:f1:8f:c1:75 comment=iPhone \
mac-address=F0:C1:F1:8F:C1:75 server=dhcp_server
add address=192.168.0.108 client-id=1:f8:d1:11:b2:be:cb comment=1003-PC01 \
mac-address=F8:D1:11:B2:BE:CB server=dhcp_server
add address=192.168.0.107 client-id=1:28:ed:6a:c6:52:73 comment=iPhone-OOO \
mac-address=28:ED:6A:C6:52:73 server=dhcp_server
add address=192.168.0.101 client-id=1:d0:81:7a:3a:56:c4 comment="iPhone" \
mac-address=D0:81:7A:3A:56:C4 server=dhcp_server
add address=192.168.0.110 client-id=1:ac:3c:b:e8:7:5d comment=iPhone \
mac-address=AC:3C:0B:E8:07:5D server=dhcp_server
add address=192.168.0.117 client-id=1:0:1f:29:29:fc:61 comment=\
"1005 HP LJ2727" mac-address=00:1F:29:29:FC:61 server=dhcp_server
add address=192.168.0.116 client-id=1:c:9d:92:c1:12:f comment=1005-PC07 \
mac-address=0C:9D:92:C1:12:0F server=dhcp_server
add address=192.168.0.119 client-id=1:bc:ae:c5:23:ac:ba comment=1005-PC08 \
mac-address=BC:AE:C5:23:AC:BA server=dhcp_server
add address=192.168.0.120 client-id=1:c8:d9:d2:b4:ed:59 comment=1005-HP521 \
mac-address=C8:D9:D2:B4:ED:59 server=dhcp_server
add address=192.168.0.115 client-id=1:0:19:66:84:2c:e7 comment=1005-left-side \
mac-address=00:19:66:84:2C:E7 server=dhcp_server
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1,195.208.145.18,8.8.8.8 \
domain=xxxxxx gateway=192.168.0.1 netmask=24 ntp-server=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=195.208.145.18,195.208.158.226,8.8.8.8
/ip dns static
add address=192.168.0.1 name=router
add address=192.168.0.200 name=server
/ip firewall address-list
add address=x.192.132.238 comment=Kolp_2 list=white_list
add address=x.174.0.188 comment=Chak list=white_list
add address=x.192.129.58 comment=Levi_2 list=white_list
add address=xx.164.209.249 comment=Dir_1 list=white_list
add address=xx.201.73.218 comment=Kolp_1 list=white_list
add address=xx.137.179.42 comment=Dir_2 list=white_list
add address=xx.192.132.15 comment=Pop list=white_list
add address=xx.180.80.31 comment=Kolp_3 list=white_list
add address=xx.180.96.63 comment=Kolp_4 list=white_list
add address=x.192.118.44 comment=Lev_1 list=white_list
add address=x.189.177.45 comment=Bub list=white_list
add address=x.189.228.154 comment=Burk list=white_list
/ip firewall filter
add action=accept chain=input disabled=yes
add action=accept chain=forward disabled=yes
add action=accept chain=input comment="WINBOX ALLOW" dst-port=8291 protocol=\
tcp
add action=accept chain=forward comment="white_list ALLOW_forward" \
in-interface=RTK src-address-list=white_list
add action=accept chain=input comment="white list accept ping" in-interface=\
RTK protocol=icmp src-address-list=white_list
add action=reject chain=input comment=IGMP disabled=yes log=yes log-prefix=\
PING protocol=igmp reject-with=icmp-network-unreachable src-address-list=\
!white_list
add action=drop chain=input comment=Drop_black_list in-interface=RTK \
src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=10h30m chain=input comment=Attack_host->black_list \
dst-port=21,22,23,25,1723,5060 in-interface=RTK log=yes log-prefix=\
add_host_to_black_list protocol=tcp src-address-list=!white_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=10h30m chain=input comment=Attack_host->black_list \
disabled=yes dst-port=80 in-interface=RTK log=yes log-prefix=\
add_host_to_black_list protocol=tcp src-address-list=!white_list
add action=accept chain=input disabled=yes in-interface=LAN_1003
add action=accept chain=forward disabled=yes in-interface=LAN_1003
add action=accept chain=forward comment=Sber dst-port=9443 protocol=tcp
add action=accept chain=forward comment=Sber disabled=yes dst-port=443 \
protocol=tcp
add action=accept chain=input comment="adm" dst-port=xxxx protocol=tcp \
src-address-list=white_list
add action=accept chain=input comment="adm pptp" dst-port=xx in-interface=\
RTK protocol=tcp src-address-list=white_list
add action=accept chain=input comment="adm pptp" dst-port=xxx in-interface=\
RTK protocol=tcp src-address-list=white_list
add action=accept chain=input comment="white_list ALLOW_input" in-interface=\
RTK src-address-list=white_list
add action=add-src-to-address-list address-list=xxx_knock \
address-list-timeout=5s chain=input comment="Port Knoking Check #1" \
dst-port=123 in-interface=RTK protocol=udp
add action=add-src-to-address-list address-list=xxx_knock \
address-list-timeout=5s chain=input comment="Port Knoking Check #2" \
dst-port=456 in-interface=RTK protocol=udp src-address-list=123_knock
add action=add-src-to-address-list address-list=white_list \
address-list-timeout=4h chain=input comment=\
"Port Knoking Check #3 > ADD IP" dst-port=xxx in-interface=RTK protocol=\
udp src-address-list=xxxx_knock
add action=drop chain=input comment="DROP UNKNOWN IP" connection-state=new \
in-interface=RTK
add action=drop chain=input comment=invalid connection-state=invalid
add action=drop chain=forward comment=invalid connection-state=invalid
add action=accept chain=input comment=established connection-state=\
established
add action=accept chain=forward comment=established connection-state=\
established
add action=accept chain=input comment=related connection-state=related
add action=accept chain=forward comment=related connection-state=related
/ip firewall mangle
add action=mark-connection chain=prerouting comment=SIP connection-type=sip \
new-connection-mark=sip passthrough=yes
add action=mark-connection chain=prerouting dst-port=5060 \
new-connection-mark=sip passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=sip new-packet-mark=sip \
passthrough=yes
add action=mark-connection chain=prerouting comment=WEB dst-port=80,443 \
new-connection-mark=web passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=web new-packet-mark=web \
passthrough=yes
add action=mark-connection chain=prerouting comment=SPEEDTEST disabled=yes \
dst-port=8080 new-connection-mark=speedtest passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=speedtest disabled=\
yes new-packet-mark=speedtest passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether9_100M_WAN
add action=masquerade chain=srcnat out-interface=RTK
add action=dst-nat chain=dstnat comment="NAT 4 1C THIN CLIENT IIS" disabled=\
yes dst-port=180 in-interface=RTK log=yes log-prefix=TC_connect protocol=\
tcp src-address-list=white_list time=\
7h-23h30m,sun,mon,tue,wed,thu,fri,sat to-addresses=192.168.0.200 \
to-ports=280
add action=netmap chain=dstnat comment="RDP 4 BUH" disabled=yes dst-port=3389 \
in-interface=RTK log=yes log-prefix=RDP_buh_connect protocol=tcp \
src-address-list=white_list time=7h-23h30m,sun,mon,tue,wed,thu,fri,sat \
to-addresses=192.168.0.200
add action=netmap chain=dstnat comment="RDP 4 admin" dst-port=3389 \
in-interface=RTK log=yes log-prefix=RDP_admin_connect protocol=tcp \
src-address-list=white_list to-addresses=192.168.0.116 to-ports=3389
add action=netmap chain=dstnat comment="AA 4 admin" disabled=yes dst-port=\
5931 in-interface=RTK log=yes log-prefix=RDP_admin_connect protocol=tcp \
src-address-list=white_list to-addresses=192.168.0.109 to-ports=5931
add action=netmap chain=dstnat comment="VNC 4 admin" disabled=yes dst-port=\
5900 in-interface=RTK log=yes log-prefix=VNC_admin_connect protocol=tcp \
src-address-list=white_list to-addresses=192.168.0.200 to-ports=5901
add action=netmap chain=dstnat comment="VNC 4 admin" dst-port=5900 \
in-interface=RTK log=yes log-prefix=VNC_admin_connect protocol=tcp \
src-address-list=white_list to-addresses=192.168.0.200 to-ports=5901
add action=netmap chain=dstnat comment="SLK Server" disabled=yes dst-port=\
9099 in-interface=RTK protocol=tcp to-addresses=192.168.0.200 to-ports=\
9099
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add disabled=yes distance=1 gateway=xxx.xxx.128.97
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set cache-entries=16k
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether9_100M_WAN type=external
add interface=LAN_1003 type=internal
/lcd interface pages
set 0 interfaces=sfp1,ether10_100M_1005_MT
/ppp secret
add name=administrator password=xxxxx service=pptp
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Novosibirsk
/system clock manual
set time-zone=+07:00
/system identity
set name=MT_MAIN_xxx
/system leds
add interface=ether5_1G_SERVER leds="" type=interface-activity
add interface=ether4_1G leds="" type=interface-activity
add interface=ether3_1G leds="" type=interface-activity
add interface=ether2_1G leds="" type=interface-activity
add interface=ether1_1G leds="" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=62.168.65.36 secondary-ntp=159.69.4.181
/system watchdog
set watchdog-timer=no
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=smtp.yandex.ru from=server-xxxxx@yandex.ru password=\
xxxxxxx port=465 start-tls=tls-only user=xxxxxx
/tool graphing interface
add allow-address=192.168.0.0/24 interface=ether5_1G_SERVER
add allow-address=xxx.xxx.139.163/32 interface=ether5_1G_SERVER
add allow-address=xxx.xxx.139.163/32 interface=ether1_1G
add allow-address=xxx.xx.147.111/32 interface=ether5_1G_SERVER
add allow-address=xxx.xx.147.111/32 interface=ether1_1G
/tool graphing queue
add allow-address=xx.xx.147.111/32
add allow-address=xxx.xx.139.163/32
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool mac-server ping
set enabled=no
/tool netwatch
add comment="Check Server" down-script=":local t [/sys clock get time]\r\
\n/tool e-mail send to=xxxxx@gmail.com subject=\"[xxxxx] SRV is DO\
WN / \$t\" body=\"[xxxxx] SRV is DOWN / \$t\"" host=192.168.0.200 \
interval=2m timeout=5s up-script=":local t [/sys clock get time]\r\
\n/tool e-mail send to=xxxxx@gmail.com subject=\"[xxxxxx] SRV is U\
P / \$t\" body=\"[xxxxxx] SRV is UP / \$t\""
add disabled=yes down-script=":local t [/sys clock get time]\r\
\n/tool e-mail send to=xxxxxx@gmail.com subject=\"xxxxxx WAN \"-\" / \$\
t\"" host=8.8.4.4 interval=2m timeout=5s up-script=":local t [/sys clock g\
et time]\r\
\n/tool e-mail send to=xxxxxx@gmail.com subject=\"xxxxx WAN \"+\" / \$\
t\""
/tool sniffer
set filter-interface=ether5_1G_SERVER