ребят, подскажите, пожалуйста, где ошибка? Инет на хостах есть, а вот с самого роутера нет:
Код: Выделить всё
[admin@196] > export
# dec/11/2019 20:23:48 by RouterOS 6.45.2
# software id = WA8E-IMTB
#
# model = RouterBOARD 3011UiAS
# serial number = 8EE12121212
/interface bridge
add admin-mac=74:4D:28:12:0D:BC auto-mac=no comment=defconf name=local
/interface ethernet
set [ find default-name=ether7 ] mac-address=74:4D:28:12:0D:C1
set [ find default-name=ether3 ] name=rtk1
set [ find default-name=ether2 ] name=rtk2
set [ find default-name=ether4 ] name=strela
set [ find default-name=ether1 ] name=ttk
/interface bonding
add mode=802.3ad name=server slaves=ether6,ether7 transmit-hash-policy=layer-2-and-3
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.1.180-192.168.1.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=local lease-time=5h name=defconf
/snmp community
set [ find default=yes ] addresses=192.168.1.5/32
/interface bridge port
add bridge=local comment=defconf interface=ether5
add bridge=local interface=ether8
add bridge=local interface=ether9
add bridge=local interface=ether10
add bridge=local interface=server
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=local list=LAN
add comment=defconf interface=ttk list=WAN
add interface=rtk1 list=WAN
add interface=rtk2 list=WAN
add interface=strela list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=local network=192.168.1.0
add address=192.168.3.2/24 interface=rtk2 network=192.168.3.0
add address=192.168.4.2/24 interface=ttk network=192.168.4.0
add address=192.168.2.2/24 interface=rtk1 network=192.168.2.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ttk
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=strela
/ip dhcp-server network
add address=192.168.1.0/24 comment=local dns-server=192.168.1.6,77.88.8.8,77.88.8.1,8.8.8.8 gateway=192.168.1.1 \
netmask=24 next-server=192.168.1.6
/ip dns
set allow-remote-requests=yes servers=192.168.1.6,77.88.8.8,77.88.8.1,8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=route chain=prerouting dst-address=192.81.240.0/21 passthrough=no route-dst=192.168.2.1
add action=route chain=prerouting dst-address=104.255.104.0/22 passthrough=no route-dst=192.168.2.1
add action=route chain=prerouting passthrough=no route-dst=10.2.192.1 src-address=192.168.1.170
add action=mark-connection chain=input in-interface=rtk1 new-connection-mark=rtk1->input passthrough=no
add action=mark-routing chain=output connection-mark=rtk1->input new-routing-mark=rtk1->out passthrough=no
add action=mark-connection chain=input in-interface=rtk2 new-connection-mark=rtk2->input passthrough=no
add action=mark-routing chain=output connection-mark=rtk2->input new-routing-mark=rtk2->out passthrough=no
add action=mark-connection chain=input in-interface=ttk new-connection-mark=ttk->input passthrough=no
add action=mark-routing chain=output connection-mark=ttk->input new-routing-mark=ttk->out passthrough=no
add action=mark-connection chain=input in-interface=strela new-connection-mark=stk->input passthrough=no
add action=mark-routing chain=output connection-mark=stk->input new-routing-mark=stk->out passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=mixed passthrough=no src-address=192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ttk
add action=masquerade chain=srcnat out-interface=rtk2
add action=masquerade chain=srcnat out-interface=rtk1
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=rtk1->out
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=rtk2->out
add check-gateway=ping disabled=yes distance=1 gateway=192.168.4.1 routing-mark=ttk->out
add check-gateway=ping distance=5 gateway=10.2.192.1 routing-mark=stk->out
add check-gateway=ping distance=1 gateway=192.168.2.1,192.168.3.1,10.2.192.1 routing-mark=mixed
/snmp
set contact=admin@email.com enabled=yes trap-generators="" trap-interfaces=local trap-version=2
/system clock
set time-zone-name=Asia/Avanpost
/system identity
set name=196
/system ntp client
set enabled=yes primary-ntp=87.250.250.226 secondary-ntp=216.239.35.0
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Код: Выделить всё
[admin@196] >
[admin@196] > ping ya.ru
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
3 no route to host
4 no route to host
sent=5 received=0 packet-loss=100%