Цитата:
Сообщение от Smith
Если вы взяли бэкап в files то такой бэкап содержит точную копию всех настроек роутера, включая макадреса и т.д. и разворачиваться такой бэкап должен только на идентичный рутер.
|
Да, я понимаю, тут проблема в том, что мы думали, что дело в роутере, но похоже траблы в чем-то другом.
Цитата:
Сообщение от Smith
Без текстового конфига гадать можно бесконечно.
|
[SPOILER=Вот]
Код:
# apr/17/2018 11:08:06 by RouterOS 6.41
# software id = 7Z71-CVJC
#
# model = RouterBOARD 941-2nD
# serial number = 7DE307B119D1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=wlan \
wireless-protocol=802.11
/interface bridge
add admin-mac=000 arp=proxy-arp auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=000 name=000
set [ find default-name=ether2 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] name=switch
/interface pppoe-client
add add-default-route=yes disabled=no interface=000 name=000 password=\
000 use-peer-dns=yes user=000
/interface l2tp-server
add name=000 user=000
add name=r000 user=r000
/interface pptp-server
add name=C000 user=C000
add name=C000 user=C000
add name=s000 user=s000
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=000 \
wpa2-pre-shared-key=000
/ip pool
add name=LAN ranges=000.000.0.100-000.000.0.254
add name=VPN ranges=000.000.000.2-000.000.000.254
/ip dhcp-server
add address-pool=LAN disabled=no interface=bridge lease-time=1d name=bridge
/ppp profile
add bridge=bridge change-tcp-mss=yes incoming-filter="" local-address=\
000.000.000.1 name=VPN only-one=yes remote-address=VPN
add bridge=bridge change-tcp-mss=yes local-address=000.000.000.1 name=VIP \
only-one=yes remote-address=VPN
/interface l2tp-client
add allow-fast-path=yes connect-to=00.000.000.195 disabled=no name=000k \
password=0000r profile=default user=00000
/system logging action
set 1 disk-file-count=3 disk-lines-per-file=10000
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=switch
add bridge=bridge interface=ether4
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface detect-internet
set detect-interface-list=WAN lan-interface-list=LAN
/interface l2tp-server server
set default-profile=VPN enabled=yes
/interface list member
add interface=bridge list=LAN
add interface=000 list=WAN
add interface=000 list=WAN
/interface pptp-server server
set default-profile=VPN enabled=yes
/ip accounting
set enabled=yes
/ip address
add address=000.000.000.1/24 comment=defconf interface=bridge network=\
000.000.000.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=LDS
/ip dhcp-server lease
add address=000.000.000.72 always-broadcast=yes mac-address=000 \
server=bridge
add address=000.000.000.74 mac-address=000 server=bridge
add address=000.000.000.71 mac-address=0000 server=bridge
add address=000.000.000 mac-address=000 server=bridge
add address=000.000.000 always-broadcast=yes mac-address=0000 \
server=bridge
/ip dhcp-server network
add address=000.000.0000/24 comment=LAN gateway=000.000.000.1
add address=000.000.000.0/24 comment=VPN dns-server=000.000.000.1 gateway=\
000.000.000.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="drop pptp brute forcers" dst-port=1723 \
protocol=tcp src-address-list=pptp_blacklist
add action=add-src-to-address-list address-list=pptp_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=1723 \
protocol=tcp src-address-list=pptp_stage3
add action=add-src-to-address-list address-list=pptp_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=1723 \
protocol=tcp src-address-list=pptp_stage2
add action=add-src-to-address-list address-list=pptp_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=1723 \
protocol=tcp src-address-list=pptp_stage1
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none \
out-interface=!bridge
add action=dst-nat chain=dstnat comment=Redmine dst-port=80 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000 to-ports=80
add action=dst-nat chain=dstnat comment=RDP dst-port=6 in-interface=!bridge \
protocol=tcp to-addresses=000.000.000 to-ports=3389
add action=dst-nat chain=dstnat comment=Ftp_Install dst-port=21 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000.70 to-ports=21
add action=dst-nat chain=dstnat comment="RDP 000" dst-port=12850 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000.70 to-ports=\
12850
add action=dst-nat chain=dstnat comment="RDP 000r" dst-port=156 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000 to-ports=\
3389
add action=dst-nat chain=dstnat comment="RDP 000m" dst-port=71 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000 to-ports=\
3389
add action=dst-nat chain=dstnat comment="RDP 000р" dst-port=72 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000 to-ports=\
3389
add action=dst-nat chain=dstnat comment="RDP 00ey" dst-port=73 \
in-interface-list=WAN protocol=tcp to-addresses=192.168.5.73 to-ports=\
3389
add action=dst-nat chain=dstnat comment="RDP 0a" dst-port=74 \
in-interface-list=WAN protocol=tcp to-addresses=000.000.000.74 to-ports=\
3389
add action=dst-nat chain=dstnat comment=Torrent dst-port=10001 protocol=tcp \
to-addresses=000.000.000.6 to-ports=10001
add action=dst-nat chain=dstnat comment=Torrent dst-port=10001 protocol=udp \
to-addresses=000.000.000.6 to-ports=10001
add action=dst-nat chain=dstnat comment=CommFort dst-port=9750 \
in-interface-list=WAN protocol=tcp to-addresses=1000.000.000.70 to-ports=\
9750
add action=dst-nat chain=dstnat comment=CommFort dst-address=9000.000.000 \
in-interface-list=!WAN protocol=tcp src-address=000.000.000/16 \
to-addresses=000.000.000
add action=masquerade chain=srcnat comment=CommFort dst-address=000.000.000 \
protocol=tcp
add action=dst-nat chain=dstnat dst-port=25 protocol=tcp to-addresses=\
000.000.000 to-ports=25
/ip proxy
set enabled=yes port=888 serialize-connections=yes src-address=0.0.0.0
/ip route
add distance=1 dst-address=000.000.0000/24 gateway=000.000.000.50
add distance=1 dst-address=000.000.0008.0/24 gateway=0000
add distance=1 dst-address=000.000.0009.0/24 gateway=000.000.000.254
add distance=1 dst-address=000.000.0000.0/24 gateway=000.000.000.253
/ip service
set telnet disabled=yes port=2323
set ftp port=2121
set www disabled=yes port=8080
set ssh disabled=yes port=2222
set api disabled=yes
/ip upnp
set enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=0000t type=external
add interface=bridge type=internal
add interface=rt000 type=internal
/ppp secret
add name=0 password=0 profile=VPN
add name=0 password=0 profile=VPN
add name=0 password=0 profile=VPN
add name=0 password=0R profile=VPN
add name=0 password=0 profile=VIP
add name=R00_00 password=A0 profile=VPN
add name=rtdmn password=0 profile=VIP remote-address=\
000.00.100.00
add name=0 password=saxsafon profile=VPN remote-address=0.0.0.0
add name=C0R password=0 profile=VPN remote-address=0.0.0.0
add name=C00R password=0 profile=VPN remote-address=\
0.0.0.0
add name=0n password=C0 profile=VPN remote-address=\
0.0.0.0
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system identity
set name=Most
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
/system ntp client
set enabled=yes primary-ntp=0.0.0.0 secondary-ntp=0.0.0.00 \
server-dns-names=прпрпрпрпр
/system routerboard settings
set cpu-frequency=750MHz
/tool graphing interface
add interface=00
add interface=00_Inet
add interface=bridge
add interface=ether2
add interface=switch
add interface=wlan1
add interface=ether4
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Часть инфы потерта, если стер лишнего - скажите.
Сейчас обратил внимание на:
/ppp secret
add name=0 password=0 profile=VPN
add name=0 password=0 profile=VPN
add name=0 password=0 profile=VPN
add name=0 password=0R profile=VPN
add name=0 password=0 profile=VIP
add name=R00T_ADMIN password=00007 profile=VPN
add name=rtdmn password=0007 profile=VIP remote-address=\
0.0.0.00
Красными выделены логины, которыми пользовался прошлый админ, может он что-то удаленно подправил?[/SPOILER]
PS: Тут стоит еще прошивка 6.41, обновлял до 6.42 - не помогло.
Цитата:
Сообщение от Smith
Или после падения он уже не доступен? Во время падения он пингается? Прошивка последняя?
|
При падении он не пингуется, прошивка была 6.41, обновлял до 6.42 - не помогло.
На новом была прошивка 6.37, также обновлял до 6.42.