Не пойму что стало происходить последнее время. Некоторые доменные имена перестали открываться через микрот (Hap AC2)/
Если на прямую через кабель, то открывает, все норм.
Отатывался до старой версии прошивки (6.49.6 Stable) не помогло.
Сбросил до заводских настроек без dafault configuration.
Руками все настроил без любых правил firewall кароме маскарадинга естественно. То же самое.
Сбрасывал и проверял с default configuration. Так же сайты не открываются.
Обновился вновь до 7.2.1 и вернул бекап.
Код: Выделить всё
# apr/17/2022 12:15:15 by RouterOS 7.2.1
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-XX country=russia3 disabled=no disconnect-timeout=15s distance=\
indoors frequency=auto frequency-mode=superchannel hw-retries=15 mode=\
ap-bridge ssid="Wi-Fi 2,4" station-roaming=enabled wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40mhz-XX country=russia3 disabled=no disconnect-timeout=\
15s distance=indoors frequency=auto frequency-mode=superchannel \
hw-retries=15 mode=ap-bridge ssid=Wi-Fi station-roaming=enabled wps-mode=\
disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.150
/ip dhcp-server
add address-pool=dhcp bootp-support=dynamic interface=bridge lease-time=8h \
name=dhcp
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=\
192.168.0.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=\
192.168.0.1,8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24 ntp-server=\
192.168.0.1
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
add address=192.168.0.1 comment="NTP server" name=time.windows.com
/ip firewall address-list
add address=0.0.0.0/8 list=BOGONS
add address=10.0.0.0/8 list=BOGONS
add address=100.64.0.0/10 list=BOGONS
add address=127.0.0.0/8 list=BOGONS
add address=169.254.0.0/16 list=BOGONS
add address=172.16.0.0/12 list=BOGONS
add address=192.0.0.0/24 list=BOGONS
add address=192.0.2.0/24 list=BOGONS
add address=192.168.0.0/16 list=BOGONS
add address=198.18.0.0/15 list=BOGONS
add address=198.51.100.0/24 list=BOGONS
add address=203.0.113.0/24 list=BOGONS
add address=224.0.0.0/3 list=BOGONS
/ip firewall filter
add action=accept chain=input comment=Winbox dst-port=8291 in-interface-list=\
LAN protocol=tcp src-address=192.168.0.0/24
add action=drop chain=input dst-port=8291 log-prefix="Winbox Drop" protocol=\
tcp
add action=drop chain=input comment="Perebor portov" src-address-list=\
perebor_portov_drop
add action=add-src-to-address-list address-list=perebor_portov_drop \
address-list-timeout=4w3d chain=input dst-port=\
20,21,22,23,25,53,68,80,123,137-139,156,443,3389,8291 in-interface=ether1 \
log-prefix=Attack protocol=tcp
add action=add-src-to-address-list address-list=perebor_portov_drop \
address-list-timeout=4w3d chain=input dst-port=\
110,143,587,993,995,1149,1721,2083,2087,2222,3306,8083,30000-35000 \
in-interface=ether1 log-prefix=Attack protocol=tcp
add action=add-src-to-address-list address-list=perebor_portov_drop \
address-list-timeout=4w3d chain=input dst-port=\
22,23,25,53,80,110,137-139,443,156,1149,5060,5061 in-interface=ether1 \
log-prefix=Attack protocol=udp
add action=fasttrack-connection chain=forward comment=Fasttrack \
connection-state=established,related hw-offload=yes in-interface=bridge
add action=accept chain=forward connection-state=established,related \
in-interface=bridge
add action=fasttrack-connection chain=forward hw-offload=yes in-interface=\
bridge
add action=accept chain=forward in-interface=bridge
add action=accept chain=forward comment="Accept All" connection-state=\
established,related
add action=accept chain=forward in-interface=bridge
add action=accept chain=input in-interface=bridge
add action=drop chain=input comment="Drop All Input" in-interface=ether1
add action=drop chain=forward
add action=drop chain=input
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
/ip firewall raw
add action=drop chain=prerouting in-interface=ether1 log-prefix=bogon \
src-address-list=BOGONS
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.0.0/24
set api-ssl disabled=yes
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name="Kerio Control"
/system leds settings
set all-leds-off=after-1min
/system logging
set 0 topics=info,!interface
add disabled=yes prefix=debug topics=wireless,debug
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=ntp1.stratum2.ru
add address=ntp2.stratum2.ru
add address=0.pool.ntp.org
add address=1.pool.ntp.org
/system package update
set channel=long-term
/system routerboard settings
set silent-boot=yes
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool bandwidth-server
set authenticate=no enabled=no
/tool graphing interface
add store-on-disk=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no