Alterserv

Hola,
Una mano.
Al pegar la regla del nat me quedo sin internet y me muestra esto al abrir una pagina, que puede ser.
saludos

NO tengo una bola de cristal.

publica tus reglas nat.

Hola amigo esto es lo que tengo


/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s

/ip firewall filter
add action=accept chain=forward comment="Acepta thunder 3.1.x" disabled=no \
    src-address=192.168.10.0/24

/ip firewall mangle
add action=mark-connection chain=postrouting comment="THUNDER CACHE FULL(TC 3.1.\
    x) =========================================================================\
    =============================" content="X-Cache: HIT from Thunder" \
    disabled=no new-connection-mark=thunder-connection passthrough=yes \
    protocol=tcp src-address=192.168.10.2
add action=mark-packet chain=postrouting connection-mark=thunder-connection \
    disabled=no new-packet-mark=thunder-packs passthrough=yes
add action=mark-connection chain=postrouting comment="(TC 3.1.x)================\
    ============================================================================\
    =========================" content="X-Cache: HIT from proxy.routero-os.com" \
    disabled=no new-connection-mark=proxy-hits passthrough=yes protocol=tcp \
    src-address=192.168.10.2
add action=mark-packet chain=postrouting connection-mark=proxy-hits disabled=no \
    new-packet-mark=proxy-squid passthrough=yes
add action=mark-connection chain=prerouting comment=Youtube content=youtube \
    disabled=no new-connection-mark=youtube_in passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=youtube_in disabled=no \
    new-packet-mark=youtube_in passthrough=no
add action=mark-connection chain=prerouting comment="Https y Http" disabled=no \
    dst-port=443 in-interface=!ether1_wan new-connection-mark=http_up_cnx \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80 \
    in-interface=!ether1_wan new-connection-mark=http_up_cnx passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_up_cnx disabled=no \
    new-packet-mark=http_up_pkt passthrough=no
add action=mark-connection chain=prerouting comment="ICMP(Ping)" disabled=no \
    new-connection-mark=icmp_conex passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conex disabled=no \
    new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=53 \
    new-connection-mark=dns_conex passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
    new-connection-mark=dns_conex passthrough=no protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conex disabled=no \
    new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting comment=Msn disabled=no dst-port=\
    1863 in-interface=!ether1_wan new-connection-mark=msn_conex passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=msn_conex disabled=no \
    new-packet-mark=msn passthrough=no
add action=mark-connection chain=prerouting comment=WinBox disabled=no \
    dst-port=8292 new-connection-mark=winbox_conex passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=20561 \
    new-connection-mark=winbox_conex passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=winbox_conex disabled=\
    no new-packet-mark=winbox_pkt passthrough=no
add action=mark-connection chain=postrouting comment="Winbox 2" \
    connection-mark=winbox_conex disabled=no new-connection-mark=winbox_down \
    passthrough=yes
add action=mark-packet chain=postrouting connection-mark=winbox_down disabled=\
    no new-packet-mark=winbox_down_pkt passthrough=no
add action=mark-connection chain=prerouting comment=TeamViewer disabled=no \
    dst-port=5938 in-interface=!ether1_wan new-connection-mark=TeamViewer_conex \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=TeamViewer_conex \
    disabled=no new-packet-mark=teamviewer passthrough=no
add action=mark-connection chain=prerouting comment="Otras UDP connection" \
    disabled=no in-interface=!ether1_wan new-connection-mark=otras_udp_cnx \
    passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=otras_udp_cnx disabled=\
    no new-packet-mark=otras_udp_pkt passthrough=no
add action=mark-connection chain=prerouting comment="Otras connection" \
    connection-bytes=0-500000 disabled=no in-interface=!ether1_wan \
    new-connection-mark=otras_cnx passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=otras_cnx disabled=no \
    new-packet-mark=otras_pkt passthrough=no

/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address=192.168.5.0/24
add action=dst-nat chain=dstnat comment="Redirect Thunder 3.1.x" disabled=yes \
    dst-port=80 protocol=tcp src-address=!192.168.10.2 to-addresses=\
    192.168.10.2 to-ports=3128

/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

a ver que desperfecto le miras

tienes varias reglas que no tienen mucho sentido.

pero en lo que respecta al thunder

en NAT debería ir asi

/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Thunder 3.1.x" disabled=yes \
    dst-port=80 protocol=tcp src-address=!192.168.10.2 to-addresses=\
    192.168.10.2 to-ports=3128
add action=masquerade chain=srcnat disabled=no src-address=192.168.5.0/24

primero redireccionas luego enmascaras en tu rango de usuarios 192.168.5.0/24

Gracias amigo por la ayuda

Ya hice exactamente lo que me dijiste puese arriba el enmacarado y abajo el redireccionamiento y pegue la regla del nat asi como me la pusiste pero sigue sin funcionar, me sale el mismo error: Incapaz de determinar la dirección IP a partir del nombre de la máquina y me sigue dejando sin internet al habilitar la regla de NAT.

Tal vez no podrá ser cosa de mi proveedor que es TELMEX yo tengo el internet a través de DHCP cliente la dirección ip del la ether1_wan me la asigno automático por DHCP el modem THOMSON. ¿que crees?

saludos 

Cambia el enmascarado, haslo por interface.

Saludos.

Amigo no se exactamente a que te refieres, pero menimagino que es asi:
add action=masquerade chain=srcnat disabled=no src-address=ether1_wan ???

Que medices

El mensaje de error que tienes se debe al dns, no puede resolver el nombre de la pagina. Revisa que tu MK tenga configurado los dns.

Cita de: isaacr_22 en Diciembre 06, 2012, 01:33:43 AM
Amigo no se exactamente a que te refieres, pero menimagino que es asi:
add action=masquerade chain=srcnat disabled=no src-address=ether1_wan ???

Que medices

en nat y mangle por interface para salga saludos

Para despistar te has fijado si el servidor tiene internet, esto para ver si la falla es por la configuracion del servidor o del mikrotik.

Saludos.

Wow wow

Por fin ya me esta funcionando.

Muchas gracias en especial a LUISTEC, lo conseguí haciendo el enmasacarado en Out. Interface: al wan y desactivando en Src. Address.

Saludos