Winbox 2.2.14 caused screw configuration on my router 493 with router OS 3.23 more than 3 times. I don’t know how, but working configuration suddenly stops NATing and routing. I can get ping from all wan ports but don’t have NAT or routes to LAN PCs. Cannot find any changes to configuration, reboot doesn’t help and loading backup script inside winbox and restarting the router does’n help too.
Only solution is to reset router to factory defaults and load – paste script via terminal. After that router is working fine for a day with full load and then it happens again. Sometimes router stops working with winbox connections, sometimes just for no reason. Conecting to winbox from LAN or WAN is working perfectly all the time.
Also dst-nat, lets say, to port 80 may stop working and just opening the line in Winbox and pressing only apply without changes on already configured rule resolves the problem.
Can winbox make configuration mistakes or, the problem is maybe hardware script configuration.
Here is the config: Maybe someone can find useful this ECMP configuration with loadbalance among ADSL, Cable modem and DSL.
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mtu=1500 name=LAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mtu=1500 name=ADSL_WAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mtu=1500 name=WAN2 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mtu=1500 name=WAN3 speed=100Mbps
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=LAN lease-time=3d name=dhcp1
/interface pppoe-client
add ac-name=“” add-default-route=no allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=ADSL_WAN max-mru=1480 max-mtu=
1480 mrru=disabled name=ADSL password=xxxxxxxxx profile=default
service-name=“” use-peer-dns=no user=xxxxxxxxx
/ip address
add address=192.168.1.1/24 broadcast=192.168.1.255 comment=“” disabled=no
interface=LAN network=192.168.1.0
add address=8x.xxx.xxx.xxx/24 broadcast=8x.xxx.xxx.xxx comment=“” disabled=no
interface=WAN3 network=8x.xxx.xxx.0
add address=2xx.xxx.xxx.xxx/29 broadcast=2xx.xxx.xxx.xxx comment=“” disabled=no
interface=WAN2 network=2xx.xxx.xxx.xxx
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/24 comment=“” dns-server=192.168.1.1 gateway=
192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 primary-dns=208.67.220.220 secondary-dns=
208.67.222.222
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment=“” connection-state=invalid disabled=
yes
/ip firewall mangle
add action=mark-connection chain=input comment=“” connection-state=new
disabled=no in-interface=WAN2 new-connection-mark=WAN2con2R passthrough=
yes
add action=mark-routing chain=output comment=“” connection-mark=WAN2con2R
disabled=no new-routing-mark=toWAN2 passthrough=yes
add action=mark-connection chain=input comment=“” connection-state=new
disabled=no in-interface=WAN3 new-connection-mark=WAN3con2R
passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=WAN3con2R
disabled=no new-routing-mark=toWAN3 passthrough=yes
add action=mark-connection chain=input comment=“” connection-state=new
disabled=no in-interface=ADSL new-connection-mark=ADSLcon2R passthrough=
yes
add action=mark-routing chain=output comment=“” connection-mark=ADSLcon2R
disabled=no new-routing-mark=toADSL passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN2
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN3
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=ADSL
add action=dst-nat chain=dstnat comment=“” disabled=no
dst-port=9909 protocol=udp to-addresses=192.168.1.16
to-ports=9909
/ip route
add check-gateway=arp comment=“” disabled=no distance=2 dst-address=0.0.0.0/0
gateway=2xx.xxx.xxx.xxx,ADSL,WAN3,ADSL,WAN3 scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=2xx.xxx.xxx.0/19 gateway=
2xx.xxx.xxx.xxx scope=30 target-scope=10