Controle de rede P2P,MSN ETC

georgegomes · 22-06-2008, 12:32

Pessoal, estou tendo problemas com minha rede, a net está ficnado lenta quando o pessoal começa baixar em p2p, o problema que fiz as regras d controle, que tem nós tutoriais e não está adiantando. oque devo fazer???

Mr. RG · 22-06-2008, 13:55

Citação:

Postado Originalmente por georgegomes

Pessoal, estou tendo problemas com minha rede, a net está ficnado lenta quando o pessoal começa baixar em p2p, o problema que fiz as regras d controle, que tem nós tutoriais e não está adiantando. oque devo fazer???

Posta suas regras para darmos uma olhada.

georgegomes · 22-06-2008, 17:37

Citação:

Postado Originalmente por Mr. RG

Posta suas regras para darmos uma olhada.

aqui estão :

/ ip firewall mangle
add chain=output protocol=tcp src-port=3128 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="PROXY FULL" \
disabled=yes
add chain=forward protocol=udp src-port=0 action=mark-connection \
new-connection-mark=block passthrough=yes comment="" disabled=yes
add chain=output connection-mark=proxy action=mark-packet \
new-packet-mark=proxy passthrough=yes comment="" disabled=yes
add chain=output connection-mark=proxy action=return comment="" disabled=yes
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=all-p2p passthrough=yes comment="----- P2P" \
disabled=no
add chain=prerouting connection-mark=all-p2p action=mark-packet \
new-packet-mark=ALL-P2P passthrough=no comment="" disabled=no
add chain=prerouting dst-address=66.36.231.71 protocol=tcp src-port=1024-65535 \
dst-port=80 action=mark-connection new-connection-mark=manchobanda \
passthrough=yes comment="MEDIDORES DE LARGURA" disabled=no
add chain=prerouting dst-address=216.49.88.18 protocol=tcp src-port=1024-65535 \
dst-port=80 action=mark-connection new-connection-mark=manchobanda \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=manchobanda action=mark-packet \
new-packet-mark=MIDOANCHODEBANDA passthrough=no comment="" disabled=no
add chain=forward protocol=udp dst-port=4672 action=mark-connection \
new-connection-mark=all-p2p passthrough=yes comment="Marco todos os P2P" \
disabled=no
add chain=forward connection-mark=all-p2p action=mark-packet \
new-packet-mark=ALL-P2P passthrough=yes comment="" disabled=no
add chain=output protocol=udp src-port=0-65535 dst-port=514 \
action=mark-connection new-connection-mark=syslog-mt passthrough=no \
comment="Syslog soft MT para Windows" disabled=no
add chain=prerouting protocol=tcp dst-port=113 action=mark-connection \
new-connection-mark=auth passthrough=no comment="----- Marco outras \
coisas de menos uso" disabled=no
add chain=prerouting protocol=tcp dst-port=119 action=mark-connection \
new-connection-mark=nntp passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection \
new-connection-mark=imap passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=161-162 action=mark-connection \
new-connection-mark=snmp passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=554 action=mark-connection \
new-connection-mark=audio-streaming passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1755 action=mark-connection \
new-connection-mark=audio-streaming passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=993 action=mark-connection \
new-connection-mark=imaps passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=2379 action=mark-connection \
new-connection-mark=kgs passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3389 action=mark-connection \
new-connection-mark=win-rdp passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=5900-5901 action=mark-connection \
new-connection-mark=vnc passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6667-6669 action=mark-connection \
new-connection-mark=irc passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp src-port=36725 dst-port=1024-65535 \
action=mark-connection new-connection-mark=skype passthrough=no comment="" \
disabled=no
add chain=prerouting protocol=udp src-port=1024-65535 dst-port=5060-5061 \
action=mark-connection new-connection-mark=sip passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp src-port=5060-5061 dst-port=1024-65535 \
action=mark-connection new-connection-mark=sip passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=icmp icmp-options=8:0-255 action=mark-connection \
new-connection-mark=ping passthrough=yes comment="----- PING" disabled=no
add chain=prerouting connection-mark=ping action=mark-packet \
new-packet-mark=PING passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection \
new-connection-mark=ftp passthrough=yes comment="----- FTP" disabled=no

georgegomes · 22-06-2008, 17:38

add chain=prerouting connection-mark=ftp action=mark-packet \
new-packet-mark=FTP passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="----- DNS" disabled=no
add chain=prerouting protocol=tcp src-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp src-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=dns action=mark-packet \
new-packet-mark=DNS passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=80 src-address-list=nat-addr \
action=mark-connection new-connection-mark=http passthrough=yes \
comment="----- HTTP" disabled=no
add chain=prerouting connection-mark=http action=mark-packet \
new-packet-mark=HTTP passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=https passthrough=yes comment="----- HTTPS" \
disabled=no
add chain=prerouting protocol=tcp src-port=443 action=mark-connection \
new-connection-mark=https passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=https action=mark-packet \
new-packet-mark=HTTPS passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=pop3 passthrough=yes comment="----- POP3" disabled=no
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection \
new-connection-mark=pop3 passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=pop3 action=mark-packet \
new-packet-mark=POP3-POP3s passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp dst-port=123 action=mark-connection \
new-connection-mark=ntp passthrough=yes comment="----- NTP" disabled=no
add chain=prerouting connection-mark=ntp action=mark-packet \
new-packet-mark=NTP passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
new-connection-mark=msn passthrough=yes comment="----- MSN" disabled=no
add chain=prerouting protocol=tcp dst-port=6891-6900 action=mark-connection \
new-connection-mark=msn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
new-connection-mark=msn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=7001 action=mark-connection \
new-connection-mark=msn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=msn action=mark-packet \
new-packet-mark=MSN passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3128 src-address-list=local-addr \
action=mark-connection new-connection-mark=proxy passthrough=yes \
comment="----- PROXY" disabled=no
add chain=prerouting protocol=tcp src-port=3128 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=proxy action=mark-packet \
new-packet-mark=PROXY passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=winbox passthrough=yes comment="----- WINBOX" \
disabled=no
add chain=prerouting connection-mark=winbox action=mark-packet \
new-packet-mark=WINBOX passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection \
new-connection-mark=pptp passthrough=yes comment="Protocolos: GRE - L2TP - \
PPTP - VPN Megatone" disabled=no
add chain=prerouting connection-mark=pptp action=mark-packet \
new-packet-mark=VPN passthrough=no comment="" disabled=no
add chain=prerouting protocol=gre action=mark-connection \
new-connection-mark=gre passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=gre action=mark-packet \
new-packet-mark=VPN passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp dst-port=1701 action=mark-connection \
new-connection-mark=l2tp passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=l2tp action=mark-packet \
new-packet-mark=VPN passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp dst-port=1194 action=mark-connection \
new-connection-mark=vpn-megatone passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=vpn-megatone action=mark-packet \
new-packet-mark=VPN passthrough=no comment="" disabled=no
add chain=output protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="----- DNS vindo do \
Router" disabled=no
add chain=output connection-mark=dns action=mark-packet new-packet-mark=DNS \
passthrough=no comment="" disabled=no
add chain=output protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http passthrough=yes comment="" disabled=no
add chain=output connection-mark=http action=mark-packet new-packet-mark=HTTP \
passthrough=no comment="" disabled=no
add chain=output protocol=tcp dst-port=5002 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="" disabled=no
add chain=output protocol=tcp src-port=5002 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="" disabled=no
add chain=output connection-mark=proxy action=mark-packet \
new-packet-mark=PROXY passthrough=no comment="" disabled=no
add chain=input protocol=udp src-port=53 action=mark-connection \
new-connection-mark=dns passthrough=yes comment="" disabled=no
add chain=input connection-mark=dns action=mark-packet new-packet-mark=DNS \
passthrough=yes comment="" disabled=no
add chain=input protocol=tcp src-port=5002 dst-port=1024-65535 \
action=mark-connection new-connection-mark=proxy passthrough=yes \
comment="" disabled=no
add chain=input connection-mark=proxy action=mark-packet new-packet-mark=PROXY \
passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp action=mark-connection \
new-connection-mark=other-udp passthrough=yes comment="----- UDP NAO \
RECONHECIDOS " disabled=no
add chain=prerouting connection-mark=other-udp action=mark-packet \
new-packet-mark=OTHER-UDP passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1024-3126 action=mark-connection \
new-connection-mark=other-tcp-bajo passthrough=yes comment="----- TCP NAO \
RECONHECIDOS PUERTOS BAJOS" disabled=no
add chain=prerouting protocol=tcp dst-port=3129-10000 action=mark-connection \
new-connection-mark=other-tcp-bajo passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=other-tcp-bajo action=mark-packet \
new-packet-mark=TCP-BAJO passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=10001-10999 action=mark-connection \
new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \
NAO RECONHECIDOS PUERTOS MEDIOS" disabled=no
add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \
new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=11000-11999 action=mark-connection \
new-connection-mark=yahoo-juegos passthrough=yes comment="YAHOO Jogos" \
disabled=no
add chain=prerouting connection-mark=yahoo-juegos action=mark-packet \
new-packet-mark=YAHOO passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=12000-30000 action=mark-connection \
new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \
NAO RECONHECIDOS PORTAS MEDIAS" disabled=no

disabled=no

georgegomes · 22-06-2008, 17:39

add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \
new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=30001-65535 \
src-address-list=nat-addr action=mark-connection \
new-connection-mark=other-tcp-alto passthrough=yes comment="----- TCP NAO \
RECONHCIDOS PORTAS ALTAS" disabled=no
add chain=prerouting connection-mark=other-tcp-alto action=mark-packet \
new-packet-mark=TCP-ALTO passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=other \
passthrough=yes comment="----- POR PRECAUSAO MARCO TUDO" disabled=no
add chain=prerouting connection-mark=other action=mark-packet \
new-packet-mark=OTHER passthrough=no comment="" disabled=no
add chain=postrouting protocol=tcp dst-port=5002 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="" disabled=no
add chain=postrouting protocol=tcp src-port=5002 action=mark-connection \
new-connection-mark=proxy passthrough=yes comment="" disabled=no
add chain=postrouting connection-mark=proxy action=mark-packet \
new-packet-mark=PROXY passthrough=yes comment="" disabled=no
add chain=output src-address=172.19.100.100 protocol=tcp src-port=5002 \
dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
passthrough=yes comment="" disabled=no
add chain=output src-address=172.242.100.100 protocol=tcp src-port=5002 \
dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
passthrough=yes comment="" disabled=no
add chain=output src-address=172.246.100.100 protocol=tcp src-port=5002 \
dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
passthrough=yes comment="" disabled=no
add chain=output connection-mark=proxy action=mark-packet \
new-packet-mark=PROXY passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=WAN action=masquerade comment="" disabled=no
add chain=dstnat connection-mark=dns action=redirect to-ports=0-65535 \
comment="proxy for DNS requests" disabled=no
add chain=dstnat in-interface=WAN src-address=172.19.100.0/24 protocol=tcp \
dst-port=80 action=redirect to-ports=3128 comment="proxy for HTTP \
requests" disabled=no
add chain=dstnat in-interface=WLAN-EW src-address=172.246.100.0/24 \
protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="proxy for \
HTTP requests" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no

aqui as do queue:

/ queue tree
add name="Int-OUT" parent=global-in packet-mark="" limit-at=256000 \
queue=default priority=1 max-limit=512000 burst-limit=0 \
burst-threshold=128000 burst-time=12s disabled=no
add name="POP3-Out" parent=Int-OUT packet-mark=POP3-POP3s limit-at=64000 \
queue=default priority=4 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="RESTO-OUT" parent=Int-OUT packet-mark=OTHER limit-at=0 queue=default \
priority=4 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="FTP-Out" parent=Int-OUT packet-mark=FTP limit-at=0 queue=default \
priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="HTTP-OUT" parent=Int-OUT packet-mark=HTTP limit-at=0 queue=default \
priority=2 max-limit=280000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="DNS-OUT" parent=Int-OUT packet-mark=DNS limit-at=0 queue=default \
priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="SMTP-OUT" parent=Int-OUT packet-mark=SMTP-SMTPs limit-at=0 \
queue=default priority=7 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="SSH-OUT" parent=Int-OUT packet-mark=SSH limit-at=0 queue=default \
priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="TCP-OUT" parent=Int-OUT packet-mark=TCP-BAJO limit-at=0 \
queue=default priority=8 max-limit=190000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="UDP-OUT" parent=Int-OUT packet-mark=OTHER-UDP limit-at=0 \
queue=default priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="TELNET-OUT" parent=Int-OUT packet-mark=TELNET limit-at=0 \
queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="WEBPROXY-OUT" parent=Int-OUT packet-mark=PROXY limit-at=512000 \
queue=default priority=8 max-limit=768000 burst-limit=1024000 \
burst-threshold=0 burst-time=20s disabled=no
add name="TCP-MEDIOS" parent=Int-OUT packet-mark=TCP-MEDIO limit-at=0 \
queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="TCP-ALTOS" parent=Int-OUT packet-mark=TCP-ALTO limit-at=0 \
queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="HTTP/S-OUT" parent=Int-OUT packet-mark=HTTPS limit-at=0 \
queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="TEST-ANCHO-Int-OUT" parent=Int-OUT packet-mark=MIDOANCHODEBANDA \
limit-at=0 queue=default priority=2 max-limit=32000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="Control.P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \
priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Control-P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \
priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \

22-06-2008, 12:32	#1 (permalink)
georgegomes Registrado em: Apr 2008 Localização: Portugal Mensagens: 49 Agradeceu: 1 Agradecido 0 vez(es) em 0 Posts Reputação: 10	Controle de rede P2P,MSN ETC Pessoal, estou tendo problemas com minha rede, a net está ficnado lenta quando o pessoal começa baixar em p2p, o problema que fiz as regras d controle, que tem nós tutoriais e não está adiantando. oque devo fazer???

Tópicos Similares
Tópico	Tópico Iniciado Por	Fórum	Respostas	Última Mensagem
controle de banda sendo burlado por rede p2p	rfusco	Mikrotik Controle de Banda	9	03-02-2008 14:09
Controle de mac interface de rede sem fio	gfox007	Mikrotik	4	21-08-2007 9:00
Controle de MAC na rede (switch)	Super_Diaulas	Adm. em Geral	2	11-08-2006 14:40
Controle de trafego de rede	Manga	Redes/Protocolos	3	01-02-2005 15:52
Controle total da rede	flanandorj	Proxy/NAT/Firewall	2	27-08-2004 11:57

22-06-2008, 17:38	#4 (permalink)
georgegomes Registrado em: Apr 2008 Localização: Portugal Mensagens: 49 Agradeceu: 1 Agradecido 0 vez(es) em 0 Posts Reputação: 10	add chain=prerouting connection-mark=ftp action=mark-packet \ new-packet-mark=FTP passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="----- DNS" disabled=no add chain=prerouting protocol=tcp src-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp dst-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp src-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=dns action=mark-packet \ new-packet-mark=DNS passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=80 src-address-list=nat-addr \ action=mark-connection new-connection-mark=http passthrough=yes \ comment="----- HTTP" disabled=no add chain=prerouting connection-mark=http action=mark-packet \ new-packet-mark=HTTP passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \ new-connection-mark=https passthrough=yes comment="----- HTTPS" \ disabled=no add chain=prerouting protocol=tcp src-port=443 action=mark-connection \ new-connection-mark=https passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=https action=mark-packet \ new-packet-mark=HTTPS passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \ new-connection-mark=pop3 passthrough=yes comment="----- POP3" disabled=no add chain=prerouting protocol=tcp dst-port=995 action=mark-connection \ new-connection-mark=pop3 passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=pop3 action=mark-packet \ new-packet-mark=POP3-POP3s passthrough=no comment="" disabled=no add chain=prerouting protocol=udp dst-port=123 action=mark-connection \ new-connection-mark=ntp passthrough=yes comment="----- NTP" disabled=no add chain=prerouting connection-mark=ntp action=mark-packet \ new-packet-mark=NTP passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \ new-connection-mark=msn passthrough=yes comment="----- MSN" disabled=no add chain=prerouting protocol=tcp dst-port=6891-6900 action=mark-connection \ new-connection-mark=msn passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \ new-connection-mark=msn passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp dst-port=7001 action=mark-connection \ new-connection-mark=msn passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=msn action=mark-packet \ new-packet-mark=MSN passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=3128 src-address-list=local-addr \ action=mark-connection new-connection-mark=proxy passthrough=yes \ comment="----- PROXY" disabled=no add chain=prerouting protocol=tcp src-port=3128 action=mark-connection \ new-connection-mark=proxy passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=proxy action=mark-packet \ new-packet-mark=PROXY passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \ new-connection-mark=winbox passthrough=yes comment="----- WINBOX" \ disabled=no add chain=prerouting connection-mark=winbox action=mark-packet \ new-packet-mark=WINBOX passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection \ new-connection-mark=pptp passthrough=yes comment="Protocolos: GRE - L2TP - \ PPTP - VPN Megatone" disabled=no add chain=prerouting connection-mark=pptp action=mark-packet \ new-packet-mark=VPN passthrough=no comment="" disabled=no add chain=prerouting protocol=gre action=mark-connection \ new-connection-mark=gre passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=gre action=mark-packet \ new-packet-mark=VPN passthrough=no comment="" disabled=no add chain=prerouting protocol=udp dst-port=1701 action=mark-connection \ new-connection-mark=l2tp passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=l2tp action=mark-packet \ new-packet-mark=VPN passthrough=no comment="" disabled=no add chain=prerouting protocol=udp dst-port=1194 action=mark-connection \ new-connection-mark=vpn-megatone passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=vpn-megatone action=mark-packet \ new-packet-mark=VPN passthrough=no comment="" disabled=no add chain=output protocol=udp dst-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="----- DNS vindo do \ Router" disabled=no add chain=output connection-mark=dns action=mark-packet new-packet-mark=DNS \ passthrough=no comment="" disabled=no add chain=output protocol=tcp dst-port=80 action=mark-connection \ new-connection-mark=http passthrough=yes comment="" disabled=no add chain=output connection-mark=http action=mark-packet new-packet-mark=HTTP \ passthrough=no comment="" disabled=no add chain=output protocol=tcp dst-port=5002 action=mark-connection \ new-connection-mark=proxy passthrough=yes comment="" disabled=no add chain=output protocol=tcp src-port=5002 action=mark-connection \ new-connection-mark=proxy passthrough=yes comment="" disabled=no add chain=output connection-mark=proxy action=mark-packet \ new-packet-mark=PROXY passthrough=no comment="" disabled=no add chain=input protocol=udp src-port=53 action=mark-connection \ new-connection-mark=dns passthrough=yes comment="" disabled=no add chain=input connection-mark=dns action=mark-packet new-packet-mark=DNS \ passthrough=yes comment="" disabled=no add chain=input protocol=tcp src-port=5002 dst-port=1024-65535 \ action=mark-connection new-connection-mark=proxy passthrough=yes \ comment="" disabled=no add chain=input connection-mark=proxy action=mark-packet new-packet-mark=PROXY \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp action=mark-connection \ new-connection-mark=other-udp passthrough=yes comment="----- UDP NAO \ RECONHECIDOS " disabled=no add chain=prerouting connection-mark=other-udp action=mark-packet \ new-packet-mark=OTHER-UDP passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=1024-3126 action=mark-connection \ new-connection-mark=other-tcp-bajo passthrough=yes comment="----- TCP NAO \ RECONHECIDOS PUERTOS BAJOS" disabled=no add chain=prerouting protocol=tcp dst-port=3129-10000 action=mark-connection \ new-connection-mark=other-tcp-bajo passthrough=yes comment="" disabled=no add chain=prerouting connection-mark=other-tcp-bajo action=mark-packet \ new-packet-mark=TCP-BAJO passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=10001-10999 action=mark-connection \ new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \ NAO RECONHECIDOS PUERTOS MEDIOS" disabled=no add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \ new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=11000-11999 action=mark-connection \ new-connection-mark=yahoo-juegos passthrough=yes comment="YAHOO Jogos" \ disabled=no add chain=prerouting connection-mark=yahoo-juegos action=mark-packet \ new-packet-mark=YAHOO passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=12000-30000 action=mark-connection \ new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \ NAO RECONHECIDOS PORTAS MEDIAS" disabled=no disabled=no

22-06-2008, 17:39	#5 (permalink)
georgegomes Registrado em: Apr 2008 Localização: Portugal Mensagens: 49 Agradeceu: 1 Agradecido 0 vez(es) em 0 Posts Reputação: 10	add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \ new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no add chain=prerouting protocol=tcp dst-port=30001-65535 \ src-address-list=nat-addr action=mark-connection \ new-connection-mark=other-tcp-alto passthrough=yes comment="----- TCP NAO \ RECONHCIDOS PORTAS ALTAS" disabled=no add chain=prerouting connection-mark=other-tcp-alto action=mark-packet \ new-packet-mark=TCP-ALTO passthrough=no comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=other \ passthrough=yes comment="----- POR PRECAUSAO MARCO TUDO" disabled=no add chain=prerouting connection-mark=other action=mark-packet \ new-packet-mark=OTHER passthrough=no comment="" disabled=no add chain=postrouting protocol=tcp dst-port=5002 action=mark-connection \ new-connection-mark=proxy passthrough=yes comment="" disabled=no add chain=postrouting protocol=tcp src-port=5002 action=mark-connection \ new-connection-mark=proxy passthrough=yes comment="" disabled=no add chain=postrouting connection-mark=proxy action=mark-packet \ new-packet-mark=PROXY passthrough=yes comment="" disabled=no add chain=output src-address=172.19.100.100 protocol=tcp src-port=5002 \ dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \ passthrough=yes comment="" disabled=no add chain=output src-address=172.242.100.100 protocol=tcp src-port=5002 \ dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \ passthrough=yes comment="" disabled=no add chain=output src-address=172.246.100.100 protocol=tcp src-port=5002 \ dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \ passthrough=yes comment="" disabled=no add chain=output connection-mark=proxy action=mark-packet \ new-packet-mark=PROXY passthrough=no comment="" disabled=no / ip firewall nat add chain=srcnat out-interface=WAN action=masquerade comment="" disabled=no add chain=dstnat connection-mark=dns action=redirect to-ports=0-65535 \ comment="proxy for DNS requests" disabled=no add chain=dstnat in-interface=WAN src-address=172.19.100.0/24 protocol=tcp \ dst-port=80 action=redirect to-ports=3128 comment="proxy for HTTP \ requests" disabled=no add chain=dstnat in-interface=WLAN-EW src-address=172.246.100.0/24 \ protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="proxy for \ HTTP requests" disabled=no / ip firewall connection tracking set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \ tcp-established-timeout=1d tcp-fin-wait-timeout=10s \ tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \ tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \ udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \ tcp-syncookie=no aqui as do queue: / queue tree add name="Int-OUT" parent=global-in packet-mark="" limit-at=256000 \ queue=default priority=1 max-limit=512000 burst-limit=0 \ burst-threshold=128000 burst-time=12s disabled=no add name="POP3-Out" parent=Int-OUT packet-mark=POP3-POP3s limit-at=64000 \ queue=default priority=4 max-limit=128000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="RESTO-OUT" parent=Int-OUT packet-mark=OTHER limit-at=0 queue=default \ priority=4 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="FTP-Out" parent=Int-OUT packet-mark=FTP limit-at=0 queue=default \ priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="HTTP-OUT" parent=Int-OUT packet-mark=HTTP limit-at=0 queue=default \ priority=2 max-limit=280000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="DNS-OUT" parent=Int-OUT packet-mark=DNS limit-at=0 queue=default \ priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="SMTP-OUT" parent=Int-OUT packet-mark=SMTP-SMTPs limit-at=0 \ queue=default priority=7 max-limit=128000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="SSH-OUT" parent=Int-OUT packet-mark=SSH limit-at=0 queue=default \ priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="TCP-OUT" parent=Int-OUT packet-mark=TCP-BAJO limit-at=0 \ queue=default priority=8 max-limit=190000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="UDP-OUT" parent=Int-OUT packet-mark=OTHER-UDP limit-at=0 \ queue=default priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="TELNET-OUT" parent=Int-OUT packet-mark=TELNET limit-at=0 \ queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="WEBPROXY-OUT" parent=Int-OUT packet-mark=PROXY limit-at=512000 \ queue=default priority=8 max-limit=768000 burst-limit=1024000 \ burst-threshold=0 burst-time=20s disabled=no add name="TCP-MEDIOS" parent=Int-OUT packet-mark=TCP-MEDIO limit-at=0 \ queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="TCP-ALTOS" parent=Int-OUT packet-mark=TCP-ALTO limit-at=0 \ queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="HTTP/S-OUT" parent=Int-OUT packet-mark=HTTPS limit-at=0 \ queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \ burst-time=0s disabled=no add name="TEST-ANCHO-Int-OUT" parent=Int-OUT packet-mark=MIDOANCHODEBANDA \ limit-at=0 queue=default priority=2 max-limit=32000 burst-limit=0 \ burst-threshold=0 burst-time=0s disabled=no add name="Control.P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \ priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \ disabled=no add name="Control-P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \ priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \

Opções do Tópico
Exibir Versão para Impressão Envie essa página por e-mail