Regras para cache full, redirecionamento e marcação de pacotes
por
em 07-09-2011 às 20:41 (6338 Visualizações)
Ola pessoal a muito tempo que tenho usufruido de conhecimentos aqui no UDL e agora é minha vez de passar ou repassar vou colocar tudo que eu peguei de regras e dicas e fiz algumas melhorias e alguns acrecimos em outras atentem p/ posiçao de regras pois isso nao foi explicado em outros post's essa foi minha dor de cabeça pois algumas regras tem uma posição exata pode ate funcionar em algum local porem na posição certa tem exatidao 100% e nao deixa pesar o servidor que é o mais importante entao sem mais delongas aqui estao:
********************* pra inicio regras de cache full***********************
Código :/ip firewall filter add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \ dst-port=8080 in-interface=linknet protocol=tcp add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \ dst-port=8080 protocol=tcp
podem ficar acima ou abaixo das regras de hotspot (preferencia abaixo)
Código :/ip firewall nat add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=no dst-port=80 protocol=tcp src-address=192.168.201.0/24 to-ports=8080 add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=no dst-port=80 protocol=tcp src-address=192.168.101.0/24 to-ports=8080
essas tem que ficar extamente em cima da regra "masquerade hotspot network"
obs: nao esqueça de mudar o ip conforme sua rede
Código :/ip firewall nat add action=accept chain=dstnat comment="\"\"\"\"\"\"SERVI\C7O S NOBRES FORA DO PROXY\"\"\"\"\"\"" disabled=no dst-address-list=nobalance dst-port=\ 80 protocol=tcp
esta regra tem ficar exatamente em cima da regra de "Redirecionamento do Proxy"
Código :/ip firewall address-list add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance add address=200.196.0.0/16 comment=itau disabled=no list=nobalance add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance add address=200.220.0.0/16 comment=santander disabled=no list=nobalance add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=74.125.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=200.219.137.0/24 comment="" disabled=no list=nobalance add address=200.252.8.0/24 comment="" disabled=no list=nobalance add address=201.2.207.0/24 comment="" disabled=no list=nobalance add address=200.196.226.0/24 comment="" disabled=no list=nobalance add address=201.24.72.0/24 comment="" disabled=no list=nobalance add address=78.46.46.139 comment="" disabled=no list=nobalance
esta é lista de serviços nobre fora do proxy
Código :/ip firewall mangle add action=mark-packet chain=output comment="" connection-mark=proxyfull disabled=no new-packet-mark=proxyfull passthrough=yes add action=return chain=output comment="" connection-mark=proxyfull disabled=no
sempre acima de qualquer regra no mangle
Código :/ip proxy access add action=allow comment="Permite os usuarios do Hotspot usarem o cache" disabled=no
se vc por alguma regra de redirecionamento no seu proxy access esta regra tem que ficar abaixo dela pois se estiver acima
sua regra de bloqueio e redirecionamento nao vao funcionar ok prestem atenção nisso.
Código :/ip proxy set always-from-cache=yes cache-administrator=webmaster cache-hit-dscp=4 \ cache-on-disk=yes enabled=yes max-cache-size=unlimited \ max-client-connections=600 max-fresh-time=3d max-server-connections=600 \ parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no \ src-address=0.0.0.0
por preferencia coloque esta regra manualmente no web proxy settings ok
Código :/ip proxy cache add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?" add action=deny comment="" disabled=no dst-host=https: path=/ add action=allow comment="" disabled=no dst-host=http: path=/www.rjnet.com.br/2velocimetro.php add action=allow comment="" disabled=no dst-host=http: path=/www.terra.com.br add action=deny comment="" disabled=no dst-host=":cgi-bin \\\\\\\?" add action=deny comment="" disabled=no dst-host=https: path=/ add action=allow comment="" disabled=no dst-host=http: path=/www.rapidus.com.br/velocidade/ add action=allow comment="" disabled=no dst-host=http: path=/www.bol.com.br add action=allow comment="" disabled=no dst-host=http: path=/www.orkut.com add action=allow comment="" disabled=no dst-host=http: path=/www.autonoma.com.br/medidor/meter.php add action=allow comment="" disabled=no dst-host=http: path=/medidor.brisanet.com.br/ add action=deny comment="" disabled=no dst-host=https: path=/portal.directv.com.br add action=deny comment="" disabled=no dst-host=http: path=/chat03.terra.com.br/ add action=allow comment="" disabled=no dst-host=http*youtube*get_video* add action=allow comment="" disabled=no dst-host=http*youtube*video* add action=allow comment="" disabled=no dst-host="http*youtube*yva_get_vid eo_inf o*" add action=allow comment="" disabled=no dst-host="\":\\\\\\\\.flv\$\"" add action=allow comment="" disabled=no dst-host=http*globo*get_video* add action=allow comment="" disabled=no dst-host=http*globo*video* add action=allow comment="" disabled=no dst-host=http*googlevideo*get_vide o* add action=allow comment="" disabled=no dst-host=http*googlevideo*video* add action=allow comment="" disabled=no dst-host=http*video.google*get_vid eo* add action=allow comment="" disabled=no dst-host=http*video.google*video* add action=allow comment="" disabled=no dst-host=http*videoplay* add action=allow comment="" disabled=no dst-host=http*74.125.15.83*get_vid eo* add action=allow comment="" disabled=no dst-host=: path=:.swf* add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?" add action=deny comment="" disabled=no dst-host=https: path=/ add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?" add action=deny comment="" disabled=no dst-host=start.com.br add action=deny comment="" disabled=no dst-host=http: path=/speed add action=deny comment="" disabled=no dst-host=https: path=/ add action=allow comment="" disabled=no dst-host=":\\.exe\$" add action=allow comment="" disabled=no dst-host=":\\.zip\$" add action=allow comment="" disabled=no dst-host=":\\.mpeg\$" add action=allow comment="" disabled=no dst-host=":\\.avi\$" add action=allow comment="" disabled=no dst-host=":\\.pdf\$" add action=allow comment="" disabled=no dst-host=":\\.css\$" add action=allow comment="" disabled=no dst-host=":\\.rar\$" add action=allow comment="" disabled=no dst-host=":\\.mov\$" add action=allow comment="" disabled=no dst-host=":\\.mpg\$" add action=allow comment="" disabled=no dst-host=":\\.iso\$" add action=allow comment="" disabled=no dst-host=":\\.bin\$" add action=allow comment="" disabled=no dst-host=":\\.dat\$" add action=allow comment="" disabled=no dst-host=www.terra.com.br add action=allow comment="" disabled=yes dst-host=orkut.com add action=deny comment="" disabled=no dst-host=":cgi-bin \\\\\\\?" add action=deny comment="" disabled=no dst-host=https:/ add action=allow comment="" disabled=no dst-host=http: path=/www.rapidus.com.br/velocidade/ add action=allow comment="" disabled=no dst-host=http: path=/www.bol.com.br add action=allow comment="" disabled=yes dst-host=http: path=/www.orkut.com add action=allow comment="" disabled=no dst-host=http: path=/www.autonoma.com.br/medidor/meter.php add action=allow comment="" disabled=no dst-host=http: path=/medidor.brisanet.com.br/ add action=deny comment="" disabled=no dst-host=https: path=/portal.directv.com.br add action=deny comment="" disabled=no dst-host=http://chat03.terra.com.br/ add action=allow comment="" disabled=no dst-host=http*youtube*get_video* add action=allow comment="" disabled=no dst-host=http*youtube*video* add action=allow comment="" disabled=no dst-host="http*youtube*yva_get_vid eo_inf o*" add action=allow comment="" disabled=no dst-host="\":\\\\\\\\.flv\$\"" add action=allow comment="" disabled=no dst-host=http*globo*get_video* add action=allow comment="" disabled=no dst-host=http*globo*video* add action=allow comment="" disabled=no dst-host=http*googlevideo*get_vide o* add action=allow comment="" disabled=no dst-host=http*googlevideo*video* add action=allow comment="" disabled=no dst-host=http*video.google*get_vid eo* add action=allow comment="" disabled=no dst-host=http*video.google*video* add action=allow comment="" disabled=no dst-host=http*videoplay* add action=allow comment="" disabled=no dst-host=http*74.125.15.83*get_vid eo* add action=allow comment="" disabled=no dst-host=::.swf* path="" add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?" add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?" add action=deny comment="" disabled=no dst-host=start.com.br add action=deny comment="" disabled=no dst-host=http://speed path="" add action=allow comment="" disabled=no dst-host=":\\.exe\$" add action=allow comment="" disabled=no dst-host=":\\.zip\$" add action=allow comment="" disabled=no dst-host=":\\.mpeg\$" add action=allow comment="" disabled=no dst-host=":\\.avi\$" add action=allow comment="" disabled=no dst-host=":\\.pdf\$" add action=allow comment="" disabled=no dst-host=":\\.css\$" add action=allow comment="" disabled=no dst-host=":\\.rar\$" add action=allow comment="" disabled=no dst-host=":\\.mov\$" add action=allow comment="" disabled=no dst-host=":\\.mpg\$" add action=allow comment="" disabled=no dst-host=":\\.iso\$" add action=allow comment="" disabled=no dst-host=":\\.bin\$" add action=allow comment="" disabled=no dst-host=":\\.dat\$" add action=allow comment="Faz cache de todo pacote tcp na porta 80" disabled=no add action=deny comment="don't cache dynamic http pages" disabled=no dst-host=":cgi-bin \\\?" add action=allow comment=youtube disabled=no dst-host=http*youtube*get_video* add action=allow comment=youtube disabled=no dst-host=http*youtube*video* add action=allow comment=Youtube disabled=no dst-host=*.youtube.com add action=allow comment=Youtube disabled=no dst-host="http*youtube*yva_get_vid eo_inf o*" add action=allow comment="" disabled=no dst-host=":\\\\\\\\.flv\$" add action=allow comment="Globo BBB" disabled=no dst-host=http*globo*get_video* add action=allow comment="Globo BBB" disabled=no dst-host="*.globo.com\r\ \n" add action=allow comment="Globo BBB" disabled=no dst-host=http*globo*video* add action=allow comment=Google disabled=no dst-host=http*googlevideo*video* add action=allow comment=Google disabled=no dst-host=http*video.google*video* add action=allow comment="Video play" disabled=no dst-host=http*videoplay* add action=allow comment=" flash" disabled=no dst-host=:/.swf* add action=deny comment=banco disabled=no dst-host=https:// add action=allow comment="" disabled=no dst-host=http: path="//www.rjnet.com.br/2velocimetro.php\?r=" add action=allow comment="" disabled=no dst-host=http: path=//www.rjnet.com.br
Comentários
+ Enviar Comentário