-
amigos eu tive problemas com o MSN por muito tempo ate descobrir que problemas de MSN é firewall
então encontrei umas regrinhas basicas aqui mesmo no forum e esta ai elas.
lembrando que essas regras serão postadas no topo ou seja em cima de qualquer regra de DROP
/ip firewall filter
add chain=input protocol=tcp dst-port=1863 action=accept comment="Melhoras no MSN "Melhoras mesmo""
add chain=input protocol=tcp src-port=1863 action=accept
add chain=input protocol=tcp dst-port=443 action=accept
add chain=forward protocol=tcp dst-port=443 action=accept
/ip firewall nat
add chain=dstnat dst-address=207.46.0.0/16 protocol=tcp action=accept comment="Com essas regras estabiliza o MSN"
add chain=dstnat dst-address=64.4.0.0/16 protocol=tcp action=accept
add chain=dstnat dst-address=65.54.0.0/16 protocol=tcp action=accept
-
Antonio,
Agradeço muito, porém ja tinha testado o que vc postou, menos a parte do Filter, apliquei e não deu certo.. Só não sei se ficou como deveria, os comandos do Filter deixei por primeiro, os de NAT tentei de varias formas a ultima deixei acima do masquerade e do proxy mas continua na mesma, agora o erro do msn é 81000306.
O que achei estranho nas regras do Filter que apenas uma teve contagem de pacotes é isso mesmo? apenas a regra forward que teve acesso.
Nao sei se ajuda mas vejam como estao as minhas interfaces
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R adsl ether 0 0 1500
1 R local ether 0 0 1500
2 R pppoe-out pppoe-out 0 0 1492
Ja forcei o MTU em todas interfaces e nada.. Será que tem algo mais que eu possa postar para vocês avaliarem?
abraços
-
Amigo pilatte,
cara notei que vc usa modem bridg e que tambem usa adsl certo ???
então posta pra gente as suas regras de filter e de nat pois o problema deve estar ai e ate mesmo as suas regras de web-proxy pois orkut é proxy e msn firewall.
posta ai que damos uma força pra você
-
Antonio,
É bom como falou, uma das dicas que ví era usar o modem em bridge, porém não deu muito certo tbm..
Seguem as regras
/ ip firewall filter
add chain=input protocol=tcp dst-port=1863 action=accept comment="MSN" \
disabled=no
add chain=input protocol=tcp dst-port=443 action=accept comment="" disabled=no
add chain=forward protocol=tcp dst-port=443 action=accept comment="" \
disabled=no
add chain=input protocol=tcp src-port=1863 action=accept comment="" \
disabled=no
add chain=warez protocol=udp src-port=0 action=drop comment="Controle P2P ARES \
e Semelhantes" disabled=no
add chain=warez protocol=tcp src-port=0 action=drop comment="" disabled=no
add chain=warez protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=warez protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward p2p=warez action=drop comment="" disabled=no
add chain=input in-interface=pppoe-out protocol=tcp dst-port=3180 action=drop \
comment="bloqueio externo" disabled=no
add chain=input in-interface=pppoe-out protocol=tcp dst-port=53 action=drop \
comment="" disabled=no
add chain=input in-interface=pppoe-out protocol=udp dst-port=53 action=drop \
comment="" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="ping" \
disabled=yes
add chain=input protocol=icmp action=drop comment="" disabled=yes
add chain=forward action=jump jump-target=virus comment="virus" disabled=yes
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="" \
disabled=yes
add chain=virus protocol=udp dst-port=135-139 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=445 action=drop comment="" disabled=yes
add chain=virus protocol=udp dst-port=445 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=593 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=1080 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1214 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1363 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1364 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1373 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1377 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=2283 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=2535 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=3410 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=4444 action=drop comment="" disabled=yes
add chain=virus protocol=udp dst-port=4444 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=5554 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=8866 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=9898 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=10000 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=12345 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=17300 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=27374 action=drop comment="" \
disabled=yes
add chain=virus protocol=tcp dst-port=65506 action=drop comment="" \
disabled=yes
add chain=virus action=return comment="" disabled=yes
*************
Desabilitei as regras de filtro de virus, pois pensei que poderia ser algo blequeando mas não resolveu também..
/ ip firewall nat
add chain=dstnat dst-address=207.46.0.0/16 protocol=tcp action=accept \
comment="" disabled=no
add chain=dstnat dst-address=64.4.0.0/16 protocol=tcp action=accept comment="" \
disabled=no
add chain=dstnat dst-address=65.54.0.0/16 protocol=tcp action=accept \
comment="msn" disabled=no
add chain=srcnat out-interface=pppoe-out action=masquerade comment="outros" \
disabled=no
add chain=dstnat in-interface=local src-address=!192.168.2.57 protocol=tcp \
dst-port=80 packet-mark=!pkgSemProxy connection-mark=conHTTP \
action=redirect to-ports=3180 comment="proxy transparente" disabled=no
add chain=dstnat in-interface=pppoe-out action=redirect to-ports=0-65535 \
comment="" disabled=no
**************
continua...
-
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1432 \
comment="Alterando o MTU de todas conexoes TCP" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
new-connection-mark=conMessenger passthrough=yes comment="Messenger" \
disabled=no
add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6891-6901 action=mark-connection \
new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=6891-6901 action=mark-connection \
new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=5190 action=mark-connection \
new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp tcp-flags=syn connection-mark=conMessenger \
action=change-mss new-mss=1492 comment="" disabled=yes
add chain=prerouting connection-mark=conMessenger action=mark-packet \
new-packet-mark=pkgMessenger passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=58 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="Contabilidade" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=2500 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=2631 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=3456 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=30005 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=7878 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=10000 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=8017 \
action=mark-connection new-connection-mark=conContabilidade \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conContabilidade action=mark-packet \
new-packet-mark=pkgContabilidade passthrough=no comment="" disabled=no
add chain=prerouting dst-address=200.201.174.0/24 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="Sem proxy" disabled=no
add chain=prerouting dst-address=200.201.173.68 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=200.201.166.0/24 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=200.198.239.0/24 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=200.152.233.0/24 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=201.63.15.1 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=161.148.231.0/24 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=65.54.186.79 protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
comment="" disabled=no
add chain=prerouting src-address=!192.168.2.57 connection-mark=conSemProxy \
action=mark-connection new-connection-mark=conHTTP passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=conSemProxy action=mark-packet \
new-packet-mark=pkgSemProxy passthrough=no comment="" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=conP2P passthrough=no comment="P2P" disabled=no
add chain=prerouting protocol=tcp p2p=all-p2p connection-limit=16,32 \
action=mark-connection new-connection-mark=conP2P passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=conP2P action=mark-packet \
new-packet-mark=pkgP2P passthrough=no comment="" disabled=no
add chain=prerouting src-address=200.146.79.165 action=mark-connection \
new-connection-mark=conVOIP passthrough=yes comment="Vono" disabled=no
add chain=prerouting dst-address=200.146.79.165 action=mark-connection \
new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
add chain=prerouting src-address=201.86.87.5 action=mark-connection \
new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=201.86.87.5 action=mark-connection \
new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conVOIP action=mark-packet \
new-packet-mark=pkgVOIP passthrough=no comment="" disabled=no
add chain=postrouting packet-mark=pkgVOIP action=change-tos new-tos=min-delay \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=conHTTP passthrough=yes comment="Navega o" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=2082-2086 action=mark-connection \
new-connection-mark=conHTTP passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=21 action=mark-connection \
new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conHTTP action=mark-packet \
new-packet-mark=pkgHTTP passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=conOutros \
passthrough=no comment="Outros" disabled=no
add chain=prerouting connection-mark=conOutros action=mark-packet \
new-packet-mark=pkgOutros passthrough=yes comment="" disabled=no
Após colocar a primeira regra listada aqui em Mangles consegui conectar o meu msn, porém tive de setar o MTU abaixo de 1492
************
/ queue tree
add name="QOS-IN" parent=global-in packet-mark="" limit-at=0 queue=default \
priority=1 max-limit=4096000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="QOS-OUT" parent=global-out packet-mark="" limit-at=0 queue=default \
priority=1 max-limit=412000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="IN-HTTP" parent=REDE-IN packet-mark=pkgHTTP limit-at=0 queue=default \
priority=2 max-limit=2000000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="OUT-HTTP" parent=REDE-OUT packet-mark=pkgHTTP limit-at=0 \
queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="IN-P2P" parent=REDE-IN packet-mark=pkgP2P limit-at=0 queue=default \
priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="OUT-P2P" parent=REDE-OUT packet-mark=pkgP2P limit-at=0 queue=default \
priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="REDE-IN" parent=QOS-IN packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=3072000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="VOIP-IN" parent=QOS-IN packet-mark=pkgVOIP limit-at=128000 \
queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="REDE-OUT" parent=QOS-OUT packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="VOIP-OUT" parent=QOS-OUT packet-mark=pkgVOIP limit-at=128000 \
queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="IN-OUTROS" parent=REDE-IN packet-mark=pkgOutros limit-at=128000 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="OUT-OUTROS" parent=REDE-OUT packet-mark=pkgOutros limit-at=0 \
queue=default priority=8 max-limit=192000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="IN-MESSNEGER" parent=REDE-IN packet-mark=pkgMessenger limit-at=0 \
queue=default priority=3 max-limit=256000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="OUT-MESSNEGER" parent=REDE-OUT packet-mark=pkgMessenger limit-at=0 \
queue=default priority=3 max-limit=128000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
continua...