MK 3.6 - Problemas 1/3

Caros Moderadores,
Primeiro quero me desculpar por postar aqui, mas sinceramente ñ sei disser em que sub-forum deveria postar.
Tb gostaria de propor um novo sub-forum generico, para problemas como esse.
Pessoal tb gostaria de pedir desculpas, por ter de dividir em 3 partes, mas o forum só aceita 10000 caracteres por MSG.

Pessoal estou com o seguinte problema:

Versão do MK: 3.4 tudo funcionava perfeito qd derrepente após as 12:00 parou td de funcionar e clientes ligarem..., então fui pra luta e acabei descobrindo que a net estava funcionando mas da seguinte forma:
1 - Funciona se ativar o proxy no browser seja ele qual for testei com IE7 e Firefox.
Ai pensei o problema é nat e pra minha surpresa estava td blz desfiz e refiz a noite inteira e está da seguinte forma se desabilito o proxy e a regra de redirecionamento ñ navega mas o restante dos serviços td blz...., se ativo o web-proxy e ñ a regra de redirecionamento só navega com o proxy no browser se ativo td tb so navega com o proxy no browser.
No cliente so dou um ping UOL - O melhor conteúdo não pinga e se pingo pelo ip vai blz, ai falei é dns pois coloquei mais de 30 dns diferentes no cliente e nada....., mas pq pelo proxy no browser vai e pelo redirect ñ??
então testei no mk e no terminal do MK funciona blza tanto pelo ip como pelo endereço.
Mais uma coisa as regras de marcação de DNS estão contabilizando, mas as regras de Redirecionamento do proxy não cantabilizam nem com o proxy desabilitado no browser que deveria e nem com o proxy ativado no browser que ñ devem mesmo contabilizar....
Alguem teria uma solução????

IP firewall Nat
Código :

/ip firewall nat add action=masquerade chain=srcnat comment="NAT - Sem Proxy" disabled=no out-interface=Router src-address=192.168.0.0/16 add action=redirect chain=dstnat comment="Web-Proxy Ativo" disabled=no dst-address-list=!msn_server dst-port=80 \ in-interface=!Router protocol=tcp to-ports=8080
....... continua na proxima.

MK 3.6 - Problemas - Continuação 2/3

IP Firewall Mangle

Código :

add action=mark-packet chain=output comment="" connection-mark=Squid_conn_HIT disabled=no new-packet-mark=Squid_packet_HIT \
passthrough=no 
add action=mark-connection chain=forward comment="P2P - Total" disabled=no new-connection-mark=p2p_conn p2p=all-p2p \
passthrough=yes 
add action=mark-packet chain=forward comment="" connection-mark=p2p_conn disabled=no new-packet-mark=p2p_packet \
passthrough=yes 
add action=mark-packet chain=forward comment="" connection-mark=!p2p_conn disabled=no new-packet-mark=other \
passthrough=yes 
add action=mark-connection chain=prerouting comment="Voip - Extreme" disabled=no dst-address-list=Voip_List \
new-connection-mark=voip_conn passthrough=yes 
add action=mark-packet chain=prerouting comment="" connection-mark=voip_conn disabled=no new-packet-mark=Voip_packet \
passthrough=yes 
add action=change-dscp chain=postrouting comment="" connection-mark=voip_conn disabled=no new-dscp=4 
add action=mark-connection chain=prerouting comment="CONTROLE ICMP" disabled=no new-connection-mark=ICMP_conn \
passthrough=yes protocol=icmp 
add action=mark-packet chain=prerouting comment="" connection-mark=ICMP_conn disabled=no new-packet-mark=ICMP_packet \
passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE NAVEGACAO" disabled=no dst-port=443 \
new-connection-mark=Navegacao_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=80 new-connection-mark=Navegacao_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=53 new-connection-mark=Navegacao_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=53 new-connection-mark=Navegacao_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=21 new-connection-mark=Navegacao_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=8080 new-connection-mark=Navegacao_conn \
passthrough=yes protocol=tcp 
add action=mark-packet chain=prerouting comment="" connection-mark=Navegacao_conn disabled=no \
new-packet-mark=Navegacao_packet passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE E-MAIL" disabled=no dst-port=110 \
new-connection-mark=E-mail_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=25 new-connection-mark=E-mail_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=25 new-connection-mark=E-mail_conn \
passthrough=yes protocol=udp 
add action=mark-packet chain=prerouting comment="" connection-mark=E-mail_conn disabled=no new-packet-mark=E-mail_packet \
passthrough=no 
add action=mark-connection chain=prerouting comment="Radio" disabled=no dst-port=554 new-connection-mark=Radio_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=1755 new-connection-mark=Radio_conn \
passthrough=yes protocol=tcp 
add action=mark-packet chain=prerouting comment="" connection-mark=Radio_conn disabled=no new-packet-mark=Radio_packet \
passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE MESSENGER" disabled=no dst-port=1863 \
new-connection-mark=Messenger_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=1863 new-connection-mark=Messenger_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6891-6901 new-connection-mark=Messenger_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6891-6901 new-connection-mark=Messenger_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5190 new-connection-mark=Messenger_conn \
passthrough=yes protocol=udp 
add action=mark-packet chain=prerouting comment="" connection-mark=Messenger_conn disabled=no \
new-packet-mark=Messenger_packet passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE ACESSO REMOTO - SSH" disabled=no dst-port=22 \
new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Telnet" disabled=no dst-port=23 \
new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Terminal Server" disabled=no dst-port=3389 \
new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="VNC" disabled=no dst-port=5800 new-connection-mark=Acesso_remoto_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5900 new-connection-mark=Acesso_remoto_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Winbox" disabled=no dst-port=8291 \
new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
add action=mark-packet chain=prerouting comment="" connection-mark=Acesso_remoto_conn disabled=no \
new-packet-mark=Acesso_remoto_packet passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE BANCO DE DADOS - SQL" disabled=no dst-port=3306 \
new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Oracle" disabled=no dst-port=1521 \
new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Microsoft SQL Server" disabled=no dst-port=1433-1434 \
new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
add action=mark-packet chain=prerouting comment="" connection-mark=Banco_dados_conn disabled=no \
new-packet-mark=Banco_dados_packet passthrough=no 
add action=mark-connection chain=prerouting comment="CONTROLE JOGOS" disabled=no dst-port=7171 \
new-connection-mark=Jogos_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="Mu Online" disabled=no dst-port=55905 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=55905 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="Line Age" disabled=no dst-port=4376 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4376 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="WarCraft" disabled=no dst-port=6112 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6112 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4500 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4500 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6900 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6900 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5000 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5000 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="Counter Strike" disabled=no dst-port=27018 \
new-connection-mark=Jogos_conn passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27018 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27020 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27020 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27019 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27019 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27013 new-connection-mark=Jogos_conn \
passthrough=yes protocol=tcp 
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27013 new-connection-mark=Jogos_conn \
passthrough=yes protocol=udp 
add action=mark-packet chain=prerouting comment="" connection-mark=Jogos_conn disabled=no new-packet-mark=Jogos_packet \
passthrough=no

..... continua na proxima.

MK 3.6 - Problemas - Continuação 3/3

IP Firewall ADDRESS-LIST

Código :

add address=65.54.0.0/16 comment="" disabled=no list=msn_server 
add address=64.4.0.0/16 comment="" disabled=no list=msn_server 
add address=207.46.0.0/16 comment="" disabled=no list=msn_server 
add address=192.168.0.244 comment="" disabled=yes list=Clientes_Blok 
add address=204.9.202.0/24 comment="" disabled=no list=Voip_List 
add address=192.168.30.1 comment="" disabled=no list=Free_Conn 
add address=192.168.10.1 comment="" disabled=no list=Free_Conn 
add address=200.201.174.0/24 comment="" disabled=no list=msn_server 
add address=207.46.110.0/24 comment="" disabled=no list=msn_server 
add address=10.0.0.0/24 comment="" disabled=no list=Free_Conn 
add address=192.168.20.0/24 comment="" disabled=no list=Free_Conn

IP Address

Código :

add address=10.0.0.2/24 broadcast=10.0.0.255 comment="Router - Link" disabled=no interface=Router network=10.0.0.0
add address=192.168.20.1/24 broadcast=192.168.20.255 comment="" disabled=no interface=Rede_Int network=192.168.20.0

IP Route

Código :

add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.1 scope=255 target-scope=10

IP DNS

Código :

add address=200.168.234.109 disabled=no name="GFirstnet" ttl=1d 
add address=208.67.222.222 disabled=no name="OpenDNS" ttl=1d 
add address=208.67.220.220 disabled=no name="OpenDNS1" ttl=1d 
add address=200.204.0.10 disabled=no name="Telefonica" ttl=1d 
add address=200.204.0.138 disabled=no name="Telefonica1" ttl=1d

IP DNS Cache

Código :

Flags: S - static 
# NAME ADDRESS TTL 
0 S gfirstnet 200.168.234.109 1d 
1 S opendns 208.67.222.222 1d 
2 S opendns1 208.67.220.220 1d 
3 S telefonica 200.204.0.10 1d 
4 S telefonica1 200.204.0.138 1d 
5 a.l.google.com 209.85.139.9 20h4m9s 
6 b.l.google.com 64.233.179.9 20h6m31s 
7 c.l.google.com 64.233.161.9 20h7m54s 
8 d.l.google.com 66.249.93.9 20h3m18s 
9 e.l.google.com 209.85.137.9 19h41m50s 
10 f.l.google.com 72.14.235.9 21h49m10s 
11 g.l.google.com 64.233.167.9 20h4m45s 
12 c.ns.nsatc.net 64.152.2.44 1d22h2m5s 
13 d.ns.nsatc.net 205.128.93.51 1d21h49m57s 
14 l.ns.nsatc.net 65.57.86.48 1d21h49m55s 
15 us-ga-1.ns.nsatc.net 208.172.65.40 1d2h34m1s 
16 za.akadns.org 195.219.3.169 1d20h25m51s 
17 zb.akadns.org 206.132.100.105 1d20h39m39s 
18 zc.akadns.org 124.211.40.4 1d11h5m16s 
19 zd.akadns.org 63.209.3.132 1d20h30m12s 
20 eur1.akadns.net 213.254.204.197 1d18h4m58s 
21 use3.akadns.net 204.2.178.133 1d16h4m48s 
22 use4.akadns.net 208.44.108.137 1d16h4m51s 
23 usw2.akadns.net 63.209.3.132 1d16h4m48s 
24 asia9.akadns.net 220.73.220.4 1d16h4m55s 
25 ns1.msft.net 207.68.160.190 19h27m20s 
26 ns4.msft.net 207.46.66.126 13h2m17s 
27 b.ns.c.footprint.net 209.84.2.47 1d7h23m24s 
28 e.ns.c.footprint.net 8.12.213.51 1d19h59m2s 
29 us-ga-1.ns.c.footprint.net 4.78.212.40 19h34m50s 
30 us-nj-1.ns.c.footprint.net 63.208.106.76 19h34m50s 
31 glb04.aqnt.com 65.203.229.15 1d23h8m8s 
32 glb05.aqnt.com 12.130.62.15 1d4h11m16s 
33 glb06.aqnt.com 206.16.21.22 1d4h11m16s 
34 dns1.name-services.com 69.25.142.42 23h29m17s

IP Web-Proxy Settings

Código :

/ip proxy
set always-from-cache=yes cache-administrator="[EMAIL="[email protected]"][email protected][/EMAIL]" cache-drive=secondary-master cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=1000 max-fresh-time=3d \
max-server-connections=1000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=yes \
src-address=0.0.0.0

IP Web-Proxy Access

Código :

/ip proxy access 
add action=allow comment="Libera Tudo - Por Classe." disabled=no src-address=192.168.0.0/16 
add action=deny comment="Block Telnet & Spam E-mail Relaying" disabled=no dst-port=23-25 
add action=deny comment="allow CONNECT only to SSL ports 443 [https] and 563 [snews]" disabled=no dst-port=!443,563 
add action=deny comment="Bloqueia Tudo" disabled=no

IP Web-Proxy Cache

Código :

add action=allow comment="Dont cache Dynamic HTTPS Pages" disabled=no dst-host=https:// 
add action=allow comment="Dont cache Dynamic HTTP Pages" disabled=no dst-host=":cgi-bin \\\?"

IP Web-Proxy Direct

Código :

add action=allow comment="Conectividade Social" disabled=no dst-address=200.201.0.0/16

Queue Simple

Código :

/queue simple 
add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=64000/64000 max-limit=64000/64000 \
name="P2P" packet-marks=p2p_packet parent=none priority=1 queue=ethernet-default/ethernet-default \
time=0s-24m,sun,mon,tue,wed,thu,fri,sat total-queue=ethernet-default 
add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=Rede_Int limit-at=0/0 max-limit=0/0 \
name="Rede_Interna" parent=none priority=8 queue=ethernet-default/ethernet-default target-addresses=192.168.20.0/24 \
total-queue=ethernet-default 
add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=WLan_1 limit-at=0/0 max-limit=0/0 name="WLan - \
Wireless" parent=none priority=8 queue=wireless-default/wireless-default target-addresses=192.168.30.0/24 \
total-queue=wireless-default 
add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=Rede_Int limit-at=0/0 max-limit=0/0 \
name="Cabo_Net" parent=none priority=8 queue=ethernet-default/ethernet-default target-addresses=192.168.10.0/24 \
total-queue=ethernet-default

Queue Tree

Código :

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="squid" \
packet-mark=Squid_packet_HIT parent=global-out priority=2 queue=ethernet-default

Interface Ethernet

Código :

set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Rede_Int" speed=100Mbps 
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Cabo_Net" speed=100Mbps 
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Router" speed=100Mbps

Interface Wireless

Código :

0 name="WLan_1" mtu=1500 mac-address=00:00:00:00:00:00 arp=enabled interface-type=Atheros AR5213 mode=ap-bridge 
ssid="MEUSSID" frequency=2437 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabled 
wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no

Pessoal se faltou alguma configuração necessaria para analize, me desculpem, pois foram tantas que posso ter me embaralhado.
Caso tenha faltado é só pedir que eu adiciono sem problemas.

Solução

Pessoal agradeço a tds que visitaram este topico...., a solução foi achada. Após 36 horas de testes sem dormir e no laboratório da minha empresa descobri que o problema era na telefonica mesmo ele dizendo que ñ era. Então liguei para um "amigo" do suporte da telefonica "corporativo" de provedores com link full, pois tinha seu contato de quando estava com provedor, e reclamei a ele do meu problema aqui em casa (mini provedor) no SPEEDY, para minha surpressa após 45 minutos ele me ligou dizendo testa ai veja se resolveu.
Channnnnnnnnnnnnnnnnnnnnnn,
estáva resolvido, e ele me informou que a telefonica está de alguma forma complicando a vida do pessoal.... com (mini provedores em casa)
Então fiquem atentos a esse tipo de problema.

amigo, só dando um complemento ao seu tópico.

Se voce configura o servidor e tudo fica funcionando, tá blz..

se de uma hora pra outra parar, concerteza não é problema de configuração. pode ser problema de hardware ou bug no sistema. eu estou usando a versão 3.3 do MK a uns 15 dias, até agora está tudo perfeito.

abraços!