Versão Imprimível
bom dia, pessoal do under estou tentando fazer cache full no meu server Mk 3.20 mais não estou conseguindo, ja tentei as configurações aqui do forum e não obtive sucesso, alguem poderia me orientar nessa situação, tirei um print da tela para vcs avaliarem pois acho que não ta dando opção de mudar essa configurações Maximum Object Size, Maximum Cache Size, Maximum Ram, e outra coisa que acontece e quando me conecto o winbox se desconecta.
Anexo 13947
Grato
Carlos Henrique
Citação:
Postado originalmente por carneirinhobad
Cara manda as regras, Mangle, Nat, e queues.
companheiro, estou enviando alguns prints da tela do server, ok??como vc ve abaixo o as regras estão assim:
no firewall
0º :Firewall Magle, general Chain: prerouting
P2p: all-p2p
action: mark packet
new packet mark: P2p
Passtrough: habilitado
ja no 1º esta em output
no 2º esta assim Chain: prerouting
Action : Mark connection
New connection -conexão P2p
no 3º prerouting
connection mark; conexão p2p
New connection: pacote P2p
Desde ja agradeço pela força
Carlos Henrique
Anexo 13998Anexo 13999Anexo 14000Anexo 14001
O interessente é você, pôr somente as regras do webproxy dando um export em cada saída no terminal (mangle, nat, filter) e se possivel suas configuraçoes do webproxy. Para fazer isso, abra um terminal e vá para /ip firewall mangle e depois de um export. Copie e cole aqui no forum sua regra.Citação:
Postado originalmente por carneirinhobad
DSSS, peço desculpa pela minha ingnorancia, não to sabendo como fazer o procedimento que vc postou, pelo que entendi não coloco os prints e sim as regras ok??agora to na duvida de como exportar essas regras como vc falou, o terminal que vc fala e o new terminal?? não to sabendo fazer peço desculpas mais uma vez.
Carlos Henrique
esfriei um pouco a cabeça, fui e new terminal e dei o comando export e apareceu o que vc falouCitação:
Postado originalmente por carneirinhobad
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=1000000/1000000 name=CacheFull parent=none priority=8 \
queue=default-small/default-small target-addresses=192.168.1.1/32 \
total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=p2p packet-mark=p2p parent=global-in \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=P2P-IN packet-mark=pacotes-p2p parent=\
global-in priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=P2P-OUT packet-mark=pacotes-p2p parent=\
global-out priority=8 queue=default
/ip firewall mangle
add action=mark-packet chain=prerouting comment="" disabled=no \
new-packet-mark=p2p p2p=all-p2p passthrough=yes
add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
p2p p2p=all-p2p passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=conexao-p2p p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
conexao-p2p disabled=no new-packet-mark=pacotes-p2p passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
172.254.1.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.2
add action=accept chain=dstnat comment="conectividade social" disabled=no \
dst-address=200.201.174.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.173.0/24
add action=redirect chain=dstnat comment="Proxy Transparente" disabled=no \
dst-port=80 in-interface=Internet protocol=tcp src-address=172.254.1.0/24 \
to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp src-address=192.168.1.2 to-ports=8080
add action=accept chain=dstnat comment="Hotmail nao passa pelo cache" \
disabled=no dst-address=207.68.128.0/18
add action=accept chain=dstnat comment="" disabled=no dst-address=64.4.0.0/18
add action=accept chain=dstnat comment="" disabled=no dst-address=\
213.199.144.0/20
add action=accept chain=dstnat comment="" disabled=no dst-address=\
65.52.0.0/14
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.208.0.0/20
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.249.150.0/26
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.167.67.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.179.42.29
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.249.84.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.173.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.174.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.220.254.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.217.233.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.172.181.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.141.204.0/24
add action=dst-nat chain=dstnat comment="Redirecionamento Radmin" disabled=no \
dst-port=4899 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.1.2 to-ports=4899
add action=dst-nat chain=dstnat comment="Redirecionamento Vnc" disabled=no \
dst-port=5800-5900 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.1.2 to-ports=5800-5900
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.1.0/24
DSSS, as regras IP Filter passam dos 1497 caracteres por isso não madei tudo, e preciso manda o resto??
henrique
/ip firewall filter
add action=drop chain=forward comment="Bloqueio Portas do Windows" disabled=\
no dst-port=135 protocol=tcp
add action=drop chain=output comment="" disabled=no dst-port=135 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=136 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=136 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=136 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=137 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=137 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=138 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=138 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=138 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=139 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=139 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=139 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=input comment=\
"Bloquear portas de jogos online para melhor desempenho da Banda" \
disabled=no dst-port=44405 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=44405 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=44405 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=accept chain=input comment="conectividade social" disabled=no \
dst-address=200.201.174.0/24 dst-port=80 protocol=tcp src-address=\
192.168.0.0/24 src-port=1024-65535
add action=drop chain=input comment="" disabled=no p2p=all-p2p protocol=tcp
add action=drop chain=input comment="drop invalid packets" connection-state=\
invalid disabled=no
add action=accept chain=input comment="accept related packets" \
connection-state=related disabled=no
add action=accept chain=input comment="accept established packets" \
connection-state=established disabled=no
add action=drop chain=input comment="detect and drop port scan connections" \
disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=\
3,32 disabled=no protocol=tcp src-address-list=black_list
add action=drop chain=input comment="drop all that is not to local" disabled=\
no dst-address-type=!local
add action=drop chain=input comment="drom all that is not from unicast" \
disabled=no src-address-type=!unicast
add action=jump chain=input comment="jump to chain ICMP" disabled=no \
jump-target=ICMP protocol=icmp
add action=jump chain=input comment="jump to chain services" disabled=no \
jump-target=services
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" disabled=no \
protocol=icmp
dd action=drop chain=services comment="TESTE DE P2P BLOQUEIO" disabled=yes \
p2p=all-p2p protocol=tcp
add action=accept chain=services comment="accept localhost" disabled=no \
dst-address=127.0.0.1 src-address=127.0.0.1
add action=accept chain=services comment="allow ftp" disabled=no dst-port=\
20-21 protocol=tcp
add action=accept chain=services comment="allow sftp, ssh" disabled=no \
dst-port=22 protocol=tcp
add action=accept chain=services comment="allow telnet" disabled=no dst-port=\
23 protocol=tcp
add action=accept chain=services comment="allow DNS request" disabled=no \
dst-port=53 protocol=tcp
add action=accept chain=services comment="Allow DNS request" disabled=no \
dst-port=53 protocol=udp
add action=accept chain=services comment="allow http, webbox" disabled=no \
dst-port=80 protocol=tcp
add action=accept chain=services comment="Allow winbox" disabled=no dst-port=\
8291 protocol=tcp