Load-balance RB750G winbox sem acesso
Olá, boa tarde a todos, estou com um problema.
To usando um load-balance com uma RB750G
Tudo certo, funcionando perfeitamente.
Porem não consigo acesso a ela pelo WINBOX.
Acesso ela pelo navegador, normal como se fosse um AP.
Alguém, poderia me ajudar?
EU - Servidor - RB750G - modem
IP Minha rede: 192.168.88.0/22
IP RB750G: 192.168.10.1/24
IP interface link do servidor: 192.168.10.2/24
Já tentei de tudo e não vai.
Muito obrigado.
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
usertecknet
Olá, boa tarde a todos, estou com um problema.
To usando um load-balance com uma RB750G
Tudo certo, funcionando perfeitamente.
Porem não consigo acesso a ela pelo WINBOX.
Acesso ela pelo navegador, normal como se fosse um AP.
Alguém, poderia me ajudar?
EU - Servidor - RB750G - modem
IP Minha rede: 192.168.88.0/22
IP RB750G: 192.168.10.1/24
IP interface link do servidor: 192.168.10.2/24
Já tentei de tudo e não vai.
Muito obrigado.
manda o ip routes e ip adress
Re: Load-balance RB750G winbox sem acesso
tu usa cache? posta ai tuas regras de firewall tambem.
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
iverton
tu usa cache? posta ai tuas regras de firewall tambem.
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=forward comment=\
"FAIRUZA --------------------BLOQUEIO_PORTAS_LIVRE_MANGLES---TCP" \
disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp \
src-address=192.168.88.17 src-port=1000-65525
add action=drop chain=forward comment=\
"FAIRUZA --------------------BLOQUEIO_PORTAS_LIVRE_MANGLES---UDP" \
disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite packet-size=\
350-1024 protocol=udp src-address=192.168.88.17 src-port=0-65525
add action=drop chain=forward comment=\
"//////////// EXEMPLO DE BLOQUEIO DE PORTAS INDIVIDUAL/////////////////" \
disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp \
src-address=192.168.88.29 src-port=1300-65525
add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \
dst-port=3128 in-interface=LINK protocol=tcp
add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
dst-port=3128 protocol=tcp
add action=drop chain=input comment="BLOQUEIO DE DNS REVERSO" content=\
user.veloxzone.com.br disabled=no dst-port=!8291 protocol=tcp
add action=accept chain=input comment="ACEITA WINBOX" disabled=no dst-port=\
8291 protocol=tcp
add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
dst-port=5678 protocol=udp
add action=drop chain=forward comment=DESCARTA_UDP_ACIMA_350-1024 disabled=\
yes packet-size=512-1024 protocol=udp src-address=192.168.88.0/22 \
src-port=0-65525
add action=drop chain=forward comment="BLOQUEIO PORTAS UDP - LIVRE MANGLE" \
disabled=yes packet-mark=!semlimite protocol=udp src-address=\
192.168.88.0/24
add action=drop chain=forward comment=BLOQUEIO_PORTAS_LIVRE_MANGLES disabled=\
no dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp src-address=\
192.168.88.0/22 src-port=1000-65525
add action=drop chain=forward comment=\
"LIMITANDO_CONEX\D5ES_SIMULTANEAS_LIVRE_MANGLE" connection-limit=6,32 \
disabled=no packet-mark=!semlimite protocol=tcp src-address=\
192.168.88.0/22 tcp-flags=syn
add action=add-src-to-address-list address-list=Ares-Conn \
address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_01 \
disabled=no p2p=warez protocol=tcp
add action=add-src-to-address-list address-list=Ares-Conn \
address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_02 \
disabled=no p2p=warez protocol=udp
add action=drop chain=forward comment=CONTROLE_ARES_PERFEITO_03 disabled=no \
src-address=!192.168.88.0/22 src-address-list=Ares-Conn
add action=drop chain=forward comment=BLOQUEIO_ARES-1 disabled=no dst-port=0 \
protocol=udp
add action=drop chain=forward comment=BLOQUEIO_ARES-2 disabled=no p2p=warez
add action=drop chain=forward comment=BLOQUEIO_ARES-3 disabled=no protocol=\
udp src-port=0
add action=drop chain=forward comment=BLOQUEIO_PS2-WARES disabled=no p2p=\
warez protocol=tcp
add action=drop chain=forward comment=BLOQUEIO_PS2-ALLP2P disabled=no p2p=\
all-p2p protocol=tcp
add action=drop chain=forward comment=BLOQUEIO_ARES_MANGLES connection-mark=\
ares disabled=no
add action=drop chain=forward comment="BLOQUEIA NETBIOS TCP" disabled=no \
dst-port=137-139 protocol=tcp src-port=137-139
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
tcp src-port=445
add action=drop chain=forward comment="BLOQUEIA NETBIOS UDP" disabled=no \
dst-port=137-139 protocol=udp src-port=137-139
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
udp src-port=445
add action=jump chain=input comment="*****************************************\
*********REPASSA TRAFEGO PARA VERIFICASAO DE PORTAS***********************\
*****************" disabled=no jump-target="P2P E PORTAS"
add action=jump chain=forward comment="" disabled=no jump-target=\
"P2P E PORTAS"
add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
disabled=no jump-target=VIRUS
add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
jump-target=BOGONS
add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
add action=accept chain=input comment="ACEITA CONECSAO ESTABELECIDA" \
connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=accept chain=input comment="ACEITA CONECSAO NOVAS" \
connection-state=new disabled=no
add action=accept chain=forward comment="" connection-state=new disabled=no
add action=accept chain=input comment="ACEITA CONECSAO RELACIONADAS" \
connection-state=related disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=\
no
add action=drop chain=forward comment=";;; CONEXAO INVALIDAS" \
connection-state=invalid disabled=no
add action=accept chain="P2P E PORTAS" comment="PORTAS E P2P /////////////////\
//////////////////////////////////////////////////////////////////////////\
/////////////////////////////////////////////////////" disabled=no \
dst-port=6346-6349 protocol=tcp
add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="EMAIL POP 110" disabled=no \
dst-port=110 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="EMAIL SMTP - 25" disabled=no \
dst-port=25 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
dst-port=5636 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=\
"MSN -------------- ENTRA MAIS RAPIDO" disabled=no dst-port=1863 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1853 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=skipe disabled=no dst-port=\
30369 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO KAZAA" disabled=no \
dst-port=1214 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO E-MULE" disabled=no \
dst-port=4662 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=4662 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
6346-6348 protocol=udp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO BITTORRENT" \
disabled=no dst-port=6881-6889 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
6881-6889 protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1214 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="PORTAS RANDON DO BIT TORRENT" \
disabled=no dst-port=57792 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=57792 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="porta servidor CS" disabled=\
no dst-port=27015 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27015 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="ALL P2P" disabled=yes p2p=\
all-p2p
add action=drop chain=VIRUS comment="LISTA DE VIRUS///////////////////////////\
continua...
Re: Load-balance RB750G winbox sem acesso
Parece ser problema de mascara não?
Re: Load-balance RB750G winbox sem acesso
/ip firewall mangle
add action=mark-connection chain=output comment="1 - HOTSPOT-FULL " disabled=\
no new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=udp src-port=64872
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64872
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64873
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64874
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64875
add action=mark-packet chain=output comment="" connection-mark=hotspot-out \
disabled=no new-packet-mark=hotspot passthrough=no
add action=mark-connection chain=output comment="2 - PROXY FULL" disabled=no \
dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp \
src-port=3128
add action=mark-packet chain=output comment="" connection-mark=proxyfull \
disabled=no new-packet-mark=proxyfull passthrough=yes
add action=return chain=output comment="" connection-mark=proxyfull disabled=\
no
add action=mark-packet chain=prerouting comment="3 - UPLOAD MARCANDO PACOTES" \
disabled=no in-interface=BRIDGE new-packet-mark=test-up passthrough=no \
src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="4 - DOWN MARCANDO PACOTES" \
disabled=no new-connection-mark=teste-conn passthrough=yes src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment=\
"5 - DOWN - DIRETO MARCANDO PACOTES" connection-mark=teste-conn \
disabled=no in-interface=LINK new-packet-mark=test-down passthrough=no
add action=mark-packet chain=output comment=\
"6 - DOWN - VIA PROXY MARCANDO PACOTES" disabled=no dst-address=\
192.168.88.0/22 new-packet-mark=test-down out-interface=BRIDGE \
passthrough=no
add action=mark-connection chain=prerouting comment="ARES - MARCANDO PACOTES" \
disabled=no new-connection-mark=ares p2p=warez passthrough=no
add action=mark-connection chain=prerouting comment="P2P - MARCANDO PORTAS" \
disabled=no new-connection-mark=p2p_marca p2p=all-p2p passthrough=yes
add action=mark-connection chain=prerouting comment="UDP - MARCANDO PORTAS" \
disabled=no new-connection-mark=udp_teste passthrough=no protocol=udp
add action=mark-connection chain=postrouting comment="" disabled=no \
new-connection-mark=udp_teste passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=udp_teste \
disabled=no new-packet-mark=udp passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=udp_teste \
disabled=no new-packet-mark=udp passthrough=yes
add action=mark-connection chain=prerouting comment="MICROSOFT SQL SERVER" \
disabled=no dst-port=1433-1434 new-connection-mark=Banco-Dados-Conexao \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=p2p_marca \
disabled=no new-packet-mark=p2p passthrough=yes
add action=mark-connection chain=prerouting comment="ORKUT - MARCANDO PACOTES \
+++++++++ INICIO IMPLANTA\C7\C3O ////// QOS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ " content=orkut \
disabled=no new-connection-mark=ORKUT-CONN passthrough=no
add action=mark-connection chain=postrouting comment="" content=orkut \
disabled=no new-connection-mark=ORKUT-CONN passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=ORKUT-CONN \
disabled=no new-packet-mark=orkut passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=\
ORKUT-CONN disabled=no new-packet-mark=orkut passthrough=yes
add action=mark-connection chain=prerouting comment=\
"YOUTUBE - MARCAR PACOTES" content=youtube disabled=no \
new-connection-mark=YTB passthrough=no
add action=mark-connection chain=postrouting comment="" content=youtube \
disabled=no new-connection-mark=YTB passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=YTB \
disabled=no new-packet-mark=youtube passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=YTB \
disabled=no new-packet-mark=youtube passthrough=yes
add action=mark-connection chain=prerouting comment="ICMP - MARCANDO PORTAS" \
disabled=no new-connection-mark=ICMP-Conexao passthrough=no protocol=icmp
add action=mark-connection chain=postrouting comment="" disabled=no \
new-connection-mark=ICMP-Conexao passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment="" connection-mark=\
ICMP-Conexao disabled=no new-packet-mark=ICMP-Pacotes passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=\
ICMP-Conexao disabled=no new-packet-mark=ICMP-Pacotes passthrough=yes
add action=mark-connection chain=prerouting comment=\
"HTTPS - MARCANDO PAGINAS SEGURAS " disabled=no dst-port=443 \
new-connection-mark=HTTPS-CONN passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
443 new-connection-mark=HTTPS-CONN passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
53 new-connection-mark=HTTPS-CONN passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
53 new-connection-mark=HTTPS-CONN passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
53 new-connection-mark=HTTPS-CONN passthrough=no protocol=udp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
53 new-connection-mark=HTTPS-CONN passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="BANCO DO BRASIL" \
content=bancobrasil disabled=no new-connection-mark=HTTPS-CONN \
passthrough=no
add action=mark-connection chain=postrouting comment="" content=bancobrasil \
disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
add action=mark-connection chain=prerouting comment="BANCO BRADESCO" content=\
bradesco disabled=no new-connection-mark=HTTPS-CONN passthrough=no
add action=mark-connection chain=postrouting comment="" content=bradesco \
disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
add action=mark-connection chain=prerouting comment=\
"CAIXA ECONOMICA FEDERAL - MARCANDO PAGINAS " content=caixa.gov disabled=\
no new-connection-mark=HTTPS-CONN passthrough=no
add action=mark-connection chain=postrouting comment="" content=caixa.gov \
disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=HTTPS-CONN \
disabled=no new-packet-mark=HTTPS passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=\
HTTPS-CONN disabled=no new-packet-mark=HTTPS passthrough=yes
add action=mark-connection chain=prerouting comment=\
"E-MAIL - MARCANDO PORTAS" disabled=no dst-port=110 new-connection-mark=\
E-mail-Conexao passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
110 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
995 new-connection-mark=E-mail-Conexao passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
995 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
25 new-connection-mark=E-mail-Conexao passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
25 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
25 new-connection-mark=E-mail-Conexao passthrough=no protocol=udp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
25 new-connection-mark=E-mail-Conexao passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=\
E-mail-Conexao disabled=no new-packet-mark=E-mail-Pacotes passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=\
E-mail-Conexao disabled=no new-packet-mark=E-mail-Pacotes passthrough=yes
add action=mark-connection chain=prerouting comment="MSN - MARCANDO PORTAS" \
disabled=no dst-port=1863 new-connection-mark=Messenger-Conexao \
passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
1863 new-connection-mark=Messenger-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
1863 new-connection-mark=Messenger-Conexao passthrough=no protocol=udp
a
Re: Load-balance RB750G winbox sem acesso
dd action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
1863 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
6891-6901 new-connection-mark=Messenger-Conexao passthrough=no protocol=\
tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
6891-6901 new-connection-mark=Messenger-Conexao passthrough=no protocol=\
udp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
5190 new-connection-mark=Messenger-Conexao passthrough=no protocol=udp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
5190 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=\
Messenger-Conexao disabled=no new-packet-mark=Messenger-Pacotes \
passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=\
Messenger-Conexao disabled=no new-packet-mark=Messenger-Pacotes \
passthrough=yes
add action=mark-connection chain=prerouting comment="SQL BANCO DE DADOS" \
disabled=no dst-port=3306 new-connection-mark=Banco-Dados-Conexao \
passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
3306 new-connection-mark=Banco-Dados-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"ORACLE - MARCANDO CONEX\C3O" disabled=no dst-port=1521 \
new-connection-mark=Banco-Dados-Conexao passthrough=no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
1433-1434 new-connection-mark=Banco-Dados-Conexao passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
Banco-Dados-Conexao disabled=no new-packet-mark=Banco-Dados-Pacotes \
passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=\
Banco-Dados-Conexao disabled=no new-packet-mark=Banco-Dados-Pacotes \
passthrough=yes
add action=mark-packet chain=forward comment="DESBLOQUEIO +++++++++++++ INICIO\
\_MARCA\C7\C3O DE PORTAS /////////////////////////////////////////////////\
///////////////////////////////" disabled=no dst-port=21 new-packet-mark=\
semlimite passthrough=yes protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=22 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=23 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - DNS" disabled=no \
dst-port=53 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - NAVEGA\C7\C3O" \
disabled=no dst-port=80 new-packet-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - EMAIL SMTP OUTLOOK" disabled=no dst-port=25 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - EMAIL POP" \
disabled=no dst-port=110 new-packet-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - PORTA POP SEGURA - SSL OUTLOOK" disabled=no dst-port=995 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - PAGINAS HTTPS" \
disabled=no dst-port=443 new-packet-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=8080 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=\
6891-6901 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - PORTA TEAMVIEWER 5938 REMOTO" disabled=no dst-port=5938 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - MSN" disabled=no \
dst-port=1863 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - PROXY FULL" \
disabled=no dst-port=3128 new-packet-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=3389 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=5900 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=135 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - RADIO - UOL E PRINCIPAIS" disabled=no dst-port=554 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - RADIO - JOVEM PAN" disabled=no dst-port=8000 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment=\
"DESBLOQUEIO - RADIO - HOT-FM-107" disabled=no dst-port=9001 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=8081 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - RADIO PORTA 730" \
disabled=no dst-port=8730 new-packet-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - SKYPE" disabled=\
no dst-port=6469 new-packet-mark=semlimite passthrough=yes protocol=udp \
src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="" disabled=no dst-port=6469 \
new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - GTA" disabled=no \
dst-port=7777 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="DESBLOQUEIO - GTA" disabled=no \
dst-port=1414 new-packet-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-connection chain=prerouting comment="CONTROLE JOGOS" \
disabled=yes dst-port=7171 new-connection-mark=Jogos-Conexao passthrough=\
no protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=yes \
dst-port=7171 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27015 new-connection-mark=Jogos-Conexao passthrough=no protocol=tcp
Re: Load-balance RB750G winbox sem acesso
add action=mark-connection chain=postrouting comment="" disabled=yes \
dst-port=27015 new-connection-mark=Jogos-Conexao passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="Mu Online" disabled=yes \
dst-port=55905 new-connection-mark=Jogos-Conexao passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
55905 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="Line Age" disabled=yes \
dst-port=4376 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
4376 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=WarCraft disabled=yes \
dst-port=6112 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
6112 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
4500 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
4500 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
6900 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
6900 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
5000 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
5000 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="Counter Strike" \
disabled=yes dst-port=27018 new-connection-mark=Jogos-Conexao \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27018 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27015 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27015 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27020 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27020 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27019 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27019 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27013 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
27013 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=\
Jogos-Conexao disabled=yes new-packet-mark=Jogos-Pacotes passthrough=no
Re: Load-balance RB750G winbox sem acesso
agora a regras de nat
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=pre-hotspot comment="CONECTIVIDADE SOCIAL + BANCOS" \
disabled=no dst-address=200.201.160.0/24 dst-port=80 hotspot=auth \
in-interface=BRIDGE protocol=tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.166.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.173.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.174.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=masquerade chain=srcnat comment="" disabled=no out-interface=LINK \
src-address=192.168.88.0/22
add action=masquerade chain=srcnat comment="MASQUERADE HOTSPOT" disabled=no \
src-address=192.168.88.0/22
add action=redirect chain=dstnat comment="REDIRECIONAR PROXY" disabled=no \
dst-port=80 in-interface=BRIDGE protocol=tcp src-address=192.168.88.0/22 \
to-ports=3128
add action=accept chain=pre-hotspot comment="RADIO UOL" disabled=no \
dst-address=200.221.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
protocol=tcp
add action=accept chain=pre-hotspot comment="RADIO TERRA" disabled=no \
dst-address=200.154.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
protocol=tcp
add action=accept chain=dstnat comment="YOUTUBE FORA DA CACHE" content=\
!youtube disabled=no
Gente não sei como enviar de outra forma, desculpem por tantas regras ai...
Re: Load-balance RB750G winbox sem acesso
eu uso Web-Proxy
o IP do servidor é 192.168.88.1
acho que é isso ai pessoal.
Re: Load-balance RB750G winbox sem acesso
kra tu acessa a web do mk por causa do proxy, mas não acessa por winbox pq deve estar bloqueando alguma porta.
não tive tempo de rever todas suas regras pois estou meio sem tempo, mas amanha eu analizo direitinho.
Re: Load-balance RB750G winbox sem acesso
Amigo eu acho que a melhor coisa a fazer, e retirar todas essa regras. Realmente você necessita de todas elas? testou uma por uma ? ou copiou e colou no seu loadbalance ?
Re: Load-balance RB750G winbox sem acesso
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
iverton
kra tu acessa a web do mk por causa do proxy, mas não acessa por winbox pq deve estar bloqueando alguma porta.
não tive tempo de rever todas suas regras pois estou meio sem tempo, mas amanha eu analizo direitinho.
realmente, no meu firewall, bloqueio todas as portas, e deixo somente as padrão, e algumas outras... etc...
e nisso estava bloqueando a porta 8291 do winbox.
liberei ela, e acessou normal.
-------------------------------------
agora, tenho mais uma duvida.... minha RB 750 que faz o balance... disca para os modens 1, 2, 3
10.1.1.1 ip do modem
10.2.2.2 ip do modem
10.3.3.3 ip do modem
eu pergunto, para vc´s, é possível, eu acessar os modens?
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
usertecknet
realmente, no meu firewall, bloqueio todas as portas, e deixo somente as padrão, e algumas outras... etc...
e nisso estava bloqueando a porta 8291 do winbox.
liberei ela, e acessou normal.
-------------------------------------
agora, tenho mais uma duvida.... minha RB 750 que faz o balance... disca para os modens 1, 2, 3
10.1.1.1 ip do modem
10.2.2.2 ip do modem
10.3.3.3 ip do modem
eu pergunto, para vc´s, é possível, eu acessar os modens?
Sim
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
Geeek
Sim
e você sabe me dizer como eu faço isso?
Re: Load-balance RB750G winbox sem acesso
Citação:
Postado originalmente por
usertecknet
e você sabe me dizer como eu faço isso?
você ja tentou acessa-los?, senão crie as rotas para eles.
Re: Load-balance RB750G winbox sem acesso
aqui eu faço assim redireciono as porta 80 do modem pra outra porta da minha RB 750, tipo eu digito no navegador o ip da RB no seu caso http:/192.168.10.1 assim entra na pagina do MK, ai acrescento http:/192.168.10.1:90 modem 1, http:/192.168.10.1:91 modem 2 e assim vai, vou postar as regras aki abaixo.
/ip firewall nat
add action=dst-nat chain=dstnat comment="MODEM 1" disabled=no \
dst-address=192.168.10.1 dst-port=90 protocol=tcp to-addresses=10.1.1.1\
to-ports=80
add action=dst-nat chain=dstnat comment="MODEM 2" disabled=no \
dst-address=192.168.10.1 dst-port=91 protocol=tcp to-addresses=10.1.1.2\
to-ports=80
add action=dst-nat chain=dstnat comment="MODEM 3" disabled=no \
dst-address=192.168.10.1 dst-port=92 protocol=tcp to-addresses=10.1.1.3\
to-ports=80
pronto so isso e so colocar la ja ate configurado com sua rede e acessar os modens como te falei
http://192.168.10.1:90 modem 1
http://192.168.10.1:91 modem 2
http://192.168.10.1:92 modem 3
nao se esqueca que os modens tem que esta cadastrado no arp, e sua RB 750 tem que ta pingando nos modens
fuiiii espero ter ajudado