Servidor 180 clientes carregando paginas incompletas ajudem.!
Não sei se estou postando minha duvida no lugar certo, mais em fim.
Estou a 3 semanas procurando aqui, no fórum e mudando regras no meu servidor, para ver se encontro solução, para este meu problema.
Tenho 180 clientes cerca de 80 a 90 online em horários de pico.
Uso Hotspot, + web-proxy com 2 HD, um para o sistema e o outro para o cachê, minha rede é toda bridge.
O que começou acontecer em minha rede tem uns 30 dias, é paginas carregando incorretamente, faltando algumas imagens, não raro da "pagina não pode ser exibida". Erros em algumas paginas tipo Orkut em alguns aplicativos.
Mexendo e lendo dicas e mais dicas aqui no fórum descobri que o problema esta relacionado com o meu cachê, e dito e feito... basta eu desabilitar o redirecionamento para o web-proxy que todos os problemas somem.
Antes que vc´s falem já troquei HD já refiz o servidor do zero. E nada parece ter resultado.
Como já não sei mais o que fazer estou recorrendo a ajuda dos amigos aqui do fórum que sempre estão dispostos a ajudar.
Segue minhas regras:
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="////////////////////////\
//////////////////////////////////////////////////////// REGRAS ENTRADA PE\
RMITIDA \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\" disabled=no
add action=accept chain=input comment=CLIENTES disabled=no in-interface=\
BRIDGE protocol=tcp
add action=accept chain=input comment="Allow ICMP" disabled=no protocol=icmp
add action=accept chain=input comment="PERMITE - BALANCEADOR" disabled=no \
src-address=192.168.10.0/24
add action=accept chain=input comment="ACEITA WINBOX" disabled=no dst-port=\
8291 protocol=tcp
add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
dst-port=4239 protocol=tcp
add action=add-src-to-address-list address-list=Ares-Conn \
address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_01 \
disabled=no p2p=warez protocol=tcp
add action=add-src-to-address-list address-list=Ares-Conn \
address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_02 \
disabled=no p2p=warez protocol=udp
add action=drop chain=forward comment=CONTROLE_ARES_PERFEITO_03 disabled=no \
src-address=!192.168.88.0/22 src-address-list=Ares-Conn
add action=accept chain=input comment="ACEITA CONEXAOES NOVAS" \
connection-state=new disabled=no
add action=accept chain=forward comment="" connection-state=new disabled=no
add action=accept chain=input comment="PERMITE CONEXAO RELATADAS" \
connection-state=related disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=\
no
add action=accept chain=input comment="PERMITE CONEXAO ESTABELECIDAS" \
connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=passthrough chain=unused-hs-chain comment="////////////////////////\
//////////////////////////////////////////////////////// REGRAS DE BLOQUEI\
O ////////////////////////////////////////////////////////////////////////\
////////" disabled=no
add action=drop chain=forward comment=\
"LIMITANDO_CONEX\D5ES_SIMULTANEAS_LIVRE_MANGLE" connection-mark=\
!semlimite disabled=yes protocol=tcp src-address=192.168.88.0/22
add action=drop chain=forward comment=BLOQUEIO_PORTAS_LIVRE_MANGLES_UDP \
disabled=yes packet-mark=!semlimite protocol=udp src-address=\
192.168.88.0/22
add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \
dst-port=4239 in-interface=LINK protocol=tcp
add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
dst-port=5678 protocol=udp
add action=drop chain=input comment="BLOQUEIO DE DNS REVERSO" content=\
user.veloxzone.com.br disabled=no dst-port=!8291 protocol=tcp
add action=drop chain=forward comment="DROP CONEX\D5ES INVALIDAS" \
connection-state=invalid disabled=yes
add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS TCP" disabled=\
no dst-port=137-139 protocol=tcp
add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS UDP" disabled=\
no dst-port=137-139 protocol=udp
add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
protocol=udp
add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=forward comment=BLOQUEIO_ARES_MANGLES disabled=yes \
packet-mark=p2p
add action=drop chain=forward comment=BLOQUEIO_PS2-WARES disabled=yes p2p=\
warez protocol=tcp
add action=jump chain=input comment="/////////////////////////////////////////\
/////////////////////////////////////// REPASSA TRAFEGO \\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\" \
disabled=no jump-target="P2P E PORTAS"
add action=jump chain=forward comment="" disabled=no jump-target=\
"P2P E PORTAS"
add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
disabled=no jump-target=VIRUS
add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
jump-target=BOGONS
add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
add action=accept chain="P2P E PORTAS" comment="//////////////////////////////\
////////////////////////////////////////////////// RECEBEM DO REPASSE \\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\" disabled=no dst-port=6346-6349 protocol=tcp
add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="EMAIL POP 110" disabled=no \
dst-port=110 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="EMAIL SMTP - 25" disabled=no \
dst-port=25 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
dst-port=5636 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=MSN disabled=no dst-port=1863 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=7001 \
protocol=tcp
-------------
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="************************\
***************************INICIO REGRAS DO NAT **************************\
**************************************************************************\
**" disabled=no dst-address-list=!semproxy packet-size=40-12000
add action=masquerade chain=srcnat comment="MASCARAR HOTSPOT" disabled=no \
out-interface=LINK src-address=192.168.88.0/22
add action=redirect chain=pre-hotspot comment="PAGINA DE STATUS DO HOTSPOT" \
disabled=no dst-address=192.168.88.1 dst-port=80 hotspot=auth protocol=\
tcp to-ports=64873
add action=accept chain=dstnat comment="YOUTUBE FORA DA CACHE" content=\
youtube disabled=no
add action=redirect chain=dstnat comment="REDIRECIONA WEB PROXY" disabled=no \
dst-address-list=!semproxy dst-port=80 in-interface=BRIDGE protocol=tcp \
src-address=192.168.88.0/22 to-ports=4239
add action=accept chain=pre-hotspot comment="CONECTIVIDADE SOCIAL + BANCOS" \
disabled=no dst-address=200.201.160.0/24 dst-port=80 hotspot=auth \
in-interface=BRIDGE protocol=tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.166.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.173.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
200.201.174.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
tcp
add action=accept chain=pre-hotspot comment="RADIO UOL" disabled=no \
dst-address=200.221.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
protocol=tcp
add action=accept chain=pre-hotspot comment="RADIO TERRA" disabled=no \
dst-address=200.154.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
protocol=tcp
Re: Servidor 180 clientes carregando paginas incompletas ajudem.!
continuando....
/ip firewall mangle
add action=mark-connection chain=output comment="1 - HOTSPOT-FULL " disabled=\
no new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=udp src-port=64872
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64872
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64873
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64874
add action=mark-connection chain=output comment="" disabled=no \
new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
protocol=tcp src-port=64875
add action=mark-packet chain=output comment="" connection-mark=hotspot-out \
disabled=no new-packet-mark=hotspot passthrough=no
add action=mark-packet chain=output comment="2 - PROXY FULL" disabled=no \
dscp=4 new-packet-mark=proxy-hit out-interface=BRIDGE passthrough=no \
protocol=tcp src-port=4239
add action=mark-packet chain=prerouting comment=\
"03 - UPLOAD MARCANDO PACOTES" disabled=no in-interface=BRIDGE \
new-packet-mark=test-up passthrough=no src-address=192.168.88.0/22
add action=mark-connection chain=forward comment=\
"04 - MARCANDO DOWNLOAD LINK" disabled=no new-connection-mark=teste-conn \
passthrough=yes src-address=192.168.88.0/22
add action=mark-packet chain=forward comment="05 - DOWNLOAD DIRETO LINK" \
connection-mark=teste-conn disabled=no in-interface=LINK new-packet-mark=\
test-down passthrough=no
add action=mark-packet chain=output comment="06 - DOWNLOAD DIRETO DO CACHE" \
disabled=no dst-address=192.168.88.0/22 new-packet-mark=test-down \
out-interface=BRIDGE passthrough=no
add action=mark-connection chain=forward comment="DESBLOQUEIO +++++++++++++ IN\
ICIO MARCA\C7\C3O DE PORTAS //////////////////////////////////////////////\
//////////////////////////////////" disabled=no dst-port=21 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=22 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=23 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="DESBLOQUEIO - DNS" \
disabled=no dst-port=53 new-connection-mark=semlimite_udp passthrough=yes \
protocol=udp src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=80 \
new-connection-mark=semlimite passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - EMAIL SMTP OUTLOOK" disabled=no dst-port=25 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="DESBLOQUEIO - EMAIL POP" \
disabled=no dst-port=110 new-connection-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - PORTA POP SEGURA - SSL OUTLOOK" disabled=no dst-port=995 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - PAGINAS HTTPS" disabled=no dst-port=443 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="DESBLOQUEIO - RB-750G-8291" \
disabled=no dst-port=8291 new-connection-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=8080 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=\
6891-6901 new-connection-mark=semlimite passthrough=yes protocol=tcp \
src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="DESBLOQUEIO - MSN" \
disabled=no dst-port=1863 new-connection-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="DESBLOQUEIO - PROXY FULL" \
disabled=no dst-port=4239 new-connection-mark=semlimite passthrough=yes \
protocol=tcp src-address=192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=3389 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=5900 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=135 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - RADIO - UOL E PRINCIPAIS" disabled=no dst-port=554 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - RADIO - JOVEM PAN" disabled=no dst-port=8000 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - RADIO - HOT-FM-107" disabled=no dst-port=9001 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment="" disabled=no dst-port=8081 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
add action=mark-connection chain=forward comment=\
"DESBLOQUEIO - RADIO PORTA 730" disabled=no dst-port=8730 \
new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
192.168.88.0/22
Re: Servidor 180 clientes carregando paginas incompletas ajudem.!
continuando...
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=99000000KiB \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=4239 serialize-connections=\
no src-address=0.0.0.0
/ip proxy access
add action=allow comment="REDE CLIENTES" disabled=no src-address=\
192.168.88.0/22
add action=deny comment="" disabled=no
add action=deny comment="block telnet & spam e-mail relaying" disabled=yes \
dst-port=23-25 src-address=192.168.88.0/22
add action=deny comment=\
"allow CONNECT only to SSL ports 443 [https] and 563 [snews]" disabled=\
yes dst-port=!443,563 method=CONNECT src-address=192.168.88.0/22
add action=deny comment="" disabled=no
/ip proxy cache
add action=allow comment="" disabled=no src-address=192.168.88.0/22
add action=deny comment="" disabled=no dst-host=":cgi-bin \\\\\?"
add action=deny comment="" disabled=no dst-host=https://
add action=allow comment="" disabled=no dst-host=: path=:.swf*
add action=allow comment="" disabled=no dst-host=: path=:.exe*
add action=allow comment="" disabled=no dst-host=: path=:.html*
add action=allow comment="" disabled=no dst-host=: path=:.jpg*
add action=allow comment="" disabled=no dst-host=: path=:.rar*
add action=allow comment="" disabled=no dst-host=: path=:.txt*
add action=allow comment="" disabled=no dst-host=: path=:.htm*
add action=allow comment="" disabled=no dst-host=: path=:.gif*
add action=allow comment="" disabled=no dst-host=: path=:.avi*
add action=allow comment="" disabled=no dst-host=: path=:.mpg*
é isso ai... conto com a ajuda de vc´s... muito obrigado.
Re: Servidor 180 clientes carregando paginas incompletas ajudem.!
acho que pode ser dns viu .....
troque ai e faça um teste .....
google dns : 8.8.8.8/8.8.4.4
level 3 dns:4.2.2.1/4.2.2.2
giga dns:189.38.95.95/189.38.95.96
Re: Servidor 180 clientes carregando paginas incompletas ajudem.!
Bom... o DNS da gogle eu ja testei, e tb testei o - 208.67.222.222/208.67.2220.220 não muda em anda.
vou testar o 4.2.2.1/4.2.2.2... to tentando de tudo.... muito obrigado, por se preocupar comigo.