Nanom5 comendo banda sem passar pelo hotspot
Bom dia Pessoal do Under
tenho um pequeno provedor de internet onde uso 5.8ghz e 2.4ghz
Nas 2.4 uso antenas setoriais da OIW e cartoes R52h
Em 5.8ghz uso nanostation m5 16db para o envio de sinal
até ai tudo funcionando tudo normal. sem problemas, todos autenticavam normal.
ontem aconteceu algo dificil de entender.
o nano de uma cliente estava ligado e consumindo banda sem ela passar pelo hotspot. e outra, consumindo banda total. deixando minha rb com CPU em 100%. pensei que fosse algum bug no nano dela e o reiniciei. ai outro cliente com o mesmo sintoma.
o que será que pode ser. se estou trabalhando com mais de 3 meses e só agora está dando "pipoco"
Re: Nanom5 comendo banda sem passar pelo hotspot
consumindo banda sem passar pelo hotspot?
hum...
creio que vc tenha alguma regra no firewall para conexao ESTABLISHED e RELATED
se essas regras estiverem antes das regras do hotspot, podera acontecer do hotspot desconectar o usuario mas sua conexao continuar funcionando.
poste suas regras de firewall aqui para vermos
Re: Nanom5 comendo banda sem passar pelo hotspot
bem entao vamos
ai esta o meu firewall...
# jun/19/2011 01:23:47 by RouterOS 4.16
# software id = 1GLV-60SG
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=yes \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=forward comment=p2p connection-mark=P2P_conn disabled=\
no packet-mark=P2P
add action=drop chain=forward comment=megaupload disabled=yes dst-address=\
174.140.154.0/24
add action=accept chain=forward comment="" disabled=no limit=1,5
add action=accept chain=forward comment="" disabled=no psd=21,3s,3,1
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Controle P2Ps" disabled=\
no new-connection-mark=P2P_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=P2P_conn \
disabled=no new-packet-mark=P2P passthrough=yes
add action=mark-connection chain=prerouting comment="CONEC\C7\C3O ORKUT" \
disabled=yes dst-address-list=64.233.163.85/30 new-connection-mark=\
"CONEC ORKUT" passthrough=no
add action=mark-packet chain=prerouting comment="" connection-mark=\
"CONEC ORKUT" disabled=yes new-packet-mark="PACOTES ORKUT" passthrough=\
yes
add action=mark-connection chain=prerouting comment="CONEC\C7\C3O YOUTUBE" \
disabled=yes dst-address-list=74.125.67.100 new-connection-mark=\
"CONEC YOUTUBE" passthrough=no
add action=mark-packet chain=prerouting comment="" connection-mark=\
"CONEC YOUTUBE" disabled=yes new-packet-mark="PACOTES YOUTUBE" \
passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
"LINK 5.8" new-connection-mark="teste up" passthrough=yes
add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
"teste down" out-interface=clientes passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="GERENCIAMENTO NANO COHAPAR" \
disabled=no dst-address=xxxxxxxxxxxxxx dst-port=xxxxxxxxxxxx protocol=tcp \
to-addresses=xxxxxxxxxxxxx to-ports=80
add action=dst-nat chain=dstnat comment="GERENCIAMENTO NANO VL ESPERAN\C7A" \
disabled=no dst-address=xxxxxxxxxxxxx dst-port=xxxxxxxxxxx protocol=tcp \
to-addresses=xxxxxxxxxxxx to-ports=80
add action=dst-nat chain=dstnat comment="GERENCIAMENTO NANO JANIRA" disabled=\
no dst-address=xxxxxxxxxxxxx dst-port=xxxxxxx protocol=tcp to-addresses=\
xxxxxxxxxxxxxxx to-ports=80
add action=dst-nat chain=dstnat comment="GERENCIAMENTO NANO STATION JANIRA" \
disabled=no dst-address=xxxxxxxxxx dst-port=xxxxxxx protocol=tcp \
to-addresses=xxxxxxxxxxx to-ports=80
add action=dst-nat chain=dstnat comment="GERENCIAMENTO NANOS CLIENTES" \
disabled=no dst-address=xxxxxxxxx dst-port=xxxx protocol=tcp \
to-addresses=xxxxxxxxxxxx to-ports=80
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
