re: ThunderCache 7 Causando Lentidão na Rede
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M \
max-limit=10M name=HTTP-D packet-mark=http parent=WEB-D priority=1 queue=\
ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
max-limit=5M name=HTTP-U packet-mark=http parent=WEB-U priority=3 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
max-limit=3M name=HTTPS-D packet-mark=https parent=WEB-D priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
max-limit=3M name=HTTPS-U packet-mark=https parent=WEB-U priority=7 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=FTP-D packet-mark=ftp parent=WEB-D priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=FTP-U packet-mark=ftp parent=WEB-U priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M \
max-limit=3M name=DNS-D packet-mark=dns parent=DOWN priority=1 queue=\
ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=292k \
max-limit=1024k name=DNS-U packet-mark=dns parent=UP priority=1 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1512k name=POP3-D packet-mark=pop3 parent=EMAIL-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1512k name=POP3-U packet-mark=pop3 parent=EMAIL-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=SMTP-D packet-mark=smtp parent=EMAIL-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=SMTP-U packet-mark=smtp parent=EMAIL-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1512k name=POP3S-U packet-mark=pop3s parent=EMAIL-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=SMTPS-U packet-mark=smtps parent=EMAIL-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1512k name=POP3S-D packet-mark=pop3s parent=EMAIL-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=SMTPS-D packet-mark=smtps parent=EMAIL-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=SKYPE-D packet-mark=skype parent=VOIP-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=1024k name=SKYPE-U packet-mark=skype parent=VOIP-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=1024k name=VOIPCLI-D packet-mark=voip parent=VOIP-D priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=1024k name=VOIPCLI-U packet-mark=voip parent=VOIP-U priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=SSH-D packet-mark=ssh parent=ACCESS-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=SSH-U packet-mark=ssh parent=ACCESS-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=1024k name=TELNET-U packet-mark=telnet parent=ACCESS-U \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=1024k name=TELNET-D packet-mark=telnet parent=ACCESS-D \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=PPTP-D packet-mark=pptp parent=ACCESS-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=PPTP-U packet-mark=pptp parent=ACCESS-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=L2TP-U packet-mark=l2tp parent=ACCESS-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
max-limit=1024k name=L2TP-D packet-mark=l2tp parent=ACCESS-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=ICMP-D packet-mark=ping parent=DOWN priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=ICMP-U packet-mark=ping parent=UP priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=768k name=GRE-D packet-mark=gre parent=DOWN priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=768k name=GRE-U packet-mark=gre parent=UP priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=WINTS-D packet-mark=win-ts parent=ACCESS-D priority=\
8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=WINTS-U packet-mark=win-ts parent=ACCESS-U priority=\
8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=3M name=PROXY-D packet-mark=proxy parent=WEB-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=VNC-D packet-mark=vnc parent=ACCESS-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=1024k name=VNC-U packet-mark=vnc parent=ACCESS-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=768k name=IRC-D packet-mark=irc parent=IM-D priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=768k name=IRC-U packet-mark=irc parent=IM-U priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=256k name=NTP-D packet-mark=ntp parent=TIMESBR-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=256k name=NTP-U packet-mark=ntp parent=TIMESVR-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=3M name=OTHERSTCP-D packet-mark=other-tcp parent=OTHERS-D \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=4M name=OTHERSTCP-U packet-mark=other-tcp parent=OTHERS-U \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
max-limit=4M name=OTHERSUDP-U packet-mark=other-udp parent=OTHERS-U \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
max-limit=5M name=OTHERSUDP-D packet-mark=other-udp parent=OTHERS-D \
priority=1 queue=ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=256k name=NNTP-D packet-mark=nntp parent=TIMESBR-D priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=256k name=NNTP-U packet-mark=nntp parent=TIMESVR-U priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=768k name=MSN-D packet-mark=msn parent=IM-D priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=2048k name=MSN-U packet-mark=msn parent=IM-U priority=8 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=128k name=ICMP-NAGIOS-D packet-mark=ping-nagios parent=OTHERS-D \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
max-limit=128k name=ICMP-NAGIOS-U packet-mark=ping-nagios parent=OTHERS-U \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=p2p-d packet-mark=p2p parent=OTHERS-D priority=8 \
queue=pcq-p2p-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=256k name=p2p-u packet-mark=p2p parent=OTHERS-U priority=8 \
queue=pcq-p2p-down
re: ThunderCache 7 Causando Lentidão na Rede
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=1024KiB \
max-udp-packet-size=1024 servers=201.10.120.3,201.10.1.3
/ip firewall address-list
add address=10.2.5.247 comment=aviso15 disabled=no list=pgaviso
add address=10.2.5.187 comment=aviso60 disabled=no list=pgaviso
add address=10.2.5.223 comment=aviso37 disabled=no list=pgaviso
add address=10.2.5.187 comment=ssh_corte_alessandra disabled=no list=pgcorte
add address=192.168.2.2 disabled=no list=NO_CACHE
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward disabled=yes src-address=192.168.2.2
add action=drop chain=input disabled=no layer7-protocol=ares time=\
17h-21h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=input connection-state=invalid disabled=yes \
in-interface=pppoe-out1
add action=jump chain=input disabled=no jump-target=VIRUS
add action=add-src-to-address-list address-list=Lista_negra \
address-list-timeout=10m chain=input connection-limit=10,32 disabled=no \
protocol=tcp
add action=accept chain=input connection-state=new disabled=no
add action=accept chain=input connection-state=established disabled=no
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=icpm connection-state=new disabled=no icmp-options=\
3:4 in-bridge-port=!RB1 protocol=icmp
add action=drop chain=forward disabled=no layer7-protocol=edonkey-3 time=\
17h-21h,sun,mon,tue,wed,thu,fri,sat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
add action=accept chain=icpm connection-state=related disabled=no \
icmp-options=0:0 protocol=icmp
add action=drop chain=icpm disabled=no icmp-options=8:0 in-interface=\
pppoe-out1 protocol=icmp
add action=drop chain=icpm disabled=no icmp-options=11:0 in-interface=\
pppoe-out1 protocol=icmp
add action=drop chain=icpm disabled=no icmp-options=3:3 in-interface=\
pppoe-out1 protocol=icmp
add action=drop chain=input disabled=no
add action=drop chain=VIRUS disabled=no protocol=tcp src-port=445
add action=drop chain=VIRUS disabled=no dst-port=445 protocol=tcp
add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no protocol=\
udp src-port=445
add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=VIRUS disabled=no protocol=tcp src-port=135-139
add action=drop chain=VIRUS disabled=no protocol=udp src-port=135-139
add action=drop chain=VIRUS disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=135-139 protocol=udp
add action=drop chain=VIRUS comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=VIRUS comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=VIRUS comment=________ disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=VIRUS comment="ndm requester" disabled=no dst-port=1363 \
protocol=tcp
add action=drop chain=VIRUS comment="ndm server" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=VIRUS comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=VIRUS comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=VIRUS comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=VIRUS comment="Bagle VIRUS" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=VIRUS comment="Drop MyDoom" disabled=no dst-port=3127 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=VIRUS comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=VIRUS comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=VIRUS comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=VIRUS comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=VIRUS comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=VIRUS comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=VIRUS comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=VIRUS comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=513 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=513 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=525 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=525 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=568-569 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=568-569 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=1512 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=1512 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=396 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=396 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=1366 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=1366 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=1416 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=1416 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=201-209 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=201-209 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=545 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=545 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=1381 protocol=udp
add action=drop chain=VIRUS disabled=no dst-port=1381 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=3031 protocol=tcp
add action=drop chain=VIRUS disabled=no dst-port=3031 protocol=udp
add action=accept chain=input disabled=no src-address=172.31.255.2
re: ThunderCache 7 Causando Lentidão na Rede
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
!NO_CACHE dst-port=80 in-interface=Laboratorio new-routing-mark=\
thunder_route passthrough=no protocol=tcp src-address=192.168.1.0/24
add action=accept chain=prerouting disabled=no
add action=mark-connection chain=udp-services comment=DNS disabled=no \
dst-port=53 new-connection-mark=dns-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-packet chain=udp-services comment=DNS connection-mark=\
dns-conn disabled=no new-packet-mark=dns passthrough=no
add action=mark-connection chain=tcp-services comment=HTTP disabled=no \
dst-port=80 new-connection-mark=http-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=HTTP connection-mark=\
http-conn disabled=no new-packet-mark=http passthrough=no
add action=mark-connection chain=tcp-services comment=HTTP disabled=no \
dst-port=80 new-connection-mark=http-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=HTTP connection-mark=\
http-conn disabled=no new-packet-mark=http passthrough=no
add action=jump chain=prerouting comment="Marca todos os servicos UDP" \
connection-state=new disabled=no jump-target=udp-services protocol=udp
add action=jump chain=prerouting comment="Marca todos os servicos TCP" \
connection-state=new disabled=no jump-target=tcp-services protocol=tcp
add action=mark-connection chain=prerouting comment=bittorrent disabled=no \
layer7-protocol=bittorrent new-connection-mark=p2p-conn passthrough=yes \
src-address-list=!com-p2p
add action=mark-connection chain=prerouting comment=bittorrent2 disabled=no \
layer7-protocol=bittorrent-2 new-connection-mark=p2p-conn passthrough=yes \
src-address-list=!com-p2p
add action=mark-connection chain=prerouting comment=edonkey disabled=no \
layer7-protocol=edonkey new-connection-mark=p2p-conn passthrough=yes \
src-address-list=!com-p2p
add action=mark-connection chain=prerouting comment=edonkey2 disabled=no \
layer7-protocol=edonkey-2 new-connection-mark=p2p-conn passthrough=yes
add action=mark-connection chain=prerouting comment=edonkey3 disabled=no \
layer7-protocol=edonkey-3 new-connection-mark=p2p-conn passthrough=yes
add action=mark-connection chain=prerouting comment=EMULE disabled=no \
dst-port=4242-4243 new-connection-mark=p2p-conn passthrough=yes protocol=\
tcp src-port=1024-65535
add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
protocol=tcp src-port=4661-4662
add action=mark-connection chain=prerouting comment=EMULE disabled=no \
dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
protocol=tcp src-port=4711
add action=mark-connection chain=prerouting comment=EMULE disabled=no \
dst-port=4665 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-connection chain=prerouting comment=EMULE disabled=no \
dst-port=4672 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-connection chain=prerouting comment=EMULE disabled=no \
dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
protocol=udp src-port=4672
add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
dst-port=12053 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
protocol=udp src-port=12053
add action=mark-packet chain=prerouting comment="marca pacotes p2p" \
connection-mark=p2p-conn disabled=no new-packet-mark=p2p passthrough=no
add action=mark-connection chain=prerouting comment=SkypePhone disabled=no \
layer7-protocol=skypetoskype new-connection-mark=skype-conn passthrough=\
yes
add action=mark-packet chain=prerouting comment=Skype connection-mark=\
skype-conn disabled=no new-packet-mark=skype passthrough=no
add action=mark-connection chain=prerouting comment=RSTP disabled=no dscp=46 \
new-connection-mark=voip-conn passthrough=yes
add action=mark-connection chain=prerouting comment=SIP disabled=no dscp=43 \
new-connection-mark=voip-conn passthrough=yes
add action=mark-packet chain=prerouting comment=VOIP connection-mark=\
voip-conn disabled=no new-packet-mark=voip passthrough=no
add action=mark-connection chain=tcp-services comment=SMTP disabled=no \
dst-port=25 new-connection-mark=smtp-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=SMTP connection-mark=\
smtp-conn disabled=no new-packet-mark=smtp passthrough=no
add action=mark-connection chain=tcp-services comment=DNS disabled=no \
dst-port=53 new-connection-mark=dns-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=DNS connection-mark=\
dns-conn disabled=no new-packet-mark=dns passthrough=no
add action=mark-connection chain=tcp-services comment=POP disabled=no \
dst-port=110 new-connection-mark=pop3-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=POP connection-mark=\
pop3-conn disabled=no new-packet-mark=pop3 passthrough=no
add action=mark-connection chain=tcp-services comment=POP3S disabled=no \
dst-port=995 new-connection-mark=pop3s-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=POP3S connection-mark=\
pop3s-conn disabled=no new-packet-mark=pop3s passthrough=no
add action=mark-connection chain=tcp-services comment=PPTP disabled=no \
dst-port=1723 new-connection-mark=pptp-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=PPTP connection-mark=\
pptp-conn disabled=no new-packet-mark=pptp passthrough=no
add action=mark-connection chain=tcp-services comment=MSN connection-state=\
new disabled=no dst-port=1863 new-connection-mark=msn-conn passthrough=\
yes protocol=tcp src-port=1024-65535
add action=mark-packet chain=tcp-services comment=MSN connection-mark=\
msn-conn disabled=no new-packet-mark=msn passthrough=no
add action=mark-connection chain=tcp-services comment=KGS disabled=no \
dst-port=2379 new-connection-mark=kgs-conn passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-packet chain=tcp-services comment=KGS connection-mark=\
kgs-conn disabled=no new-packet-mark=kgs passthrough=no
add action=mark-connection chain=tcp-services comment=BITTORRENT disabled=no \
dst-port=6881-6889 new-connection-mark=bittorrent-conn passthrough=yes \
protocol=tcp src-port=1024-65535
add action=mark-packet chain=tcp-services comment=BITTORRENT connection-mark=\
bittorrent-conn disabled=no new-packet-mark=bittorrent passthrough=no
add action=mark-connection chain=udp-services comment=OTHER-UDP \
connection-state=new disabled=no new-connection-mark=other-udp-conn \
passthrough=yes protocol=udp
add action=mark-packet chain=udp-services comment=OTHER-UDP connection-mark=\
other-udp-conn disabled=no new-packet-mark=other-udp passthrough=no
add action=mark-connection chain=tcp-services comment=OTHER-TCP disabled=no \
new-connection-mark=other-tcp-conn passthrough=yes protocol=tcp
add action=mark-packet chain=tcp-services comment=OTHER-TCP connection-mark=\
other-tcp-conn disabled=no new-packet-mark=other-tcp passthrough=no
add action=mark-connection chain=udp-services comment=NTP disabled=no \
dst-port=123 new-connection-mark=ntp-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-packet chain=udp-services comment=NTP connection-mark=\
ntp-conn disabled=no new-packet-mark=ntp passthrough=no
add action=mark-connection chain=udp-services comment=L2TP disabled=no \
dst-port=1701 new-connection-mark=l2tp-conn passthrough=yes protocol=udp \
src-port=1024-65535
add action=mark-packet chain=udp-services comment=L2TP connection-mark=\
l2tp-conn disabled=no new-packet-mark=l2tp passthrough=no
add action=mark-connection chain=udp-services comment=SKYPE disabled=no \
dst-port=1024-65535 new-connection-mark=skype-conn passthrough=yes \
protocol=udp src-port=36725
add action=mark-packet chain=udp-services comment=SKYPE connection-mark=\
skype-conn disabled=no new-packet-mark=skype passthrough=no
add action=mark-connection chain=other-services comment=ICMP disabled=no \
icmp-options=8:0-255 new-connection-mark=ping-conn passthrough=yes \
protocol=icmp
add action=mark-packet chain=udp-services comment=ICMP connection-mark=\
ping-conn disabled=no new-packet-mark=ping passthrough=no
add action=mark-connection chain=other-services comment=GRE disabled=no \
new-connection-mark=gre-conn passthrough=yes protocol=gre
add action=mark-packet chain=udp-services comment=GRE connection-mark=\
gre-conn disabled=no new-packet-mark=gre passthrough=no
add action=mark-connection chain=prerouting comment="todos P2P - ipp2p" \
disabled=no new-connection-mark=p2p-conn p2p=all-p2p passthrough=yes \
src-address-list=!com-p2p
add action=mark-connection chain=other-services comment=OTHERS disabled=no \
new-connection-mark=other-conn passthrough=yes
add action=mark-packet chain=other-services comment=OTHERS connection-mark=\
other-conn disabled=no new-packet-mark=other passthrough=no
add action=jump chain=prerouting comment="Marca o resto" connection-state=new \
disabled=no jump-target=other-services
re: ThunderCache 7 Causando Lentidão na Rede
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes protocol=tcp src-address=\
192.168.1.4 to-addresses=172.31.255.2 to-ports=88
add action=dst-nat chain=dstnat comment=CORTE disabled=no protocol=tcp \
src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=172.16.50.0/24
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
add action=masquerade chain=srcnat disabled=no
add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.2.2 \
dst-port=80 in-interface=!Proxy protocol=tcp src-address=\
10.2.0.1-10.2.5.254 to-addresses=192.168.2.2 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=!192.168.2.2 \
dst-port=80 in-interface=Laboratorio protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.2.2 to-ports=8080
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot ip-binding
add address=10.100.200.2 disabled=no type=bypassed
add address=10.100.200.3 disabled=no type=bypassed
add address=10.100.200.4 disabled=no type=bypassed
add address=10.100.200.5 disabled=no type=bypassed
add address=10.100.200.6 disabled=no type=bypassed
add address=10.100.200.7 disabled=no type=bypassed
add address=172.31.255.2 disabled=no type=bypassed
add address=172.16.50.30 disabled=no type=bypassed
add address=172.16.50.254 disabled=no type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot walled-garden
add action=allow disabled=no dst-host=172.31.255.2 dst-port=85
add action=allow disabled=no dst-host=172.31.255.2 dst-port=80
add action=allow disabled=no dst-host=172.31.255.2 dst-port=88
add action=allow disabled=no dst-host=172.31.255.2 dst-port=1813
add action=allow disabled=no dst-host=172.31.255.2 dst-port=1812
/ip neighbor discovery
set Link disabled=no
set Mk-Auth disabled=no
set Bancada disabled=no
set RB1 disabled=no
set Proxy disabled=no
set Laboratorio disabled=no
set pppoe-out1 disabled=yes
set pppoe-out2 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator="" cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8088 serialize-connections=yes src-address=\
0.0.0.0
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 \
pref-src=192.168.2.1 routing-mark=thunder_route scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ppp aaa
set accounting=yes interim-update=3m use-radius=yes
/queue interface
set Link queue=ethernet-default
set Mk-Auth queue=ethernet-default
set Bancada queue=ethernet-default
set RB1 queue=ethernet-default
set Proxy queue=ethernet-default
set Laboratorio queue=ethernet-default
re: ThunderCache 7 Causando Lentidão na Rede
Citação:
Postado originalmente por
futurasolucoes
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes protocol=tcp src-address=\
192.168.1.4 to-addresses=172.31.255.2 to-ports=88
add action=dst-nat chain=dstnat comment=CORTE disabled=no protocol=tcp \
src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=172.16.50.0/24
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
add action=masquerade chain=srcnat disabled=no
add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.2.2 \
dst-port=80 in-interface=!Proxy protocol=tcp src-address=\
10.2.0.1-10.2.5.254 to-addresses=192.168.2.2 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=!192.168.2.2 \
dst-port=80 in-interface=Laboratorio protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.2.2 to-ports=8080
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot ip-binding
add address=10.100.200.2 disabled=no type=bypassed
add address=10.100.200.3 disabled=no type=bypassed
add address=10.100.200.4 disabled=no type=bypassed
add address=10.100.200.5 disabled=no type=bypassed
add address=10.100.200.6 disabled=no type=bypassed
add address=10.100.200.7 disabled=no type=bypassed
add address=172.31.255.2 disabled=no type=bypassed
add address=172.16.50.30 disabled=no type=bypassed
add address=172.16.50.254 disabled=no type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot walled-garden
add action=allow disabled=no dst-host=172.31.255.2 dst-port=85
add action=allow disabled=no dst-host=172.31.255.2 dst-port=80
add action=allow disabled=no dst-host=172.31.255.2 dst-port=88
add action=allow disabled=no dst-host=172.31.255.2 dst-port=1813
add action=allow disabled=no dst-host=172.31.255.2 dst-port=1812
/ip neighbor discovery
set Link disabled=no
set Mk-Auth disabled=no
set Bancada disabled=no
set RB1 disabled=no
set Proxy disabled=no
set Laboratorio disabled=no
set pppoe-out1 disabled=yes
set pppoe-out2 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator="" cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8088 serialize-connections=yes src-address=\
0.0.0.0
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 \
pref-src=192.168.2.1 routing-mark=thunder_route scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ppp aaa
set accounting=yes interim-update=3m use-radius=yes
/queue interface
set Link queue=ethernet-default
set Mk-Auth queue=ethernet-default
set Bancada queue=ethernet-default
set RB1 queue=ethernet-default
set Proxy queue=ethernet-default
set Laboratorio queue=ethernet-default
Bom dia parceiro, vou passar minhas configurações p vc, aqui ta rodando legal to com economia de 14% do link, não tá do jeito que eu quero mais to ajustando devagarinho, agora percebi que no seu queues tree tem muita regra lembro que usei assim com muita regras e tava me dando dor de cabeça vou te mandar minhas configurações ai vc ve se server p vc usar na sua estrutura.