Re: Proxy transparente sem nat, tem como?
Pessoal, se n me engano ja respondi essa pergunta aqui mas faz muito tempo, ja trabalho com mt ja faz um tempo da epoca do 2.8.23 e lembro que no manual do mt daquela epoca ensinava a fazer isso, eu sinceramente nunca fiz e vou fazer esses testes essa semana que vem, mas ja vou postar a solucao passada pela propria Mikrotik.
Example of using global-in and global-out queues
Let us consider a situation when you are using a Web-Proxy on your MikroTik router and you want to use bandwidth limitation to/from Internet and allow the maximum speed available if the clients use proxy-data (or do uploads to the router). In this situation you can use global-in and global-out virtual interfaces. Remember that data from Web-Proxy is sent to clients from Local Process. See this diagram for a better understanding of packet flow through the router.
Assume that you already have configured your web-proxy:
[admin@MikroTik] ip web-proxy> print
enabled: yes
src-address: 10.5.8.104
port: 8080
hostname: proxy
transparent-proxy: no
parent-proxy: 0.0.0.0:0
cache-administrator: webmaster
max-object-size: 4096 kB
cache-drive: system
max-cache-size: none
status: running
reserved-for-cache: 100 MB
Add a mangle rule for marking all packets coming from interface Public:
/ip firewall mangle add in-interface=Public mark-flow=all-down action=accept
Add a mangle rule for marking all packets coming from interface Local:
/ip firewall mangle add in-interface=Local mark-flow=all-up action=accept
Add a queue tree rule that will limit all traffic coming from interface Public (flow=all-down) to 512kbps:
/queue tree add parent=global-in max-limit=524288 flow=all-down
Add a queue tree rule that will limit all traffic coming from interface Local (flow=all-up) to 256kbps:
/queue tree add parent=global-out max-limit=262144 flow=all-up
Now the client downloads from the router (proxy) will be unlimited, but downloads from the Internet will be limited to 512K! The same goes for uploads - no limitation if you are uploading to router, but limit all uploads to Internet to 256K.
Bom aproveito galera, 'e so estudar em cima disso aqui que da para fazermos bastante coisa.
Espero ter ajudado.
Re: Proxy transparente sem nat, tem como?
No fórum dos gringos achei algo pode nos dar uma luz:
http://forum.mikrotik.com/viewtopic....2259aa4ad773e9
Alguém testa tmb para tirarmos conclusões!
Re: Proxy transparente sem nat, tem como?
Boa tiagomatias!! Só que eu acho que nesse SETUP o proxy transparente tá desativado...
Re: Proxy transparente sem nat, tem como?
Citação:
Postado originalmente por roneyeduardo
Boa tiagomatias!! Só que eu acho que nesse SETUP o proxy transparente tá desativado...
Na verdade roney esse ai so 'e um exemplo, tanto faz fazer ele com proxy transparente ou n.
Abracos
Re: Proxy transparente sem nat, tem como?
Lendo o forum dos kringos pela indicação do Kryseck, achei interessante, agora vamos entender ?
================================================================================
You can simply filter webproxy download traffic from all other traffic!
/ ip firewall mangle
add chain=prerouting in-interface=public dst-address=1.1.1.1 protocol=tcp src-port=80 action=mark-connection new-connection-mark=proxy_conn passthrough=yes comment="Webproxy traffic"
add chain=prerouting in-interface=public connection-mark=proxy_latvia_conn action=mark-packet new-packet-mark=proxy_download passthrough=no
add chain=prerouting src-address-list=clients_business action=mark-connection new-connection-mark=client_conn passthrough=yes comment="Client traffic"
add chain=prerouting connection-mark=client_conn dst-address-list=latviaaction=mark-packet new-packet-mark=client_traffic passthrough=no
Then just place limitations on other traffic and leave webproxy traffic unlimited
Postem ae o que entenderam, estou estudando !