Referente ao conectividade social e o proxy sao as mesmas regras vc deve apenas alterar a interface o nas regras referentes a interface sem hotspot vc nao deve colocar hotspot=auth
Versão Imprimível
Referente ao conectividade social e o proxy sao as mesmas regras vc deve apenas alterar a interface o nas regras referentes a interface sem hotspot vc nao deve colocar hotspot=auth
Ok. ta funcionando mas ainda continuo com problemas com Orkut, msn e hotmail. Poderia me dar um help ?
opa poste suas configurações de firewall, proxy e hotspot aqui pra poder analisar, pq se nao vai se apenas palpites
/ ip hotspot
add name="hotspot1" interface=ether2 address-pool=hs-pool-2 profile=hsprof1 idle-timeout=5m keepalive-timeout=none \
addresses-per-mac=2 disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=192.168.200.1 dns-name="" html-directory=hotspot/lv rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=http-pap split-user-domain=no use-radius=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="" transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1492 comment="" disabled=no
add chain=forward out-interface=pppoe-out1 protocol=tcp dst-port=!5190 tcp-flags=syn action=change-mss new-mss=1360 \
comment="" disabled=yes
/ ip firewall nat
add chain=srcnat src-address=192.168.200.0/24 action=accept comment="Maquerade Para HotSpot Anastacio" disabled=no
add chain=srcnat out-interface=pppoe-out1 src-address=192.168.85.0/24 action=accept comment="Maquerade Para Vila Bancaria" \
disabled=no
add chain=pre-hotspot in-interface=ether2 protocol=tcp dst-port=80 hotspot=auth action=redirect to-ports=3128 comment="" \
disabled=yes
add chain=dstnat protocol=tcp dst-port=1863 action=accept comment="" disabled=yes
add chain=dstnat protocol=tcp dst-port=443 action=accept comment="" disabled=yes
add chain=dstnat hotspot=from-client action=jump jump-target=hotspot comment="" disabled=no
add chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872 comment="" disabled=no
add chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872 comment="" disabled=no
add chain=hotspot protocol=tcp dst-port=80 hotspot=local-dst action=redirect to-ports=64873 comment="" disabled=no
add chain=hotspot protocol=tcp dst-port=443 hotspot=local-dst action=redirect to-ports=64875 comment="" disabled=no
add chain=hotspot protocol=tcp hotspot=!auth action=jump jump-target=hs-unauth comment="" disabled=no
add chain=hotspot protocol=tcp hotspot=auth action=jump jump-target=hs-auth comment="" disabled=no
add chain=hs-unauth protocol=tcp dst-port=80 action=redirect to-ports=64874 comment="" disabled=no
add chain=hs-unauth protocol=tcp dst-port=3128 action=redirect to-ports=64874 comment="" disabled=no
add chain=hs-unauth protocol=tcp dst-port=8080 action=redirect to-ports=64874 comment="" disabled=no
add chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875 comment="" disabled=no
add chain=hs-unauth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
add chain=hs-auth protocol=tcp hotspot=to-client action=redirect to-ports=64874 comment="" disabled=no
add chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
add chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
add chain=dstnat in-interface=ether3 protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=3128 action=drop comment="" disabled=no
add chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth comment="" disabled=no
add chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to comment="" disabled=no
add chain=input hotspot=from-client action=jump jump-target=hs-input comment="" disabled=no
add chain=hs-input protocol=udp dst-port=64872 action=accept comment="" disabled=no
add chain=hs-input protocol=tcp dst-port=64872-64875 action=accept comment="" disabled=no
add chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth comment="" disabled=no
add chain=hs-unauth protocol=icmp action=return comment="" disabled=no
add chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset comment="" disabled=no
add chain=hs-unauth action=reject reject-with=icmp-net-prohibited comment="" disabled=no
add chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
em webproxy bloquei sites com https vc colocou apenas http