Po, galera... to querendo fazer um web-proxy aki mas ta dificil pakas (pelo menos pra mim...)... ja olhei varias dicas e baixei varios tutorias, mas como sou muito leigo no mk nao to sabendo o que esta acontecendo...
Criei o Web-Proxy conforme a foto, fiz as regras de firewall, nat e mangle, ja modifiquei as queues e.....NADA!! snif snif...
So uso 1 maquina pra mk,um semprom 2.0Ghz com um unico HD de 80 gb, tenho 512 de ddr2 (ja sei q vou ter q colocar pelo menos mais 512). Essa maquina é pra cerca de 10 clientes usando um modem dsl em bridge com uma conex de 2Mbits/s
duvida 1) Pelo que li nao tenho que ter um hd separado para o mk fazer o cache certo?
duvida 2) Aonde mais tenho que alterar para que ele funcione?
duvida 3) em ip firewall services, nao era para aparecer uma porta com o nome do web-proxy?
obs: vou colocar aki a conf do meu web proxy com as queues e fires..
Agradeco a todos que puderem me ajudar...
--------------------------------------------------------
/ ip proxy
set enabled=yes port=8080 parent-proxy=0.0.0.0:1 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
-------------------------------------------------------------------------
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxyfull" transparent-proxy=yes parent-proxy=0.0.0.0:0 cache-administrator="Xevit" \
max-object-size=8192KiB cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=yes
/ ip web-proxy cache
add url=":cgi-bin \\\\?" action=deny comment="don't cache dynamic http pages" disabled=no
add url="https://" action=deny comment="" disabled=no
--------------------------------------------------------------------------
/ ip firewall mangle
add chain=output protocol=tcp src-port=3128 action=mark-connection new-connection-mark=proxyfull passthrough=yes comment="PROXY FULL" disabled=no
add chain=output connection-mark=proxyfull action=mark-packet new-packet-mark=proxyfull passthrough=yes comment="" disabled=no
add chain=output connection-mark=proxyfull action=return comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=onbord_velox action=masquerade comment="" disabled=no
add chain=dstnat in-interface=predio_off protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="" disabled=no
add chain=srcnat src-address=192.168.200.0/24 action=masquerade comment="masquerade hotspot network" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=input in-interface=onbord_velox protocol=tcp dst-port=3128 action=drop comment="bloq prox externo" disabled=yes
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
----------------------------------------------------------------------
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
add name="default-small" kind=pfifo pfifo-limit=10
/ queue simple
add name="proxyfull" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=proxyfull direction=both priority=8 queue=default/default \
limit-at=0/0 max-limit=0/0 total-queue=default total-limit-at=1000000 total-max-limit=1000000 disabled=no
-----------------------------------------------------
Agradeço antecipadamente,
Abraço a Todos
Xevit
[email protected]