Alguns sites não abrem com Mikrotik

[mtasas]

olá amigos, gostaria da ajudas de vcs.

tenho mikrotik 2.9.27 funcionando certinho NAT,DHCP,WEB-PROXY,CACHE FULL.

mas não estou conseguindo acessar o site wwwsn.bradescocapitalizacao.com.br,já usei várias regras que encontrei mas nenhuma resolveu, quando coloco o modem direto no pc o site abre normalmente.

tb acontece frequentemente que alguns sites não abrirem da primeira vez, tenho sempre que dar um F5.

qual a sugestão dos amigos?

[carlinhotocabrabo]

amigo tenho um problema pareceido , no meu caso nao abrem corretamente ( ebay e mercado livre ) nao sei pq mas sempre tenho q atualizar pra poder abrir ... vou acompanhar o post

[int21]

Manda a config pra olhar-mos.

[carlinhotocabrabo]

Manda a config pra olhar-mos.

espero que seja isto


/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn,rst action=change-mss \
new-mss=1360 comment="alterando tcpmss" disabled=no
add chain=prerouting protocol=tcp src-port=64872-64875 action=mark-connection \
new-connection-mark=conn_hotspot passthrough=yes comment="DEIXAR PAGINA DE \
LOGIN SEM CONTROLE DE BANDA" disabled=no
add chain=output protocol=tcp src-port=64872-64875 action=mark-connection \
new-connection-mark=conn_hotspot passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conn_hotspot action=mark-packet \
new-packet-mark=pacotes_hotspot passthrough=yes comment="" disabled=no
add chain=output connection-mark=conn_hotspot action=mark-packet \
new-packet-mark=pacotes_hotspot passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=velox action=masquerade comment="" disabled=no
add chain=dstnat in-interface=velox protocol=tcp dst-port=4661-4673 \
action=dst-nat to-addresses=192.168.0.55 to-ports=4662 comment="" \
disabled=no
add chain=dstnat in-interface=velox protocol=udp dst-port=4661-4673 \
action=dst-nat to-addresses=192.168.0.55 to-ports=4672 comment="" \
disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 \
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no

[mtasas]

ip firewall mangle
add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
action=mark-connection new-connection-mark=Cache-Connection \
passthrough=yes comment="Cache-Full" disabled=no
add chain=output connection-mark=Cache-Connection action=mark-packet \
new-packet-mark=Cache-Packet passthrough=yes comment="" disabled=no

/ ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade comment="" \
disabled=no
add chain=dstnat in-interface=Saida protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="" disabled=no
add chain=dstnat in-interface=Saida protocol=tcp dst-port=1863 action=dst-nat \
to-addresses=192.168.254.1 to-ports=1863 comment="Redirecionar MSN" \
disabled=no
add chain=dstnat in-interface=pppoe-out1 protocol=tcp dst-port=58008 \
action=dst-nat to-addresses=192.168.1.10 to-ports=58008 comment="Utorrent" \
disabled=no
add chain=dstnat in-interface=pppoe-out1 protocol=tcp dst-port=3450 \
action=dst-nat to-addresses=192.168.1.10 to-ports=3450 \
comment="TrackMania" disabled=no
add chain=dstnat in-interface=pppoe-out1 protocol=udp dst-port=3450 \
action=dst-nat to-addresses=192.168.1.10 to-ports=3450 comment="" \
disabled=no

/ ip firewall filter
add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=3128 action=drop \
comment="BLOQUEIO DO PROXY EXTERNO" disabled=no
add chain=forward p2p=warez action=drop comment="CONTROLE DE WAREZ - P2P" \
disabled=no
add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=8291 action=drop \
comment="BLOQUEIO WINBOX EXTERNO" disabled=no
add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=21-23 \
action=drop comment="BLOQUEIO SSH,FTP,TELNET EXTERNO" disabled=no
add chain=input src-address=192.168.1.0/24 protocol=tcp dst-port=21-23 \
action=drop comment="BLOQUEIO SSH,FTP,TELNET LOCAL" disabled=no
add chain=forward protocol=tcp dst-port=1-52 tcp-flags=syn \
connection-limit=10,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=54-79 tcp-flags=syn \
connection-limit=10,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=81-442 tcp-flags=syn \
connection-limit=10,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=444-1862 tcp-flags=syn \
connection-limit=10,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=1864-3127 tcp-flags=syn \
connection-limit=5,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=3129-3388 tcp-flags=syn \
connection-limit=5,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=3390-5899 tcp-flags=syn \
connection-limit=3,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=5901-8079 tcp-flags=syn \
connection-limit=4,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no
add chain=forward protocol=tcp dst-port=8081-65535 tcp-flags=syn \
connection-limit=3,32 src-address-list=!sem-limite-conn action=drop \
comment="Limite de Conexoes Simultaneas" disabled=no

/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="no cache dynamic http pages" \
disabled=no
add url="https://" action=deny comment="no cache dynamic https pages" \
disabled=no
add url="xsex.ws" action=deny comment="" disabled=no
add url="xtragay.com" action=deny comment="" disabled=no
add url="xu.xu.pl" action=deny comment="" disabled=no
add url="x-webdesign.com" action=deny comment="" disabled=no
add url="xwebsearch.biz" action=deny comment="" disabled=no
add url="xxxcategories.com" action=deny comment="" disabled=no
add url="xxxemailxxx.com" action=deny comment="" disabled=no
add url="xxxtoolbar.com" action=deny comment="" disabled=no
add url="xzoomy.com" action=deny comment="" disabled=no
add url="y.ibsys.com" action=deny comment="" disabled=no
add url="y-e-l-l-o-w.com" action=deny comment="" disabled=no
add url="yellow500.com" action=deny comment="" disabled=no
add url="yezol.com" action=deny comment="" disabled=no
add url="youfindall.com" action=deny comment="" disabled=no
add url="youfindall.net" action=deny comment="" disabled=no
add url="yourbookmarks.info" action=deny comment="" disabled=no
add url="yourbookmarks.ws" action=deny comment="" disabled=no
add url="your-prescriptions.net" action=deny comment="" disabled=no
add url="you-search.com" action=deny comment="" disabled=no
add url="you-search.com.ru" action=deny comment="" disabled=no
add url="ypir.com" action=deny comment="" disabled=no
add url="ysa-info.net" action=deny comment="" disabled=no
add url="yukohamano.com" action=deny comment="" disabled=no
add url="ywebsearch.info" action=deny comment="" disabled=no
add url="z.extreme-dm.com" action=deny comment="" disabled=no
add url="z0.extreme-dm.com" action=deny comment="" disabled=no
add url="z1.adserver.com" action=deny comment="" disabled=no
add url="z1.extreme-dm.com" action=deny comment="" disabled=no
add url="zapros.com" action=deny comment="" disabled=no
add url="zesearch.com" action=deny comment="" disabled=no
add url="zestyfind.com" action=deny comment="" disabled=no
add url="zi.r.tv.com" action=deny comment="" disabled=no
add url="ziportal.com" action=deny comment="" disabled=no
add url="zipportal.com" action=deny comment="" disabled=no
add url="znext.com" action=deny comment="" disabled=no
add url="zoneoffreeporn.com" action=deny comment="" disabled=no
add url="zoofil.com" action=deny comment="" disabled=no
add url="zoomegasite.com" action=deny comment="" disabled=no
add url="zrap.zdnet.com.com" action=deny comment="" disabled=no
add url="zvimigdal.com" action=deny comment="" disabled=no
add url="zyban-zocor-levitra.com" action=deny comment="" disabled=no
add url=":/.bat\$ .scr\$ .pif\$" action=deny comment="" disabled=no
add url="http://mail.google.com/mail/" action=deny comment="" disabled=no
add url="http://globoesporte.globo.com/" action=deny comment="" disabled=no
add url="googlevideo.com" action=deny comment="" disabled=no

[mtasas]

alguém pode nos ajudar dando algumas dicas de como resolver?

[danilosceu]

alguém pode nos ajudar dando algumas dicas de como resolver?

coloka o ip do site fora do proxy em addres list

[mtasas]

coloka o ip do site fora do proxy em addres list

vc poderia me passar uma regra de exemplo?

[danilosceu]

vc poderia me passar uma regra de exemplo?

vai em ip firewall addres list ai vc add o ip da pagina e coloka fora do proxy