Postado originalmente por
izaufernandes
Amigo, aqui tb tava uma bagunça más tem umas coisas q dá pra fazer pra minimizar, agora tá até mais ou menos, minimizou bastante
Essas dicas eu peguei aqui mesmo no fórum, sujiro que faça por etapa e vá testando porque cada caso é um caso
Redireciona a porta 1863 para fora do do proxy
A regra tem que tá antes da que redireciona a porta do proxy
/ip firewall nat
add action=accept chain=dstnat comment="" disabled=no dst-port=1863 protocol=\
tcp
Marca as portas principais no mangle e dá prioridade no queue tree
/ip firewall mangle>
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 1" \
disabled=no dst-port=443 new-connection-mark=msn1 passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=msn1 \
disabled=no new-packet-mark=msn1 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 2" \
disabled=no dst-port=1503 new-connection-mark=msn2 passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=msn2 \
disabled=no new-packet-mark=msn2 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 3" \
disabled=no dst-port=1863 new-connection-mark=msn3 passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=msn3 \
disabled=no new-packet-mark=msn3 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 4" \
disabled=no dst-port=7001 new-connection-mark=msn4 passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=msn4 \
disabled=no new-packet-mark=msn4 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 7" \
disabled=no dst-port=7001 new-connection-mark=msn7 passthrough=yes \
protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=msn7 \
disabled=no new-packet-mark=msn7 passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="MARCA PACOTES MSN - 8" \
disabled=no dst-port=53 new-connection-mark=msn8 passthrough=yes \
protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=msn8 \
disabled=no new-packet-mark=msn8 passthrough=yes protocol=udp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-1 in" packet-mark=msn1 parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-2 in" packet-mark=msn2 parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-3 in" packet-mark=msn3 parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-7 in" packet-mark=msn7 parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-8 in" packet-mark=msn8 parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="MSN-4 in" packet-mark=msn4 parent=global-total \
priority=1 queue=default
Mudar Mms do msn (éssa aqui você deixa no inicio)
/ip firewall mangle>
add action=change-mss chain=forward comment="Mudar MMS - Msn" disabled=no \
new-mss=1380 out-interface=Modem protocol=tcp tcp-flags=syn
add action=change-mss chain=forward comment="Mudar MMS - Msn" disabled=no \
new-mss=1380 out-interface=Clientes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward comment="Mudar MMS - Msn" disabled=no \
new-mss=1380 out-interface="Modem J" protocol=tcp tcp-flags=syn
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=no use-encryption=no use-vj-compression=no
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=no use-encryption=no use-vj-compression=\
no
A regra que notei maior diferença foi a que tira a porta 1863 do proxy
Espero que seja útil