Sou novato em mk (nunca tinha contato antes), estou ontanto um 3.30 e através deste forum montei um frankstein, um pedacinho de cada amigo.
Minha configuração é a seguinte: servidor 2 placas ether, a primeira recebe o link recebendo o ip por DHCP(modem/roteador) e a segunda envia liberando ip por DHCP(Server). Aparentemente esta funcionando, más como não sou expert como os amigos peço sua apreciação.
Segue a configuração:
Configuração Básica
/interface set ether1 name=Link comment="conexão com a internet"
/interface set ether2 name=Clientes comment="conexão com os clientes"
/ip dhcp-client add interface=Link client-id="xx:xx:xx:xx:xx:xx(MAC DO MODEM/ROUTER)" add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment="" disabled=no
/ip address add address=192.168.1.1/24 interface=Clientes
/ip route add gateway=192.168.0.1
/ip dns set primary-dns=192.168.0.1
/ip dns static add name=192.168.1.1 address=192.168.1.1
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.1.0/24 comment="masquerade hotspot network"
/ip pool add name=”dhcp-pooll” ranges=192.168.1.2-192.168.1.254 next-pool=none
/ip dhcp-server add name=”DHCP-SERVER” interface=Clientes address-pool=dhcp-pooll lease-time=3d add-arp=yes disabled=no
/ip dhcp-server network add address=192.168.1.0/24 comment="" dns-server=192.168.1.1 gateway=192.168.1.1
Configuração do Web-Proxy Full
/ip firewall filter
add chain=input action=drop protocol=tcp in-interface=Link dst-port=3128 comment="block external proxy"
add chain=input action=accept protocol=tcp dst-port=3128 comment="accept connections from proxy"
/ip firewall mangle
add chain=output action=mark-connection new-connection-mark=conn_squid-up passthrough=yes protocol=tcp src-port=3128 content=”X-Cache: HIT” comment="mark connection *conn_squid-up*"
add chain=output action=mark-packet new-packet-mark=pacotes_squid-up passthrough=yes connection-mark=conn_squid-up comment="mark packet *pacotes_squid-up*"
add chain=prerouting action=mark-connection new-connection-mark=conn_squid-down passthrough=yes protocol=tcp dst-port=3128 comment="mark connection *conn_squid-down*"
add chain=prerouting action=mark-packet new-packet-mark=pacotes_squid-down passthrough=yes connection-mark=conn_squid-down comment="mark packet *pacotes_squid-down*"
/ip firewall nat
add chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=Clientes comment="nat"
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.1.0/24 dst-port=80 comment="redirect port 80 to 3128"
/queue tree
add name="downstream" parent=global-in packet-mark=pacotes_squid-down limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
add name="upstream" parent=global-out packet-mark=pacotes_squid-up limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/ip proxy
set port=3128 cache-on-disk=yes src-address=0.0.0.0 parent-proxy=0.0.0.0 parent-proxy-port=0 cache-administrator="webmaster" max-cache-size= unlimited max-client-connections=200 max-server-connections=200 max-fresh-time=3d serialize-connections=no always-from-cache=no cache-hit-dscp=4
set enabled=yes
Configuração do HotSpot
/ip hotspot profile add name="profile-hotspot" hotspot-address=192.168.1.1 dns-name="192.168.1.1" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=mac,http-chap,cookie split-user-domain=no use-radius=no
/ip hotspot add name=servidor-hotspot profile=profile-hotspot interface=Clientes disabled=no address-pool=dhcp-pooll
/ip hotspot user profile add name=Liberado address-pool=dhcp-pool shared-users=1 idle-timeout=5m status-autorefresh=1m transparent-proxy=yes open-status-page=always advertise=no
/ip hotspot user profile add name="Atraso" address-pool=none idle-timeout=10m keepalive-timeout=10m status-autorefresh=5m shared-users=1 transparent-proxy=yes open-status-page=always advertise=yes advertise-url=atraso.htm advertise-interval=10m advertise-timeout=never
/ip hotspot user profile add name="Bloqueio" address-pool=none idle-timeout=none session-timeout=10s keepalive-timeout=20m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always advertise=yes advertise-url=bloqueio.htm advertise-interval=0s advertise-timeout= immediately
/ip hotspot user add name=Usuario1 profile="Aviso" server=servidor-hotspot password=1234
FIM
Gostaria de saber se isto esta certo e se a sequencia em que coloquei os comandos influencia em alguma coisa.
Agradeço desde já a todos que puderem dar uma pitada de sua sabedoria
Marcos Sá