@allef você colocar /ip firewall mangle>export e depois postar as regras do filter
É o mesmo esquema você invés de colocar " mangle " colocar " filter " Sem aspas
@allef você colocar /ip firewall mangle>export e depois postar as regras do filter
É o mesmo esquema você invés de colocar " mangle " colocar " filter " Sem aspas
/ip firewall filter
add action=accept chain=input comment="BLOQUEIO DE SITE WEB-PROXY" disabled=no \
dst-port=3128 protocol=tcp
add action=drop chain=input comment="BLOQUEIO SSH - PORT 3128" disabled=no \
dst-port=3128 protocol=tcp
add action=drop chain=forward comment="BLOQUEIO SSH - PORT 3128" disabled=no \
dst-port=3128 protocol=tcp
add action=drop chain=input comment="DROP SSH BRUTE FORCERS ( BLACK LIST )" \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=4w2d chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp
add action=drop chain=input comment="BLOQUEIO SSH - PORT 22-23" disabled=no \
dst-port=22-23 protocol=tcp
add action=drop chain=input comment="Bloqueio Ping Externo" disabled=no \
icmp-options=8:0-255 protocol=icmp
essa é a regra do NAT
out-interface=LINK src-address=192.168.1.0/24
add action=redirect chain=dstnat comment="Redirecionamento para o Proxy" \
disabled=yes dst-port=80 in-interface=LOCAL protocol=tcp to-ports=3128
O que deixa minha internet lenta, é a regra do nat
você diz a regra de NAT que redireciona para o web-proxy? pode não ser ela pode ser o web proxy que esteja fazendo isso tenho aqui marcado as opções serialize conections e always cache e funciona perfeitamente!
Como bloqueio https no web proxy?
https não funciona pelo proxy!!! somente com layer 7 ou nos filtros
mcdornas, marquei as opções serialize conections e always cache mesmo assim não funciono.
Poderia me passar as regras?
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT LINK " disabled=no out-interface=LINK src-address=192.168.1.0/24
add action=redirect chain=dstnat comment="Redirecionamento para o Proxy" disabled=yes dst-port=80 protocol=tcp to-ports=3128
add action=dst-nat chain=dstnat comment="DVR 1 HTTP" disabled=no dst-address=201.73.202.195 dst-port=9090 protocol=tcp to-addresses=192.168.1.188 to-ports=9090
add action=dst-nat chain=dstnat comment="DVR HTTP UDP" disabled=no dst-address=201.73.202.195 dst-port=9090 protocol=udp to-addresses=192.168.1.188 to-ports=9090
add action=dst-nat chain=dstnat comment="DVR MOBILE1" disabled=no dst-address=201.73.202.195 dst-port=83 protocol=tcp to-addresses=192.168.1.188 to-ports=83
add action=dst-nat chain=dstnat comment="DVR MOBILE1 UDP" disabled=no dst-address=201.73.202.195 dst-port=83 protocol=udp routing-mark="" to-addresses=192.168.1.188 \
to-ports=83
add action=dst-nat chain=dstnat comment="DVR MOBILE2" disabled=no dst-address=201.73.202.195 dst-port=34567 protocol=tcp to-addresses=192.168.1.188 to-ports=34567
add action=dst-nat chain=dstnat comment="DVR MOBILE2 UDP" disabled=no dst-address=201.73.202.195 dst-port=34567 protocol=udp to-addresses=192.168.1.188 to-ports=34567
add action=dst-nat chain=dstnat comment="DVR 2 HTTP" disabled=no dst-address=201.73.202.195 dst-port=9091 protocol=tcp to-addresses=192.168.1.11 to-ports=9091
add action=dst-nat chain=dstnat comment="DVR 2 HTTP UDP" disabled=no dst-address=201.73.202.195 dst-port=9091 packet-mark="" protocol=udp to-addresses=192.168.1.11 \
to-ports=9091
add action=dst-nat chain=dstnat comment="DVR 2 MOBILE1" disabled=no dst-address=201.73.202.195 dst-port=84 protocol=tcp to-addresses=192.168.1.11 to-ports=84
add action=dst-nat chain=dstnat comment="DVR 2 MOBILE1 UDP" disabled=no dst-address=201.73.202.195 dst-port=84 protocol=udp to-addresses=192.168.1.11 to-ports=84
add action=dst-nat chain=dstnat comment="DVR 2 MOBILE2" disabled=no dst-address=201.73.202.195 dst-port=34568 protocol=tcp to-addresses=192.168.1.11 to-ports=34568
add action=dst-nat chain=dstnat comment="DVR 2 MOBILE2 UDP" disabled=no dst-address=201.73.202.195 dst-port=34568 protocol=udp to-addresses=192.168.1.11 to-ports=34568
add action=dst-nat chain=dstnat comment=SBSCNANO2 disabled=no dst-address=201.73.202.195 dst-port=9098 protocol=tcp to-addresses=192.168.10.251 to-ports=80
add action=dst-nat chain=dstnat comment=SBSCNANO1 disabled=no dst-address=201.73.202.195 dst-port=9099 protocol=tcp to-addresses=192.168.10.250 to-ports=80
FabianoMartins2, essas regras aí que tem no NAT
Nessa regra: add action=redirect chain=dstnat comment="Redirecionamento para o Proxy" disabled=yes dst-port=80 protocol=tcp to-ports=3128
Seta a faixa da rede em Src. Address.
Exemplo, veja em vermelho:
add action=redirect chain=dstnat comment="Redirecionamento para o Proxy" \
disabled=no dst-port=80 protocol=tcp src-address=192.168.1.0/24 to-ports=\
3128