Página 1 de 2 12 ÚltimoÚltimo
+ Responder ao Tópico



  1. Caros Moderadores,
    Primeiro quero me desculpar por postar aqui, mas sinceramente ñ sei disser em que sub-forum deveria postar.
    Tb gostaria de propor um novo sub-forum generico, para problemas como esse.
    Pessoal tb gostaria de pedir desculpas, por ter de dividir em 3 partes, mas o forum só aceita 10000 caracteres por MSG.

    Pessoal estou com o seguinte problema:

    Versão do MK: 3.4 tudo funcionava perfeito qd derrepente após as 12:00 parou td de funcionar e clientes ligarem..., então fui pra luta e acabei descobrindo que a net estava funcionando mas da seguinte forma:
    1 - Funciona se ativar o proxy no browser seja ele qual for testei com IE7 e Firefox.
    Ai pensei o problema é nat e pra minha surpresa estava td blz desfiz e refiz a noite inteira e está da seguinte forma se desabilito o proxy e a regra de redirecionamento ñ navega mas o restante dos serviços td blz...., se ativo o web-proxy e ñ a regra de redirecionamento só navega com o proxy no browser se ativo td tb so navega com o proxy no browser.
    No cliente so dou um ping UOL - O melhor conteúdo não pinga e se pingo pelo ip vai blz, ai falei é dns pois coloquei mais de 30 dns diferentes no cliente e nada....., mas pq pelo proxy no browser vai e pelo redirect ñ??
    então testei no mk e no terminal do MK funciona blza tanto pelo ip como pelo endereço.
    Mais uma coisa as regras de marcação de DNS estão contabilizando, mas as regras de Redirecionamento do proxy não cantabilizam nem com o proxy desabilitado no browser que deveria e nem com o proxy ativado no browser que ñ devem mesmo contabilizar....
    Alguem teria uma solução????

    IP firewall Nat

    Código :
    /ip firewall nat 
    add action=masquerade chain=srcnat comment="NAT - Sem Proxy" disabled=no out-interface=Router src-address=192.168.0.0/16
    add action=redirect chain=dstnat comment="Web-Proxy Ativo" disabled=no dst-address-list=!msn_server dst-port=80 \
    in-interface=!Router protocol=tcp to-ports=8080

    ....... continua na proxima.
    Última edição por minelli; 21-03-2008 às 19:47. Razão: Correção 1/3

  2. IP Firewall Mangle
    Código :
    add action=mark-packet chain=output comment="" connection-mark=Squid_conn_HIT disabled=no new-packet-mark=Squid_packet_HIT \
    passthrough=no 
    add action=mark-connection chain=forward comment="P2P - Total" disabled=no new-connection-mark=p2p_conn p2p=all-p2p \
    passthrough=yes 
    add action=mark-packet chain=forward comment="" connection-mark=p2p_conn disabled=no new-packet-mark=p2p_packet \
    passthrough=yes 
    add action=mark-packet chain=forward comment="" connection-mark=!p2p_conn disabled=no new-packet-mark=other \
    passthrough=yes 
    add action=mark-connection chain=prerouting comment="Voip - Extreme" disabled=no dst-address-list=Voip_List \
    new-connection-mark=voip_conn passthrough=yes 
    add action=mark-packet chain=prerouting comment="" connection-mark=voip_conn disabled=no new-packet-mark=Voip_packet \
    passthrough=yes 
    add action=change-dscp chain=postrouting comment="" connection-mark=voip_conn disabled=no new-dscp=4 
    add action=mark-connection chain=prerouting comment="CONTROLE ICMP" disabled=no new-connection-mark=ICMP_conn \
    passthrough=yes protocol=icmp 
    add action=mark-packet chain=prerouting comment="" connection-mark=ICMP_conn disabled=no new-packet-mark=ICMP_packet \
    passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE NAVEGACAO" disabled=no dst-port=443 \
    new-connection-mark=Navegacao_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=80 new-connection-mark=Navegacao_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=53 new-connection-mark=Navegacao_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=53 new-connection-mark=Navegacao_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=21 new-connection-mark=Navegacao_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=8080 new-connection-mark=Navegacao_conn \
    passthrough=yes protocol=tcp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Navegacao_conn disabled=no \
    new-packet-mark=Navegacao_packet passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE E-MAIL" disabled=no dst-port=110 \
    new-connection-mark=E-mail_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=25 new-connection-mark=E-mail_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=25 new-connection-mark=E-mail_conn \
    passthrough=yes protocol=udp 
    add action=mark-packet chain=prerouting comment="" connection-mark=E-mail_conn disabled=no new-packet-mark=E-mail_packet \
    passthrough=no 
    add action=mark-connection chain=prerouting comment="Radio" disabled=no dst-port=554 new-connection-mark=Radio_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=1755 new-connection-mark=Radio_conn \
    passthrough=yes protocol=tcp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Radio_conn disabled=no new-packet-mark=Radio_packet \
    passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE MESSENGER" disabled=no dst-port=1863 \
    new-connection-mark=Messenger_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=1863 new-connection-mark=Messenger_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6891-6901 new-connection-mark=Messenger_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6891-6901 new-connection-mark=Messenger_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5190 new-connection-mark=Messenger_conn \
    passthrough=yes protocol=udp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Messenger_conn disabled=no \
    new-packet-mark=Messenger_packet passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE ACESSO REMOTO - SSH" disabled=no dst-port=22 \
    new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Telnet" disabled=no dst-port=23 \
    new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Terminal Server" disabled=no dst-port=3389 \
    new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="VNC" disabled=no dst-port=5800 new-connection-mark=Acesso_remoto_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5900 new-connection-mark=Acesso_remoto_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Winbox" disabled=no dst-port=8291 \
    new-connection-mark=Acesso_remoto_conn passthrough=yes protocol=tcp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Acesso_remoto_conn disabled=no \
    new-packet-mark=Acesso_remoto_packet passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE BANCO DE DADOS - SQL" disabled=no dst-port=3306 \
    new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Oracle" disabled=no dst-port=1521 \
    new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Microsoft SQL Server" disabled=no dst-port=1433-1434 \
    new-connection-mark=Banco_dados_conn passthrough=yes protocol=tcp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Banco_dados_conn disabled=no \
    new-packet-mark=Banco_dados_packet passthrough=no 
    add action=mark-connection chain=prerouting comment="CONTROLE JOGOS" disabled=no dst-port=7171 \
    new-connection-mark=Jogos_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="Mu Online" disabled=no dst-port=55905 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=55905 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="Line Age" disabled=no dst-port=4376 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4376 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="WarCraft" disabled=no dst-port=6112 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6112 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4500 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=4500 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6900 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=6900 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5000 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=5000 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="Counter Strike" disabled=no dst-port=27018 \
    new-connection-mark=Jogos_conn passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27018 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27015 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27020 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27020 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27019 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27019 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27013 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=tcp 
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=27013 new-connection-mark=Jogos_conn \
    passthrough=yes protocol=udp 
    add action=mark-packet chain=prerouting comment="" connection-mark=Jogos_conn disabled=no new-packet-mark=Jogos_packet \
    passthrough=no

    ..... continua na proxima.
    Última edição por minelli; 21-03-2008 às 19:38.



  3. IP Firewall ADDRESS-LIST
    Código :
    add address=65.54.0.0/16 comment="" disabled=no list=msn_server 
    add address=64.4.0.0/16 comment="" disabled=no list=msn_server 
    add address=207.46.0.0/16 comment="" disabled=no list=msn_server 
    add address=192.168.0.244 comment="" disabled=yes list=Clientes_Blok 
    add address=204.9.202.0/24 comment="" disabled=no list=Voip_List 
    add address=192.168.30.1 comment="" disabled=no list=Free_Conn 
    add address=192.168.10.1 comment="" disabled=no list=Free_Conn 
    add address=200.201.174.0/24 comment="" disabled=no list=msn_server 
    add address=207.46.110.0/24 comment="" disabled=no list=msn_server 
    add address=10.0.0.0/24 comment="" disabled=no list=Free_Conn 
    add address=192.168.20.0/24 comment="" disabled=no list=Free_Conn

    IP Address
    Código :
    add address=10.0.0.2/24 broadcast=10.0.0.255 comment="Router - Link" disabled=no interface=Router network=10.0.0.0
    add address=192.168.20.1/24 broadcast=192.168.20.255 comment="" disabled=no interface=Rede_Int network=192.168.20.0

    IP Route
    Código :
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.1 scope=255 target-scope=10

    IP DNS
    Código :
    add address=200.168.234.109 disabled=no name="GFirstnet" ttl=1d 
    add address=208.67.222.222 disabled=no name="OpenDNS" ttl=1d 
    add address=208.67.220.220 disabled=no name="OpenDNS1" ttl=1d 
    add address=200.204.0.10 disabled=no name="Telefonica" ttl=1d 
    add address=200.204.0.138 disabled=no name="Telefonica1" ttl=1d

    IP DNS Cache
    Código :
    Flags: S - static 
    # NAME ADDRESS TTL 
    0 S gfirstnet 200.168.234.109 1d 
    1 S opendns 208.67.222.222 1d 
    2 S opendns1 208.67.220.220 1d 
    3 S telefonica 200.204.0.10 1d 
    4 S telefonica1 200.204.0.138 1d 
    5 a.l.google.com 209.85.139.9 20h4m9s 
    6 b.l.google.com 64.233.179.9 20h6m31s 
    7 c.l.google.com 64.233.161.9 20h7m54s 
    8 d.l.google.com 66.249.93.9 20h3m18s 
    9 e.l.google.com 209.85.137.9 19h41m50s 
    10 f.l.google.com 72.14.235.9 21h49m10s 
    11 g.l.google.com 64.233.167.9 20h4m45s 
    12 c.ns.nsatc.net 64.152.2.44 1d22h2m5s 
    13 d.ns.nsatc.net 205.128.93.51 1d21h49m57s 
    14 l.ns.nsatc.net 65.57.86.48 1d21h49m55s 
    15 us-ga-1.ns.nsatc.net 208.172.65.40 1d2h34m1s 
    16 za.akadns.org 195.219.3.169 1d20h25m51s 
    17 zb.akadns.org 206.132.100.105 1d20h39m39s 
    18 zc.akadns.org 124.211.40.4 1d11h5m16s 
    19 zd.akadns.org 63.209.3.132 1d20h30m12s 
    20 eur1.akadns.net 213.254.204.197 1d18h4m58s 
    21 use3.akadns.net 204.2.178.133 1d16h4m48s 
    22 use4.akadns.net 208.44.108.137 1d16h4m51s 
    23 usw2.akadns.net 63.209.3.132 1d16h4m48s 
    24 asia9.akadns.net 220.73.220.4 1d16h4m55s 
    25 ns1.msft.net 207.68.160.190 19h27m20s 
    26 ns4.msft.net 207.46.66.126 13h2m17s 
    27 b.ns.c.footprint.net 209.84.2.47 1d7h23m24s 
    28 e.ns.c.footprint.net 8.12.213.51 1d19h59m2s 
    29 us-ga-1.ns.c.footprint.net 4.78.212.40 19h34m50s 
    30 us-nj-1.ns.c.footprint.net 63.208.106.76 19h34m50s 
    31 glb04.aqnt.com 65.203.229.15 1d23h8m8s 
    32 glb05.aqnt.com 12.130.62.15 1d4h11m16s 
    33 glb06.aqnt.com 206.16.21.22 1d4h11m16s 
    34 dns1.name-services.com 69.25.142.42 23h29m17s

    IP Web-Proxy Settings
    Código :
    /ip proxy
    set always-from-cache=yes cache-administrator="[EMAIL="teste@meudominio.com.br"]teste@meudominio.com.br[/EMAIL]" cache-drive=secondary-master cache-hit-dscp=4 \
    cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=1000 max-fresh-time=3d \
    max-server-connections=1000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=yes \
    src-address=0.0.0.0

    IP Web-Proxy Access
    Código :
    /ip proxy access 
    add action=allow comment="Libera Tudo - Por Classe." disabled=no src-address=192.168.0.0/16 
    add action=deny comment="Block Telnet & Spam E-mail Relaying" disabled=no dst-port=23-25 
    add action=deny comment="allow CONNECT only to SSL ports 443 [https] and 563 [snews]" disabled=no dst-port=!443,563 
    add action=deny comment="Bloqueia Tudo" disabled=no

    IP Web-Proxy Cache
    Código :
    add action=allow comment="Dont cache Dynamic HTTPS Pages" disabled=no dst-host=https:// 
    add action=allow comment="Dont cache Dynamic HTTP Pages" disabled=no dst-host=":cgi-bin \\\?"

    IP Web-Proxy Direct
    Código :
    add action=allow comment="Conectividade Social" disabled=no dst-address=200.201.0.0/16

    Queue Simple
    Código :
    /queue simple 
    add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=64000/64000 max-limit=64000/64000 \
    name="P2P" packet-marks=p2p_packet parent=none priority=1 queue=ethernet-default/ethernet-default \
    time=0s-24m,sun,mon,tue,wed,thu,fri,sat total-queue=ethernet-default 
    add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=Rede_Int limit-at=0/0 max-limit=0/0 \
    name="Rede_Interna" parent=none priority=8 queue=ethernet-default/ethernet-default target-addresses=192.168.20.0/24 \
    total-queue=ethernet-default 
    add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=WLan_1 limit-at=0/0 max-limit=0/0 name="WLan - \
    Wireless" parent=none priority=8 queue=wireless-default/wireless-default target-addresses=192.168.30.0/24 \
    total-queue=wireless-default 
    add comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=Rede_Int limit-at=0/0 max-limit=0/0 \
    name="Cabo_Net" parent=none priority=8 queue=ethernet-default/ethernet-default target-addresses=192.168.10.0/24 \
    total-queue=ethernet-default

    Queue Tree
    Código :
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="squid" \
    packet-mark=Squid_packet_HIT parent=global-out priority=2 queue=ethernet-default

    Interface Ethernet
    Código :
    set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
    full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Rede_Int" speed=100Mbps 
    set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
    full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Cabo_Net" speed=100Mbps 
    set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no \
    full-duplex=yes mac-address=00:00:00:00:00:00 mtu=1500 name="Router" speed=100Mbps

    Interface Wireless
    Código :
    0 name="WLan_1" mtu=1500 mac-address=00:00:00:00:00:00 arp=enabled interface-type=Atheros AR5213 mode=ap-bridge 
    ssid="MEUSSID" frequency=2437 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabled 
    wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
    default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no


    Pessoal se faltou alguma configuração necessaria para analize, me desculpem, pois foram tantas que posso ter me embaralhado.
    Caso tenha faltado é só pedir que eu adiciono sem problemas.
    Última edição por minelli; 21-03-2008 às 19:43.

  4. Pessoal agradeço a tds que visitaram este topico...., a solução foi achada. Após 36 horas de testes sem dormir e no laboratório da minha empresa descobri que o problema era na telefonica mesmo ele dizendo que ñ era. Então liguei para um "amigo" do suporte da telefonica "corporativo" de provedores com link full, pois tinha seu contato de quando estava com provedor, e reclamei a ele do meu problema aqui em casa (mini provedor) no SPEEDY, para minha surpressa após 45 minutos ele me ligou dizendo testa ai veja se resolveu.
    Channnnnnnnnnnnnnnnnnnnnnn,
    estáva resolvido, e ele me informou que a telefonica está de alguma forma complicando a vida do pessoal.... com (mini provedores em casa)
    Então fiquem atentos a esse tipo de problema.



  5. amigo, só dando um complemento ao seu tópico.

    Se voce configura o servidor e tudo fica funcionando, tá blz..

    se de uma hora pra outra parar, concerteza não é problema de configuração. pode ser problema de hardware ou bug no sistema. eu estou usando a versão 3.3 do MK a uns 15 dias, até agora está tudo perfeito.

    abraços!






Tópicos Similares

  1. Respostas: 8
    Último Post: 09-04-2011, 15:59
  2. Webproxy(MK) + DHPC com problema
    Por Greek no fórum Redes
    Respostas: 1
    Último Post: 05-01-2010, 20:24
  3. DDNS + PCC + Modem Bridge + Mk 3.x = Problema
    Por admskill no fórum Redes
    Respostas: 3
    Último Post: 23-11-2009, 22:07
  4. Respostas: 0
    Último Post: 10-04-2006, 11:45
  5. Problemas no cliente MK
    Por Samuelso no fórum Redes
    Respostas: 0
    Último Post: 20-02-2006, 07:19

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L