+ Responder ao Tópico



  1. amigos eu tive problemas com o MSN por muito tempo ate descobrir que problemas de MSN é firewall
    então encontrei umas regrinhas basicas aqui mesmo no forum e esta ai elas.
    lembrando que essas regras serão postadas no topo ou seja em cima de qualquer regra de DROP
    /ip firewall filter
    add chain=input protocol=tcp dst-port=1863 action=accept comment="Melhoras no MSN "Melhoras mesmo""
    add chain=input protocol=tcp src-port=1863 action=accept
    add chain=input protocol=tcp dst-port=443 action=accept
    add chain=forward protocol=tcp dst-port=443 action=accept

    /ip firewall nat
    add chain=dstnat dst-address=207.46.0.0/16 protocol=tcp action=accept comment="Com essas regras estabiliza o MSN"
    add chain=dstnat dst-address=64.4.0.0/16 protocol=tcp action=accept
    add chain=dstnat dst-address=65.54.0.0/16 protocol=tcp action=accept

  2. Antonio,

    Agradeço muito, porém ja tinha testado o que vc postou, menos a parte do Filter, apliquei e não deu certo.. Só não sei se ficou como deveria, os comandos do Filter deixei por primeiro, os de NAT tentei de varias formas a ultima deixei acima do masquerade e do proxy mas continua na mesma, agora o erro do msn é 81000306.

    O que achei estranho nas regras do Filter que apenas uma teve contagem de pacotes é isso mesmo? apenas a regra forward que teve acesso.

    Nao sei se ajuda mas vejam como estao as minhas interfaces

    Flags: X - disabled, D - dynamic, R - running
    # NAME TYPE RX-RATE TX-RATE MTU
    0 R adsl ether 0 0 1500
    1 R local ether 0 0 1500
    2 R pppoe-out pppoe-out 0 0 1492

    Ja forcei o MTU em todas interfaces e nada.. Será que tem algo mais que eu possa postar para vocês avaliarem?

    abraços



  3. Amigo pilatte,
    cara notei que vc usa modem bridg e que tambem usa adsl certo ???
    então posta pra gente as suas regras de filter e de nat pois o problema deve estar ai e ate mesmo as suas regras de web-proxy pois orkut é proxy e msn firewall.
    posta ai que damos uma força pra você

  4. Antonio,

    É bom como falou, uma das dicas que ví era usar o modem em bridge, porém não deu muito certo tbm..

    Seguem as regras

    / ip firewall filter
    add chain=input protocol=tcp dst-port=1863 action=accept comment="MSN" \
    disabled=no
    add chain=input protocol=tcp dst-port=443 action=accept comment="" disabled=no
    add chain=forward protocol=tcp dst-port=443 action=accept comment="" \
    disabled=no
    add chain=input protocol=tcp src-port=1863 action=accept comment="" \
    disabled=no
    add chain=warez protocol=udp src-port=0 action=drop comment="Controle P2P ARES \
    e Semelhantes" disabled=no
    add chain=warez protocol=tcp src-port=0 action=drop comment="" disabled=no
    add chain=warez protocol=udp dst-port=0 action=drop comment="" disabled=no
    add chain=warez protocol=tcp dst-port=0 action=drop comment="" disabled=no
    add chain=forward p2p=warez action=drop comment="" disabled=no
    add chain=input in-interface=pppoe-out protocol=tcp dst-port=3180 action=drop \
    comment="bloqueio externo" disabled=no
    add chain=input in-interface=pppoe-out protocol=tcp dst-port=53 action=drop \
    comment="" disabled=no
    add chain=input in-interface=pppoe-out protocol=udp dst-port=53 action=drop \
    comment="" disabled=no
    add chain=input protocol=icmp limit=50/5s,2 action=accept comment="ping" \
    disabled=yes
    add chain=input protocol=icmp action=drop comment="" disabled=yes
    add chain=forward action=jump jump-target=virus comment="virus" disabled=yes
    add chain=virus protocol=tcp dst-port=135-139 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=udp dst-port=135-139 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=445 action=drop comment="" disabled=yes
    add chain=virus protocol=udp dst-port=445 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=593 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=1080 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1214 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1363 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1364 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1368 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1373 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1377 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=2283 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=2535 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=3410 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=4444 action=drop comment="" disabled=yes
    add chain=virus protocol=udp dst-port=4444 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=5554 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=8866 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=9898 action=drop comment="" disabled=yes
    add chain=virus protocol=tcp dst-port=10000 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=10080 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=12345 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=17300 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=27374 action=drop comment="" \
    disabled=yes
    add chain=virus protocol=tcp dst-port=65506 action=drop comment="" \
    disabled=yes
    add chain=virus action=return comment="" disabled=yes

    *************

    Desabilitei as regras de filtro de virus, pois pensei que poderia ser algo blequeando mas não resolveu também..

    / ip firewall nat
    add chain=dstnat dst-address=207.46.0.0/16 protocol=tcp action=accept \
    comment="" disabled=no
    add chain=dstnat dst-address=64.4.0.0/16 protocol=tcp action=accept comment="" \
    disabled=no
    add chain=dstnat dst-address=65.54.0.0/16 protocol=tcp action=accept \
    comment="msn" disabled=no
    add chain=srcnat out-interface=pppoe-out action=masquerade comment="outros" \
    disabled=no
    add chain=dstnat in-interface=local src-address=!192.168.2.57 protocol=tcp \
    dst-port=80 packet-mark=!pkgSemProxy connection-mark=conHTTP \
    action=redirect to-ports=3180 comment="proxy transparente" disabled=no
    add chain=dstnat in-interface=pppoe-out action=redirect to-ports=0-65535 \
    comment="" disabled=no

    **************

    continua...



  5. / ip firewall mangle
    add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1432 \
    comment="Alterando o MTU de todas conexoes TCP" disabled=no
    add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
    new-connection-mark=conMessenger passthrough=yes comment="Messenger" \
    disabled=no
    add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
    new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=6891-6901 action=mark-connection \
    new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=6891-6901 action=mark-connection \
    new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=5190 action=mark-connection \
    new-connection-mark=conMessenger passthrough=yes comment="" disabled=no
    add chain=forward protocol=tcp tcp-flags=syn connection-mark=conMessenger \
    action=change-mss new-mss=1492 comment="" disabled=yes
    add chain=prerouting connection-mark=conMessenger action=mark-packet \
    new-packet-mark=pkgMessenger passthrough=no comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=58 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="Contabilidade" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=2500 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=2631 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=3456 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=30005 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=7878 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=10000 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.2.0/24 protocol=tcp dst-port=8017 \
    action=mark-connection new-connection-mark=conContabilidade \
    passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=conContabilidade action=mark-packet \
    new-packet-mark=pkgContabilidade passthrough=no comment="" disabled=no
    add chain=prerouting dst-address=200.201.174.0/24 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="Sem proxy" disabled=no
    add chain=prerouting dst-address=200.201.173.68 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=200.201.166.0/24 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=200.198.239.0/24 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=200.152.233.0/24 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=201.63.15.1 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=161.148.231.0/24 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting dst-address=65.54.186.79 protocol=tcp dst-port=80 \
    action=mark-connection new-connection-mark=conSemProxy passthrough=yes \
    comment="" disabled=no
    add chain=prerouting src-address=!192.168.2.57 connection-mark=conSemProxy \
    action=mark-connection new-connection-mark=conHTTP passthrough=yes \
    comment="" disabled=no
    add chain=prerouting connection-mark=conSemProxy action=mark-packet \
    new-packet-mark=pkgSemProxy passthrough=no comment="" disabled=no
    add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=conP2P passthrough=no comment="P2P" disabled=no
    add chain=prerouting protocol=tcp p2p=all-p2p connection-limit=16,32 \
    action=mark-connection new-connection-mark=conP2P passthrough=no \
    comment="" disabled=no
    add chain=prerouting connection-mark=conP2P action=mark-packet \
    new-packet-mark=pkgP2P passthrough=no comment="" disabled=no
    add chain=prerouting src-address=200.146.79.165 action=mark-connection \
    new-connection-mark=conVOIP passthrough=yes comment="Vono" disabled=no
    add chain=prerouting dst-address=200.146.79.165 action=mark-connection \
    new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=201.86.87.5 action=mark-connection \
    new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
    add chain=prerouting dst-address=201.86.87.5 action=mark-connection \
    new-connection-mark=conVOIP passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=conVOIP action=mark-packet \
    new-packet-mark=pkgVOIP passthrough=no comment="" disabled=no
    add chain=postrouting packet-mark=pkgVOIP action=change-tos new-tos=min-delay \
    comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
    new-connection-mark=conHTTP passthrough=yes comment="Navega o" \
    disabled=no
    add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=2082-2086 action=mark-connection \
    new-connection-mark=conHTTP passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
    new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
    new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=21 action=mark-connection \
    new-connection-mark=conHTTP passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=conHTTP action=mark-packet \
    new-packet-mark=pkgHTTP passthrough=no comment="" disabled=no
    add chain=prerouting action=mark-connection new-connection-mark=conOutros \
    passthrough=no comment="Outros" disabled=no
    add chain=prerouting connection-mark=conOutros action=mark-packet \
    new-packet-mark=pkgOutros passthrough=yes comment="" disabled=no


    Após colocar a primeira regra listada aqui em Mangles consegui conectar o meu msn, porém tive de setar o MTU abaixo de 1492

    ************

    / queue tree
    add name="QOS-IN" parent=global-in packet-mark="" limit-at=0 queue=default \
    priority=1 max-limit=4096000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="QOS-OUT" parent=global-out packet-mark="" limit-at=0 queue=default \
    priority=1 max-limit=412000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="IN-HTTP" parent=REDE-IN packet-mark=pkgHTTP limit-at=0 queue=default \
    priority=2 max-limit=2000000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="OUT-HTTP" parent=REDE-OUT packet-mark=pkgHTTP limit-at=0 \
    queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="IN-P2P" parent=REDE-IN packet-mark=pkgP2P limit-at=0 queue=default \
    priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="OUT-P2P" parent=REDE-OUT packet-mark=pkgP2P limit-at=0 queue=default \
    priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="REDE-IN" parent=QOS-IN packet-mark="" limit-at=0 queue=default \
    priority=8 max-limit=3072000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="VOIP-IN" parent=QOS-IN packet-mark=pkgVOIP limit-at=128000 \
    queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="REDE-OUT" parent=QOS-OUT packet-mark="" limit-at=0 queue=default \
    priority=8 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="VOIP-OUT" parent=QOS-OUT packet-mark=pkgVOIP limit-at=128000 \
    queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="IN-OUTROS" parent=REDE-IN packet-mark=pkgOutros limit-at=128000 \
    queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="OUT-OUTROS" parent=REDE-OUT packet-mark=pkgOutros limit-at=0 \
    queue=default priority=8 max-limit=192000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="IN-MESSNEGER" parent=REDE-IN packet-mark=pkgMessenger limit-at=0 \
    queue=default priority=3 max-limit=256000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="OUT-MESSNEGER" parent=REDE-OUT packet-mark=pkgMessenger limit-at=0 \
    queue=default priority=3 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    continua...






Tópicos Similares

  1. Web-proxy- msn e hotmail não entram...
    Por jackrodrigues no fórum Redes
    Respostas: 0
    Último Post: 06-05-2013, 20:27
  2. Respostas: 3
    Último Post: 07-06-2011, 09:38
  3. Ajuda, rapido, msn e orkut nao entram!!!
    Por keniocesar no fórum Redes
    Respostas: 6
    Último Post: 21-06-2009, 20:40
  4. Msn E Orkut Nao Entram Mk
    Por cyberpool no fórum Redes
    Respostas: 9
    Último Post: 01-07-2008, 15:07
  5. MSN e ORKUT não entra
    Por angelangra no fórum Redes
    Respostas: 2
    Último Post: 26-07-2007, 18:48

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L