Página 1 de 2 12 ÚltimoÚltimo
+ Responder ao Tópico



  1. #1

    Padrão Controle de rede P2P,MSN ETC

    Pessoal, estou tendo problemas com minha rede, a net está ficnado lenta quando o pessoal começa baixar em p2p, o problema que fiz as regras d controle, que tem nós tutoriais e não está adiantando. oque devo fazer???

  2. #2

    Padrão

    Citação Postado originalmente por georgegomes Ver Post
    Pessoal, estou tendo problemas com minha rede, a net está ficnado lenta quando o pessoal começa baixar em p2p, o problema que fiz as regras d controle, que tem nós tutoriais e não está adiantando. oque devo fazer???

    Posta suas regras para darmos uma olhada.



  3. #3

    Padrão

    Citação Postado originalmente por Mr. RG Ver Post
    Posta suas regras para darmos uma olhada.
    aqui estão :

    / ip firewall mangle
    add chain=output protocol=tcp src-port=3128 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="PROXY FULL" \
    disabled=yes
    add chain=forward protocol=udp src-port=0 action=mark-connection \
    new-connection-mark=block passthrough=yes comment="" disabled=yes
    add chain=output connection-mark=proxy action=mark-packet \
    new-packet-mark=proxy passthrough=yes comment="" disabled=yes
    add chain=output connection-mark=proxy action=return comment="" disabled=yes
    add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=all-p2p passthrough=yes comment="----- P2P" \
    disabled=no
    add chain=prerouting connection-mark=all-p2p action=mark-packet \
    new-packet-mark=ALL-P2P passthrough=no comment="" disabled=no
    add chain=prerouting dst-address=66.36.231.71 protocol=tcp src-port=1024-65535 \
    dst-port=80 action=mark-connection new-connection-mark=manchobanda \
    passthrough=yes comment="MEDIDORES DE LARGURA" disabled=no
    add chain=prerouting dst-address=216.49.88.18 protocol=tcp src-port=1024-65535 \
    dst-port=80 action=mark-connection new-connection-mark=manchobanda \
    passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=manchobanda action=mark-packet \
    new-packet-mark=MIDOANCHODEBANDA passthrough=no comment="" disabled=no
    add chain=forward protocol=udp dst-port=4672 action=mark-connection \
    new-connection-mark=all-p2p passthrough=yes comment="Marco todos os P2P" \
    disabled=no
    add chain=forward connection-mark=all-p2p action=mark-packet \
    new-packet-mark=ALL-P2P passthrough=yes comment="" disabled=no
    add chain=output protocol=udp src-port=0-65535 dst-port=514 \
    action=mark-connection new-connection-mark=syslog-mt passthrough=no \
    comment="Syslog soft MT para Windows" disabled=no
    add chain=prerouting protocol=tcp dst-port=113 action=mark-connection \
    new-connection-mark=auth passthrough=no comment="----- Marco outras \
    coisas de menos uso" disabled=no
    add chain=prerouting protocol=tcp dst-port=119 action=mark-connection \
    new-connection-mark=nntp passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=143 action=mark-connection \
    new-connection-mark=imap passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=161-162 action=mark-connection \
    new-connection-mark=snmp passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=554 action=mark-connection \
    new-connection-mark=audio-streaming passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=1755 action=mark-connection \
    new-connection-mark=audio-streaming passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=993 action=mark-connection \
    new-connection-mark=imaps passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=2379 action=mark-connection \
    new-connection-mark=kgs passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=3389 action=mark-connection \
    new-connection-mark=win-rdp passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=5900-5901 action=mark-connection \
    new-connection-mark=vnc passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=6667-6669 action=mark-connection \
    new-connection-mark=irc passthrough=no comment="" disabled=no
    add chain=prerouting protocol=udp src-port=36725 dst-port=1024-65535 \
    action=mark-connection new-connection-mark=skype passthrough=no comment="" \
    disabled=no
    add chain=prerouting protocol=udp src-port=1024-65535 dst-port=5060-5061 \
    action=mark-connection new-connection-mark=sip passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=udp src-port=5060-5061 dst-port=1024-65535 \
    action=mark-connection new-connection-mark=sip passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=icmp icmp-options=8:0-255 action=mark-connection \
    new-connection-mark=ping passthrough=yes comment="----- PING" disabled=no
    add chain=prerouting connection-mark=ping action=mark-packet \
    new-packet-mark=PING passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection \
    new-connection-mark=ftp passthrough=yes comment="----- FTP" disabled=no

  4. #4

    Padrão

    add chain=prerouting connection-mark=ftp action=mark-packet \
    new-packet-mark=FTP passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="----- DNS" disabled=no
    add chain=prerouting protocol=tcp src-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp src-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=dns action=mark-packet \
    new-packet-mark=DNS passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=80 src-address-list=nat-addr \
    action=mark-connection new-connection-mark=http passthrough=yes \
    comment="----- HTTP" disabled=no
    add chain=prerouting connection-mark=http action=mark-packet \
    new-packet-mark=HTTP passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
    new-connection-mark=https passthrough=yes comment="----- HTTPS" \
    disabled=no
    add chain=prerouting protocol=tcp src-port=443 action=mark-connection \
    new-connection-mark=https passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=https action=mark-packet \
    new-packet-mark=HTTPS passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
    new-connection-mark=pop3 passthrough=yes comment="----- POP3" disabled=no
    add chain=prerouting protocol=tcp dst-port=995 action=mark-connection \
    new-connection-mark=pop3 passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=pop3 action=mark-packet \
    new-packet-mark=POP3-POP3s passthrough=no comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=123 action=mark-connection \
    new-connection-mark=ntp passthrough=yes comment="----- NTP" disabled=no
    add chain=prerouting connection-mark=ntp action=mark-packet \
    new-packet-mark=NTP passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
    new-connection-mark=msn passthrough=yes comment="----- MSN" disabled=no
    add chain=prerouting protocol=tcp dst-port=6891-6900 action=mark-connection \
    new-connection-mark=msn passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
    new-connection-mark=msn passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=7001 action=mark-connection \
    new-connection-mark=msn passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=msn action=mark-packet \
    new-packet-mark=MSN passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=3128 src-address-list=local-addr \
    action=mark-connection new-connection-mark=proxy passthrough=yes \
    comment="----- PROXY" disabled=no
    add chain=prerouting protocol=tcp src-port=3128 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=proxy action=mark-packet \
    new-packet-mark=PROXY passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
    new-connection-mark=winbox passthrough=yes comment="----- WINBOX" \
    disabled=no
    add chain=prerouting connection-mark=winbox action=mark-packet \
    new-packet-mark=WINBOX passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection \
    new-connection-mark=pptp passthrough=yes comment="Protocolos: GRE - L2TP - \
    PPTP - VPN Megatone" disabled=no
    add chain=prerouting connection-mark=pptp action=mark-packet \
    new-packet-mark=VPN passthrough=no comment="" disabled=no
    add chain=prerouting protocol=gre action=mark-connection \
    new-connection-mark=gre passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=gre action=mark-packet \
    new-packet-mark=VPN passthrough=no comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=1701 action=mark-connection \
    new-connection-mark=l2tp passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=l2tp action=mark-packet \
    new-packet-mark=VPN passthrough=no comment="" disabled=no
    add chain=prerouting protocol=udp dst-port=1194 action=mark-connection \
    new-connection-mark=vpn-megatone passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=vpn-megatone action=mark-packet \
    new-packet-mark=VPN passthrough=no comment="" disabled=no
    add chain=output protocol=udp dst-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="----- DNS vindo do \
    Router" disabled=no
    add chain=output connection-mark=dns action=mark-packet new-packet-mark=DNS \
    passthrough=no comment="" disabled=no
    add chain=output protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=http passthrough=yes comment="" disabled=no
    add chain=output connection-mark=http action=mark-packet new-packet-mark=HTTP \
    passthrough=no comment="" disabled=no
    add chain=output protocol=tcp dst-port=5002 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="" disabled=no
    add chain=output protocol=tcp src-port=5002 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="" disabled=no
    add chain=output connection-mark=proxy action=mark-packet \
    new-packet-mark=PROXY passthrough=no comment="" disabled=no
    add chain=input protocol=udp src-port=53 action=mark-connection \
    new-connection-mark=dns passthrough=yes comment="" disabled=no
    add chain=input connection-mark=dns action=mark-packet new-packet-mark=DNS \
    passthrough=yes comment="" disabled=no
    add chain=input protocol=tcp src-port=5002 dst-port=1024-65535 \
    action=mark-connection new-connection-mark=proxy passthrough=yes \
    comment="" disabled=no
    add chain=input connection-mark=proxy action=mark-packet new-packet-mark=PROXY \
    passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=udp action=mark-connection \
    new-connection-mark=other-udp passthrough=yes comment="----- UDP NAO \
    RECONHECIDOS " disabled=no
    add chain=prerouting connection-mark=other-udp action=mark-packet \
    new-packet-mark=OTHER-UDP passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=1024-3126 action=mark-connection \
    new-connection-mark=other-tcp-bajo passthrough=yes comment="----- TCP NAO \
    RECONHECIDOS PUERTOS BAJOS" disabled=no
    add chain=prerouting protocol=tcp dst-port=3129-10000 action=mark-connection \
    new-connection-mark=other-tcp-bajo passthrough=yes comment="" disabled=no
    add chain=prerouting connection-mark=other-tcp-bajo action=mark-packet \
    new-packet-mark=TCP-BAJO passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=10001-10999 action=mark-connection \
    new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \
    NAO RECONHECIDOS PUERTOS MEDIOS" disabled=no
    add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \
    new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=11000-11999 action=mark-connection \
    new-connection-mark=yahoo-juegos passthrough=yes comment="YAHOO Jogos" \
    disabled=no
    add chain=prerouting connection-mark=yahoo-juegos action=mark-packet \
    new-packet-mark=YAHOO passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=12000-30000 action=mark-connection \
    new-connection-mark=other-tcp-medio passthrough=yes comment="----- TCP \
    NAO RECONHECIDOS PORTAS MEDIAS" disabled=no

    disabled=no



  5. #5

    Padrão

    add chain=prerouting connection-mark=other-tcp-medio action=mark-packet \
    new-packet-mark=TCP-MEDIO passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=30001-65535 \
    src-address-list=nat-addr action=mark-connection \
    new-connection-mark=other-tcp-alto passthrough=yes comment="----- TCP NAO \
    RECONHCIDOS PORTAS ALTAS" disabled=no
    add chain=prerouting connection-mark=other-tcp-alto action=mark-packet \
    new-packet-mark=TCP-ALTO passthrough=no comment="" disabled=no
    add chain=prerouting action=mark-connection new-connection-mark=other \
    passthrough=yes comment="----- POR PRECAUSAO MARCO TUDO" disabled=no
    add chain=prerouting connection-mark=other action=mark-packet \
    new-packet-mark=OTHER passthrough=no comment="" disabled=no
    add chain=postrouting protocol=tcp dst-port=5002 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="" disabled=no
    add chain=postrouting protocol=tcp src-port=5002 action=mark-connection \
    new-connection-mark=proxy passthrough=yes comment="" disabled=no
    add chain=postrouting connection-mark=proxy action=mark-packet \
    new-packet-mark=PROXY passthrough=yes comment="" disabled=no
    add chain=output src-address=172.19.100.100 protocol=tcp src-port=5002 \
    dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
    passthrough=yes comment="" disabled=no
    add chain=output src-address=172.242.100.100 protocol=tcp src-port=5002 \
    dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
    passthrough=yes comment="" disabled=no
    add chain=output src-address=172.246.100.100 protocol=tcp src-port=5002 \
    dst-address-list=nat-addr action=mark-connection new-connection-mark=proxy \
    passthrough=yes comment="" disabled=no
    add chain=output connection-mark=proxy action=mark-packet \
    new-packet-mark=PROXY passthrough=no comment="" disabled=no
    / ip firewall nat
    add chain=srcnat out-interface=WAN action=masquerade comment="" disabled=no
    add chain=dstnat connection-mark=dns action=redirect to-ports=0-65535 \
    comment="proxy for DNS requests" disabled=no
    add chain=dstnat in-interface=WAN src-address=172.19.100.0/24 protocol=tcp \
    dst-port=80 action=redirect to-ports=3128 comment="proxy for HTTP \
    requests" disabled=no
    add chain=dstnat in-interface=WLAN-EW src-address=172.246.100.0/24 \
    protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="proxy for \
    HTTP requests" disabled=no
    / ip firewall connection tracking
    set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
    tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
    tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
    udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
    tcp-syncookie=no


    aqui as do queue:


    / queue tree
    add name="Int-OUT" parent=global-in packet-mark="" limit-at=256000 \
    queue=default priority=1 max-limit=512000 burst-limit=0 \
    burst-threshold=128000 burst-time=12s disabled=no
    add name="POP3-Out" parent=Int-OUT packet-mark=POP3-POP3s limit-at=64000 \
    queue=default priority=4 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="RESTO-OUT" parent=Int-OUT packet-mark=OTHER limit-at=0 queue=default \
    priority=4 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="FTP-Out" parent=Int-OUT packet-mark=FTP limit-at=0 queue=default \
    priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="HTTP-OUT" parent=Int-OUT packet-mark=HTTP limit-at=0 queue=default \
    priority=2 max-limit=280000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="DNS-OUT" parent=Int-OUT packet-mark=DNS limit-at=0 queue=default \
    priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="SMTP-OUT" parent=Int-OUT packet-mark=SMTP-SMTPs limit-at=0 \
    queue=default priority=7 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="SSH-OUT" parent=Int-OUT packet-mark=SSH limit-at=0 queue=default \
    priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="TCP-OUT" parent=Int-OUT packet-mark=TCP-BAJO limit-at=0 \
    queue=default priority=8 max-limit=190000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="UDP-OUT" parent=Int-OUT packet-mark=OTHER-UDP limit-at=0 \
    queue=default priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="TELNET-OUT" parent=Int-OUT packet-mark=TELNET limit-at=0 \
    queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="WEBPROXY-OUT" parent=Int-OUT packet-mark=PROXY limit-at=512000 \
    queue=default priority=8 max-limit=768000 burst-limit=1024000 \
    burst-threshold=0 burst-time=20s disabled=no
    add name="TCP-MEDIOS" parent=Int-OUT packet-mark=TCP-MEDIO limit-at=0 \
    queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="TCP-ALTOS" parent=Int-OUT packet-mark=TCP-ALTO limit-at=0 \
    queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="HTTP/S-OUT" parent=Int-OUT packet-mark=HTTPS limit-at=0 \
    queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="TEST-ANCHO-Int-OUT" parent=Int-OUT packet-mark=MIDOANCHODEBANDA \
    limit-at=0 queue=default priority=2 max-limit=32000 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no
    add name="Control.P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \
    priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
    add name="Control-P2P" parent=WAN packet-mark=ALL-P2P limit-at=0 queue=default \
    priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s \

  6. #6

    Padrão

    Olá amigo,
    Não sei se você tem necessidade de todas estas regras, mas aí vai as regras para p2p:

    /ip firewall mangle add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_con passthrough=yes

    /ip firewall mangle add chain=prerouting connection-mark=p2p_con action=mark-packet new-packet-mark=p2p passthrough=yes


    Regras para marcar pacotes de entrada do msn:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection new-connection-mark=msn_in passthrough=yes

    /ip firewall mangle add chain=prerouting connection-mark=msn_in action=mark-packet new-packet-mark=msn_entrada passthrough=yes

    Pacotes de saída:

    /ip firewall mangle add chain=prerouting protocol=tcp src-port=1863 action=mark-connection new-connection-mark=msn_out passthrough=yes

    /ip firewall mangle add chain=prerouting connection-mark=msn_out action=mark-packet new-packet-mark=msn_saida passthrough=yes


    Depois é só criar a queue tree do msn e do p2p.

    Dica: Você pode criar um limite de conexões dos p2p.

    Qualquer coisa...