+ Responder ao Tópico



  1. #13

    Padrão

    Boa tarde galera...

    hj anoite vo começar tudo do zero... novamente passar a madrugada.. tentando resolver esse problema.. se algume quiser me ajudar.... me add


    [email protected].....


    Obrigado a todos q me ajudaram

  2. #14

    Lightbulb

    galera... eu consegui... fazer o proxy paralelo com o seguinte codigo do squid....
    tem como ver c tem algum erro ??
    como eu sei q ela ta funcionando certinhu ???
    como eu consigo ver um relatorio de todos os sites acessados ????
    eu vi um programa q c chama sarg ?????

    # regras de segurança, iptables, etc. executadas no mikrotik.
    http_port 5128 transparent
    visible_hostname webproxy
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70 #protocolo gopher antigão
    acl Safe_ports port 210 #whais
    acl Safe_ports port 1024-65535 #todas as outras portas
    acl Safe_ports port 280 #http-mgmt
    acl Safe_ports port 488 #gss-http
    acl Safe_ports port 591 #filemaker
    acl Safe_ports port 777 #multi http
    acl Safe_ports port 901 #acesso Swat
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_PORTS
    #permissão de acesso ao proxy, rede do Mikrotik
    #classe de rede ou classes separadas por espaços.
    acl redelocal src 192.168.10.1/24
    http_access allow localhost
    http_access allow redelocal
    #bloquear todos outros acessos.
    http_access deny all
    #access log
    cache_access_log /var/log/squid3/access.log
    #cache.log
    cache_log /var/log/squid3/cache.log
    #memoria reservada para o cache, coloque um valor de preferencia 40%
    # do total da sua maquina, e não mais.
    cache_mem 700 MB
    #máximo tamanho dos arquivo cache na memoria
    maximum_object_size_in_memory 128 KB
    #máximo tamanho dos arquivo cache no hd
    maximum_object_size 5120 MB
    minimum_object_size 0 KB
    #regra que começa a esvaziar / substituir arquivos no cache em 90%
    cache_swap_low 80
    cache_swap_high 90
    #indicação de localização da pasta de arquivos cache e em sequência valor
    #total em MB de espaço no hd a ser usado pelo cache, numero de pastas, e
    #numero de subpastas do cache.
    cache_dir ufs /var/spool/squid3 50048 16 256
    #intervalos de tempos que o proxy verificara os arquivos dos site acessado
    #conferem com o do cache, o valor 4560 significa 04 dias
    refresh_pattern ^ftp: 15 20% 4560
    refresh_pattern ^gopher: 15 0% 4560
    refresh_pattern . 15 20% 4560
    #Mantendo objetos recentes e pequenos na memoria
    memory_replacement_policy heap GDSF
    #Ativando pools de memoria, evitando o Squid ficar realocando memoria toda hora que precisar, manter pools de 32MB
    #memory_pools off
    #memory_pools_limit 0



    galera tem algum erro no conf ???
    tenho como aumentar o cache rapido..
    qndo eu baixo um arquivo de uns 4mb e baixou denovu
    ele vem rapidinhu...
    agora qndo baixo um maior... de uns 20 mb.. ele vem normal.. a taxa
    q tiver cadastra no clientes.



  3. #15

    Lightbulb

    galera tem como ver c minha conf. ta certa???
    lembrando meu mikrotik 2.9.27

    / ip firewall filter
    add chain=input in-interface=internet protocol=tcp dst-port=3128 action=drop \
    comment="" disabled=no
    / ip firewall nat
    add chain=srcnat src-address=15.15.0.0/30 action=masquerade comment="Conex o \
    para o proxy" disabled=no
    add chain=pre-hotspot in-interface=clientes src-address=192.168.10.0/24 \
    dst-address=!15.15.0.2 protocol=tcp dst-port=80 hotspot=auth \
    action=redirect to-ports=3128 comment="Redirecionamento do proxy do \
    servidor para os clientes" disabled=no
    add chain=srcnat src-address=192.168.10.0/24 action=masquerade \
    comment="Conex o para os clientes" disabled=no
    /ip firewall mangle
    add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
    action=mark-connection new-connection-mark=squid-connection-HIT \
    passthrough=yes comment="CACHE FULL SQUID-DEBIAN" disabled=no
    add chain=output connection-mark=squid-connection-HIT action=mark-packet \
    new-packet-mark=squid-packet-HIT passthrough=yes comment="" disabled=no
    add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=P2P-Conexao passthrough=yes comment="CONTROLE P2P" \
    disabled=no
    add chain=prerouting protocol=tcp tcp-flags=syn p2p=all-p2p \
    connection-limit=15,24 action=mark-connection \
    new-connection-mark=P2P-Conexao-Limite passthrough=yes comment="" \
    disabled=no
    add chain=prerouting connection-mark=P2P-Conexao action=mark-packet \
    new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
    add chain=prerouting connection-mark=P2P-Conexao-Limite action=mark-packet \
    new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
    add chain=prerouting protocol=icmp action=mark-connection \
    new-connection-mark=ICMP-Conexao passthrough=yes comment="CONTROLE ICMP" \
    disabled=no
    add chain=prerouting connection-mark=ICMP-Conexao action=mark-packet \
    new-packet-mark=ICMP-Pacotes passthrough=yes comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
    new-connection-mark=Navegacao-Conexao passthrough=yes comment="CONTROLE \
    NAVEGACAO" disabled=no
    add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
    disabled=yes
    add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
    new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
    new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=tcp dst-port=21 action=mark-connection \
    new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting connection-mark=Navegacao-Conexao action=mark-packet \
    new-packet-mark=Navegacao-Pacotes passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
    new-connection-mark=Messenger-Conexao passthrough=yes comment="CONTROLE \
    MESSENGER" disabled=no
    add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
    new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=tcp dst-port=6891-6901 action=mark-connection \
    new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=udp dst-port=6891-6901 action=mark-connection \
    new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting protocol=udp dst-port=5190 action=mark-connection \
    new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
    disabled=no
    add chain=prerouting connection-mark=Messenger-Conexao action=mark-packet \
    new-packet-mark=Messenger-Pacotes passthrough=no comment="" disabled=no
    add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
    new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="Winbox" \
    disabled=no
    add chain=prerouting connection-mark=Acesso-Remoto-Conexao action=mark-packet \
    new-packet-mark=Acesso-Remoto-Pacotes passthrough=no comment="" \
    disabled=no
    add chain=prerouting protocol=udp action=mark-connection \
    new-connection-mark=UDP-Conexao passthrough=yes comment="CONTROLE UDP" \
    disabled=no
    add chain=prerouting connection-mark=UDP-Conexao action=mark-packet \
    new-packet-mark=UDP-Pacotes passthrough=no comment="" disabled=no
    add chain=prerouting action=mark-connection new-connection-mark=Outras-Conexao \
    passthrough=no comment="CONTROLE SERVICOS NAO IDENTIFICADOS" disabled=yes
    add chain=prerouting connection-mark=Outras-Conexao action=mark-packet \
    new-packet-mark=Outras-Pacotes passthrough=no comment="" disabled=yes
    add chain=prerouting action=accept comment="" disabled=yes

  4. #16

    Padrão

    resto da configuração......
    tem como ver c tem algo errado para min ??
    eu sinto a nevegação um poko presa....

    / queue tree
    add name="QOS" parent=global-total packet-mark="" limit-at=128000 \
    queue=default priority=8 max-limit=100000000 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no
    add name="1 - Navegacao" parent=QOS packet-mark=Navegacao-Pacotes \
    limit-at=128000 queue=default priority=8 max-limit=100000000 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no
    add name="2 - Messenger" parent=QOS packet-mark=Messenger-Pacotes \
    limit-at=128000 queue=default priority=2 max-limit=4000000 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no
    add name="5 - P2P" parent=QOS packet-mark=P2P-Pacotes limit-at=200000 \
    queue=default priority=5 max-limit=200000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="3 - ICMP" parent=QOS packet-mark=ICMP-Pacotes limit-at=128000 \
    queue=default priority=1 max-limit=250000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="4 - UDP" parent=QOS packet-mark=UDP-Pacotes limit-at=128000 \
    queue=default priority=3 max-limit=1000000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="Cache Full Squid-Debian" parent=global-out \
    packet-mark=squid-packet-HIT limit-at=0 queue=default priority=8 \
    max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
    / ip pool
    add name="dhcp_pool2" ranges=192.168.10.20-192.168.10.254
    / ip dns
    set primary-dns=200.204.0.10 secondary-dns=200.204.0.138 \
    allow-remote-requests=yes cache-size=10240KiB cache-max-ttl=1w
    / ip address
    add address=10.0.0.138/24 network=10.0.0.0 broadcast=10.0.0.255 \
    interface=internet comment="" disabled=yes
    add address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 \
    interface=clientes comment="" disabled=no
    add address=15.15.0.1/30 network=15.15.0.0 broadcast=15.15.0.3 interface=proxy \
    comment="" disabled=no
    / ip web-proxy
    set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
    transparent-proxy=yes parent-proxy=15.15.0.2:5128 \
    cache-administrator="webmaster" max-object-size=1KiB cache-drive=system \
    max-cache-size=none max-ram-cache-size=unlimited
    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no
    add src-address=192.168.10.0/24 action=allow comment="Acesso a rede " \
    disabled=no
    add action=deny comment="" disabled=no
    add url="http://www.speedyzone/wsc/" action=deny comment="" disabled=no
    add url="http://speedyzone/wsc/" action=deny comment="" disabled=no
    add url="http://www.speedy.zone/wsc/" action=deny comment="" disabled=no
    add url="speedy.zone/wsc/" action=deny comment="" disabled=no
    add url="http://200.171.222.97/wsc/" action=deny comment="" disabled=no
    / ip web-proxy cache
    add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
    disabled=no
    add url="https://" action=deny comment="don't cache dynamic https pages" \
    disabled=no


    obrigado a todos q me ajudaram.
    e me ajudam...


    muto obrigado a todos... sem vc´s naum teria conseguido fazer nda..
    muito obrigado a todos ...



  5. #17

    Padrão

    eu tava pensando c eu colocar o debian no switch ele vai funcionar em paralelo ???


    internet
    !
    !
    roteador
    !
    !
    Mkt
    !
    !
    switch ------ Debian
    !
    !
    clientes


    assim funciona ou ele naum vai localizar o mkt ??
    entuam galera minha regras q postei anteriormente ta certinha ???
    eu sinto e ele ta dando umas travadas.....

    preciso de ajuda..
    obrigado a todos q me ajudaram agradeço muito


    Obrigado

  6. #18

    Padrão

    alguma ideia galera ????
    me ajudem por favor..