Página 1 de 3 123 ÚltimoÚltimo
+ Responder ao Tópico



  1. #1

    Padrão QoS no Mikrotik - Completo

    Bem, eu já tentei várias formas de melhorar a navegação de meus clientes. Recentemente eu sai "catanto" todas as dicas do UnderLinux e na Wiki do Mikrotik e cheguei ao meu Sistema de QoS proprio....

    Dividi tudo em tres partes.

    1º Protocolos Layer7
    Além de identificar o trafego por portas, eu uso layer7 como backup. Caso a pessoa esteja acessando um serviço X em uma porta fora do padrão o mikrotik conseguirá identificar o trafego.
    2º Marcacao de Pacotes usando Mangle.
    Bem, basicamente eu uso a chanin= prerouting e nela eu marco o trafego nas portas dos principais servicos. Adicionalmente, eu uso o Layer7, e marco o que passar despercebido.
    A principal diferenca é que eu do nomes diferentes para arquivos de tamanhos diferentes.
    Ex: http-ate1mb, http-maiorque60MB
    Assim, Caso o arquivo seja menor que 1mb, eu considero o trafego com prioridade maior do que um que tenha mais que 60mb.
    3º As queue Trees
    Como no mangle eu saio marcando tudo, nas queue tree eu do a prioridade para cada tipo de servico. Ex: Para pacotes HTTP menores que 1m, o clientes tem banda liberada. Assim, mesmo que ele esteja fazendo um download na velocidade maxima, ele ainda conseguira navegar normalmente.
    Eu uso a mesma ideia para os pacotes do tipo "servicosderede". Neles vem os pings, dns, etc...
    Pacotes marcados como hotspot, eu faço com que ao acessar a pagina do hotspot, o cliente tenha banda total.
    As regras foram feitas para MEU mikrotik, logo, provavelmente você terá que alterar uma ou outra coisinha para que elas funcionem 100% para você. (Dados Basicos do meu servidor: Link de 1M; Mikrotik 3.23; CacheFull + HotSpot; Rodando em um PC comum)

    Caso alguem encontre algum erro, por favor, poste aqui para que eu saiba do mesmo e corrija em meu servidor.

    Enfim, nos posts abaixo vao minhas regras.

    Caso a dica tenha te ajudado, por favor, agradeça. Assim você me incentiva a escrever mais besteiras por aqui.

    *** Vide minha Address List na página 3. Ela é necessaria para que os pacotes do youtube sejam identificados. ***

    ~-~-~-~-~-~-~-~-~-~
    Precisa de ajuda com sua rede? Precisa replanejar suas estratégias de marketing e aumentar seu lucro? Contate-me: email {[arroba]} renangomes.com
    ~-~-~-~-~-~-~-~-~-~
    Miniaturas de Anexos Miniaturas de Anexos Clique na imagem para uma versão maior

Nome:	         QoS-Mikrotik.jpg
Visualizações:	5977
Tamanho: 	332,2 KB
ID:      	4330  
    Arquivos Anexos Arquivos Anexos
    • Tipo de Arquivo: txt QoS.txt (35,5 KB, 5266 visualizações)
    Última edição por renangomes; 19-05-2009 às 03:19.

  2. #2

    Padrão IP FIREWALL LAYER7-PROTOCOL

    # Adicionando mais formas de identificar os pacotes.
    /ip firewall layer7-protocol
    add comment="" name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\
    \18\19\1A\1B\1C [email protected][`\81\82\90\91\93\96\97\98\99\9A\9B\
    \9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
    add comment="" name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /que\
    ue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
    add comment="" name=soribada regexp="^GETMP3\r\
    \nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$"
    add comment="" name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
    add comment="" name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\\
    .[0-9]\r\
    \n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactel\
    la|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-p\
    ackets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-\
    9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutel\
    la.*content-type: application/x-gnutella|...................\?lime)"
    add comment="" name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
    \n"
    add comment="" name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
    add comment="" name=shoutcast regexp=\
    "icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
    add comment="" name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9\
    ][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\
    \04\FF]"
    add comment="" name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
    add comment="" name=poco regexp="^\80\94\
    \n\01....\1F\9E"
    add comment="" name=ciscovpn regexp="^\01\F4\01\F4"
    add comment="" name=x11 regexp="^[lb].\?\0B"
    add comment="" name=xboxlive regexp="^X\80........\F3|^\06XN"
    add comment="" name=applejuice regexp="^ajprot\r\
    \n"
    add comment="" name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
    add comment="" name=live365 regexp=membername.*session.*player
    add comment="" name=rlogin regexp=\
    "^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
    add comment="" name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(\
    connection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\.[019\
    ]"
    add comment="" name=sip regexp=\
    "^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
    add comment="" name=pop3 regexp="^(\\+ok |-err )"
    add comment="" name=smb regexp="\FFsmb[r%]"
    add comment="" name=quake1 regexp="^\80\0C\01quake\03"
    add comment="" name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
    \n.[\01\02\03][\01-\
    \n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~]*[\t-\r\
    ]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
    \n\$"
    add comment="" name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
    \nEnd(Public|AES)Key\
    \n\$"
    add comment="" name=ssh regexp="^ssh-[12]\\.[0-9]"
    add comment="" name=jabber regexp=\
    "<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
    add comment="" name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get/scrape\
    \\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
    add comment="" name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
    add comment="" name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
    add comment="" name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
    add comment="" name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]\
    [A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A\
    -P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]"
    add comment="" name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
    add comment="" name=subspace regexp="^\01....\11\10........\01\$"
    add comment="" name=hotline regexp="^....................TRTPHOTL\01\02"
    add comment="" name=doom3 regexp="^\FF\FFchallenge"
    add comment="" name=ftp regexp="^220[\t-\r -~]*ftp"
    add comment="" name=kugoo regexp="^1..\8E"
    add comment="" name=tsp regexp=\
    "^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
    add comment="" name=battlefield1942 regexp="^\01\11\10\\|\F8\02\[email protected]\06"
    add comment="" name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(\
    alive|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
    add comment="" name=imap regexp="^(\\* ok|a[0-9]+ noop)"
    add comment="" name=ares regexp="^\03[]Z].\?.\?\05\$"
    add comment="" name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.statu\
    s[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa\
    |x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9\
    ][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
    add comment="" name=qq regexp="^.\?\02.+\03\$"
    add comment="" name=100bao regexp="^\01\01\05\
    \n"
    add comment="" name=aim regexp=\
    "^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
    add comment="" name=unknown regexp=.
    add comment="" name=msn-filetransfer regexp=\
    "^(ver [ -~]*msnftp\r\
    \nver msnftp\r\
    \nusr|method msnmsgr:)"
    add comment="" name=yahoo regexp=\
    "^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
    add comment="" name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B\
    ).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root\
    |entrust\\.net limited)"
    add comment="" name=ntp regexp=\
    "^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])"
    add comment="" name=gnucleuslan regexp=\
    "gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
    add comment="" name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
    \n\$"
    add comment="" name=bgp regexp=\
    "^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
    add comment="" name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
    add comment="" name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
    add comment="" name=h323 regexp=\
    "^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
    add comment="" name=finger regexp=\
    "^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
    add comment="" name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[\
    1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
    \n|[\r\
    \n])\?\$"
    add comment="" name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
    \n\$"
    add comment="" name=hddtemp regexp=\
    "^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
    add comment="" name=socks regexp=\
    "\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]"
    add comment="" name=biff regexp="^[a-z][a-z0-9][email protected][1-9][0-9]+\$"
    add comment="" name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
    add comment="" name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
    add comment="" name=ipp regexp=ipp://
    add comment="" name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~]*cvr0\r\
    \n\$|usr 1 [!-~]+ [0-9. ]+\r\
    \n\$|ans 1 [!-~]+ [0-9. ]+\r\
    \n\$"
    add comment="" name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02\
    -\r -~]*nick[\t-\r -~]*\r\
    \n)"
    add comment="" name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-\
    9.]*\\.[a-z][a-z].\?.\?\t[1-9]"
    add comment="" name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
    add comment="" name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\
    \?\02\01.\?0|\A4\[email protected]\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
    add comment="" name=nntp regexp=\
    "^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
    add comment="" name=aimwebcontent regexp=user-agent:aim/
    add comment="" name=rtsp regexp="rtsp/1.0 200 ok"
    Última edição por renangomes; 18-05-2009 às 00:04.



  3. #3

    Padrão Layer7 (Continuacao)

    add comment="" name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\
    \?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\
    \?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?\
    .\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\?\t|\
    \n.\?.\?.\?.\?.\?.\?.\?.\?\
    \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\?.\?.\?\
    .\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\
    \?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\
    \12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\
    \?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\
    \?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?\
    .\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\
    \?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\
    \?.\?.\?.\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#\
    .\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?.\?.\?.\
    \?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?.\?.\?.\?.\?.\?\
    .\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\
    \?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\
    \?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?\
    .\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\
    \?.\?.\?.\?.\?.\?4|5.\?.\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\
    \?.\?.\?.\?.\?.\?7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\
    \?.\?.\?.\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\
    \?.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|@.\
    \?.\?.\?.\?.\?.\?.\?.\[email protected]|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\?.\?.\?B|C.\
    \?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?.\?.\?.\?.\?.\?E|F.\
    \?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\?.\?.\?.\?.\?.\?.\?.\?H|I.\
    \?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\
    \?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\
    \?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\
    \?.\?.\?.\?.\?.\?.\?.\?R|S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\
    \?.\?.\?.\?.\?.\?.\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\
    \?.\?.\?.\?.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[\
    .\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\
    \?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\?.\?.\?.\?.\
    \?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?.\?b|c.\?.\?.\?.\?.\
    \?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\?.\?.\?.\?e|f.\?.\?.\?.\?.\
    \?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\
    \?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\
    \?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\
    \?.\?.\?.\?o|p.\?.\?.\?.\?.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\
    \?.\?.\?.\?r|s.\?.\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\
    \?.\?.\?.\?u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\
    \?.\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\?.\?\
    .\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|~.\?\
    .\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\
    \80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\
    \?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\
    \?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?\
    .\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\
    \?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\
    \8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\
    \?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
    \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\?.\?.\?\
    \95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\
    \?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\
    \?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?\
    .\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\
    \?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\
    \A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\
    \?.\?.\?\A5|\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\
    \?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\
    \AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\
    \?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\
    \?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?\
    .\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\
    \?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\
    \B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\
    \?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\
    \?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\
    \BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\
    \?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
    \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?\
    .\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\
    \?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\
    \CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\
    \?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\
    \?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\
    \D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\
    \?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\
    \?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?\
    .\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\
    \?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\?.\?.\?\E1|\
    \E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\
    \?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\
    \?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\
    \E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\
    \?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\
    \?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?\
    .\?\F1|\F2.\?.\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\
    \?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
    \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\
    \?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\
    \?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\
    \FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
    add comment="" name=skypetoskype regexp="^..\02............."
    add comment="" name=counterstrike-source regexp=\
    "^\FF\FF\FF\FF.*cstrikeCounter-Strike"
    add comment="" name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
    add comment="" name=freenet regexp="^\01[\08\t][\03\04]"
    add comment="" name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\
    \14\01\06|\FF\FF\FF))|[]\01].\?battlefield2"
    add comment="" name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\
    \?[0-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
    add comment="" name=soulseek regexp=\
    "^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
    add comment="" name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
    add comment="" name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
    add comment="" name=citrix regexp="2&\85\92X"
    add comment="" name=whois regexp="^[ !-~]+\r\
    \n\$"

  4. #4

    Padrão Layer7 (Continuacao)

    add comment="" name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
    add comment="" name=teamspeak regexp="^\F4\BE\03.*teamspeak"
    add comment="" name=worldofwarcraft regexp="^\06\EC\01"
    add comment="" name=ventrilo regexp="^..\?v\\\$\CF"
    add comment="" name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunn\
    elled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
    add comment="" name=thecircle regexp=\
    "^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
    \n\0B](glob|who are you\$|query data)"
    add comment="" name=uucp regexp="^\10here="
    add comment="" name=pcanywhere regexp="^(nq|st)\$"
    add comment="" name=subversion regexp="^\\( success \\( 1 2 \\("
    add comment="" name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>.....................\
    ...........</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host: imsh\
    \\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\
    .\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)"
    add comment="" name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
    add comment="" name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
    \n"
    add comment="" name=stun regexp="^[\01\02]................\?\$"
    add comment="" name=tor regexp=TOR1.*<identity>
    add comment="" name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
    add comment="" name=unset regexp=.
    add comment="" name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
    \n\$"
    add comment="" name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|\
    1\\.1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
    add comment="" name=armagetron regexp=YCLC_E|CYEL



  5. #5

    Padrão IP FIREWALL MANGLE

    # RouterOS 3.23
    # Marcacao de Pacotes.
    # Lembre-se de mudar a interface CLIENTES para o nome da interface onde seus clientes
    # do hotspot estao conectados.
    /ip firewall mangle
    add action=mark-connection chain=output comment="PROXY FULL - Prioridade 2" disabled=\
    no dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp src-port=\
    3128
    add action=mark-packet chain=output comment="" connection-mark=proxyfull disabled=no \
    new-packet-mark=proxyfull passthrough=yes
    add action=return chain=output comment="" connection-mark=proxyfull disabled=no
    add action=mark-connection chain=prerouting comment=QoS disabled=no \
    new-connection-mark=servicosdarede-conn passthrough=yes protocol=icmp
    add action=mark-connection chain=prerouting comment="" disabled=no layer7-protocol=\
    dhcp new-connection-mark=servicosdarede-conn passthrough=yes
    add action=mark-connection chain=prerouting comment="" disabled=no layer7-protocol=\
    dns new-connection-mark=servicosdarede-conn passthrough=yes
    add action=mark-connection chain=prerouting comment="" disabled=no layer7-protocol=\
    ntp new-connection-mark=servicosdarede-conn passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    servicosdarede-conn disabled=no new-packet-mark=servicosdarede passthrough=no
    add action=mark-connection chain=output comment="" disabled=no new-connection-mark=\
    hotspot-out out-interface=CLIENTES passthrough=yes protocol=udp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no new-connection-mark=\
    hotspot-out out-interface=CLIENTES passthrough=yes protocol=tcp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no new-connection-mark=\
    hotspot-out out-interface=CLIENTES passthrough=yes protocol=tcp src-port=64873
    add action=mark-connection chain=output comment="" disabled=no new-connection-mark=\
    hotspot-out out-interface=CLIENTES passthrough=yes protocol=tcp src-port=64874
    add action=mark-connection chain=output comment="" disabled=no new-connection-mark=\
    hotspot-out out-interface=CLIENTES passthrough=yes protocol=tcp src-port=64875
    add action=mark-packet chain=output comment="" connection-mark=hotspot-out disabled=\
    no new-packet-mark=hotspot passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=443 \
    new-packet-mark=ssl passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=ssl \
    new-packet-mark=ssl passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=100bao \
    new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=ares \
    new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    fasttrack new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    directconnect new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    gnutella new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    goboogy new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    bittorrent new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    gnucleuslan new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    edonkey new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=imesh \
    new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=mute \
    new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=kugoo \
    new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    soulseek new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    applejuice new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    napster new-packet-mark=p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=p2p \
    p2p=all-p2p passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=8291 \
    new-packet-mark=acessoremoto passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=ftp \
    new-packet-mark=acessoremoto passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=ident \
    new-packet-mark=acessoremoto passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=rdp \
    new-packet-mark=acessoremoto passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=radmin \
    new-packet-mark=acessoremoto passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=ssh \
    new-packet-mark=acessoremoto passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=1863 \
    new-packet-mark=batepapo passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=aim \
    new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    aimwebcontent new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=irc \
    new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    msn-filetransfer new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    msnmessenger new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    skypeout new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    teamspeak new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    skypetoskype new-packet-mark=batepapo passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=110 \
    new-packet-mark=pop3 passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=pop3 \
    new-packet-mark=pop3 passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=25 \
    new-packet-mark=smtp passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=smtp \
    new-packet-mark=smtp passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no dst-port=143 \
    new-packet-mark=imap passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=imap \
    new-packet-mark=imap passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=nntp \
    new-packet-mark=imap passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=\
    Youtube passthrough=no protocol=tcp src-address-list=Youtube
    add action=mark-connection chain=prerouting comment="" connection-bytes=1-512000 \
    disabled=no dst-port=80 new-connection-mark=http-navegacao-conn passthrough=yes \
    protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    http-navegacao-conn disabled=no new-packet-mark=http-navegacao passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=512000-1000000 \
    disabled=no dst-port=80 new-packet-mark=http-1Mbyte passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-bytes=1000000-3000000 \
    disabled=no dst-port=80 new-packet-mark=http-3Mbyte passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-bytes=3000000-6000000 \
    disabled=no dst-port=80 new-packet-mark=http-6Mbyte passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-bytes=6000000-30000000 \
    disabled=no dst-port=80 new-packet-mark=http-30Mbyte passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-bytes=30000000-60000000 \
    disabled=no dst-port=80 new-packet-mark=http-60Mbytes passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-bytes=60000000-0 \
    disabled=no dst-port=80 new-packet-mark=http-Infinite passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=http \
    new-packet-mark=http-Infinite passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=\
    http-rtsp new-packet-mark=http-3Mbyte passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=h323 \
    new-packet-mark=voip passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=rtsp \
    new-packet-mark=voip passthrough=no

  6. #6

    Padrão Mangle (Continuacao)

    add action=mark-packet chain=prerouting comment="" disabled=no layer7-protocol=sip \
    new-packet-mark=voip passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=\
    udp-100 packet-size=0-100 passthrough=no protocol=udp
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=\
    upd-500 packet-size=100-500 passthrough=no protocol=udp
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=\
    upd-other passthrough=no protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-bytes=1-512000 \
    disabled=no new-packet-mark=0bytes passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=512000-1000000 \
    disabled=no new-packet-mark=1Mbyte passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=1000000-3000000 \
    disabled=no new-packet-mark=3Mbyte passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=3000000-6000000 \
    disabled=no new-packet-mark=6Mbyte passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=6000000-30000000 \
    disabled=no new-packet-mark=30Mbyte passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=30000000-60000000 \
    disabled=no new-packet-mark=60Mbytes passthrough=no
    add action=mark-packet chain=prerouting comment="" connection-bytes=60000000-0 \
    disabled=no new-packet-mark=Infinite passthrough=no
    add action=mark-packet chain=prerouting comment="" disabled=no new-packet-mark=Outros \
    passthrough=no



  7. #7

    Padrão QUEUE TREE

    # Adicionando as Filas
    # Meu link eh de 1M, e algumas filas estao liberadas. (ex. A navegacao)
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=10M name=Cache-Full packet-mark=proxyfull parent=\
    global-total priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=ServicosDaRede packet-mark=servicosdarede parent=\
    global-total priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Ssl packet-mark=ssl parent=global-total priority=2 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=200k name=P2P packet-mark=p2p parent=global-total priority=\
    8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=BatePapo packet-mark=batepapo parent=global-total \
    priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Udp packet-mark="" parent=global-total priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Udp-100 packet-mark=udp-100 parent=Udp priority=1 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Udp-500 packet-mark=upd-500 parent=Udp priority=2 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Udp-Other packet-mark=upd-other parent=Udp priority=\
    3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Email packet-mark="" parent=global-total priority=4 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Pop3 packet-mark=pop3 parent=Email priority=1 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Imap packet-mark=imap parent=Email priority=3 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http packet-mark="" parent=global-total priority=2 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=Http-Navegacao packet-mark=http-navegacao parent=\
    global-total priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http-1Mbyte packet-mark=http-1Mbyte parent=Http \
    priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http-3Mbyte packet-mark=http-3Mbyte parent=Http \
    priority=3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http-6Mbyte packet-mark=http-6Mbyte parent=Http \
    priority=4 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http-30Mbyte packet-mark=http-30Mbyte parent=Http \
    priority=5 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http-60Mbytes packet-mark=http-60Mbytes parent=Http \
    priority=6 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=600k name=Http-Infinite packet-mark=http-Infinite parent=\
    Http priority=7 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Youtube packet-mark=Youtube parent=Http priority=4 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros packet-mark="" parent=global-total priority=7 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-0bytes packet-mark=0bytes parent=Outros \
    priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-1Mbyte packet-mark=1Mbyte parent=Outros \
    priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-3Mbyte packet-mark=3Mbyte parent=Outros \
    priority=3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-6Mbyte packet-mark=6Mbyte parent=Outros \
    priority=4 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-30Mbyte packet-mark=30Mbyte parent=Outros \
    priority=5 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-60Mbytes packet-mark=60Mbytes parent=Outros \
    priority=6 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-Infinite packet-mark=Infinite parent=Outros \
    priority=7 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Outros-Desconhecidos packet-mark=Outros parent=\
    Outros priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=AcessoRemoto packet-mark=acessoremoto parent=\
    global-total priority=3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Voip packet-mark=voip parent=global-total priority=6 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=5M name=Hotspot packet-mark=hotspot parent=global-total \
    priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Smtp packet-mark=smtp parent=Email priority=2 queue=\
    default



    ---
    Ixi maria! Muito maior do que eu imaginei.. Pensei que ia caber tudo em um post só...

  8. #8

    Padrão

    Boas marcações Renan,poderia fazer o post mais completo assim que tiver tempo exemplificando alguma das marcações pois ajudaria muito os novos usuários a entender todo o processo, por onde passam os pacotes como são feitos os controles para fazer juz ao título.

    No mais esta de parabéns, fico feliz em ver que além de você, esta semana ganhamos novos colaboradores, tenho lido o post de todos e notado que quem normalmente antes só agradeciaagora também esta se preocupando em criar suas próprias soluções e compartilhar com os demais, acho que este é o verdadeiro espirito do fórum.

    Grande abraço e espero que continue com belos posts como este.



  9. #9

    Padrão

    caso eu queira implantar as regras, como devo proceder?

  10. #10
    Avatar de angelangra
    Ingresso
    Jul 2007
    Localização
    Angra dos Reis, Rio de Janeiro, Brazil, Brazil
    Posts
    368

    Padrão

    Uma duvida, não teria problema com gerenciador de download que dividi seções do arquivo. Pode ocorre de dividi em seções de 1mb ou menor. Ai ocorre o cosumo da sua banda.



  11. #11

    Padrão

    Citação Postado originalmente por renangomes Ver Post
    Bem, eu já tentei várias formas de melhorar a navegação de meus clientes. Recentemente eu sai "catanto" todas as dicas do UnderLinux e na Wiki do Mikrotik e cheguei ao meu Sistema de QoS proprio....
    Bela colaboração.

    Cada um tem um jeito. O meu jeito preferido de aprender é vendo um exemplo, analisando o que faz e tento adaptar para minhas necessidades.

    Nesse caso o arquivo anexo é melhor do que colocá-lo no corpo da mensagem. Fica meio quebrado.

    Só senti falta do uso do "comment", ajudaria a entender mais rápido todo o processo. Mas, devido a quantidade de regras, seria muito pedir isso.

    No mais, estas de parabéns.

  12. #12

    Padrão

    Citação Postado originalmente por lfaria Ver Post
    Bela colaboração.
    Só senti falta do uso do "comment", ajudaria a entender mais rápido todo o processo. Mas, devido a quantidade de regras, seria muito pedir isso.
    Depois eu vou fazer um artigo melhor, só sobre isso e de como eu faço as marcações exatamente.
    Os comemts eu retirei, porque eles deixavam meu mangle muito cheio. Como foi eu quem fez as regas, eu acabo entendendo tudo. Peço desculpas por ter apagado os coments, mas semana que vem eu posto com comentários e tudo.
    Passei o dia hoje tentando "arrumar" a bagunça que tá meu mangle e quando ele estiver mais legivel eu posto aqui, ou então na wiki do forum.


    Uma duvida, não teria problema com gerenciador de download que dividi seções do arquivo. Pode ocorre de dividi em seções de 1mb ou menor. Ai ocorre o cosumo da sua banda.
    Boaaa, valeu pela dica, eu nem havia pensado nisso.
    Se bem que se o arquivo for grande o numero de sessoe vao ser maiores de que 1MB, assim, a velocidade seria controlada.

    Ex: Peguemos um download de 30mb e que um usuario coloque para baixar no free download manager. O padrão é de 5 sessões por download, logo, cada uma teria 6MB e meu QoS lidaria muito bem com elas.
    O bug está quando o cabra coloca 35 sessoes por download por exemplo. Ai sim, os pedaçoe sficariam pequenos e ele burlaria meu sistema de controle de trafego.***

    *** - Na verdade isso nao é possivel porque eu limito a quantidade de conexoes por cliente a 20 conexoes http, logo, ele nao conseguiria usar as 35 sessoes. E, fazendo os calculos, você veria que no maximo ele conseguiria baixar arquivos de 20MB a 1mb. É ruim, mas acho que nao é desastroso.

    Pensarei em uma forma de melhorar. (Acho que uma PCQ resolve, certo?)



  13. #13

    Padrão

    Acabei de perceber que esqueci de postar minha address list.
    Ela serve para identificar os pacotes do Youtube.

    Código :
    /ip firewall address-list
    add address=208.117.224.0/24 comment="" disabled=no list=Youtube
    add address=208.117.225.0/24 comment="" disabled=no list=Youtube
    add address=208.117.228.0/24 comment="" disabled=no list=Youtube
    add address=208.117.229.0/24 comment="" disabled=no list=Youtube
    add address=208.117.232.0/24 comment="" disabled=no list=Youtube
    add address=208.117.233.0/24 comment="" disabled=no list=Youtube
    add address=208.117.234.0/24 comment="" disabled=no list=Youtube
    add address=208.117.238.0/24 comment="" disabled=no list=Youtube
    add address=208.65.152.0/24 comment="" disabled=no list=Youtube
    add address=208.65.153.0/24 comment="" disabled=no list=Youtube
    add address=208.65.154.0/24 comment="" disabled=no list=Youtube
    add address=64.15.112.0/20 comment="" disabled=no list=Youtube
    add address=208.117.236.0/24 comment="" disabled=no list=Youtube
    add address=74.125.96.0/19 comment="" disabled=no list=Youtube
    add address=72.14.221.0/24 comment="" disabled=no list=Youtube
    add address=84.53.128.0/18 comment="" disabled=no list=Youtube
    add address=87.248.192.0/19 comment="" disabled=no list=Youtube
    add address=216.155.128.0/19 comment="" disabled=no list=Youtube
    add address=208.73.208.0/21 comment="" disabled=no list=Youtube
    add address=66.55.140.0/23 comment="" disabled=no list=Youtube
    add address=74.125.208.0/24 comment="" disabled=no list=Youtube
    add address=208.117.236.0/24 comment="" disabled=no list=Youtube
    add address=75.125.0.0/16 comment="" disabled=no list=Youtube
    add address=74.125.0.0/16 comment="" disabled=no list=Youtube

  14. #14

    Padrão

    Para quem pretende implantar o QoS com por L7, aconselho que lêem este material antes, assim caso surja alguma dúvida, ficará mais fácil de se expressar.



  15. #15

    Padrão

    Citação Postado originalmente por renangomes Ver Post
    Depois eu vou fazer um artigo melhor, só sobre isso e de como eu faço as marcações exatamente. Os comemts eu retirei, (...) e quando ele estiver mais legivel eu posto aqui, ou então na wiki do forum.
    Se você apenas removeu os comments aí fica mais fácil. É um bom material.

    Se quer uma sugestão, mande primeiramente aqui, fomente a participação e amadureça o mais possível (Já vi uma sugestão aparecendo, outras poderão vir) e aí sim transforme num wiki.

    São materiais desse nível que estamos precisando.

  16. #16



  17. #17

    Padrão

    Quero agradecer tambem pelo material ainda estou aprendendo mas para analize e testes vai ser muito bom esse conteudo

  18. #18

    Padrão

    achei bem completo mas nao rodou totalmente na minha rb 600 versao 3.27 mas a maioria ta fazendo um bom trabalho ¨valeu¨



  19. #19

    Padrão

    Obrigado pelas regras, apliquei em meu servidor e funcionou, porém as regras de HTTP de 1MB, 3MB, 6MB, 30MB e 60MB, não funcionaram.

  20. #20

    Padrão

    Adorei .. gostei muito mesmo, sempre imaginei o que mais poderia ser feito, marcado, melhorado.. mais não tinha visto muitas das idéias postadas aqui... vlw