Libera acesso a site

[viunet]

pessoal estou com problema de acesso a site como ( 136.166.4.29) nao cosigo fazer login qdo faço fica apenas a msg de carregando e o site da caixa ( 200.201.166.200) da cixa tabem nao acesso a conta.. .. alguem poderia me auxiliar nesta questao... att,,, obs pesquisei no forum me ate agora nao achei,, uma q liberasse o acesso.. ja testei muitas...

[kyanbatera]

pessoal estou com problema de acesso a site como ( 136.166.4.29) nao cosigo fazer login qdo faço fica apenas a msg de carregando e o site da caixa ( 200.201.166.200) da cixa tabem nao acesso a conta.. .. alguem poderia me auxiliar nesta questao... att,,, obs pesquisei no forum me ate agora nao achei,, uma q liberasse o acesso.. ja testei muitas...

Amigo você está utilizando Load Balance????
pois eu tinha essa problema quando usava link ADSL ai tinha load balance quando algum dos clientes tinha que acessar páginas de banco dava erro ai coloquei umas regras no Firewall e resolvi o problema.

[viunet]

Amigo você está utilizando Load Balance????
pois eu tinha essa problema quando usava link ADSL ai tinha load balance quando algum dos clientes tinha que acessar páginas de banco dava erro ai coloquei umas regras no Firewall e resolvi o problema.

me add para toraca essas ideias,,, [email protected]

[ederjohann]

tive esse problema com o conectividade social da caixa

solução

em ip firewall nat
add chain=dstnat dst-address=200.201.173.0/24 action=accept \
comment="Conectividade Social" disabled=no


adapte a sua necessidade. coloque essa regra no topo do nat, antes do mascaramento...

[kyanbatera]

me add para toraca essas ideias,,, [email protected]

Adicionei mais seria bom se conseguir resolve o seu problema postar aqui no fórun poís podem ter usuário com esse mesmo problema ai serve de ajuda para eles também!!!!!

Forte abraço!!!

[Não Registrado]

[QUOTE=kyanbatera;431863]Adicionei mais seria bom se conseguir resolve o seu problema postar aqui no fórun poís podem ter usuário com esse mesmo problema ai serve de ajuda para eles também!!!!!

Forte abraço!!![/QUOT


eu so uso um link de 1mega da oi "velox"

[viunet]

tive esse problema com o conectividade social da caixa

solução

em ip firewall nat
add chain=dstnat dst-address=200.201.173.0/24 action=accept \
comment="Conectividade Social" disabled=no


adapte a sua necessidade. coloque essa regra no topo do nat, antes do mascaramento...

viu testa e posto aqui o resultado

[viunet]

Adicionei mais seria bom se conseguir resolve o seu problema postar aqui no fórun poís podem ter usuário com esse mesmo problema ai serve de ajuda para eles também!!!!!

Forte abraço!!!

nao uso Load Balance, tenho apenas um liink de 1mega...

[kyanbatera]

nao uso Load Balance, tenho apenas um liink de 1mega...

Ta usando Proxy ???

Posta suas regras de Firewall pra galera da uma olhada!!!

[viunet]

Ta usando Proxy ???

Posta suas regras de Firewall pra galera da uma olhada!!!

nao uso proxy vou psta meu firewell

[viunet]

/ ip firewall mangle
add chain=prerouting protocol=tcp src-port=1863 action=mark-packet \
new-packet-mark=msn-out passthrough=yes comment="regras de msn" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-packet \
new-packet-mark=msn-in passthrough=yes comment="" disabled=no
add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
action=mark-connection new-connection-mark=squid-connection-HIT \
passthrough=yes comment="Cache-squid" disabled=no
add chain=output connection-mark=squid-connection-HIT action=mark-packet \
new-packet-mark=squid-packet-HIT passthrough=no comment="" disabled=no
add chain=prerouting in-interface=bridge1 src-address=10.0.0.0/8 \
action=mark-packet new-packet-mark=test-up passthrough=no comment="UP \
TRAFFIC" disabled=no
add chain=forward src-address=10.0.0.0/8 action=mark-connection \
new-connection-mark=test-conn passthrough=yes comment="CONN-MARK" \
disabled=no
add chain=forward in-interface=Link_internet connection-mark=test-conn \
action=mark-packet new-packet-mark=test-down passthrough=no \
comment="DOWN-DIRECT CONNECTION" disabled=no
add chain=output out-interface=bridge1 dst-address=10.0.0.0/8 \
action=mark-packet new-packet-mark=test-down passthrough=no comment="DOWN \
VIA PROXY" disabled=no
add chain=prerouting content=youtube action=mark-connection \
new-connection-mark=YTB passthrough=yes comment="YOUTUBE" disabled=no
add chain=postrouting content=youtube action=mark-connection \
new-connection-mark=YTB passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=YTB action=mark-packet \
new-packet-mark=youtube passthrough=yes comment="" disabled=no
add chain=postrouting connection-mark=YTB action=mark-packet \
new-packet-mark=youtube passthrough=yes comment="" disabled=no
add chain=forward protocol=icmp action=change-ttl new-ttl=set:30 \
comment="Filtro Tracert / Traceroute" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=p2p_conn passthrough=yes comment="regra de p2p emule \
shareaza etc..." disabled=no
add chain=prerouting connection-mark=p2p_conn action=mark-packet \
new-packet-mark=p2p passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=masquerade \
comment="" disabled=no
add chain=dstnat in-interface=Link_internet src-address=10.0.0.0/8 protocol=tcp \
dst-port=80 action=redirect to-ports=3128 comment="proxy" disabled=no
add chain=srcnat src-address=10.0.0.0/8 action=masquerade comment="masquerade \
hotspot network" disabled=no
add chain=dstnat protocol=tcp dst-port=27015 action=dst-nat \
to-addresses=10.100.1.12 to-ports=27015 comment="regra para libeta porta \
cs" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=input in-interface=Link_internet protocol=tcp dst-port=3128 \
action=drop comment="bloquear proxy externo" disabled=no
add chain=input src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=accept \
comment="" disabled=no
add chain=output src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=accept \
comment="" disabled=no
add chain=forward p2p=all-p2p action=drop comment="CONTROLE DE WAREZ - P2P" \
disabled=no
add chain=forward protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=forward protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward action=drop comment="Controle de Acesso de Cliente por \
Horario" disabled=yes
add chain=input action=jump jump-target=virus comment="!!! Check for well-known \
viruses !!!" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop \
Messenger Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" \
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop \
Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop \
MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor \
OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop \
Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" \
disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" \
disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" \
disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, \
Agobot, Gaobot" disabled=no
add chain=forward protocol=udp dst-port=0 action=drop comment="WAREZ" \
disabled=no
add chain=forward protocol=udp src-port=0 action=drop comment="" disabled=no
add chain=forward p2p=warez action=drop comment="" disabled=no
add chain=input protocol=udp action=jump jump-target=UDP comment="ICMP" \
disabled=no
/ ip firewall address-list
add list=youtube address=64.15.116.0/24 comment="youtube" disabled=no
add list=youtube address=74.125.9.0/24 comment="" disabled=no
add list=youtube address=208.117.235.0/24 comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes