+ Responder ao Tópico

  1. Citação Postado originalmente por zipfile Ver Post
    meu nobre, como eu faço isto ai?
    No proprio programa do amigo Scan, tem o direcinamento dos video do terra, e do globo.com para os LINK0, LINK1, Link2, amigo, feito certinho la no LOOPBACK... so inserior os dados e ver a configuraçao gerada...
    Obs.: os IPS q eu peguei do Globo. foir
    HTML GLOBO - 201.7.176.0/24
    Video GLOBO - 201.7.176.0/20
    Video TERRA - 208.84.247.0/24
    Video TERRA - 200.154.56.0/24
    Video TERRA - 200.203.121.0/24
    Última edição por aka2005; 24-08-2010 às 19:05.

  2. só para agradecer, esse seu programa é excelente! gera os codigos direitnho.

    Valeu amigo!



  3. eu estava usando a versao 1.2, refiz a configuraçao usando agora a 1.3 que me permite fazer o direcionamento por links, so que ainda nao consigo abrir videos da globo, uol abre normal aqui.
    aqui minhas regras, tem algo errado?
    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=ether1 new-connection-mark=Sites0 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=ether1 new-routing-mark=Rota0 passthrough=no
    / ip route add gateway=adsl_ether2 routing-mark=Rota0
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=ether1 new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=ether1 new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=adsl_ether3 routing-mark=Rota1
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=ether1 new-connection-mark=Sites2 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=ether1 new-routing-mark=Rota2 passthrough=no
    / ip route add gateway=adsl_ether4 routing-mark=Rota2

    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    # Fim LoopBack por link----------------------

  4. aqui as regras do mangle:
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether2 new-connection-mark=adsl_ether2_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether4 new-connection-mark=adsl_ether4_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether6 new-connection-mark=adsl_ether6_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether2_conn disabled=no new-routing-mark=to_adsl_ether2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=no new-routing-mark=to_adsl_ether3 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether4_conn disabled=no new-routing-mark=to_adsl_ether4 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether6_conn disabled=no new-routing-mark=to_adsl_ether6 passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether2_conn passthrough=yes per-connection-classifier=both-addresses:5/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:5/1
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether4_conn passthrough=yes per-connection-classifier=both-addresses:5/2
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses:5/3
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether6_conn passthrough=yes per-connection-classifier=both-addresses:5/4
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether2_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether3 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether4 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether6_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether6 passthrough=yes

    alguma ideia amigos?

  5. Boa tarde galera,
    utilizando o PCC 1.3, gerei os scripts, que por enquanto parecem esta corretos.
    Cenário: 3 Interface; 2 link's ADSL 6 Mega com o mikrotik 3.30 discando e um interface pra rede local.
    (Interface Name: Internet1, Internet2 e Rede).
    Duvida: Como saber se a configuração esta 100%? No Interface List, as duas conexões discam, mas só uma transfere dados quando navego, lembrando que só tem duas maquinas navegando ao mesmo tempo, por enquanto, pra teste. E quando eu desligo um modem da interface utilizada, demora algo em torno de 1 minuto pra a maquina voltar a navegar.

    Script:
    # ip address --------------------------
    /ip address add address=192.168.2.1/24 interface=Rede

    # interface pppoe-client ---------------
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=Internet1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_Internet1 password=7532257224 profile=default service-name="" use-peer-dns=no user=7532257224@oi.com.br
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=Internet2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_Internet2 password=7532257224 profile=default service-name="" use-peer-dns=no user=7532257224@oi.com.br

    # ip dns --------------------------------
    /ip dns set primary-dns=200.165.132.158
    /ip dns set secondary-dns=8.8.8.8
    /ip dns set allow-remote-requests=yes

    # ip dns statico------------------------
    /ip dns static add address=192.168.2.1 comment="" disabled=no name=192.168.2.1.cyberscan.com.br ttl=1d

    # ip firewall Filter------------------------
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no

    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_Internet1
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_Internet2

    # ip firewall mangle------------------------

    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=Rede new-connection-mark=Sites0 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=Rede new-routing-mark=Rota0 passthrough=no
    / ip route add gateway=adsl_Internet1 routing-mark=Rota0
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=Rede new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=Rede new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=adsl_Internet2 routing-mark=Rota1

    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK0
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK0
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK0
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    # Fim LoopBack por link----------------------

    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Rede
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=Rede
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_Internet1 new-connection-mark=adsl_Internet1_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_Internet2 new-connection-mark=adsl_Internet2_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_Internet1_conn disabled=no new-routing-mark=to_adsl_Internet1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_Internet2_conn disabled=no new-routing-mark=to_adsl_Internet2 passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Rede new-connection-mark=adsl_Internet1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Rede new-connection-mark=adsl_Internet2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_Internet1_conn disabled=no in-interface=Rede new-routing-mark=to_adsl_Internet1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_Internet2_conn disabled=no in-interface=Rede new-routing-mark=to_adsl_Internet2 passthrough=yes

    # ip route----------------------------------
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_Internet1 routing-mark=to_adsl_Internet1 comment="Link0"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_Internet2 routing-mark=to_adsl_Internet2 comment="Link1"
    /ip route add comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_Internet1 scope=30 target-scope=10
    /ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_Internet2 scope=30 target-scope=10

    # ip firewall address-list-----------------------------
    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback

    # /system script--------------------------------------
    /system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
    /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
    /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
    /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
    Desde já, agradeço a ajuda.
    Abraços






Visite: BR-Linux ·  VivaOLinux ·  Dicas-L