Página 2 de 3 PrimeiroPrimeiro 123 ÚltimoÚltimo
+ Responder ao Tópico



  1. Aqui está tudo normal. Posta como estão as suas regras de web-proxy e as configurações das suas interfaces de rede.

  2. Entao vamos la:

    / interface ethernet
    set Link name="Link" mtu=1500 mac-address=00:00:00:00: arp=enabled \
    disable-running-check=yes auto-negotiation=yes full-duplex=yes \
    cable-settings=default speed=100Mbps comment="" disabled=no
    set Clientes name="Clientes" mtu=1500 mac-address=00:00:00:00: \
    arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes \
    cable-settings=default speed=100Mbps comment="" disabled=no
    / interface wireless
    set wlan1 name="wlan1" mtu=1500 mac-address=00:00:00:00: arp=enabled \
    disable-running-check=no radio-name="MK RHSuporte" mode=ap-bridge \
    ssid="Empresarial" area="" frequency-mode=superchannel \
    country=no_country_set antenna-gain=0 frequency=2412 band=2.4ghz-b/g \
    scan-list=default rate-set=default \
    supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
    supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 \
    ack-timeout=dynamic tx-power=25 tx-power-mode=card-rates \
    noise-floor-threshold=default periodic-calibration=default \
    periodic-calibration-interval=300 burst-time=disabled dfs-mode=none \
    antenna-mode=ant-a wds-mode=dynamic wds-default-bridge=none \
    wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no \
    update-stats-interval=disabled default-authentication=yes \
    default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 \
    proprietary-extensions=post-2.9.25 hide-ssid=no security-profile=RHSuporte \
    disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both \
    compression=no allow-sharedkey=no comment="" disabled=no
    / interface wireless nstreme
    set wlan1 enable-nstreme=no enable-polling=yes framer-policy=none \
    framer-limit=3200
    / interface wireless manual-tx-power-table
    set wlan1 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
    s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
    / interface wireless security-profiles
    set default name="default" mode=dynamic-keys authentication-types=wpa-psk \
    unicast-ciphers=tkip group-ciphers=tkip \
    wpa-pre-shared-key="***********" wpa2-pre-shared-key="" \
    tls-mode=no-certificates tls-certificate=none static-algo-0=none \
    static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none \
    static-key-2="" static-algo-3=none static-key-3="" \
    static-transmit-key=key-0 static-sta-private-algo=none \
    static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
    add name="RHSuporte" mode=dynamic-keys authentication-types=wpa-psk \
    unicast-ciphers=tkip group-ciphers=tkip \
    wpa-pre-shared-key="************" \
    wpa2-pre-shared-key="***********" tls-mode=no-certificates \
    tls-certificate=none static-algo-0=none static-key-0="" static-algo-1=none \
    static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none \
    static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none \
    static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
    / interface wireless align
    set frame-size=300 active-mode=yes receive-all=no \
    audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no \
    frames-per-second=25 audio-min=-100 audio-max=-20
    / interface wireless snooper
    set multiple-channels=yes channel-time=200ms receive-errors=no
    / interface wireless sniffer
    set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no \
    memory-limit=10 file-name="" file-limit=10 streaming-enabled=no \
    streaming-server=0.0.0.0 streaming-max-rate=0
    / interface l2tp-server server
    set enabled=no max-mtu=1460 max-mru=1460 \
    authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
    / interface pptp-server server
    set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
    keepalive-timeout=30 default-profile=default-encryption

    / ip web-proxy
    set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
    transparent-proxy=yes parent-proxy=0.0.0.0:0 \
    cache-administrator="renatosoa@yahoo.com.br" max-object-size=30960KiB \
    cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no
    / ip web-proxy cache
    add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
    disabled=no
    add url="https://" action=deny comment="no cache dynamic https pages" \
    disabled=no
    Última edição por renatosoa; 02-04-2010 às 15:03.



  3. Citação Postado originalmente por renatosoa Ver Post
    Entao vamos la:

    / interface ethernet
    set Link name="Link" mtu=1500 mac-address=00:00:00:00: arp=enabled \
    disable-running-check=yes auto-negotiation=yes full-duplex=yes \
    cable-settings=default speed=100Mbps comment="" disabled=no
    set Clientes name="Clientes" mtu=1500 mac-address=00:00:00:00: \
    arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes \
    cable-settings=default speed=100Mbps comment="" disabled=no
    / interface wireless
    set wlan1 name="wlan1" mtu=1500 mac-address=00:00:00:00: arp=enabled \
    disable-running-check=no radio-name="MK RHSuporte" mode=ap-bridge \
    ssid="Empresarial" area="" frequency-mode=superchannel \
    country=no_country_set antenna-gain=0 frequency=2412 band=2.4ghz-b/g \
    scan-list=default rate-set=default \
    supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
    supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 \
    ack-timeout=dynamic tx-power=25 tx-power-mode=card-rates \
    noise-floor-threshold=default periodic-calibration=default \
    periodic-calibration-interval=300 burst-time=disabled dfs-mode=none \
    antenna-mode=ant-a wds-mode=dynamic wds-default-bridge=none \
    wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no \
    update-stats-interval=disabled default-authentication=yes \
    default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 \
    proprietary-extensions=post-2.9.25 hide-ssid=no security-profile=RHSuporte \
    disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both \
    compression=no allow-sharedkey=no comment="" disabled=no
    / interface wireless nstreme
    set wlan1 enable-nstreme=no enable-polling=yes framer-policy=none \
    framer-limit=3200
    / interface wireless manual-tx-power-table
    set wlan1 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
    s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
    / interface wireless security-profiles
    set default name="default" mode=dynamic-keys authentication-types=wpa-psk \
    unicast-ciphers=tkip group-ciphers=tkip \
    wpa-pre-shared-key="***********" wpa2-pre-shared-key="" \
    tls-mode=no-certificates tls-certificate=none static-algo-0=none \
    static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none \
    static-key-2="" static-algo-3=none static-key-3="" \
    static-transmit-key=key-0 static-sta-private-algo=none \
    static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
    add name="RHSuporte" mode=dynamic-keys authentication-types=wpa-psk \
    unicast-ciphers=tkip group-ciphers=tkip \
    wpa-pre-shared-key="************" \
    wpa2-pre-shared-key="***********" tls-mode=no-certificates \
    tls-certificate=none static-algo-0=none static-key-0="" static-algo-1=none \
    static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none \
    static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none \
    static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
    / interface wireless align
    set frame-size=300 active-mode=yes receive-all=no \
    audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no \
    frames-per-second=25 audio-min=-100 audio-max=-20
    / interface wireless snooper
    set multiple-channels=yes channel-time=200ms receive-errors=no
    / interface wireless sniffer
    set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no \
    memory-limit=10 file-name="" file-limit=10 streaming-enabled=no \
    streaming-server=0.0.0.0 streaming-max-rate=0
    / interface l2tp-server server
    set enabled=no max-mtu=1460 max-mru=1460 \
    authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
    / interface pptp-server server
    set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
    keepalive-timeout=30 default-profile=default-encryption

    / ip web-proxy
    set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
    transparent-proxy=yes parent-proxy=0.0.0.0:0 \
    cache-administrator="renatosoa@yahoo.com.br" max-object-size=30960KiB \
    cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no
    / ip web-proxy cache
    add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
    disabled=no
    add url="https://" action=deny comment="no cache dynamic https pages" \
    disabled=no
    No web-proxy adicione uma regra para aceitar os ips da sua rede e após esta regra insira uma outra que bloqueie todo o restante de IPs.

  4. Seria mais ou menos assim??
    Mas acrescentei a porta do web proxy, sem ela da erro de conexao a qualquer site.
    E caso sejam essas regras abaixo nao deu certo ou as fiz errado.
    Ei sosouteiro, vlz mesmo ai forca ai cara, to muito agradecido !!! (Y)

    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no
    add src-address=175.25.50.0/32 dst-port=3128 action=allow comment="Aceitar \
    conexao ao proxy" disabled=no
    add src-address=175.25.100.0/32 dst-port=3128 action=allow comment="Aceitar \
    conexao ao proxy" disabled=no
    add dst-port=3128 action=deny comment="Bloquear demais conexoes ao proxy" \
    disabled=no



  5. Citação Postado originalmente por renatosoa Ver Post
    Seria mais ou menos assim??
    Mas acrescentei a porta do web proxy, sem ela da erro de conexao a qualquer site.
    E caso sejam essas regras abaixo nao deu certo ou as fiz errado.
    Ei sosouteiro, vlz mesmo ai forca ai cara, to muito agradecido !!! (Y)

    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no
    add src-address=175.25.50.0/32 dst-port=3128 action=allow comment="Aceitar \
    conexao ao proxy" disabled=no
    add src-address=175.25.100.0/32 dst-port=3128 action=allow comment="Aceitar \
    conexao ao proxy" disabled=no
    add dst-port=3128 action=deny comment="Bloquear demais conexoes ao proxy" \
    disabled=no
    Isso, agora você tem que especificar, nessa ultima regra o IP: 0.0.0.0 de origem. src-address 0.0.0.0

    Você nem precisa especificar a porta do proxy, essa 3128 que você está utilizando.






Tópicos Similares

  1. Estruturação de Rede Interna com MK
    Por nandoinet no fórum Redes
    Respostas: 5
    Último Post: 02-08-2013, 16:03
  2. Respostas: 7
    Último Post: 28-06-2012, 14:05
  3. Respostas: 0
    Último Post: 19-02-2011, 20:18
  4. Respostas: 7
    Último Post: 27-01-2011, 09:28
  5. Redirecionamento de ip para rede interna
    Por tecnic no fórum Redes
    Respostas: 2
    Último Post: 27-11-2005, 11:43

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L