+ Responder ao Tópico



  1. #1
    Avatar de LmcNet
    Ingresso
    Oct 2010
    Localização
    Anápolis Goias
    Posts
    64

    Padrão Salada mista de regras.. acho que isso que ta dando pau no MK

    Pessoal.. confesso que sou do tipo que pegua regra e joga no MK saber as vezes se vai ter algum conflito ou coisa assim.. gostaria que alguem desse uma conferida nas regras do mangle.. por que acho que tem algo errado pois o msn nao para de cair.. ja tentei fazer priorização de trafego para o msn mas mesmo assim nada. o meu ACK esta muito bom.. tem link de sobra.. isso ta um misterio so pode ter coisa errada nas regras mangle. aqui vao elas..
    Código php:
    / ip firewall mangle 
    add chain=prerouting p2p=all-p2p action=mark-connection \
        new-connection-mark=p2p_conn passthrough=yes comment="\"BLOQUEAR P2P\"" \
        disabled=no 
    add chain=prerouting connection-mark=p2p_conn action=mark-packet \
        new-packet-mark=p2p passthrough=yes comment="" disabled=no 
    add chain=prerouting protocol=tcp src-port=1863 action=mark-packet \
        new-packet-mark=msn-out passthrough=yes comment="regras de msn" \
        disabled=no 
    add chain=prerouting protocol=tcp dst-port=1863 action=mark-packet \
        new-packet-mark=msn-in passthrough=yes comment="" disabled=no 
    add chain=prerouting connection-mark=http_conn action=mark-packet \
        new-packet-mark=http_down passthrough=yes comment="" disabled=no 
    add chain=prerouting connection-mark=p2p-conn action=mark-packet \
        new-packet-mark=other passthrough=yes comment="outras regras" disabled=no 
    add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
        new-connection-mark=http_conn passthrough=yes comment="regras de http" \
        disabled=no 
    add chain=prerouting p2p=warez action=mark-connection new-connection-mark=ares \
        passthrough=yes comment="" disabled=no 
    add chain=prerouting protocol=tcp connection-state=new action=jump \
        jump-target=tcp-servi os comment="" disabled=no 
    add chain=prerouting protocol=udp connection-state=new action=jump \
        jump-target=udp-servi os comment="" disabled=no 
    add chain=prerouting connection-state=new action=jump \
        jump-target=otros-servi os comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=20-21 \
        action=mark-connection new-connection-mark=ftp passthrough=no \
        comment="regras de servi os tcp" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=513-65535 dst-port=22 \
        action=mark-connection new-connection-mark=ssh passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=23 \
        action=mark-connection new-connection-mark=telnet passthrough=no \
        comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=25 \
        action=mark-connection new-connection-mark=smtp passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=53 dst-port=53 \
        action=mark-connection new-connection-mark=dns passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=53 \
        action=mark-connection new-connection-mark=dns passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=80 \
        action=mark-connection new-connection-mark=http passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=110 \
        action=mark-connection new-connection-mark=pop3 passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=113 \
        action=mark-connection new-connection-mark=auth passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=119 \
        action=mark-connection new-connection-mark=nntp passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=143 \
        action=mark-connection new-connection-mark=imap passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=161-162 \
        action=mark-connection new-connection-mark=snmp passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=443 \
        action=mark-connection new-connection-mark=https passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=465 \
        action=mark-connection new-connection-mark=smtps passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=993 \
        action=mark-connection new-connection-mark=imaps passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=995 \
        action=mark-connection new-connection-mark=pop3s passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=1723 \
        action=mark-connection new-connection-mark=pptp passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=2379 \
        action=mark-connection new-connection-mark=kgs passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=3128 \
        action=mark-connection new-connection-mark=proxy passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=3389 \
        action=mark-connection new-connection-mark=win-ts passthrough=no \
        comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=4242-4243 \
        action=mark-connection new-connection-mark=emule passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=4661-4662 dst-port=1024-65535 \
        action=mark-connection new-connection-mark=overnet passthrough=no \
        comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=4711 dst-port=1024-65535 \
        action=mark-connection new-connection-mark=emule passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=5900-5901 \
        action=mark-connection new-connection-mark=vnc passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=6667-6669 \
        action=mark-connection new-connection-mark=irc passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=6881-6889 \
        action=mark-connection new-connection-mark=bittorrent passthrough=no \
        comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=8080 \
        action=mark-connection new-connection-mark=http passthrough=no comment="" \
        disabled=no 
    add chain=tcp-servi os protocol=tcp src-port=1024-65535 dst-port=8291 \
        action=mark-connection new-connection-mark=winbox passthrough=no \
        comment="" disabled=no 
    add chain=tcp-servi os protocol=tcp action=mark-connection \
        new-connection-mark=otro-tcp passthrough=no comment="" disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=53 \
        action=mark-connection new-connection-mark=dns passthrough=no \
        comment="regras de servi os udp" disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=123 \
        action=mark-connection new-connection-mark=ntp passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=1701 \
        action=mark-connection new-connection-mark=l2tp passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=4665 \
        action=mark-connection new-connection-mark=emule passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=4672 \
        action=mark-connection new-connection-mark=emule passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp src-port=4672 dst-port=1024-65535 \
        action=mark-connection new-connection-mark=emule passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp src-port=1024-65535 dst-port=12053 \
        action=mark-connection new-connection-mark=overnet passthrough=no \
        comment="" disabled=no 
    add chain=udp-servi os protocol=udp src-port=12053 dst-port=1024-65535 \
        action=mark-connection new-connection-mark=overnet passthrough=no \
        comment="" disabled=no 
    add chain=udp-servi os protocol=udp src-port=36725 dst-port=1024-65535 \
        action=mark-connection new-connection-mark=skype passthrough=no comment="" \
        disabled=no 
    add chain=udp-servi os protocol=udp connection-state=new \
        action=mark-connection new-connection-mark=otro-udp passthrough=no \
        comment="" disabled=no 
    add chain=otros-servi os protocol=icmp icmp-options=0:0-255 \
        action=mark-connection new-connection-mark=ping passthrough=no \
        comment="regras  icmp etc..." disabled=no 
    add chain=otros-servi os protocol=gre action=mark-connection \
        new-connection-mark=gre passthrough=no comment="" disabled=no 
    add chain=otros-servi os action=mark-connection new-connection-mark=otro \
        passthrough=no comment="" disabled=no 
    add chain=prerouting in-interface=bridge1 dst-address-list=nat-addr \
        action=mark-packet new-packet-mark=nat-traversal passthrough=no comment="" \
        disabled=no 
    add chain=forward out-interface="wds torre" protocol=tcp dst-port=!1863 \
        tcp-flags=syn action=change-mss new-mss=1492 comment="\"Abaixar Mtu e Mpu \
        do msn para 1492\"" disabled=no 
    add chain=dstnat dst-address=201.7.178.0/24 action=accept comment="GLOBO.COM" \
        disabled=no 
    add chain=dstnat dst-address=208.65.153.0/24 action=accept \
        comment="\"YOUTUBE\"" disabled=yes
    Desde já agradeço!
    Última edição por osmano807; 18-10-2010 às 21:11.

  2. #2

    Padrão Re: Salada mista de regras.. acho que isso que ta dando pau no MK

    Amigo, remove esta regra e posta depois o resultado:

    add chain=forward out-interface="wds torre" protocol=tcp dst-port=!1863 \
    tcp-flags=syn action=change-mss new-mss=1492 comment="\"Abaixar Mtu e Mpu \
    do msn para 1492\"" disabled=no



  3. #3
    Avatar de LmcNet
    Ingresso
    Oct 2010
    Localização
    Anápolis Goias
    Posts
    64

    Padrão Re: Salada mista de regras.. acho que isso que ta dando pau no MK

    Citação Postado originalmente por Kandango Ver Post
    Amigo, remove esta regra e posta depois o resultado:

    add chain=forward out-interface="wds torre" protocol=tcp dst-port=!1863 \
    tcp-flags=syn action=change-mss new-mss=1492 comment="\"Abaixar Mtu e Mpu \
    do msn para 1492\"" disabled=no
    Amigo nao resolveu. acho que tenho algum problema no meu PTP da uma olhada
    set wlan2 name="wlan2" mtu=1500 mac-address=00:17:9A:84:EC:E1 arp=enabled \
    disable-running-check=no radio-name="############" mode=bridge ssid="PTP \
    " area="" frequency-mode=superchannel country=brazil antenna-gain=0 \
    frequency=5200 band=5ghz-10mhz scan-list=default rate-set=configured \
    supported-rates-b=11Mbps supported-rates-a/g=18Mbps,54Mbps \
    basic-rates-b=11Mbps basic-rates-a/g=18Mbps,54Mbps max-station-count=2007 \
    ack-timeout=dynamic tx-power-mode=default noise-floor-threshold=default \
    periodic-calibration=default periodic-calibration-interval=60 \
    burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=static \
    wds-default-bridge=bridge1 wds-default-cost=100 wds-cost-range=50-150 \
    wds-ignore-ssid=yes update-stats-interval=disabled \
    default-authentication=yes default-forwarding=no default-ap-tx-limit=0 \
    default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no \
    security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms \
    preamble-mode=both compression=no allow-sharedkey=no comment="" \

  4. #4

    Padrão Re: Salada mista de regras.. acho que isso que ta dando pau no MK

    desativa todas as regras e coloque somente as que vc realmente precisa.