Página 1 de 3 123 ÚltimoÚltimo
+ Responder ao Tópico



  1. caros amigos achei bastante conteúdo aqui no forum sobre web proxy e cache full, porem cansei de tentar colocar as regras e adapta-las e nao funciona, meu conhecimento em Mk eh pequeno porem faço tudo certinho e nao funciona, o fato de eu usar HOTSPOT e uma versão 3.30, piora a cituação, se nao fosse por isso creio q ja estava funcionando a muito tempo, bom copiei algumas regras minhas e gostaria que alguem pudesse analizar e ver se descobre oq esta errado q nao funciona, segue as regras:



    #
    /ip firewall connection tracking
    set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
    /ip firewall filter
    add action=drop chain=input comment="BARRA BRUTAL FOR\C7A" disabled=no \
    dst-port=22 protocol=tcp src-address-list=!black_list
    add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \
    dst-port=8080 protocol=tcp
    add action=accept chain=input comment="CHACHE FULL - ACEITAR CONEXOES PROXY" \
    disabled=no dscp=0 dst-port=8080 in-interface=CLIENTES protocol=tcp \
    src-address=192.168.2.0/24
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
    /ip firewall mangle
    add action=accept chain=output comment="qcept proxy" disabled=no dscp=4
    add action=mark-connection chain=output comment=Cache-squid content=\
    "X-Cache: HIT" disabled=no new-connection-mark=squid-connection-HIT \
    passthrough=yes protocol=tcp src-port=3128
    add action=mark-packet chain=output comment="" connection-mark=\
    squid-connection-HIT disabled=no new-packet-mark=squid-packet-HIT \
    passthrough=no
    add action=add-dst-to-address-list address-list=youtube address-list-timeout=\
    4w2d chain=prerouting comment=Youtube content=youtube.com disabled=no \
    dst-port=80 in-interface=CLIENTES protocol=tcp
    add action=add-dst-to-address-list address-list=4shared address-list-timeout=\
    4w2d chain=prerouting comment=4Shared content=4shared.com disabled=no \
    dst-port=80 in-interface=CLIENTES protocol=tcp
    add action=add-dst-to-address-list address-list=megaupload \
    address-list-timeout=4w2d chain=prerouting comment=Mega content=\
    megaupload.com disabled=no dst-port=80 in-interface=CLIENTES protocol=tcp
    add action=add-dst-to-address-list address-list=rapidshare \
    address-list-timeout=4w2d chain=prerouting comment=Rapid content=\
    rapidshare.com disabled=no dst-port=80 in-interface=CLIENTES protocol=tcp
    add action=add-dst-to-address-list address-list=orkut address-list-timeout=\
    4w2d chain=prerouting comment=Orkut content=orkut.com.br disabled=no \
    dst-port=80 in-interface=CLIENTES protocol=tcp
    add action=mark-connection chain=output comment="Hotspot - Full" disabled=no \
    new-connection-mark=hotspot-out out-interface=CLIENTES passthrough=yes \
    protocol=udp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=CLIENTES passthrough=yes \
    protocol=tcp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=CLIENTES passthrough=yes \
    protocol=tcp src-port=64873
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=CLIENTES passthrough=yes \
    protocol=tcp src-port=64874
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=CLIENTES passthrough=yes \
    protocol=tcp src-port=64875
    add action=mark-connection chain=prerouting comment="QoS - MSN" disabled=no \
    dst-port=1863 new-connection-mark=Messenger-Conexao passthrough=yes \
    protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    1863 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
    tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
    udp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    5190 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    Messenger-Conexao disabled=no new-packet-mark=Messenger-Pacotes \
    passthrough=no
    add action=mark-connection chain=prerouting comment=YOU disabled=no \
    new-connection-mark=you_conn passthrough=yes src-address-list=youtube
    add action=mark-packet chain=prerouting comment="" connection-mark=you_conn \
    disabled=no new-packet-mark=you_packet passthrough=yes
    add action=mark-connection chain=prerouting comment=4SH disabled=no \
    new-connection-mark=4sh_conn passthrough=yes src-address-list=4shared
    add action=mark-packet chain=prerouting comment="" connection-mark=4sh_conn \
    disabled=no new-packet-mark=4sh_packet passthrough=yes
    add action=mark-connection chain=prerouting comment=MEGA disabled=no \
    new-connection-mark=mega_conn passthrough=yes src-address-list=megaupload
    add action=mark-packet chain=prerouting comment="" connection-mark=mega_conn \
    disabled=no new-packet-mark=mega_packet passthrough=yes
    add action=mark-connection chain=prerouting comment=RAPID disabled=no \
    new-connection-mark=rapid_conn passthrough=yes src-address-list=\
    rapidshare
    add action=mark-packet chain=prerouting comment="" connection-mark=rapid_conn \
    disabled=no new-packet-mark=rapid_packet passthrough=yes
    add action=mark-connection chain=output comment=ORK content=orkut.com \
    disabled=no new-connection-mark=ork_conn passthrough=yes
    add action=mark-packet chain=output comment="" connection-mark=ork_conn \
    disabled=no new-packet-mark=ork_packet passthrough=yes
    add action=mark-packet chain=output comment=";;; HIT TRAFFIC FROM PROXY " \
    disabled=no dscp=!4 new-packet-mark=proxy-hit out-interface=CLIENTES \
    passthrough=no
    add action=mark-packet chain=prerouting comment=";;; UP TRAFFIC" disabled=no \
    in-interface=CLIENTES new-packet-mark=proxy-up passthrough=no \
    src-address=192.168.2.0/24
    add action=mark-connection chain=forward comment=";;; CONN-MARK" disabled=no \
    new-connection-mark=proxy-conn passthrough=yes src-address=192.168.2.0/24
    add action=mark-packet chain=forward comment=";;; DOWN-DIRECT CONNECTION" \
    connection-mark=proxy-conn disabled=no in-interface=LINK new-packet-mark=\
    proxy-down passthrough=no
    add action=mark-packet chain=output comment=";;; DOWN-VIA PROXY" disabled=no \
    new-packet-mark=proxy-down out-interface=CLIENTES passthrough=no \
    src-address=192.168.2.0/24
    add action=mark-connection chain=prerouting comment="Controle P2P" disabled=\
    no new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=p2p_conn \
    disabled=no new-packet-mark=p2p passthrough=yes
    add action=change-mss chain=forward comment="Alterar MSS do MSN para 1440" \
    disabled=no dst-port=1863 new-mss=1440 protocol=tcp tcp-flags=syn \
    tcp-mss=1441-65535
    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
    add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.2.0/24
    add action=redirect chain=dstnat comment=\
    "redirecionamento porta 80 para webproxy 3128" disabled=no dst-port=80 \
    in-interface=CLIENTES protocol=tcp src-address=192.168.2.0/24 to-ports=\
    3128
    /ip firewall service-port
    set ftp disabled=no ports=21
    set tftp disabled=no ports=69
    set irc disabled=no ports=6667,3128
    set h323 disabled=no
    set sip disabled=no ports=5060,5061
    set pptp disabled=no



    ja nao aguento mais tentar seguir algum tutorial que nunca da certo,
    desde já agradeço a qualquer ajuda, abraços

  2. tambem nunca consegui fazer nada que prestasse neste sentido, uma vez ate fiz um que fazia lentidao na rede.. kkk



  3. é porque ctrl+c e ctrl+v nao funciona !!

    voces precisam entender a LOGICA que o firewall segue.. e saber a ordem EXATA para colocar as regras...

    ainda mais quando se tem hotspot.

    não é o cache-full que não funciona..


    alem do mais, o seu proxy precisa estar configurado para fazer cache, muita gente configura proxy com receita de bolo.. e a maioria não sabe nem o que se trata !!!


    Clique na imagem para uma versão maior

Nome:	         full.jpg
Visualizações:	148
Tamanho: 	69,8 KB
ID:      	16075


    acabei de fazer o teste, baixei (usando o firefox) o skype antes.. e veio a 2Mbit/s (meu plano de acesso aqui da minha casa)..

    e depois, pelo internet explorer (para evitar cache local do browser), baixei novamente.. e veio na velocidade full .. a repetidora que estou conectado é 5.8ghz .. entao deu essa velocidade aqui..


  4. Com muita dificuldade consegui fazer com que tudo fique gravado no cache, só que apenas os downloads saõ buscados do cache e saiem di la na velocidade full, mas as paginas não apenas são armazenadas, o que poderia esta errado?



  5. eu geralmente não uso cache full não pois os minis pci 2.4ghz estoura ....
    e causa lentidão nos aps ....






Tópicos Similares

  1. Não consigo fazer cache full no server mk 3.30
    Por carneirinhobad no fórum Redes
    Respostas: 6
    Último Post: 07-09-2010, 09:21
  2. um usuario nao consegue enviar email
    Por testeqeqeqeq no fórum Servidores de Rede
    Respostas: 9
    Último Post: 30-05-2005, 18:00
  3. Trampo pago já que não consigo fazer...
    Por mauro santos no fórum Servidores de Rede
    Respostas: 1
    Último Post: 20-05-2005, 10:07
  4. Cliente win9x não consegue fazer FTP
    Por no fórum Servidores de Rede
    Respostas: 4
    Último Post: 04-04-2003, 08:08
  5. antivirus AVG nao consegue fazer update
    Por no fórum Servidores de Rede
    Respostas: 3
    Último Post: 05-02-2003, 15:07

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L