+ Responder ao Tópico



  1. #1

    Padrão Load-balance RB750G winbox sem acesso

    Olá, boa tarde a todos, estou com um problema.
    To usando um load-balance com uma RB750G
    Tudo certo, funcionando perfeitamente.

    Porem não consigo acesso a ela pelo WINBOX.
    Acesso ela pelo navegador, normal como se fosse um AP.

    Alguém, poderia me ajudar?

    EU - Servidor - RB750G - modem

    IP Minha rede: 192.168.88.0/22
    IP RB750G: 192.168.10.1/24
    IP interface link do servidor: 192.168.10.2/24

    Já tentei de tudo e não vai.
    Muito obrigado.

  2. #2

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por usertecknet Ver Post
    Olá, boa tarde a todos, estou com um problema.
    To usando um load-balance com uma RB750G
    Tudo certo, funcionando perfeitamente.

    Porem não consigo acesso a ela pelo WINBOX.
    Acesso ela pelo navegador, normal como se fosse um AP.

    Alguém, poderia me ajudar?

    EU - Servidor - RB750G - modem

    IP Minha rede: 192.168.88.0/22
    IP RB750G: 192.168.10.1/24
    IP interface link do servidor: 192.168.10.2/24

    Já tentei de tudo e não vai.
    Muito obrigado.
    manda o ip routes e ip adress



  3. #3

    Padrão Re: Load-balance RB750G winbox sem acesso

    tu usa cache? posta ai tuas regras de firewall tambem.

  4. #4

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por iverton Ver Post
    tu usa cache? posta ai tuas regras de firewall tambem.
    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
    add action=drop chain=forward comment=\
    "FAIRUZA --------------------BLOQUEIO_PORTAS_LIVRE_MANGLES---TCP" \
    disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp \
    src-address=192.168.88.17 src-port=1000-65525
    add action=drop chain=forward comment=\
    "FAIRUZA --------------------BLOQUEIO_PORTAS_LIVRE_MANGLES---UDP" \
    disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite packet-size=\
    350-1024 protocol=udp src-address=192.168.88.17 src-port=0-65525
    add action=drop chain=forward comment=\
    "//////////// EXEMPLO DE BLOQUEIO DE PORTAS INDIVIDUAL/////////////////" \
    disabled=yes dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp \
    src-address=192.168.88.29 src-port=1300-65525
    add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \
    dst-port=3128 in-interface=LINK protocol=tcp
    add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
    dst-port=3128 protocol=tcp
    add action=drop chain=input comment="BLOQUEIO DE DNS REVERSO" content=\
    user.veloxzone.com.br disabled=no dst-port=!8291 protocol=tcp
    add action=accept chain=input comment="ACEITA WINBOX" disabled=no dst-port=\
    8291 protocol=tcp
    add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
    dst-port=5678 protocol=udp
    add action=drop chain=forward comment=DESCARTA_UDP_ACIMA_350-1024 disabled=\
    yes packet-size=512-1024 protocol=udp src-address=192.168.88.0/22 \
    src-port=0-65525
    add action=drop chain=forward comment="BLOQUEIO PORTAS UDP - LIVRE MANGLE" \
    disabled=yes packet-mark=!semlimite protocol=udp src-address=\
    192.168.88.0/24
    add action=drop chain=forward comment=BLOQUEIO_PORTAS_LIVRE_MANGLES disabled=\
    no dst-address=0.0.0.0/0 packet-mark=!semlimite protocol=tcp src-address=\
    192.168.88.0/22 src-port=1000-65525
    add action=drop chain=forward comment=\
    "LIMITANDO_CONEX\D5ES_SIMULTANEAS_LIVRE_MANGLE" connection-limit=6,32 \
    disabled=no packet-mark=!semlimite protocol=tcp src-address=\
    192.168.88.0/22 tcp-flags=syn
    add action=add-src-to-address-list address-list=Ares-Conn \
    address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_01 \
    disabled=no p2p=warez protocol=tcp
    add action=add-src-to-address-list address-list=Ares-Conn \
    address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_02 \
    disabled=no p2p=warez protocol=udp
    add action=drop chain=forward comment=CONTROLE_ARES_PERFEITO_03 disabled=no \
    src-address=!192.168.88.0/22 src-address-list=Ares-Conn
    add action=drop chain=forward comment=BLOQUEIO_ARES-1 disabled=no dst-port=0 \
    protocol=udp
    add action=drop chain=forward comment=BLOQUEIO_ARES-2 disabled=no p2p=warez
    add action=drop chain=forward comment=BLOQUEIO_ARES-3 disabled=no protocol=\
    udp src-port=0
    add action=drop chain=forward comment=BLOQUEIO_PS2-WARES disabled=no p2p=\
    warez protocol=tcp
    add action=drop chain=forward comment=BLOQUEIO_PS2-ALLP2P disabled=no p2p=\
    all-p2p protocol=tcp
    add action=drop chain=forward comment=BLOQUEIO_ARES_MANGLES connection-mark=\
    ares disabled=no
    add action=drop chain=forward comment="BLOQUEIA NETBIOS TCP" disabled=no \
    dst-port=137-139 protocol=tcp src-port=137-139
    add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
    tcp src-port=445
    add action=drop chain=forward comment="BLOQUEIA NETBIOS UDP" disabled=no \
    dst-port=137-139 protocol=udp src-port=137-139
    add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
    udp src-port=445
    add action=jump chain=input comment="*****************************************\
    *********REPASSA TRAFEGO PARA VERIFICASAO DE PORTAS***********************\
    *****************" disabled=no jump-target="P2P E PORTAS"
    add action=jump chain=forward comment="" disabled=no jump-target=\
    "P2P E PORTAS"
    add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
    disabled=no jump-target=VIRUS
    add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
    add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
    jump-target=BOGONS
    add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
    add action=accept chain=input comment="ACEITA CONECSAO ESTABELECIDA" \
    connection-state=established disabled=no
    add action=accept chain=forward comment="" connection-state=established \
    disabled=no
    add action=accept chain=input comment="ACEITA CONECSAO NOVAS" \
    connection-state=new disabled=no
    add action=accept chain=forward comment="" connection-state=new disabled=no
    add action=accept chain=input comment="ACEITA CONECSAO RELACIONADAS" \
    connection-state=related disabled=no
    add action=accept chain=forward comment="" connection-state=related disabled=\
    no
    add action=drop chain=forward comment=";;; CONEXAO INVALIDAS" \
    connection-state=invalid disabled=no
    add action=accept chain="P2P E PORTAS" comment="PORTAS E P2P /////////////////\
    //////////////////////////////////////////////////////////////////////////\
    /////////////////////////////////////////////////////" disabled=no \
    dst-port=6346-6349 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="EMAIL POP 110" disabled=no \
    dst-port=110 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="EMAIL SMTP - 25" disabled=no \
    dst-port=25 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
    dst-port=5636 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=\
    "MSN -------------- ENTRA MAIS RAPIDO" disabled=no dst-port=1863 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1853 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=skipe disabled=no dst-port=\
    30369 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO KAZAA" disabled=no \
    dst-port=1214 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO E-MULE" disabled=no \
    dst-port=4662 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=4662 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
    6346-6348 protocol=udp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO BITTORRENT" \
    disabled=no dst-port=6881-6889 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
    6881-6889 protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1214 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="PORTAS RANDON DO BIT TORRENT" \
    disabled=no dst-port=57792 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=57792 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="porta servidor CS" disabled=\
    no dst-port=27015 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27015 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="ALL P2P" disabled=yes p2p=\
    all-p2p
    add action=drop chain=VIRUS comment="LISTA DE VIRUS///////////////////////////\

    continua...



  5. #5

    Padrão Re: Load-balance RB750G winbox sem acesso

    Parece ser problema de mascara não?

  6. #6

    Padrão Re: Load-balance RB750G winbox sem acesso

    /ip firewall mangle
    add action=mark-connection chain=output comment="1 - HOTSPOT-FULL " disabled=\
    no new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=udp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64873
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64874
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64875
    add action=mark-packet chain=output comment="" connection-mark=hotspot-out \
    disabled=no new-packet-mark=hotspot passthrough=no
    add action=mark-connection chain=output comment="2 - PROXY FULL" disabled=no \
    dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp \
    src-port=3128
    add action=mark-packet chain=output comment="" connection-mark=proxyfull \
    disabled=no new-packet-mark=proxyfull passthrough=yes
    add action=return chain=output comment="" connection-mark=proxyfull disabled=\
    no
    add action=mark-packet chain=prerouting comment="3 - UPLOAD MARCANDO PACOTES" \
    disabled=no in-interface=BRIDGE new-packet-mark=test-up passthrough=no \
    src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="4 - DOWN MARCANDO PACOTES" \
    disabled=no new-connection-mark=teste-conn passthrough=yes src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "5 - DOWN - DIRETO MARCANDO PACOTES" connection-mark=teste-conn \
    disabled=no in-interface=LINK new-packet-mark=test-down passthrough=no
    add action=mark-packet chain=output comment=\
    "6 - DOWN - VIA PROXY MARCANDO PACOTES" disabled=no dst-address=\
    192.168.88.0/22 new-packet-mark=test-down out-interface=BRIDGE \
    passthrough=no
    add action=mark-connection chain=prerouting comment="ARES - MARCANDO PACOTES" \
    disabled=no new-connection-mark=ares p2p=warez passthrough=no
    add action=mark-connection chain=prerouting comment="P2P - MARCANDO PORTAS" \
    disabled=no new-connection-mark=p2p_marca p2p=all-p2p passthrough=yes
    add action=mark-connection chain=prerouting comment="UDP - MARCANDO PORTAS" \
    disabled=no new-connection-mark=udp_teste passthrough=no protocol=udp
    add action=mark-connection chain=postrouting comment="" disabled=no \
    new-connection-mark=udp_teste passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=udp_teste \
    disabled=no new-packet-mark=udp passthrough=no
    add action=mark-packet chain=postrouting comment="" connection-mark=udp_teste \
    disabled=no new-packet-mark=udp passthrough=yes
    add action=mark-connection chain=prerouting comment="MICROSOFT SQL SERVER" \
    disabled=no dst-port=1433-1434 new-connection-mark=Banco-Dados-Conexao \
    passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=p2p_marca \
    disabled=no new-packet-mark=p2p passthrough=yes
    add action=mark-connection chain=prerouting comment="ORKUT - MARCANDO PACOTES \
    +++++++++ INICIO IMPLANTA\C7\C3O ////// QOS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ " content=orkut \
    disabled=no new-connection-mark=ORKUT-CONN passthrough=no
    add action=mark-connection chain=postrouting comment="" content=orkut \
    disabled=no new-connection-mark=ORKUT-CONN passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=ORKUT-CONN \
    disabled=no new-packet-mark=orkut passthrough=yes
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    ORKUT-CONN disabled=no new-packet-mark=orkut passthrough=yes
    add action=mark-connection chain=prerouting comment=\
    "YOUTUBE - MARCAR PACOTES" content=youtube disabled=no \
    new-connection-mark=YTB passthrough=no
    add action=mark-connection chain=postrouting comment="" content=youtube \
    disabled=no new-connection-mark=YTB passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=YTB \
    disabled=no new-packet-mark=youtube passthrough=yes
    add action=mark-packet chain=postrouting comment="" connection-mark=YTB \
    disabled=no new-packet-mark=youtube passthrough=yes
    add action=mark-connection chain=prerouting comment="ICMP - MARCANDO PORTAS" \
    disabled=no new-connection-mark=ICMP-Conexao passthrough=no protocol=icmp
    add action=mark-connection chain=postrouting comment="" disabled=no \
    new-connection-mark=ICMP-Conexao passthrough=yes protocol=icmp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    ICMP-Conexao disabled=no new-packet-mark=ICMP-Pacotes passthrough=no
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    ICMP-Conexao disabled=no new-packet-mark=ICMP-Pacotes passthrough=yes
    add action=mark-connection chain=prerouting comment=\
    "HTTPS - MARCANDO PAGINAS SEGURAS " disabled=no dst-port=443 \
    new-connection-mark=HTTPS-CONN passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    443 new-connection-mark=HTTPS-CONN passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    53 new-connection-mark=HTTPS-CONN passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    53 new-connection-mark=HTTPS-CONN passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    53 new-connection-mark=HTTPS-CONN passthrough=no protocol=udp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    53 new-connection-mark=HTTPS-CONN passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="BANCO DO BRASIL" \
    content=bancobrasil disabled=no new-connection-mark=HTTPS-CONN \
    passthrough=no
    add action=mark-connection chain=postrouting comment="" content=bancobrasil \
    disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
    add action=mark-connection chain=prerouting comment="BANCO BRADESCO" content=\
    bradesco disabled=no new-connection-mark=HTTPS-CONN passthrough=no
    add action=mark-connection chain=postrouting comment="" content=bradesco \
    disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
    add action=mark-connection chain=prerouting comment=\
    "CAIXA ECONOMICA FEDERAL - MARCANDO PAGINAS " content=caixa.gov disabled=\
    no new-connection-mark=HTTPS-CONN passthrough=no
    add action=mark-connection chain=postrouting comment="" content=caixa.gov \
    disabled=no new-connection-mark=HTTPS-CONN passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=HTTPS-CONN \
    disabled=no new-packet-mark=HTTPS passthrough=yes
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    HTTPS-CONN disabled=no new-packet-mark=HTTPS passthrough=yes
    add action=mark-connection chain=prerouting comment=\
    "E-MAIL - MARCANDO PORTAS" disabled=no dst-port=110 new-connection-mark=\
    E-mail-Conexao passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    110 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    995 new-connection-mark=E-mail-Conexao passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    995 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    25 new-connection-mark=E-mail-Conexao passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    25 new-connection-mark=E-mail-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    25 new-connection-mark=E-mail-Conexao passthrough=no protocol=udp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    25 new-connection-mark=E-mail-Conexao passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    E-mail-Conexao disabled=no new-packet-mark=E-mail-Pacotes passthrough=no
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    E-mail-Conexao disabled=no new-packet-mark=E-mail-Pacotes passthrough=yes
    add action=mark-connection chain=prerouting comment="MSN - MARCANDO PORTAS" \
    disabled=no dst-port=1863 new-connection-mark=Messenger-Conexao \
    passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    1863 new-connection-mark=Messenger-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    1863 new-connection-mark=Messenger-Conexao passthrough=no protocol=udp
    a



  7. #7

    Padrão Re: Load-balance RB750G winbox sem acesso

    dd action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    1863 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=no protocol=\
    tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
    tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=no protocol=\
    udp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=Messenger-Conexao passthrough=yes protocol=\
    udp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    5190 new-connection-mark=Messenger-Conexao passthrough=no protocol=udp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    5190 new-connection-mark=Messenger-Conexao passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    Messenger-Conexao disabled=no new-packet-mark=Messenger-Pacotes \
    passthrough=no
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    Messenger-Conexao disabled=no new-packet-mark=Messenger-Pacotes \
    passthrough=yes
    add action=mark-connection chain=prerouting comment="SQL BANCO DE DADOS" \
    disabled=no dst-port=3306 new-connection-mark=Banco-Dados-Conexao \
    passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    3306 new-connection-mark=Banco-Dados-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment=\
    "ORACLE - MARCANDO CONEX\C3O" disabled=no dst-port=1521 \
    new-connection-mark=Banco-Dados-Conexao passthrough=no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
    1433-1434 new-connection-mark=Banco-Dados-Conexao passthrough=yes \
    protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    Banco-Dados-Conexao disabled=no new-packet-mark=Banco-Dados-Pacotes \
    passthrough=no
    add action=mark-packet chain=postrouting comment="" connection-mark=\
    Banco-Dados-Conexao disabled=no new-packet-mark=Banco-Dados-Pacotes \
    passthrough=yes
    add action=mark-packet chain=forward comment="DESBLOQUEIO +++++++++++++ INICIO\
    \_MARCA\C7\C3O DE PORTAS /////////////////////////////////////////////////\
    ///////////////////////////////" disabled=no dst-port=21 new-packet-mark=\
    semlimite passthrough=yes protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=22 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=23 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - DNS" disabled=no \
    dst-port=53 new-packet-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - NAVEGA\C7\C3O" \
    disabled=no dst-port=80 new-packet-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - EMAIL SMTP OUTLOOK" disabled=no dst-port=25 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - EMAIL POP" \
    disabled=no dst-port=110 new-packet-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - PORTA POP SEGURA - SSL OUTLOOK" disabled=no dst-port=995 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - PAGINAS HTTPS" \
    disabled=no dst-port=443 new-packet-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=8080 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=\
    6891-6901 new-packet-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - PORTA TEAMVIEWER 5938 REMOTO" disabled=no dst-port=5938 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - MSN" disabled=no \
    dst-port=1863 new-packet-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - PROXY FULL" \
    disabled=no dst-port=3128 new-packet-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=3389 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=5900 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=135 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - RADIO - UOL E PRINCIPAIS" disabled=no dst-port=554 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - RADIO - JOVEM PAN" disabled=no dst-port=8000 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment=\
    "DESBLOQUEIO - RADIO - HOT-FM-107" disabled=no dst-port=9001 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=8081 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - RADIO PORTA 730" \
    disabled=no dst-port=8730 new-packet-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - SKYPE" disabled=\
    no dst-port=6469 new-packet-mark=semlimite passthrough=yes protocol=udp \
    src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="" disabled=no dst-port=6469 \
    new-packet-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - GTA" disabled=no \
    dst-port=7777 new-packet-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="DESBLOQUEIO - GTA" disabled=no \
    dst-port=1414 new-packet-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-connection chain=prerouting comment="CONTROLE JOGOS" \
    disabled=yes dst-port=7171 new-connection-mark=Jogos-Conexao passthrough=\
    no protocol=tcp
    add action=mark-connection chain=postrouting comment="" disabled=yes \
    dst-port=7171 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
    tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27015 new-connection-mark=Jogos-Conexao passthrough=no protocol=tcp

  8. #8

    Padrão Re: Load-balance RB750G winbox sem acesso

    add action=mark-connection chain=postrouting comment="" disabled=yes \
    dst-port=27015 new-connection-mark=Jogos-Conexao passthrough=yes \
    protocol=tcp
    add action=mark-connection chain=prerouting comment="Mu Online" disabled=yes \
    dst-port=55905 new-connection-mark=Jogos-Conexao passthrough=yes \
    protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    55905 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="Line Age" disabled=yes \
    dst-port=4376 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
    tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    4376 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment=WarCraft disabled=yes \
    dst-port=6112 new-connection-mark=Jogos-Conexao passthrough=yes protocol=\
    tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    6112 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    4500 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    4500 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    6900 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    6900 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    5000 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    5000 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="Counter Strike" \
    disabled=yes dst-port=27018 new-connection-mark=Jogos-Conexao \
    passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27018 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27015 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27015 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27020 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27020 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27019 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27019 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27013 new-connection-mark=Jogos-Conexao passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=yes dst-port=\
    27013 new-connection-mark=Jogos-Conexao passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    Jogos-Conexao disabled=yes new-packet-mark=Jogos-Pacotes passthrough=no



  9. #9

    Padrão Re: Load-balance RB750G winbox sem acesso

    agora a regras de nat



    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
    add action=accept chain=pre-hotspot comment="CONECTIVIDADE SOCIAL + BANCOS" \
    disabled=no dst-address=200.201.160.0/24 dst-port=80 hotspot=auth \
    in-interface=BRIDGE protocol=tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.166.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.173.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.174.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=LINK \
    src-address=192.168.88.0/22
    add action=masquerade chain=srcnat comment="MASQUERADE HOTSPOT" disabled=no \
    src-address=192.168.88.0/22
    add action=redirect chain=dstnat comment="REDIRECIONAR PROXY" disabled=no \
    dst-port=80 in-interface=BRIDGE protocol=tcp src-address=192.168.88.0/22 \
    to-ports=3128
    add action=accept chain=pre-hotspot comment="RADIO UOL" disabled=no \
    dst-address=200.221.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
    protocol=tcp
    add action=accept chain=pre-hotspot comment="RADIO TERRA" disabled=no \
    dst-address=200.154.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
    protocol=tcp
    add action=accept chain=dstnat comment="YOUTUBE FORA DA CACHE" content=\
    !youtube disabled=no


    Gente não sei como enviar de outra forma, desculpem por tantas regras ai...

  10. #10

    Padrão Re: Load-balance RB750G winbox sem acesso

    eu uso Web-Proxy

    o IP do servidor é 192.168.88.1

    acho que é isso ai pessoal.



  11. #11

    Padrão Re: Load-balance RB750G winbox sem acesso

    kra tu acessa a web do mk por causa do proxy, mas não acessa por winbox pq deve estar bloqueando alguma porta.
    não tive tempo de rever todas suas regras pois estou meio sem tempo, mas amanha eu analizo direitinho.

  12. #12

    Padrão Re: Load-balance RB750G winbox sem acesso

    Amigo eu acho que a melhor coisa a fazer, e retirar todas essa regras. Realmente você necessita de todas elas? testou uma por uma ? ou copiou e colou no seu loadbalance ?



  13. #13

    Padrão Re: Load-balance RB750G winbox sem acesso

    que que isso??

  14. #14

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por iverton Ver Post
    kra tu acessa a web do mk por causa do proxy, mas não acessa por winbox pq deve estar bloqueando alguma porta.
    não tive tempo de rever todas suas regras pois estou meio sem tempo, mas amanha eu analizo direitinho.

    realmente, no meu firewall, bloqueio todas as portas, e deixo somente as padrão, e algumas outras... etc...

    e nisso estava bloqueando a porta 8291 do winbox.

    liberei ela, e acessou normal.



    -------------------------------------

    agora, tenho mais uma duvida.... minha RB 750 que faz o balance... disca para os modens 1, 2, 3
    10.1.1.1 ip do modem
    10.2.2.2 ip do modem
    10.3.3.3 ip do modem

    eu pergunto, para vc´s, é possível, eu acessar os modens?



  15. #15

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por usertecknet Ver Post
    realmente, no meu firewall, bloqueio todas as portas, e deixo somente as padrão, e algumas outras... etc...

    e nisso estava bloqueando a porta 8291 do winbox.

    liberei ela, e acessou normal.



    -------------------------------------

    agora, tenho mais uma duvida.... minha RB 750 que faz o balance... disca para os modens 1, 2, 3
    10.1.1.1 ip do modem
    10.2.2.2 ip do modem
    10.3.3.3 ip do modem

    eu pergunto, para vc´s, é possível, eu acessar os modens?
    Sim

  16. #16

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por Geeek Ver Post
    Sim
    e você sabe me dizer como eu faço isso?



  17. #17

    Padrão Re: Load-balance RB750G winbox sem acesso

    Citação Postado originalmente por usertecknet Ver Post
    e você sabe me dizer como eu faço isso?
    você ja tentou acessa-los?, senão crie as rotas para eles.

  18. #18

    Padrão Re: Load-balance RB750G winbox sem acesso

    aqui eu faço assim redireciono as porta 80 do modem pra outra porta da minha RB 750, tipo eu digito no navegador o ip da RB no seu caso http:/192.168.10.1 assim entra na pagina do MK, ai acrescento http:/192.168.10.1:90 modem 1, http:/192.168.10.1:91 modem 2 e assim vai, vou postar as regras aki abaixo.

    /ip firewall nat
    add action=dst-nat chain=dstnat comment="MODEM 1" disabled=no \
    dst-address=192.168.10.1 dst-port=90 protocol=tcp to-addresses=10.1.1.1\
    to-ports=80
    add action=dst-nat chain=dstnat comment="MODEM 2" disabled=no \
    dst-address=192.168.10.1 dst-port=91 protocol=tcp to-addresses=10.1.1.2\
    to-ports=80
    add action=dst-nat chain=dstnat comment="MODEM 3" disabled=no \
    dst-address=192.168.10.1 dst-port=92 protocol=tcp to-addresses=10.1.1.3\
    to-ports=80

    pronto so isso e so colocar la ja ate configurado com sua rede e acessar os modens como te falei
    http://192.168.10.1:90 modem 1
    http://192.168.10.1:91 modem 2
    http://192.168.10.1:92 modem 3

    nao se esqueca que os modens tem que esta cadastrado no arp, e sua RB 750 tem que ta pingando nos modens
    fuiiii espero ter ajudado