+ Responder ao Tópico



  1. olá amigos faz duas semanas que estou brigando com o webproxy do mk, e não consigo desativa-lo, utilizo hotspot e ip validos nos meus clientes, e do nada a 2 semanas os meus clientes começaram a passar pelo webproxy do mk, identifique o problemas através do site What Is My IP Address - Shows Your IP Address que retorna o ip do mk e proxy mikrotik habilitado.

    porem não são todos apenas os clientes se autenticam pelo radius, os que estão no bypassed e user cadastrados no mk não sai sem o webproxy, achei isso muito esquisito, observando o log da conexão do radius não achei nada de diferente, vou coloca-lo abaixo.

    já atualizei o mk para a versão 4.13 e depois para a 5.0rc3, nenhumas delas me resolveu o problema, e adicionaram mais dor de cabeça, na versão 4 depois de umas 3 horas parou de autenticar os clientes, e a versão 5 não reconheceu a minha interface intel, voltei para 3.30
    fiz um outro teste, troquei a maquina por outra, configurando tudo novamente na mão, se fazer backup de nada e o problema continuo


    log Radius
    08:38:58 radius,debug sending 3f:a1fc to 187.17.xxx.xxx:1812
    08:38:58 radius,debug,packet sending Access-Request with id 85 to 187.17.xxx.xxx:1812
    08:38:58 radius,debug,packet Signature = 0x48efa25e4eec9917b6ab75070c72b668
    08:38:58 radius,debug,packet NAS-Port-Type = 19
    08:38:58 radius,debug,packet Calling-Station-Id = "00:1B:11:aa:aa:aa"
    08:38:58 radius,debug,packet Called-Station-Id = "Hotspot"
    08:38:58 radius,debug,packet NAS-Port-Id = "Clientes"
    08:38:58 radius,debug,packet User-Name = "xxuser-clientexx"
    08:38:58 radius,debug,packet NAS-Port = 2150632643
    08:38:58 radius,debug,packet Acct-Session-Id = "80300cc3"
    08:38:58 radius,debug,packet Framed-IP-Address = 187.17.xxx.xxx
    08:38:58 radius,debug,packet MT-Host-IP = 172.16.xxx.xxx
    08:38:58 radius,debug,packet User-Password = 0x69676f72
    08:38:58 radius,debug,packet Service-Type = 1
    08:38:58 radius,debug,packet WISPr-Logoff-URL = "http://187.17.xxx.xxx/logout"
    08:38:58 radius,debug,packet NAS-Identifier = "Server Abc Tupi - Clientes"
    08:38:58 radius,debug,packet NAS-IP-Address = 187.17.xxx.xx
    08:38:58 radius,debug,packet received Access-Accept with id 85 from 187.17.xxx.xxx:1812
    08:38:58 radius,debug,packet Signature = 0x6c5e56ebaee94f5e6399451034325497
    08:38:58 radius,debug,packet Framed-IP-Address = 187.17.xxx.xxx
    08:38:58 radius,debug,packet MT-Advertise-URL = "http://www.google.com.br"
    08:38:58 radius,debug,packet MT-Group = "ABC400-24Horas"
    08:38:58 radius,debug received reply for 3f:a1fc
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): Access-Accept from RADIUS
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): user profile <ABC400-24Horas> from RADIUS
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): using profile <ABC400-24Horas>
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): ip 187.17.xxx.xxx from RADIUS
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): advertise url <http://www.google.com.br> from RADIUS
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): adding ip->user binding
    08:38:58 hotspot,debug xxuser-clientexx (187.17.xxx.xxx): adding queue <400k/400k 800k/800k 200k/200k 80 8 400k/400k>
    08:38:58 hotspot,account,info,debug daianymoraes (187.17.xxx.xxx): logged in
    08:38:58 hotspot,debug daianymoraes (187.17.xxx.xxx): sending RADIUS accounting Start request
    08:38:58 radius,debug new request 3f:a1ff code=Accounting-Request service=hotspot called-id=Hotspot
    08:38:58 radius,debug sending 3f:a1ff to 187.17.xxx.xxx:1813
    08:38:58 radius,debug,packet sending Accounting-Request with id 86 to 187.17.xxx.xxx:1813
    08:38:58 radius,debug,packet Signature = 0x59543b3a71d36180b04678a063f99f8e
    08:38:58 radius,debug,packet Acct-Status-Type = 1
    08:38:58 radius,debug,packet NAS-Port-Type = 19
    08:38:58 radius,debug,packet Calling-Station-Id = "00:1B:11:aa:aa:aa"
    08:38:58 radius,debug,packet Called-Station-Id = "Hotspot"
    08:38:58 radius,debug,packet NAS-Port-Id = "Clientes"
    08:38:58 radius,debug,packet User-Name = "xxuser-clientexx"
    08:38:58 radius,debug,packet NAS-Port = 2150632643
    08:38:58 radius,debug,packet Acct-Session-Id = "80300cc3"
    08:38:58 radius,debug,packet Framed-IP-Address = 187.17.xxx.xxx
    08:38:58 radius,debug,packet MT-Host-IP = 172.16.xxx.xxx
    08:38:58 radius,debug,packet Event-Timestamp = 1263285538
    08:38:58 radius,debug,packet NAS-Identifier = "Server Abc Tupi - Clientes"
    08:38:58 radius,debug,packet NAS-IP-Address = 187.17.xxx.xxx
    08:38:58 radius,debug,packet Acct-Delay-Time = 0
    08:38:58 radius,debug,packet received Accounting-Response with id 86 from 187.17.xxx.xxx:1813
    08:38:58 radius,debug,packet Signature = 0x494c448add9da928656a5699f3f41e20
    08:38:58 radius,debug received reply for 3f:a1ff
    08:38:58 radius,debug request 3f:a1ff processed

  2. minha config do hotspot

    /ip hotspot profile
    set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
    login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
    add dns-name=187.17.xxx.xxx hotspot-address=187.17.xxx.xxx html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-pap \
    name=AbcRede nas-port-type=wireless-802.11 radius-accounting=yes radius-default-domain="" radius-interim-update=\
    received radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=\
    0.0.0.0 split-user-domain=no use-radius=yes
    /ip hotspot
    add address-pool=Poll_HS_Publico addresses-per-mac=2 disabled=no idle-timeout=30m interface=Clientes keepalive-timeout=1m \
    name=Hotspot profile=AbcRede
    /ip hotspot user profile
    set default idle-timeout=30m keepalive-timeout=2m name=default rate-limit=10k session-timeout=1m shared-users=unlimited \
    status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC600-24Horas rate-limit="600k/600k 1200k/1200k 300k/300k 80 8 600k/600k" \
    shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC400-24Horas rate-limit="400k/400k 800k/800k 200k/200k 80 8 400k/400k" \
    shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m1s name=ABC700-12Horas-Diurno rate-limit=\
    "700k/700k 1400k/1400k 350k/350k 80 8 700k/700k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m1s name=ABC500-12Horas-Diurno rate-limit=\
    "500k/500k 1000k/1000k 250k/250k 80 8 500k/500k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m2s name=ABC800-24Horas rate-limit=\
    "800k/800k 1600k/1600k 400k/400k 80 8 800k/800k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m2s name=ABC700-12Horas-Noturno rate-limit=\
    "700k/700k 1400k/1400k 350k/350k 80 8 700k/700k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m2s name=ABC500-12Horas-Noturno rate-limit=\
    "500k/500k 1000k/1000k 250k/250k 80 8 500k/500k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m2s name=ABC300-12Horas-Noturno rate-limit=\
    "300k/300k 600k/600k 150k/150k 80 8 300k/300k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m1s name=ABC300-12Horas-Diurno rate-limit=\
    "300k/300k 600k/600k 150k/150k 80 8 300k/300k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1200-24Horas rate-limit=\
    "1200k/1200k 2400k/2400k 600k/600k 80 8 1200k/1200k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1000-24Horas on-login="\r\
    \n" rate-limit="1000k/1000k 2000k/2000k 500k/500k 80 8 1000k/1000k" shared-users=10 status-autorefresh=1m \
    transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC150-24Horas rate-limit="150k/150k 300k/300k 75k/75k 80 8 150k/150k" \
    shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1500-24Horas rate-limit=\
    "1500k/1500k 3000k/3000k 750k/750k 80 8 1500k/1500k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1000-12Horas-Noturno on-login="\r\
    \n" rate-limit="1000k/1000k 2000k/2000k 500k/500k 80 8 1000k/1000k" shared-users=10 status-autorefresh=1m \
    transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1000-12Horas-Diurno on-login="\r\
    \n" rate-limit="1000k/1000k 2000k/2000k 500k/500k 80 8 1000k/1000k" shared-users=10 status-autorefresh=1m \
    transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1200-12Horas-Noturno rate-limit=\
    "1200k/1200k 2400k/2400k 600k/600k 80 8 1200k/1200k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC1200-12Horas-Diurno rate-limit=\
    "1200k/1200k 2400k/2400k 600k/600k 80 8 1200k/1200k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC500-24Horas rate-limit="500k/500k 1000k/1000k 250k/250k 80 8 500k/500k" \
    shared-users=10 status-autorefresh=1m transparent-proxy=no
    add idle-timeout=30m keepalive-timeout=2m name=ABC4000-24horas rate-limit=\
    "4000k/4000k 8000k/8000k 2000k/2000k 80 8 4000k/4000k" shared-users=10 status-autorefresh=1m transparent-proxy=no
    as config do web proxy

    /ip proxy
    set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none \
    max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 \
    port=8080 serialize-connections=no src-address=0.0.0.0
    já desativei todo meu firewall e tb não resolvei, algum amigo já passou por uma situação semelhante ou saber como resolver esse meu problema?


    T+



  3. Talvez vc esteja usando o Mikrotik-Advertise-URL
    (
    Mikrotik-Advertise-URL - URL of the page with advertisements that should be displayed to clients. If this attribute is specified, advertisements are enabled automatically, including transparent proxy, even if they were explicitly disabled in the corresponding user profile. Multiple attribute instances may be send by RADIUS server to specify additional URLs which are choosen in round robin fashion.)
    ou não especificou explicitamente que deve ser desativado.

  4. Citação Postado originalmente por int21 Ver Post
    Talvez vc esteja usando o Mikrotik-Advertise-URL
    (
    Mikrotik-Advertise-URL - URL of the page with advertisements that should be displayed to clients. If this attribute is specified, advertisements are enabled automatically, including transparent proxy, even if they were explicitly disabled in the corresponding user profile. Multiple attribute instances may be send by RADIUS server to specify additional URLs which are choosen in round robin fashion.)
    ou não especificou explicitamente que deve ser desativado.
    amigo na mosca, foi só desativar essa opção que parou de passar pelo webproxy, valeu pela ajuda, mais agora fiquei com uma duvida, como deve enviar esse atributo sem gerar esse problema?

    meu site é Portal AbcRede 2010 | AbcRede

    t+ valeu



  5. amigo eu estava comendo bronha mesmo, eu queria usar esse atributo para redirecionar os clientes apos o login, porem o atributo correto seria WISPr-Redirection-URL


    valeu amigo t+






Tópicos Similares

  1. Respostas: 6
    Último Post: 01-11-2007, 20:49
  2. firewall não funciona, já não sei mais o que fazer.
    Por cag no fórum Servidores de Rede
    Respostas: 10
    Último Post: 23-09-2005, 10:18
  3. PixelView Mpeg2 M4900 (Nao sei mais o que fazer!)
    Por wolfazevedo no fórum Sistemas Operacionais
    Respostas: 2
    Último Post: 06-06-2005, 18:55
  4. Nao sei mais o que fazer!
    Por mirror no fórum Servidores de Rede
    Respostas: 4
    Último Post: 26-01-2003, 01:56
  5. acl no squid não está funcionando. O que fazer ?
    Por no fórum Servidores de Rede
    Respostas: 3
    Último Post: 20-12-2002, 16:01

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L