Página 1 de 10 123456 ... ÚltimoÚltimo
+ Responder ao Tópico



  1. Não sei se estou postando minha duvida no lugar certo, mais em fim.

    Estou a 3 semanas procurando aqui, no fórum e mudando regras no meu servidor, para ver se encontro solução, para este meu problema.

    Tenho 180 clientes cerca de 80 a 90 online em horários de pico.
    Uso Hotspot, + web-proxy com 2 HD, um para o sistema e o outro para o cachê, minha rede é toda bridge.

    O que começou acontecer em minha rede tem uns 30 dias, é paginas carregando incorretamente, faltando algumas imagens, não raro da "pagina não pode ser exibida". Erros em algumas paginas tipo Orkut em alguns aplicativos.

    Mexendo e lendo dicas e mais dicas aqui no fórum descobri que o problema esta relacionado com o meu cachê, e dito e feito... basta eu desabilitar o redirecionamento para o web-proxy que todos os problemas somem.

    Antes que vc´s falem já troquei HD já refiz o servidor do zero. E nada parece ter resultado.
    Como já não sei mais o que fazer estou recorrendo a ajuda dos amigos aqui do fórum que sempre estão dispostos a ajudar.

    Segue minhas regras:


    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment="////////////////////////\
    //////////////////////////////////////////////////////// REGRAS ENTRADA PE\
    RMITIDA \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\" disabled=no
    add action=accept chain=input comment=CLIENTES disabled=no in-interface=\
    BRIDGE protocol=tcp
    add action=accept chain=input comment="Allow ICMP" disabled=no protocol=icmp
    add action=accept chain=input comment="PERMITE - BALANCEADOR" disabled=no \
    src-address=192.168.10.0/24
    add action=accept chain=input comment="ACEITA WINBOX" disabled=no dst-port=\
    8291 protocol=tcp
    add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
    dst-port=4239 protocol=tcp
    add action=add-src-to-address-list address-list=Ares-Conn \
    address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_01 \
    disabled=no p2p=warez protocol=tcp
    add action=add-src-to-address-list address-list=Ares-Conn \
    address-list-timeout=10h chain=forward comment=CONTROLE_ARES_PERFEITO_02 \
    disabled=no p2p=warez protocol=udp
    add action=drop chain=forward comment=CONTROLE_ARES_PERFEITO_03 disabled=no \
    src-address=!192.168.88.0/22 src-address-list=Ares-Conn
    add action=accept chain=input comment="ACEITA CONEXAOES NOVAS" \
    connection-state=new disabled=no
    add action=accept chain=forward comment="" connection-state=new disabled=no
    add action=accept chain=input comment="PERMITE CONEXAO RELATADAS" \
    connection-state=related disabled=no
    add action=accept chain=forward comment="" connection-state=related disabled=\
    no
    add action=accept chain=input comment="PERMITE CONEXAO ESTABELECIDAS" \
    connection-state=established disabled=no
    add action=accept chain=forward comment="" connection-state=established \
    disabled=no
    add action=passthrough chain=unused-hs-chain comment="////////////////////////\
    //////////////////////////////////////////////////////// REGRAS DE BLOQUEI\
    O ////////////////////////////////////////////////////////////////////////\
    ////////" disabled=no
    add action=drop chain=forward comment=\
    "LIMITANDO_CONEX\D5ES_SIMULTANEAS_LIVRE_MANGLE" connection-mark=\
    !semlimite disabled=yes protocol=tcp src-address=192.168.88.0/22
    add action=drop chain=forward comment=BLOQUEIO_PORTAS_LIVRE_MANGLES_UDP \
    disabled=yes packet-mark=!semlimite protocol=udp src-address=\
    192.168.88.0/22
    add action=drop chain=input comment="BLOQUEIO DO PROXY EXTERNO" disabled=no \
    dst-port=4239 in-interface=LINK protocol=tcp
    add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
    dst-port=5678 protocol=udp
    add action=drop chain=input comment="BLOQUEIO DE DNS REVERSO" content=\
    user.veloxzone.com.br disabled=no dst-port=!8291 protocol=tcp
    add action=drop chain=forward comment="DROP CONEX\D5ES INVALIDAS" \
    connection-state=invalid disabled=yes
    add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS TCP" disabled=\
    no dst-port=137-139 protocol=tcp
    add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS UDP" disabled=\
    no dst-port=137-139 protocol=udp
    add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
    protocol=udp
    add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
    protocol=tcp
    add action=drop chain=forward comment=BLOQUEIO_ARES_MANGLES disabled=yes \
    packet-mark=p2p
    add action=drop chain=forward comment=BLOQUEIO_PS2-WARES disabled=yes p2p=\
    warez protocol=tcp
    add action=jump chain=input comment="/////////////////////////////////////////\
    /////////////////////////////////////// REPASSA TRAFEGO \\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\" \
    disabled=no jump-target="P2P E PORTAS"
    add action=jump chain=forward comment="" disabled=no jump-target=\
    "P2P E PORTAS"
    add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
    disabled=no jump-target=VIRUS
    add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
    add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
    jump-target=BOGONS
    add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
    add action=accept chain="P2P E PORTAS" comment="//////////////////////////////\
    ////////////////////////////////////////////////// RECEBEM DO REPASSE \\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    \\\\\\\\" disabled=no dst-port=6346-6349 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="EMAIL POP 110" disabled=no \
    dst-port=110 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="EMAIL SMTP - 25" disabled=no \
    dst-port=25 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
    dst-port=5636 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=MSN disabled=no dst-port=1863 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=7001 \
    protocol=tcp




    -------------




    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment="************************\
    ***************************INICIO REGRAS DO NAT **************************\
    **************************************************************************\
    **" disabled=no dst-address-list=!semproxy packet-size=40-12000
    add action=masquerade chain=srcnat comment="MASCARAR HOTSPOT" disabled=no \
    out-interface=LINK src-address=192.168.88.0/22
    add action=redirect chain=pre-hotspot comment="PAGINA DE STATUS DO HOTSPOT" \
    disabled=no dst-address=192.168.88.1 dst-port=80 hotspot=auth protocol=\
    tcp to-ports=64873
    add action=accept chain=dstnat comment="YOUTUBE FORA DA CACHE" content=\
    youtube disabled=no
    add action=redirect chain=dstnat comment="REDIRECIONA WEB PROXY" disabled=no \
    dst-address-list=!semproxy dst-port=80 in-interface=BRIDGE protocol=tcp \
    src-address=192.168.88.0/22 to-ports=4239
    add action=accept chain=pre-hotspot comment="CONECTIVIDADE SOCIAL + BANCOS" \
    disabled=no dst-address=200.201.160.0/24 dst-port=80 hotspot=auth \
    in-interface=BRIDGE protocol=tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.166.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.173.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=accept chain=pre-hotspot comment="" disabled=no dst-address=\
    200.201.174.0/24 dst-port=80 hotspot=auth in-interface=BRIDGE protocol=\
    tcp
    add action=accept chain=pre-hotspot comment="RADIO UOL" disabled=no \
    dst-address=200.221.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
    protocol=tcp
    add action=accept chain=pre-hotspot comment="RADIO TERRA" disabled=no \
    dst-address=200.154.0.0/16 dst-port=80 hotspot=auth in-interface=BRIDGE \
    protocol=tcp
    Última edição por userteck2011; 30-03-2011 às 21:35.

  2. continuando....

    /ip firewall mangle
    add action=mark-connection chain=output comment="1 - HOTSPOT-FULL " disabled=\
    no new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=udp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64872
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64873
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64874
    add action=mark-connection chain=output comment="" disabled=no \
    new-connection-mark=hotspot-out out-interface=BRIDGE passthrough=yes \
    protocol=tcp src-port=64875
    add action=mark-packet chain=output comment="" connection-mark=hotspot-out \
    disabled=no new-packet-mark=hotspot passthrough=no
    add action=mark-packet chain=output comment="2 - PROXY FULL" disabled=no \
    dscp=4 new-packet-mark=proxy-hit out-interface=BRIDGE passthrough=no \
    protocol=tcp src-port=4239
    add action=mark-packet chain=prerouting comment=\
    "03 - UPLOAD MARCANDO PACOTES" disabled=no in-interface=BRIDGE \
    new-packet-mark=test-up passthrough=no src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "04 - MARCANDO DOWNLOAD LINK" disabled=no new-connection-mark=teste-conn \
    passthrough=yes src-address=192.168.88.0/22
    add action=mark-packet chain=forward comment="05 - DOWNLOAD DIRETO LINK" \
    connection-mark=teste-conn disabled=no in-interface=LINK new-packet-mark=\
    test-down passthrough=no
    add action=mark-packet chain=output comment="06 - DOWNLOAD DIRETO DO CACHE" \
    disabled=no dst-address=192.168.88.0/22 new-packet-mark=test-down \
    out-interface=BRIDGE passthrough=no
    add action=mark-connection chain=forward comment="DESBLOQUEIO +++++++++++++ IN\
    ICIO MARCA\C7\C3O DE PORTAS //////////////////////////////////////////////\
    //////////////////////////////////" disabled=no dst-port=21 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=22 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=23 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="DESBLOQUEIO - DNS" \
    disabled=no dst-port=53 new-connection-mark=semlimite_udp passthrough=yes \
    protocol=udp src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=80 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - EMAIL SMTP OUTLOOK" disabled=no dst-port=25 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="DESBLOQUEIO - EMAIL POP" \
    disabled=no dst-port=110 new-connection-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - PORTA POP SEGURA - SSL OUTLOOK" disabled=no dst-port=995 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - PAGINAS HTTPS" disabled=no dst-port=443 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="DESBLOQUEIO - RB-750G-8291" \
    disabled=no dst-port=8291 new-connection-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=8080 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=\
    6891-6901 new-connection-mark=semlimite passthrough=yes protocol=tcp \
    src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="DESBLOQUEIO - MSN" \
    disabled=no dst-port=1863 new-connection-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="DESBLOQUEIO - PROXY FULL" \
    disabled=no dst-port=4239 new-connection-mark=semlimite passthrough=yes \
    protocol=tcp src-address=192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=3389 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=5900 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=135 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - RADIO - UOL E PRINCIPAIS" disabled=no dst-port=554 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - RADIO - JOVEM PAN" disabled=no dst-port=8000 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - RADIO - HOT-FM-107" disabled=no dst-port=9001 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment="" disabled=no dst-port=8081 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22
    add action=mark-connection chain=forward comment=\
    "DESBLOQUEIO - RADIO PORTA 730" disabled=no dst-port=8730 \
    new-connection-mark=semlimite passthrough=yes protocol=tcp src-address=\
    192.168.88.0/22



  3. continuando...

    /ip proxy
    set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=yes enabled=yes max-cache-size=99000000KiB \
    max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
    parent-proxy=0.0.0.0 parent-proxy-port=0 port=4239 serialize-connections=\
    no src-address=0.0.0.0
    /ip proxy access
    add action=allow comment="REDE CLIENTES" disabled=no src-address=\
    192.168.88.0/22
    add action=deny comment="" disabled=no
    add action=deny comment="block telnet & spam e-mail relaying" disabled=yes \
    dst-port=23-25 src-address=192.168.88.0/22
    add action=deny comment=\
    "allow CONNECT only to SSL ports 443 [https] and 563 [snews]" disabled=\
    yes dst-port=!443,563 method=CONNECT src-address=192.168.88.0/22
    add action=deny comment="" disabled=no
    /ip proxy cache
    add action=allow comment="" disabled=no src-address=192.168.88.0/22
    add action=deny comment="" disabled=no dst-host=":cgi-bin \\\\\?"
    add action=deny comment="" disabled=no dst-host=https://
    add action=allow comment="" disabled=no dst-host=: path=:.swf*
    add action=allow comment="" disabled=no dst-host=: path=:.exe*
    add action=allow comment="" disabled=no dst-host=: path=:.html*
    add action=allow comment="" disabled=no dst-host=: path=:.jpg*
    add action=allow comment="" disabled=no dst-host=: path=:.rar*
    add action=allow comment="" disabled=no dst-host=: path=:.txt*
    add action=allow comment="" disabled=no dst-host=: path=:.htm*
    add action=allow comment="" disabled=no dst-host=: path=:.gif*
    add action=allow comment="" disabled=no dst-host=: path=:.avi*
    add action=allow comment="" disabled=no dst-host=: path=:.mpg*

    é isso ai... conto com a ajuda de vc´s... muito obrigado.

  4. acho que pode ser dns viu .....
    troque ai e faça um teste .....
    google dns : 8.8.8.8/8.8.4.4
    level 3 dns:4.2.2.1/4.2.2.2
    giga dns:189.38.95.95/189.38.95.96



  5. Bom... o DNS da gogle eu ja testei, e tb testei o - 208.67.222.222/208.67.2220.220 não muda em anda.

    vou testar o 4.2.2.1/4.2.2.2... to tentando de tudo.... muito obrigado, por se preocupar comigo.






Tópicos Similares

  1. Respostas: 40
    Último Post: 15-06-2016, 22:52
  2. Servidor Nis + Cliente!
    Por Brenno no fórum Servidores de Rede
    Respostas: 7
    Último Post: 16-05-2005, 10:34
  3. Respostas: 3
    Último Post: 02-05-2005, 07:46
  4. VPN - servidor linux - cliente windows
    Por vortex no fórum Servidores de Rede
    Respostas: 1
    Último Post: 29-08-2004, 17:43
  5. Servidor e Cliente NIS
    Por odbc no fórum Servidores de Rede
    Respostas: 6
    Último Post: 18-02-2004, 06:54

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L