Página 6 de 9 PrimeiroPrimeiro ... 23456789 ÚltimoÚltimo
+ Responder ao Tópico



  1. /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M \
    max-limit=10M name=HTTP-D packet-mark=http parent=WEB-D priority=1 queue=\
    ethernet-default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
    max-limit=5M name=HTTP-U packet-mark=http parent=WEB-U priority=3 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
    max-limit=3M name=HTTPS-D packet-mark=https parent=WEB-D priority=2 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1024k \
    max-limit=3M name=HTTPS-U packet-mark=https parent=WEB-U priority=7 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=FTP-D packet-mark=ftp parent=WEB-D priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=FTP-U packet-mark=ftp parent=WEB-U priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M \
    max-limit=3M name=DNS-D packet-mark=dns parent=DOWN priority=1 queue=\
    ethernet-default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=292k \
    max-limit=1024k name=DNS-U packet-mark=dns parent=UP priority=1 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1512k name=POP3-D packet-mark=pop3 parent=EMAIL-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1512k name=POP3-U packet-mark=pop3 parent=EMAIL-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=SMTP-D packet-mark=smtp parent=EMAIL-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=SMTP-U packet-mark=smtp parent=EMAIL-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1512k name=POP3S-U packet-mark=pop3s parent=EMAIL-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=SMTPS-U packet-mark=smtps parent=EMAIL-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1512k name=POP3S-D packet-mark=pop3s parent=EMAIL-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=SMTPS-D packet-mark=smtps parent=EMAIL-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=SKYPE-D packet-mark=skype parent=VOIP-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=1024k name=SKYPE-U packet-mark=skype parent=VOIP-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
    max-limit=1024k name=VOIPCLI-D packet-mark=voip parent=VOIP-D priority=4 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
    max-limit=1024k name=VOIPCLI-U packet-mark=voip parent=VOIP-U priority=4 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=SSH-D packet-mark=ssh parent=ACCESS-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=SSH-U packet-mark=ssh parent=ACCESS-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=1024k name=TELNET-U packet-mark=telnet parent=ACCESS-U \
    priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=1024k name=TELNET-D packet-mark=telnet parent=ACCESS-D \
    priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=PPTP-D packet-mark=pptp parent=ACCESS-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=PPTP-U packet-mark=pptp parent=ACCESS-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=L2TP-U packet-mark=l2tp parent=ACCESS-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=48k \
    max-limit=1024k name=L2TP-D packet-mark=l2tp parent=ACCESS-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=256k name=ICMP-D packet-mark=ping parent=DOWN priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
    max-limit=256k name=ICMP-U packet-mark=ping parent=UP priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=768k name=GRE-D packet-mark=gre parent=DOWN priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=768k name=GRE-U packet-mark=gre parent=UP priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=WINTS-D packet-mark=win-ts parent=ACCESS-D priority=\
    8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=WINTS-U packet-mark=win-ts parent=ACCESS-U priority=\
    8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
    max-limit=3M name=PROXY-D packet-mark=proxy parent=WEB-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=VNC-D packet-mark=vnc parent=ACCESS-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=1024k name=VNC-U packet-mark=vnc parent=ACCESS-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=768k name=IRC-D packet-mark=irc parent=IM-D priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=768k name=IRC-U packet-mark=irc parent=IM-U priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=256k name=NTP-D packet-mark=ntp parent=TIMESBR-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=256k name=NTP-U packet-mark=ntp parent=TIMESVR-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
    max-limit=3M name=OTHERSTCP-D packet-mark=other-tcp parent=OTHERS-D \
    priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
    max-limit=4M name=OTHERSTCP-U packet-mark=other-tcp parent=OTHERS-U \
    priority=3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
    max-limit=4M name=OTHERSUDP-U packet-mark=other-udp parent=OTHERS-U \
    priority=5 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
    max-limit=5M name=OTHERSUDP-D packet-mark=other-udp parent=OTHERS-D \
    priority=1 queue=ethernet-default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=256k name=NNTP-D packet-mark=nntp parent=TIMESBR-D priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=256k name=NNTP-U packet-mark=nntp parent=TIMESVR-U priority=8 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=768k name=MSN-D packet-mark=msn parent=IM-D priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
    max-limit=2048k name=MSN-U packet-mark=msn parent=IM-U priority=8 queue=\
    default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=128k name=ICMP-NAGIOS-D packet-mark=ping-nagios parent=OTHERS-D \
    priority=4 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
    max-limit=128k name=ICMP-NAGIOS-U packet-mark=ping-nagios parent=OTHERS-U \
    priority=4 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=128k name=p2p-d packet-mark=p2p parent=OTHERS-D priority=8 \
    queue=pcq-p2p-down
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
    max-limit=256k name=p2p-u packet-mark=p2p parent=OTHERS-U priority=8 \
    queue=pcq-p2p-down

  2. /ip dns
    set allow-remote-requests=no cache-max-ttl=1w cache-size=1024KiB \
    max-udp-packet-size=1024 servers=201.10.120.3,201.10.1.3
    /ip firewall address-list
    add address=10.2.5.247 comment=aviso15 disabled=no list=pgaviso
    add address=10.2.5.187 comment=aviso60 disabled=no list=pgaviso
    add address=10.2.5.223 comment=aviso37 disabled=no list=pgaviso
    add address=10.2.5.187 comment=ssh_corte_alessandra disabled=no list=pgcorte
    add address=192.168.2.2 disabled=no list=NO_CACHE
    /ip firewall connection tracking
    set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
    /ip firewall filter
    add action=accept chain=forward disabled=yes src-address=192.168.2.2
    add action=drop chain=input disabled=no layer7-protocol=ares time=\
    17h-21h,sun,mon,tue,wed,thu,fri,sat
    add action=drop chain=input connection-state=invalid disabled=yes \
    in-interface=pppoe-out1
    add action=jump chain=input disabled=no jump-target=VIRUS
    add action=add-src-to-address-list address-list=Lista_negra \
    address-list-timeout=10m chain=input connection-limit=10,32 disabled=no \
    protocol=tcp
    add action=accept chain=input connection-state=new disabled=no
    add action=accept chain=input connection-state=established disabled=no
    add action=accept chain=input connection-state=related disabled=no
    add action=accept chain=icpm connection-state=new disabled=no icmp-options=\
    3:4 in-bridge-port=!RB1 protocol=icmp
    add action=drop chain=forward disabled=no layer7-protocol=edonkey-3 time=\
    17h-21h,sun,mon,tue,wed,thu,fri,sat
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=no
    add action=accept chain=icpm connection-state=related disabled=no \
    icmp-options=0:0 protocol=icmp
    add action=drop chain=icpm disabled=no icmp-options=8:0 in-interface=\
    pppoe-out1 protocol=icmp
    add action=drop chain=icpm disabled=no icmp-options=11:0 in-interface=\
    pppoe-out1 protocol=icmp
    add action=drop chain=icpm disabled=no icmp-options=3:3 in-interface=\
    pppoe-out1 protocol=icmp
    add action=drop chain=input disabled=no
    add action=drop chain=VIRUS disabled=no protocol=tcp src-port=445
    add action=drop chain=VIRUS disabled=no dst-port=445 protocol=tcp
    add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no protocol=\
    udp src-port=445
    add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
    add action=drop chain=VIRUS disabled=no protocol=tcp src-port=135-139
    add action=drop chain=VIRUS disabled=no protocol=udp src-port=135-139
    add action=drop chain=VIRUS disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=135-139 protocol=udp
    add action=drop chain=VIRUS comment=________ disabled=no dst-port=593 \
    protocol=tcp
    add action=drop chain=VIRUS comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop MyDoom" disabled=no dst-port=1080 \
    protocol=tcp
    add action=drop chain=VIRUS comment=________ disabled=no dst-port=1214 \
    protocol=tcp
    add action=drop chain=VIRUS comment="ndm requester" disabled=no dst-port=1363 \
    protocol=tcp
    add action=drop chain=VIRUS comment="ndm server" disabled=no dst-port=1364 \
    protocol=tcp
    add action=drop chain=VIRUS comment="screen cast" disabled=no dst-port=1368 \
    protocol=tcp
    add action=drop chain=VIRUS comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
    add action=drop chain=VIRUS comment=cichlid disabled=no dst-port=1377 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Bagle VIRUS" disabled=no dst-port=2745 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Beagle.C-K" disabled=no dst-port=\
    2745 protocol=tcp
    add action=drop chain=VIRUS comment="Drop MyDoom" disabled=no dst-port=3127 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Backdoor OptixPro" disabled=no \
    dst-port=3410 protocol=tcp
    add action=drop chain=VIRUS comment=Worm disabled=no dst-port=4444 protocol=\
    tcp
    add action=drop chain=VIRUS comment=Worm disabled=no dst-port=4444 protocol=\
    udp
    add action=drop chain=VIRUS comment="Drop Sasser" disabled=no dst-port=5554 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Beagle.B" disabled=no dst-port=8866 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Dabber.A-B" disabled=no dst-port=\
    9898 protocol=tcp
    add action=drop chain=VIRUS comment="Drop Dumaru.Y" disabled=no dst-port=\
    10000 protocol=tcp
    add action=drop chain=VIRUS comment="Drop MyDoom.B" disabled=no dst-port=\
    10080 protocol=tcp
    add action=drop chain=VIRUS comment="Drop NetBus" disabled=no dst-port=12345 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop Kuang2" disabled=no dst-port=17300 \
    protocol=tcp
    add action=drop chain=VIRUS comment="Drop SubSeven" disabled=no dst-port=\
    27374 protocol=tcp
    add action=drop chain=VIRUS comment="Drop PhatBot, Agobot, Gaobot" disabled=\
    no dst-port=65506 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=513 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=513 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=525 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=525 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=568-569 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=568-569 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=1512 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=1512 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=396 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=396 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=1366 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=1366 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=1416 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=1416 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=201-209 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=201-209 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=545 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=545 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=1381 protocol=udp
    add action=drop chain=VIRUS disabled=no dst-port=1381 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=3031 protocol=tcp
    add action=drop chain=VIRUS disabled=no dst-port=3031 protocol=udp
    add action=accept chain=input disabled=no src-address=172.31.255.2



  3. /ip firewall mangle
    add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
    !NO_CACHE dst-port=80 in-interface=Laboratorio new-routing-mark=\
    thunder_route passthrough=no protocol=tcp src-address=192.168.1.0/24
    add action=accept chain=prerouting disabled=no
    add action=mark-connection chain=udp-services comment=DNS disabled=no \
    dst-port=53 new-connection-mark=dns-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-packet chain=udp-services comment=DNS connection-mark=\
    dns-conn disabled=no new-packet-mark=dns passthrough=no
    add action=mark-connection chain=tcp-services comment=HTTP disabled=no \
    dst-port=80 new-connection-mark=http-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=HTTP connection-mark=\
    http-conn disabled=no new-packet-mark=http passthrough=no
    add action=mark-connection chain=tcp-services comment=HTTP disabled=no \
    dst-port=80 new-connection-mark=http-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=HTTP connection-mark=\
    http-conn disabled=no new-packet-mark=http passthrough=no
    add action=jump chain=prerouting comment="Marca todos os servicos UDP" \
    connection-state=new disabled=no jump-target=udp-services protocol=udp
    add action=jump chain=prerouting comment="Marca todos os servicos TCP" \
    connection-state=new disabled=no jump-target=tcp-services protocol=tcp
    add action=mark-connection chain=prerouting comment=bittorrent disabled=no \
    layer7-protocol=bittorrent new-connection-mark=p2p-conn passthrough=yes \
    src-address-list=!com-p2p
    add action=mark-connection chain=prerouting comment=bittorrent2 disabled=no \
    layer7-protocol=bittorrent-2 new-connection-mark=p2p-conn passthrough=yes \
    src-address-list=!com-p2p
    add action=mark-connection chain=prerouting comment=edonkey disabled=no \
    layer7-protocol=edonkey new-connection-mark=p2p-conn passthrough=yes \
    src-address-list=!com-p2p
    add action=mark-connection chain=prerouting comment=edonkey2 disabled=no \
    layer7-protocol=edonkey-2 new-connection-mark=p2p-conn passthrough=yes
    add action=mark-connection chain=prerouting comment=edonkey3 disabled=no \
    layer7-protocol=edonkey-3 new-connection-mark=p2p-conn passthrough=yes
    add action=mark-connection chain=prerouting comment=EMULE disabled=no \
    dst-port=4242-4243 new-connection-mark=p2p-conn passthrough=yes protocol=\
    tcp src-port=1024-65535
    add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
    dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
    protocol=tcp src-port=4661-4662
    add action=mark-connection chain=prerouting comment=EMULE disabled=no \
    dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
    protocol=tcp src-port=4711
    add action=mark-connection chain=prerouting comment=EMULE disabled=no \
    dst-port=4665 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-connection chain=prerouting comment=EMULE disabled=no \
    dst-port=4672 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-connection chain=prerouting comment=EMULE disabled=no \
    dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
    protocol=udp src-port=4672
    add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
    dst-port=12053 new-connection-mark=p2p-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-connection chain=prerouting comment=OVERNET disabled=no \
    dst-port=1024-65535 new-connection-mark=p2p-conn passthrough=yes \
    protocol=udp src-port=12053
    add action=mark-packet chain=prerouting comment="marca pacotes p2p" \
    connection-mark=p2p-conn disabled=no new-packet-mark=p2p passthrough=no
    add action=mark-connection chain=prerouting comment=SkypePhone disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=skype-conn passthrough=\
    yes
    add action=mark-packet chain=prerouting comment=Skype connection-mark=\
    skype-conn disabled=no new-packet-mark=skype passthrough=no
    add action=mark-connection chain=prerouting comment=RSTP disabled=no dscp=46 \
    new-connection-mark=voip-conn passthrough=yes
    add action=mark-connection chain=prerouting comment=SIP disabled=no dscp=43 \
    new-connection-mark=voip-conn passthrough=yes
    add action=mark-packet chain=prerouting comment=VOIP connection-mark=\
    voip-conn disabled=no new-packet-mark=voip passthrough=no
    add action=mark-connection chain=tcp-services comment=SMTP disabled=no \
    dst-port=25 new-connection-mark=smtp-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=SMTP connection-mark=\
    smtp-conn disabled=no new-packet-mark=smtp passthrough=no
    add action=mark-connection chain=tcp-services comment=DNS disabled=no \
    dst-port=53 new-connection-mark=dns-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=DNS connection-mark=\
    dns-conn disabled=no new-packet-mark=dns passthrough=no
    add action=mark-connection chain=tcp-services comment=POP disabled=no \
    dst-port=110 new-connection-mark=pop3-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=POP connection-mark=\
    pop3-conn disabled=no new-packet-mark=pop3 passthrough=no
    add action=mark-connection chain=tcp-services comment=POP3S disabled=no \
    dst-port=995 new-connection-mark=pop3s-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=POP3S connection-mark=\
    pop3s-conn disabled=no new-packet-mark=pop3s passthrough=no
    add action=mark-connection chain=tcp-services comment=PPTP disabled=no \
    dst-port=1723 new-connection-mark=pptp-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=PPTP connection-mark=\
    pptp-conn disabled=no new-packet-mark=pptp passthrough=no
    add action=mark-connection chain=tcp-services comment=MSN connection-state=\
    new disabled=no dst-port=1863 new-connection-mark=msn-conn passthrough=\
    yes protocol=tcp src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=MSN connection-mark=\
    msn-conn disabled=no new-packet-mark=msn passthrough=no
    add action=mark-connection chain=tcp-services comment=KGS disabled=no \
    dst-port=2379 new-connection-mark=kgs-conn passthrough=yes protocol=tcp \
    src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=KGS connection-mark=\
    kgs-conn disabled=no new-packet-mark=kgs passthrough=no
    add action=mark-connection chain=tcp-services comment=BITTORRENT disabled=no \
    dst-port=6881-6889 new-connection-mark=bittorrent-conn passthrough=yes \
    protocol=tcp src-port=1024-65535
    add action=mark-packet chain=tcp-services comment=BITTORRENT connection-mark=\
    bittorrent-conn disabled=no new-packet-mark=bittorrent passthrough=no
    add action=mark-connection chain=udp-services comment=OTHER-UDP \
    connection-state=new disabled=no new-connection-mark=other-udp-conn \
    passthrough=yes protocol=udp
    add action=mark-packet chain=udp-services comment=OTHER-UDP connection-mark=\
    other-udp-conn disabled=no new-packet-mark=other-udp passthrough=no
    add action=mark-connection chain=tcp-services comment=OTHER-TCP disabled=no \
    new-connection-mark=other-tcp-conn passthrough=yes protocol=tcp
    add action=mark-packet chain=tcp-services comment=OTHER-TCP connection-mark=\
    other-tcp-conn disabled=no new-packet-mark=other-tcp passthrough=no
    add action=mark-connection chain=udp-services comment=NTP disabled=no \
    dst-port=123 new-connection-mark=ntp-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-packet chain=udp-services comment=NTP connection-mark=\
    ntp-conn disabled=no new-packet-mark=ntp passthrough=no
    add action=mark-connection chain=udp-services comment=L2TP disabled=no \
    dst-port=1701 new-connection-mark=l2tp-conn passthrough=yes protocol=udp \
    src-port=1024-65535
    add action=mark-packet chain=udp-services comment=L2TP connection-mark=\
    l2tp-conn disabled=no new-packet-mark=l2tp passthrough=no
    add action=mark-connection chain=udp-services comment=SKYPE disabled=no \
    dst-port=1024-65535 new-connection-mark=skype-conn passthrough=yes \
    protocol=udp src-port=36725
    add action=mark-packet chain=udp-services comment=SKYPE connection-mark=\
    skype-conn disabled=no new-packet-mark=skype passthrough=no
    add action=mark-connection chain=other-services comment=ICMP disabled=no \
    icmp-options=8:0-255 new-connection-mark=ping-conn passthrough=yes \
    protocol=icmp
    add action=mark-packet chain=udp-services comment=ICMP connection-mark=\
    ping-conn disabled=no new-packet-mark=ping passthrough=no
    add action=mark-connection chain=other-services comment=GRE disabled=no \
    new-connection-mark=gre-conn passthrough=yes protocol=gre
    add action=mark-packet chain=udp-services comment=GRE connection-mark=\
    gre-conn disabled=no new-packet-mark=gre passthrough=no
    add action=mark-connection chain=prerouting comment="todos P2P - ipp2p" \
    disabled=no new-connection-mark=p2p-conn p2p=all-p2p passthrough=yes \
    src-address-list=!com-p2p
    add action=mark-connection chain=other-services comment=OTHERS disabled=no \
    new-connection-mark=other-conn passthrough=yes
    add action=mark-packet chain=other-services comment=OTHERS connection-mark=\
    other-conn disabled=no new-packet-mark=other passthrough=no
    add action=jump chain=prerouting comment="Marca o resto" connection-state=new \
    disabled=no jump-target=other-services

  4. /ip firewall nat
    add action=dst-nat chain=dstnat disabled=yes protocol=tcp src-address=\
    192.168.1.4 to-addresses=172.31.255.2 to-ports=88
    add action=dst-nat chain=dstnat comment=CORTE disabled=no protocol=tcp \
    src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
    add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=172.16.50.0/24
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=no
    add action=masquerade chain=srcnat disabled=no
    add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.2.2 \
    dst-port=80 in-interface=!Proxy protocol=tcp src-address=\
    10.2.0.1-10.2.5.254 to-addresses=192.168.2.2 to-ports=8080
    add action=dst-nat chain=dstnat disabled=no dst-address=!192.168.2.2 \
    dst-port=80 in-interface=Laboratorio protocol=tcp src-address=\
    192.168.1.0/24 to-addresses=192.168.2.2 to-ports=8080
    /ip firewall service-port
    set ftp disabled=no ports=21
    set tftp disabled=no ports=69
    set irc disabled=no ports=6667
    set h323 disabled=no
    set sip disabled=no ports=5060,5061 sip-direct-media=yes
    set pptp disabled=no
    /ip hotspot ip-binding
    add address=10.100.200.2 disabled=no type=bypassed
    add address=10.100.200.3 disabled=no type=bypassed
    add address=10.100.200.4 disabled=no type=bypassed
    add address=10.100.200.5 disabled=no type=bypassed
    add address=10.100.200.6 disabled=no type=bypassed
    add address=10.100.200.7 disabled=no type=bypassed
    add address=172.31.255.2 disabled=no type=bypassed
    add address=172.16.50.30 disabled=no type=bypassed
    add address=172.16.50.254 disabled=no type=bypassed
    /ip hotspot service-port
    set ftp disabled=no ports=21
    /ip hotspot walled-garden
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=85
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=80
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=88
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=1813
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=1812
    /ip neighbor discovery
    set Link disabled=no
    set Mk-Auth disabled=no
    set Bancada disabled=no
    set RB1 disabled=no
    set Proxy disabled=no
    set Laboratorio disabled=no
    set pppoe-out1 disabled=yes
    set pppoe-out2 disabled=yes
    /ip proxy
    set always-from-cache=no cache-administrator="" cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8088 serialize-connections=yes src-address=\
    0.0.0.0
    /ip route
    add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 \
    pref-src=192.168.2.1 routing-mark=thunder_route scope=30 target-scope=10
    /ip service
    set telnet disabled=no port=23
    set ftp disabled=no port=21
    set www disabled=no port=80
    set ssh disabled=no port=22
    set www-ssl certificate=none disabled=yes port=443
    set api disabled=yes port=8728
    set winbox disabled=no port=8291
    /ip socks
    set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
    /ip ssh
    set forwarding-enabled=no
    /ip traffic-flow
    set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all


    /ppp aaa
    set accounting=yes interim-update=3m use-radius=yes


    /queue interface
    set Link queue=ethernet-default
    set Mk-Auth queue=ethernet-default
    set Bancada queue=ethernet-default
    set RB1 queue=ethernet-default
    set Proxy queue=ethernet-default
    set Laboratorio queue=ethernet-default



  5. Citação Postado originalmente por futurasolucoes Ver Post
    /ip firewall nat
    add action=dst-nat chain=dstnat disabled=yes protocol=tcp src-address=\
    192.168.1.4 to-addresses=172.31.255.2 to-ports=88
    add action=dst-nat chain=dstnat comment=CORTE disabled=no protocol=tcp \
    src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
    add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=172.16.50.0/24
    add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=no
    add action=masquerade chain=srcnat disabled=no
    add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.2.2 \
    dst-port=80 in-interface=!Proxy protocol=tcp src-address=\
    10.2.0.1-10.2.5.254 to-addresses=192.168.2.2 to-ports=8080
    add action=dst-nat chain=dstnat disabled=no dst-address=!192.168.2.2 \
    dst-port=80 in-interface=Laboratorio protocol=tcp src-address=\
    192.168.1.0/24 to-addresses=192.168.2.2 to-ports=8080
    /ip firewall service-port
    set ftp disabled=no ports=21
    set tftp disabled=no ports=69
    set irc disabled=no ports=6667
    set h323 disabled=no
    set sip disabled=no ports=5060,5061 sip-direct-media=yes
    set pptp disabled=no
    /ip hotspot ip-binding
    add address=10.100.200.2 disabled=no type=bypassed
    add address=10.100.200.3 disabled=no type=bypassed
    add address=10.100.200.4 disabled=no type=bypassed
    add address=10.100.200.5 disabled=no type=bypassed
    add address=10.100.200.6 disabled=no type=bypassed
    add address=10.100.200.7 disabled=no type=bypassed
    add address=172.31.255.2 disabled=no type=bypassed
    add address=172.16.50.30 disabled=no type=bypassed
    add address=172.16.50.254 disabled=no type=bypassed
    /ip hotspot service-port
    set ftp disabled=no ports=21
    /ip hotspot walled-garden
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=85
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=80
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=88
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=1813
    add action=allow disabled=no dst-host=172.31.255.2 dst-port=1812
    /ip neighbor discovery
    set Link disabled=no
    set Mk-Auth disabled=no
    set Bancada disabled=no
    set RB1 disabled=no
    set Proxy disabled=no
    set Laboratorio disabled=no
    set pppoe-out1 disabled=yes
    set pppoe-out2 disabled=yes
    /ip proxy
    set always-from-cache=no cache-administrator="" cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8088 serialize-connections=yes src-address=\
    0.0.0.0
    /ip route
    add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 \
    pref-src=192.168.2.1 routing-mark=thunder_route scope=30 target-scope=10
    /ip service
    set telnet disabled=no port=23
    set ftp disabled=no port=21
    set www disabled=no port=80
    set ssh disabled=no port=22
    set www-ssl certificate=none disabled=yes port=443
    set api disabled=yes port=8728
    set winbox disabled=no port=8291
    /ip socks
    set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
    /ip ssh
    set forwarding-enabled=no
    /ip traffic-flow
    set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all


    /ppp aaa
    set accounting=yes interim-update=3m use-radius=yes


    /queue interface
    set Link queue=ethernet-default
    set Mk-Auth queue=ethernet-default
    set Bancada queue=ethernet-default
    set RB1 queue=ethernet-default
    set Proxy queue=ethernet-default
    set Laboratorio queue=ethernet-default
    Bom dia parceiro, vou passar minhas configurações p vc, aqui ta rodando legal to com economia de 14% do link, não tá do jeito que eu quero mais to ajustando devagarinho, agora percebi que no seu queues tree tem muita regra lembro que usei assim com muita regras e tava me dando dor de cabeça vou te mandar minhas configurações ai vc ve se server p vc usar na sua estrutura.






Tópicos Similares

  1. RB750 GL causando lentidão na rede
    Por Maxs França no fórum Redes
    Respostas: 7
    Último Post: 20-05-2014, 14:36
  2. Brodcast causando lentidão na rede
    Por gunthermb no fórum Redes
    Respostas: 0
    Último Post: 01-03-2009, 16:04
  3. Lentidão na rede wireless
    Por Infobyte no fórum Redes
    Respostas: 27
    Último Post: 02-03-2007, 00:51
  4. Estou para enlouquecer com lentidão na rede!!! Squid?
    Por CEP no fórum Servidores de Rede
    Respostas: 0
    Último Post: 20-01-2006, 21:25
  5. Lentidão na rede (ping alto, maior que 400ms)
    Por nataniel no fórum Redes
    Respostas: 6
    Último Post: 31-08-2005, 06:47

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L