Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Ih to nessa mesma situação, to uma máquina distinta aqui para o cache com o MK-AUTH instalado (somente o proxy) e rodando consigo acessar as páginas de relatório porém quando eu habilito a regra de redirecionamento no NAT a navegação para já tentei de tudo aqui mais até agora nada to usando uma RB 750 com Mikrotik 5.6
    Nesse momento estou tentando essas regras que encontrei aqui mesmo no forum e também no do MK-AUTH

    /ip firewall address-list
    add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=\
    nobalance
    add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=\
    nobalance
    add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no list=\
    nobalance
    add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance
    add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance
    add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance
    add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance
    add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance
    add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance
    add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance
    add address=200.196.0.0/16 comment=itau disabled=no list=nobalance
    add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance
    add address=200.220.0.0/16 comment=santander disabled=no list=nobalance
    add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance
    add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance
    add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=200.219.137.0/24 disabled=no list=nobalance
    add address=200.252.8.0/24 disabled=no list=nobalance
    add address=201.2.207.0/24 disabled=no list=nobalance
    add address=200.196.226.0/24 disabled=no list=nobalance
    add address=201.24.72.0/24 disabled=no list=nobalance
    add address=78.46.46.139 disabled=no list=nobalance
    add address=192.168.2.2 comment="IP Thunder Cache MH-AUTH" disabled=no list=\
    "IP Thunder"
    /ip firewall connection tracking

    set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
    /ip firewall filter
    add action=accept chain=forward comment="Aceita conex\F5es do Thunder" disabled=\
    no src-address=192.168.2.0/24

    /ip firewall mangle
    add action=mark-connection chain=postrouting comment="THUNDER CACHE FULL =========\
    ==============================================================================\
    ===============" content="X-Cache: HIT from Thunder" disabled=no \
    new-connection-mark=thunder-connection passthrough=yes protocol=tcp \
    src-address=192.168.2.2

    add action=mark-packet chain=postrouting connection-mark=thunder-connection \
    disabled=no new-packet-mark=thunder-packs passthrough=yes

    add action=mark-connection chain=postrouting comment="TOS 12======================\
    ==============================================================================\
    =================" disabled=no dscp=12 new-connection-mark=proxy-hits \
    passthrough=yes protocol=tcp src-address=192.168.2.2

    add action=mark-packet chain=postrouting connection-mark=proxy-hits disabled=no \
    new-packet-mark=proxy-squid passthrough=yes

    add action=mark-connection chain=prerouting comment="Controle P2P" disabled=no \
    new-connection-mark=P2P_Conn p2p=all-p2p passthrough=yes

    add action=mark-packet chain=prerouting connection-mark=P2P_Conn disabled=no \
    new-packet-mark=P2P_Packet passthrough=yes

    add action=return chain=forward connection-limit=1,32 disabled=no p2p=all-p2p \
    protocol=tcp

    add action=mark-routing chain=prerouting comment="Rota do Thunder MK-AUHT" \
    disabled=no new-routing-mark=thunder-route passthrough=yes port=80 protocol=\
    tcp src-address=17.106.81.0/24 src-address-list="!IP Thunder"
    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
    disabled=yes
    add action=masquerade chain=srcnat comment="Nat para internet" disabled=no
    add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled
    no src-address=17.106.81.0/24
    add action=accept chain=dstnat comment=\
    "\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" disabled=no \
    dst-address-list=nobalance dst-port=80 protocol=tcp

    add action=dst-nat chain=dstnat comment="Redirect Thunder" disabled=yes dst-port
    80 protocol=tcp src-address=17.106.81.0/24 to-addresses=192.168.2.2 to-ports
    3128


    add action=dst-nat chain=pre-hotspot comment=\
    "Redireciona Hotspot para o Proxy MK-AUTH" disabled=yes dst-port=80 hotspot=
    auth in-interface=2-Lan protocol=tcp src-address=!17.106.81.0/24 \
    to-addresses=192.168.2.2 to-ports=3128

    Mais sempre que eu habilito essa regra em negrito e navegação para.

    O que pode estar errado???

    Uso também um LoadBalance em uma outra RB 750 que manda pra essa RB/Controle, será que tem algo haver?

    PS: Esse Thunder uitiliza o lusca/squid.
    Última edição por BitPC; 13-03-2012 às 09:41.






Tópicos Similares

  1. Novato
    Por no fórum Servidores de Rede
    Respostas: 3
    Último Post: 17-10-2003, 22:08
  2. novato com o sendmail
    Por mcclaudio no fórum Servidores de Rede
    Respostas: 0
    Último Post: 15-10-2003, 13:26
  3. Novato se metendo a colocar servidor no ar!!!
    Por Scratsh no fórum Servidores de Rede
    Respostas: 1
    Último Post: 13-10-2003, 12:45
  4. Novato com Dúvida
    Por no fórum Servidores de Rede
    Respostas: 1
    Último Post: 23-03-2003, 18:06
  5. PHP - novato com problemas !
    Por no fórum Servidores de Rede
    Respostas: 1
    Último Post: 03-06-2002, 20:30

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L