Página 3 de 3 PrimeiroPrimeiro 123
+ Responder ao Tópico



  1. Preciso muito da ajuda de vocês, amigos, tenho um mk 5.18 x86. Os downloads dos clientes são interrompidos depois de 20mb baixados. Os menores baixam numa boa. Tenho um link de 10 mb e clientes em ppoe e hotspot no mesmo servidor no mesmo pool de ip. Aparentemente tudo numa boa. Já ouvi conselhos de alterar os time-out dos clientes os idle-time também. Tudo sem resultado. Alguém pode me dar uma dica?..... Detalhe. Se eu reiniciar o servidor agora ele baixa os arquivos de 100mb 200mb normalmente. Só que depois de um tempo ele dá a zica... interrompe os downloads depois de 20mb. Não tenho regras mirabolantes. vou postar minhas regras do firewall
    /ip firewall layer7-protocol
    add comment="Marca Radios" name=Radios regexp="asx|radio|asx|app.radio|applicati\
    on/mplayer2|application|mplayer2|video/x-ms-asf-plugin|asx|swf|x-ms-asf-plug\
    in|http://aovivo.ne10.uol.com.br/radioj...radio=cbn|wmx\
    |shoutcast"
    add name="Marca Videos" regexp=player
    add name=Tv-online regexp=flv|.f4v|.f4p|.f4a|.f4b||video|x-flv|video|mp4
    add name=JCCBN regexp=jc
    add name=Medidor regexp=speed
    add name=Youtube regexp="^.+(c.youtube.com).*\$"
    add name=100bao regexp="^\01\01\05\
    \n"
    /ip firewall address-list
    add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no \
    list=nobalance
    add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance
    add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance
    add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance
    add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance
    add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance
    add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance
    add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance
    add address=200.196.0.0/16 comment=itau disabled=no list=nobalance
    add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance
    add address=200.220.0.0/16 comment=santander disabled=no list=nobalance
    add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance
    add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance
    add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=200.219.137.0/24 disabled=no list=nobalance
    add address=200.252.8.0/24 disabled=no list=nobalance
    add address=201.2.207.0/24 disabled=no list=nobalance
    add address=200.196.226.0/24 disabled=no list=nobalance
    add address=201.24.72.0/24 disabled=no list=nobalance
    add address=78.46.46.139 disabled=no list=nobalance
    add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
    list=nobalance
    add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no \
    list=nobalance
    add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance
    add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance
    add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance
    add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance
    add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance
    add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance
    add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance
    add address=200.196.0.0/16 comment=itau disabled=no list=nobalance
    add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance
    add address=200.220.0.0/16 comment=santander disabled=no list=nobalance
    add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance
    add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance
    add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=74.125.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance
    add address=200.219.137.0/24 disabled=no list=nobalance
    add address=200.252.8.0/24 disabled=no list=nobalance
    add address=201.2.207.0/24 disabled=no list=nobalance
    add address=200.196.226.0/24 disabled=no list=nobalance
    add address=201.24.72.0/24 disabled=no list=nobalance
    add address=78.46.46.139 disabled=no list=nobalance
    add address=200.147.22.115 disabled=no list=nobalance
    add address=200.147.36.16 disabled=no list=nobalance
    add address=200.147.100.28 disabled=no list=nobalance
    add address=208.117.224.0/24 disabled=no list=Youtube
    add address=208.117.225.0/24 disabled=no list=Youtube
    add address=208.117.228.0/24 disabled=no list=Youtube
    add address=208.117.229.0/24 disabled=no list=Youtube
    add address=208.117.232.0/24 disabled=no list=Youtube
    add address=208.117.233.0/24 disabled=no list=Youtube
    add address=208.117.234.0/24 disabled=no list=Youtube
    add address=208.117.238.0/24 disabled=no list=Youtube
    add address=208.65.152.0/24 disabled=no list=Youtube
    add address=208.65.153.0/24 disabled=no list=Youtube
    add address=208.65.154.0/24 disabled=no list=Youtube
    add address=64.15.112.0/20 disabled=no list=Youtube
    add address=208.117.236.0/24 disabled=no list=Youtube
    add address=74.125.96.0/19 disabled=no list=Youtube
    add address=72.14.221.0/24 disabled=no list=Youtube
    add address=84.53.128.0/18 comment=Redtube disabled=no list=Youtube
    add address=87.248.192.0/19 comment=Youporn disabled=no list=Youtube
    add address=216.155.128.0/19 comment=Redtube disabled=no list=Youtube
    add address=208.73.208.0/21 comment=Redtube disabled=no list=Youtube
    add address=66.55.140.0/23 comment=Redtube disabled=no list=Youtube
    add address=74.125.208.0/24 disabled=no list=Youtube
    add address=189.28.144.12 disabled=no list=medidor
    add address=198.173.106.104 disabled=no list=medidor
    add address=200.233.43.14 disabled=no list=medidor
    add address=67.15.120.26 disabled=no list=medidor
    add address=200.233.47.4 disabled=no list=medidor
    add address=200.216.69.232 disabled=no list=medidor
    add address=72.232.17.106 disabled=no list=medidor
    add address=208.48.246.14 disabled=no list=medidor
    add address=201.7.176.59 disabled=no list=medidor
    add address=200.203.134.5 disabled=no list=medidor
    add address=208.109.101.166 disabled=no list=medidor
    add address=200.181.108.29 disabled=no list=medidor
    add address=75.126.168.3 disabled=no list=medidor
    add address=200.229.0.164 disabled=no list=medidor
    add address=200.185.109.83 disabled=no list=medidor
    add address=204.16.1.252 disabled=no list=medidor
    add address=189.44.84.20 disabled=no list=medidor
    add address=200.159.128.189 disabled=no list=medidor
    add address=200.195.0.0/24 disabled=no list=speed
    add address=200.98.131.15 comment="MINHA CONEXAO" disabled=no list=medidor
    add address=186.202.179.180 disabled=no list=nobalance
    add address=200.221.0.0/16 disabled=no list=nobalance
    add address=200.221.0.0/24 disabled=no list=nobalance
    add address=200.147.0.0/24 comment=JCCBN disabled=no list=nobalance
    add address=74.209.160.12 comment=http://www.speedtest.net/ disabled=no list=\
    medidor
    /ip firewall connection tracking
    set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
    /ip firewall filter
    add action=drop chain=forward comment="bloquear p2p" disabled=no p2p=all-p2p
    add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=yes \
    dst-port=8080 protocol=tcp
    add action=accept chain=input comment="ACEITAR RADIOS" disabled=no \
    layer7-protocol=Radios
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
    add action=accept chain=input comment="Melhorias No MSN" disabled=no dst-port=\
    1863 protocol=tcp
    add action=accept chain=input disabled=no protocol=tcp src-port=1863
    add action=accept chain=input disabled=no dst-port=443 protocol=tcp
    add action=accept chain=forward disabled=no dst-port=443 protocol=tcp

    Espero uma ajuda.
    Desde já obrigado

  2. aqui estão o restante das Regras
    /ip firewall mangle
    add action=mark-connection chain=output comment="2-PROXY FULL" disabled=no \
    dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp src-port=\
    8080
    add action=mark-packet chain=output connection-mark=proxyfull disabled=no \
    new-packet-mark=proxyfull passthrough=yes
    add action=return chain=output connection-mark=proxyfull disabled=no
    add action=mark-connection chain=output comment="2-PROXY FULL" disabled=yes \
    dscp=4 new-connection-mark=cache-hits passthrough=yes
    add action=mark-packet chain=output connection-mark=cache-hits disabled=yes \
    new-packet-mark=cache-hits passthrough=no
    add action=return chain=output connection-mark=cache-hits disabled=yes
    add action=mark-connection chain=prerouting comment="YOUTUBE - MARCAR PACOTES" \
    disabled=no layer7-protocol=Youtube new-connection-mark=YTB passthrough=yes
    add action=mark-packet chain=prerouting connection-mark=YTB disabled=no \
    new-packet-mark=youtube passthrough=no
    add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
    Youtube new-connection-mark=YTB passthrough=yes
    add action=mark-packet chain=postrouting connection-mark=YTB disabled=no \
    new-packet-mark=youtube passthrough=no
    add action=mark-connection chain=prerouting comment=SPC content=spc disabled=no \
    new-connection-mark=JCCBN passthrough=yes
    add action=mark-connection chain=postrouting content=spc disabled=no \
    new-connection-mark=JCCBN passthrough=yes
    add action=mark-packet chain=prerouting connection-mark=JCCBN content=spc \
    disabled=no new-packet-mark=JCPACK passthrough=no
    add action=mark-packet chain=postrouting connection-mark=JCCBN disabled=no \
    layer7-protocol=JCCBN new-packet-mark=JCPACK passthrough=no
    add action=mark-connection chain=prerouting comment=BLOGSPOT content=blog \
    disabled=no new-connection-mark=BLG passthrough=yes
    add action=mark-connection chain=postrouting content=blog disabled=no \
    new-connection-mark=BLG passthrough=yes
    add action=mark-packet chain=prerouting connection-mark=BLG disabled=no \
    new-packet-mark=BLGPACK passthrough=no
    add action=mark-packet chain=postrouting connection-mark=BLG disabled=no \
    new-packet-mark=BLGPACK passthrough=no
    add action=mark-packet chain=prerouting disabled=no new-packet-mark=gradpack \
    passthrough=yes protocol=tcp src-port=9000-10000
    add action=mark-packet chain=postrouting disabled=no dst-port=9000-10000 \
    new-packet-mark=gradpack passthrough=yes protocol=tcp src-port=9000-10000
    add action=mark-connection chain=prerouting connection-mark=grad disabled=no \
    new-connection-mark=gradpack passthrough=yes protocol=tcp src-port=\
    9000-10000
    add action=mark-connection chain=postrouting disabled=no dst-port=9000-10000 \
    new-connection-mark=grad passthrough=yes protocol=tcp src-port=9000-10000
    /ip firewall nat
    add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=\
    no dst-port=80 protocol=tcp to-ports=8080
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
    add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=\
    yes dscp=4 dst-port=80 protocol=tcp src-address=192.168.30.0/24 to-ports=\
    8080
    add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.30.0/24 to-addresses=0.0.0.0
    add action=accept chain=dstnat comment=\
    "\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" disabled=no \
    dst-address-list=nobalance
    add action=accept chain=dstnat comment=Radios disabled=yes layer7-protocol=\
    Radios
    add action=accept chain=dstnat comment=JC disabled=yes dst-address=\
    200.147.36.16 protocol=tcp
    add action=accept chain=dstnat comment=\
    "Com essas regras estabiliza o MSN,Hotmail,Gmail e outros" disabled=no \
    dst-address=207.46.0.0/16
    add action=accept chain=dstnat disabled=no dst-address=64.4.0.0/24
    add action=accept chain=dstnat disabled=no dst-address=65.54.0.0/24
    add action=accept chain=dstnat disabled=no dst-address=207.68.128.0/24
    add action=accept chain=dstnat disabled=no dst-address=64.4.0.0/24
    add action=accept chain=dstnat disabled=no dst-address=213.199.144.0/24
    add action=accept chain=dstnat disabled=no dst-address=65.52.0.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.208.0.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.249.150.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.167.67.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.179.42.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.249.84.24
    add action=accept chain=dstnat disabled=no dst-address=200.201.173.24
    add action=accept chain=dstnat disabled=no dst-address=200.201.174.24
    add action=accept chain=dstnat disabled=no dst-address=200.220.254.24
    add action=accept chain=dstnat disabled=no dst-address=200.217.233.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.172.181.0/24
    add action=accept chain=dstnat disabled=no dst-address=200.141.204.0/24
    add action=accept chain=dstnat comment=WinBox connection-limit=100,32 disabled=\
    no dst-port=8291 protocol=tcp time=0s-0s,sun,mon,tue,wed,thu,fri,sat
    add action=dst-nat chain=dstnat comment="acesso puty mk-auth" disabled=yes \
    dst-port=75 protocol=tcp to-addresses=172.31.255.2 to-ports=22
    add action=accept chain=dstnat comment="Radio Uol" disabled=no dst-address=\
    200.221.8.24 protocol=tcp
    add action=accept chain=dstnat comment=CEF disabled=no dst-address=200.201.0.16
    add action=accept chain=dstnat disabled=no src-address=200.155.0.16
    add action=accept chain=dstnat disabled=no dst-address=200.141.204.24
    add action=dst-nat chain=dstnat disabled=no dst-port=82 protocol=tcp \
    to-addresses=172.31.255.2 to-ports=10000
    add action=dst-nat chain=dstnat disabled=no dst-port=86 protocol=tcp \
    to-addresses=172.31.255.2 to-ports=80
    add action=accept chain=dstnat disabled=no dst-address=200.221.0.16 protocol=\
    tcp
    /ip firewall service-port
    set ftp disabled=no ports=21
    set tftp disabled=no ports=69
    set irc disabled=no ports=6667
    set h323 disabled=no
    set sip disabled=no ports=5060,5061 sip-direct-media=yes
    set pptp disabled=no



  3. essa regras evitam o cache do youtube? e de outros videos?






Tópicos Similares

  1. Respostas: 11
    Último Post: 05-11-2012, 12:22
  2. como configurar BIND para se comportar como um roteador?
    Por pcfaria no fórum Sistemas Operacionais
    Respostas: 5
    Último Post: 02-05-2011, 20:28
  3. Como Configurar KOZUMIS para rotear?
    Por lucinho no fórum Redes
    Respostas: 2
    Último Post: 24-06-2010, 17:16
  4. como configurar WEP no mikrotik
    Por unidasnet no fórum Redes
    Respostas: 7
    Último Post: 17-12-2008, 01:59
  5. como configurar webproxy em servidor separado no MK
    Por FoxTelecomunicacoes no fórum Redes
    Respostas: 8
    Último Post: 31-03-2008, 09:11

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L