Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Referente ao conectividade social e o proxy sao as mesmas regras vc deve apenas alterar a interface o nas regras referentes a interface sem hotspot vc nao deve colocar hotspot=auth

  2. Ok. ta funcionando mas ainda continuo com problemas com Orkut, msn e hotmail. Poderia me dar um help ?



  3. opa poste suas configurações de firewall, proxy e hotspot aqui pra poder analisar, pq se nao vai se apenas palpites

  4. / ip hotspot
    add name="hotspot1" interface=ether2 address-pool=hs-pool-2 profile=hsprof1 idle-timeout=5m keepalive-timeout=none \
    addresses-per-mac=2 disabled=no
    / ip hotspot service-port
    set ftp ports=21 disabled=no
    / ip hotspot profile
    set default name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
    smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
    add name="hsprof1" hotspot-address=192.168.200.1 dns-name="" html-directory=hotspot/lv rate-limit="" http-proxy=0.0.0.0:0 \
    smtp-server=0.0.0.0 login-by=http-pap split-user-domain=no use-radius=no


    / ip web-proxy
    set enabled=yes src-address=0.0.0.0 port=3128 hostname="" transparent-proxy=yes parent-proxy=0.0.0.0:0 \
    cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
    max-ram-cache-size=unlimited
    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
    / ip web-proxy cache
    add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no



    / ip firewall mangle
    add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1492 comment="" disabled=no
    add chain=forward out-interface=pppoe-out1 protocol=tcp dst-port=!5190 tcp-flags=syn action=change-mss new-mss=1360 \
    comment="" disabled=yes
    / ip firewall nat
    add chain=srcnat src-address=192.168.200.0/24 action=accept comment="Maquerade Para HotSpot Anastacio" disabled=no
    add chain=srcnat out-interface=pppoe-out1 src-address=192.168.85.0/24 action=accept comment="Maquerade Para Vila Bancaria" \
    disabled=no
    add chain=pre-hotspot in-interface=ether2 protocol=tcp dst-port=80 hotspot=auth action=redirect to-ports=3128 comment="" \
    disabled=yes
    add chain=dstnat protocol=tcp dst-port=1863 action=accept comment="" disabled=yes
    add chain=dstnat protocol=tcp dst-port=443 action=accept comment="" disabled=yes
    add chain=dstnat hotspot=from-client action=jump jump-target=hotspot comment="" disabled=no
    add chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872 comment="" disabled=no
    add chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872 comment="" disabled=no
    add chain=hotspot protocol=tcp dst-port=80 hotspot=local-dst action=redirect to-ports=64873 comment="" disabled=no
    add chain=hotspot protocol=tcp dst-port=443 hotspot=local-dst action=redirect to-ports=64875 comment="" disabled=no
    add chain=hotspot protocol=tcp hotspot=!auth action=jump jump-target=hs-unauth comment="" disabled=no
    add chain=hotspot protocol=tcp hotspot=auth action=jump jump-target=hs-auth comment="" disabled=no
    add chain=hs-unauth protocol=tcp dst-port=80 action=redirect to-ports=64874 comment="" disabled=no
    add chain=hs-unauth protocol=tcp dst-port=3128 action=redirect to-ports=64874 comment="" disabled=no
    add chain=hs-unauth protocol=tcp dst-port=8080 action=redirect to-ports=64874 comment="" disabled=no
    add chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875 comment="" disabled=no
    add chain=hs-unauth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
    add chain=hs-auth protocol=tcp hotspot=to-client action=redirect to-ports=64874 comment="" disabled=no
    add chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
    add chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp comment="" disabled=no
    add chain=dstnat in-interface=ether3 protocol=tcp dst-port=80 action=redirect to-ports=3128 comment="" disabled=no

    / ip firewall connection tracking
    set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
    tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
    udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no

    / ip firewall filter
    add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=3128 action=drop comment="" disabled=no
    add chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth comment="" disabled=no
    add chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to comment="" disabled=no
    add chain=input hotspot=from-client action=jump jump-target=hs-input comment="" disabled=no
    add chain=hs-input protocol=udp dst-port=64872 action=accept comment="" disabled=no
    add chain=hs-input protocol=tcp dst-port=64872-64875 action=accept comment="" disabled=no
    add chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth comment="" disabled=no
    add chain=hs-unauth protocol=icmp action=return comment="" disabled=no
    add chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset comment="" disabled=no
    add chain=hs-unauth action=reject reject-with=icmp-net-prohibited comment="" disabled=no
    add chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited comment="" disabled=no

    / ip firewall service-port
    set ftp ports=21 disabled=no
    set tftp ports=69 disabled=no
    set irc ports=6667 disabled=no
    set h323 disabled=yes
    set quake3 disabled=no
    set gre disabled=yes
    set pptp disabled=yes



  5. em webproxy bloquei sites com https vc colocou apenas http






Tópicos Similares

  1. Respostas: 0
    Último Post: 17-06-2010, 09:42
  2. Respostas: 0
    Último Post: 24-03-2009, 14:06
  3. Respostas: 1
    Último Post: 20-06-2007, 20:30
  4. Conectividade Social e Hotspot
    Por notgle no fórum Redes
    Respostas: 3
    Último Post: 21-06-2006, 18:24
  5. RecitaNet e Conectividade Social no firewall e Proxy
    Por master_foca no fórum Servidores de Rede
    Respostas: 6
    Último Post: 08-04-2005, 12:36

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L