cara, como tá as tuas regras de firewall filter? queue tree? mangle? nat?
abraços,
Versão Imprimível
cara, como tá as tuas regras de firewall filter? queue tree? mangle? nat?
abraços,
Amigo,
Você usa um programa administrativo da Webmikrotik, pois se usas ai esta o seu problema. Houve no final do mês passado e inicio deste mês um erro com scripts deles, de monitoramento das conexões, que estava deixando muita gente sem saber o por que sua RB estava com processamento acima dos 90% e pico de quatro em quatro minutos a 100% e travando a rede.
Se caso você use, é simples de resolver vá ao script e desabilitar a conexão deles. Ok
Boa sorte.
Então amigo
Código :
add address=10.2.4.100 comment=aviso112 disabled=no list=pgaviso add address=10.2.4.167 comment=aviso236 disabled=no list=pgaviso add address=10.2.5.31 comment=aviso477 disabled=no list=pgaviso add address=10.2.4.56 comment=351 disabled=no list=pgcorte add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no list=nobalance add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no list=nobalance add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance add address=200.196.0.0/16 comment=itau disabled=no list=nobalance add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance add address=200.220.0.0/16 comment=santander disabled=no list=nobalance add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance add address=200.219.137.0/24 comment="" disabled=no list=nobalance add address=200.252.8.0/24 comment="" disabled=no list=nobalance add address=201.2.207.0/24 comment="" disabled=no list=nobalance add address=200.196.226.0/24 comment="" disabled=no list=nobalance add address=201.24.72.0/24 comment="" disabled=no list=nobalance add address=78.46.46.139 comment="" disabled=no list=nobalance /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \ tcp-established-timeout=5m tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \ tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s /ip firewall filter add action=drop chain=input comment="Drop pacote proxy- externo" disabled=no dst-port=5128 in-interface=ether13_LINK \ protocol=tcp add action=drop chain=forward comment="BLOQUEIO DO P2P" disabled=no p2p=all-p2p add action=drop chain=forward comment="drop acima de 35 conex\F5es" connection-limit=30,32 disabled=no limit=1,5 \ protocol=tcp add action=accept chain=forward comment="Aceita thunder" disabled=no src-address=192.150.10.2 add action=accept chain=forward comment=";;; permite estabelecer conex es" connection-state=established disabled=no add action=accept chain=forward comment=";;; permitir conex es relacionadas" connection-state=related disabled=no add action=drop chain=forward comment=";;; Bloqueia conex es inv lidas" connection-state=invalid disabled=no add action=drop chain=virus comment=";;; Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp add action=drop chain=virus comment=";;; Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp add action=drop chain=virus comment=";;; Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp add action=drop chain=virus comment=";;; Drop Blaster Worm" disabled=no dst-port=445 protocol=udp add action=drop chain=virus comment=";;; ________" disabled=no dst-port=593 protocol=tcp add action=drop chain=virus comment=";;; ________" disabled=no dst-port=1024-1030 protocol=tcp add action=drop chain=virus comment=";;; Drop MyDoom" disabled=no dst-port=1080 protocol=tcp add action=drop chain=virus comment=";;; ________" disabled=no dst-port=1214 protocol=tcp add action=drop chain=virus comment=";;; ndm requester" disabled=no dst-port=1363 protocol=tcp add action=drop chain=virus comment=" ;;; ndm server" disabled=no dst-port=1364 protocol=tcp add action=drop chain=virus comment=";;; screen cast" disabled=no dst-port=1368 protocol=tcp add action=drop chain=virus comment=";;; hromgrafx" disabled=no dst-port=1373 protocol=tcp add action=drop chain=virus comment=";;; cichlid" disabled=no dst-port=1377 protocol=tcp add action=drop chain=virus comment=";;; Worm" disabled=no dst-port=1433-1434 protocol=tcp add action=drop chain=virus comment=";;; Bagle Virus" disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus comment=";;; Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp add action=drop chain=virus comment=";;; Drop Beagle" disabled=no dst-port=2535 protocol=tcp add action=drop chain=virus comment=";;; Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus comment=";;; Drop MyDoom" disabled=no dst-port=3127-3128 protocol=tcp add action=drop chain=virus comment=";;; Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp add action=drop chain=virus comment=";;; Worm" disabled=no dst-port=4444 protocol=tcp add action=drop chain=virus comment=";;; Worm" disabled=no dst-port=4444 protocol=udp add action=drop chain=virus comment=";;; Drop Sasser" disabled=no dst-port=5554 protocol=tcp add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp add action=drop chain=virus comment=";;; Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp add action=drop chain=virus comment=";;; Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp add action=drop chain=virus comment=";;; Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp add action=drop chain=virus comment=";;; Drop NetBus" disabled=no dst-port=12345 protocol=tcp add action=drop chain=virus comment=";;; Drop Kuang2" disabled=no dst-port=17300 protocol=tcp add action=drop chain=virus comment=";;; Drop SubSeven" disabled=no dst-port=27374 protocol=tcp add action=drop chain=virus comment=";;; Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp add action=jump chain=forward comment=";;; jump to the virus chain" disabled=no jump-target=virus add action=accept chain=input comment="aceitando 50 pings a cada 5 segundos" disabled=no limit=50/5s,2 protocol=icmp add action=drop chain=input comment="bloqueando o excesso" disabled=no protocol=icmp add action=accept chain=forward comment=";;; Allow HTTP" disabled=no dst-port=80 protocol=tcp add action=accept chain=forward comment=";;; Allow SMTP" disabled=no dst-port=25 protocol=tcp add action=accept chain=forward comment=";;; allow TCP" disabled=no protocol=tcp add action=accept chain=forward comment=";;; allow ping" disabled=no protocol=icmp add action=accept chain=forward comment=";;; allow udp" disabled=no protocol=udp add action=drop chain=forward comment=";;; drop everything else" disabled=no /ip firewall mangle add action=mark-connection chain=prerouting comment="CONTROLE DO P2P" disabled=no new-connection-mark=conn-p2p p2p=\ all-p2p passthrough=yes add action=mark-packet chain=prerouting comment="CONTROLE P2P" connection-mark=conn-p2p disabled=no new-packet-mark=\ pacotes-p2p passthrough=yes add action=mark-connection chain=postrouting comment="THUNDER CACHE FULL ============================================\ ==========================================================" content="X-Cache: HIT from Thunder" disabled=no \ new-connection-mark=thunder-connection passthrough=yes protocol=tcp src-address=192.150.10.0/24 add action=mark-packet chain=postrouting comment="" connection-mark=thunder-connection disabled=no new-packet-mark=\ thunder-packs passthrough=yes add action=mark-connection chain=postrouting comment="TOS 12=========================================================\ ============================================================" disabled=no dscp=12 new-connection-mark=proxy-hits \ passthrough=yes protocol=tcp src-address=192.150.10.0/24 add action=mark-packet chain=postrouting comment="" connection-mark=proxy-hits disabled=no new-packet-mark=\ proxy-squid passthrough=yes /ip firewall nat add action=dst-nat chain=dstnat comment="bloqueio mk-auth" disabled=no dst-port=0-65500 protocol=tcp \ src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85 add action=dst-nat chain=dstnat comment="redir mk-auth" disabled=no dst-address=295.198.139.38 dst-port=80 protocol=\ tcp to-addresses=172.31.255.2 to-ports=0-65535 add action=netmap chain=srcnat comment="ip publico" disabled=no dst-port=80 protocol=tcp src-address=172.31.255.2 \ to-addresses=295.198.139.38 to-ports=0-65535 add action=accept chain=dstnat comment="\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" disabled=no \ dst-address-list=nobalance dst-port=80 protocol=tcp add action=dst-nat chain=dstnat comment="\"\"\"\"\"\"REDIRECIONAMENTO PARA O SERVIDOR\"\"\"\"\"\"\"" disabled=no \ dst-port=85 protocol=tcp to-addresses=192.150.10.2 to-ports=8291 add action=dst-nat chain=dstnat comment="Redirect Thunder" disabled=no dst-address=!192.150.10.2 dst-port=80 \ protocol=tcp src-address=10.2.0.1-10.2.5.254 to-addresses=192.150.10.2 to-ports=5128 add action=masquerade chain=srcnat comment=NAT disabled=no out-interface=ether13_LINK /ip firewall service-port set ftp disabled=no ports=21 set tftp disabled=no ports=69 set irc disabled=no ports=6667 set h323 disabled=no set sip disabled=no ports=5060,5061 set pptp disabled=no
Estou com o mesmo problema aqui numa RB750G. Descobri que é o cache de DNS que tá causando meus travamentos. Consegui amenizar, mas a noite, principalmente, trava a navegação, sendo que MSN não trava. Ainda não consegui resolver por completo.