Re: Como Configurar webproxy para mikrotik 5.20 ???
Preciso muito da ajuda de vocês, amigos, tenho um mk 5.18 x86. Os downloads dos clientes são interrompidos depois de 20mb baixados. Os menores baixam numa boa. Tenho um link de 10 mb e clientes em ppoe e hotspot no mesmo servidor no mesmo pool de ip. Aparentemente tudo numa boa. Já ouvi conselhos de alterar os time-out dos clientes os idle-time também. Tudo sem resultado. Alguém pode me dar uma dica?..... Detalhe. Se eu reiniciar o servidor agora ele baixa os arquivos de 100mb 200mb normalmente. Só que depois de um tempo ele dá a zica... interrompe os downloads depois de 20mb. Não tenho regras mirabolantes. vou postar minhas regras do firewall
/ip firewall layer7-protocol
add comment="Marca Radios" name=Radios regexp="asx|radio|asx|app.radio|applicati\
on/mplayer2|application|mplayer2|video/x-ms-asf-plugin|asx|swf|x-ms-asf-plug\
in|http://aovivo.ne10.uol.com.br/radioj...radio=cbn|wmx\
|shoutcast"
add name="Marca Videos" regexp=player
add name=Tv-online regexp=flv|.f4v|.f4p|.f4a|.f4b||video|x-flv|video|mp4
add name=JCCBN regexp=jc
add name=Medidor regexp=speed
add name=Youtube regexp="^.+(c.youtube.com).*\$"
add name=100bao regexp="^\01\01\05\
\n"
/ip firewall address-list
add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no \
list=nobalance
add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance
add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance
add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance
add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance
add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance
add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance
add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance
add address=200.196.0.0/16 comment=itau disabled=no list=nobalance
add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance
add address=200.220.0.0/16 comment=santander disabled=no list=nobalance
add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance
add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance
add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=200.219.137.0/24 disabled=no list=nobalance
add address=200.252.8.0/24 disabled=no list=nobalance
add address=201.2.207.0/24 disabled=no list=nobalance
add address=200.196.226.0/24 disabled=no list=nobalance
add address=201.24.72.0/24 disabled=no list=nobalance
add address=78.46.46.139 disabled=no list=nobalance
add address=69.147.95.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=209.191.106.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=74.6.228.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=98.136.131.0/24 comment="\"\"\"\"YAHOO MAIL\"\"\"\"" disabled=no \
list=nobalance
add address=200.143.37.0/24 comment="\"\"\"\"WEBMOTORS\"\"\"\"" disabled=no \
list=nobalance
add address=65.54.0.0/16 comment=MSN1 disabled=no list=nobalance
add address=207.46.0.0/16 comment=MSN2 disabled=no list=nobalance
add address=64.4.0.0/16 comment=MSN3 disabled=no list=nobalance
add address=200.143.0.0/16 comment=Pagdigital disabled=no list=nobalance
add address=201.88.0.0/16 comment=f2b disabled=no list=nobalance
add address=200.201.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=170.66.0.0/16 comment="bb do brasil" disabled=no list=nobalance
add address=200.155.0.0/16 comment=bradesco disabled=no list=nobalance
add address=200.196.0.0/16 comment=itau disabled=no list=nobalance
add address=200.208.0.0/16 comment=sudameris disabled=no list=nobalance
add address=200.220.0.0/16 comment=santander disabled=no list=nobalance
add address=201.63.0.0/16 comment="wwws bradesco" disabled=no list=nobalance
add address=65.55.0.0/16 comment=MSN4 disabled=no list=nobalance
add address=74.52.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=74.125.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=174.133.0.0/16 comment="caixa economica" disabled=no list=nobalance
add address=200.219.137.0/24 disabled=no list=nobalance
add address=200.252.8.0/24 disabled=no list=nobalance
add address=201.2.207.0/24 disabled=no list=nobalance
add address=200.196.226.0/24 disabled=no list=nobalance
add address=201.24.72.0/24 disabled=no list=nobalance
add address=78.46.46.139 disabled=no list=nobalance
add address=200.147.22.115 disabled=no list=nobalance
add address=200.147.36.16 disabled=no list=nobalance
add address=200.147.100.28 disabled=no list=nobalance
add address=208.117.224.0/24 disabled=no list=Youtube
add address=208.117.225.0/24 disabled=no list=Youtube
add address=208.117.228.0/24 disabled=no list=Youtube
add address=208.117.229.0/24 disabled=no list=Youtube
add address=208.117.232.0/24 disabled=no list=Youtube
add address=208.117.233.0/24 disabled=no list=Youtube
add address=208.117.234.0/24 disabled=no list=Youtube
add address=208.117.238.0/24 disabled=no list=Youtube
add address=208.65.152.0/24 disabled=no list=Youtube
add address=208.65.153.0/24 disabled=no list=Youtube
add address=208.65.154.0/24 disabled=no list=Youtube
add address=64.15.112.0/20 disabled=no list=Youtube
add address=208.117.236.0/24 disabled=no list=Youtube
add address=74.125.96.0/19 disabled=no list=Youtube
add address=72.14.221.0/24 disabled=no list=Youtube
add address=84.53.128.0/18 comment=Redtube disabled=no list=Youtube
add address=87.248.192.0/19 comment=Youporn disabled=no list=Youtube
add address=216.155.128.0/19 comment=Redtube disabled=no list=Youtube
add address=208.73.208.0/21 comment=Redtube disabled=no list=Youtube
add address=66.55.140.0/23 comment=Redtube disabled=no list=Youtube
add address=74.125.208.0/24 disabled=no list=Youtube
add address=189.28.144.12 disabled=no list=medidor
add address=198.173.106.104 disabled=no list=medidor
add address=200.233.43.14 disabled=no list=medidor
add address=67.15.120.26 disabled=no list=medidor
add address=200.233.47.4 disabled=no list=medidor
add address=200.216.69.232 disabled=no list=medidor
add address=72.232.17.106 disabled=no list=medidor
add address=208.48.246.14 disabled=no list=medidor
add address=201.7.176.59 disabled=no list=medidor
add address=200.203.134.5 disabled=no list=medidor
add address=208.109.101.166 disabled=no list=medidor
add address=200.181.108.29 disabled=no list=medidor
add address=75.126.168.3 disabled=no list=medidor
add address=200.229.0.164 disabled=no list=medidor
add address=200.185.109.83 disabled=no list=medidor
add address=204.16.1.252 disabled=no list=medidor
add address=189.44.84.20 disabled=no list=medidor
add address=200.159.128.189 disabled=no list=medidor
add address=200.195.0.0/24 disabled=no list=speed
add address=200.98.131.15 comment="MINHA CONEXAO" disabled=no list=medidor
add address=186.202.179.180 disabled=no list=nobalance
add address=200.221.0.0/16 disabled=no list=nobalance
add address=200.221.0.0/24 disabled=no list=nobalance
add address=200.147.0.0/24 comment=JCCBN disabled=no list=nobalance
add address=74.209.160.12 comment=http://www.speedtest.net/ disabled=no list=\
medidor
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment="bloquear p2p" disabled=no p2p=all-p2p
add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=yes \
dst-port=8080 protocol=tcp
add action=accept chain=input comment="ACEITAR RADIOS" disabled=no \
layer7-protocol=Radios
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=accept chain=input comment="Melhorias No MSN" disabled=no dst-port=\
1863 protocol=tcp
add action=accept chain=input disabled=no protocol=tcp src-port=1863
add action=accept chain=input disabled=no dst-port=443 protocol=tcp
add action=accept chain=forward disabled=no dst-port=443 protocol=tcp
Espero uma ajuda.
Desde já obrigado
Re: Como Configurar webproxy para mikrotik 5.20 ???
aqui estão o restante das Regras
/ip firewall mangle
add action=mark-connection chain=output comment="2-PROXY FULL" disabled=no \
dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp src-port=\
8080
add action=mark-packet chain=output connection-mark=proxyfull disabled=no \
new-packet-mark=proxyfull passthrough=yes
add action=return chain=output connection-mark=proxyfull disabled=no
add action=mark-connection chain=output comment="2-PROXY FULL" disabled=yes \
dscp=4 new-connection-mark=cache-hits passthrough=yes
add action=mark-packet chain=output connection-mark=cache-hits disabled=yes \
new-packet-mark=cache-hits passthrough=no
add action=return chain=output connection-mark=cache-hits disabled=yes
add action=mark-connection chain=prerouting comment="YOUTUBE - MARCAR PACOTES" \
disabled=no layer7-protocol=Youtube new-connection-mark=YTB passthrough=yes
add action=mark-packet chain=prerouting connection-mark=YTB disabled=no \
new-packet-mark=youtube passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
Youtube new-connection-mark=YTB passthrough=yes
add action=mark-packet chain=postrouting connection-mark=YTB disabled=no \
new-packet-mark=youtube passthrough=no
add action=mark-connection chain=prerouting comment=SPC content=spc disabled=no \
new-connection-mark=JCCBN passthrough=yes
add action=mark-connection chain=postrouting content=spc disabled=no \
new-connection-mark=JCCBN passthrough=yes
add action=mark-packet chain=prerouting connection-mark=JCCBN content=spc \
disabled=no new-packet-mark=JCPACK passthrough=no
add action=mark-packet chain=postrouting connection-mark=JCCBN disabled=no \
layer7-protocol=JCCBN new-packet-mark=JCPACK passthrough=no
add action=mark-connection chain=prerouting comment=BLOGSPOT content=blog \
disabled=no new-connection-mark=BLG passthrough=yes
add action=mark-connection chain=postrouting content=blog disabled=no \
new-connection-mark=BLG passthrough=yes
add action=mark-packet chain=prerouting connection-mark=BLG disabled=no \
new-packet-mark=BLGPACK passthrough=no
add action=mark-packet chain=postrouting connection-mark=BLG disabled=no \
new-packet-mark=BLGPACK passthrough=no
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gradpack \
passthrough=yes protocol=tcp src-port=9000-10000
add action=mark-packet chain=postrouting disabled=no dst-port=9000-10000 \
new-packet-mark=gradpack passthrough=yes protocol=tcp src-port=9000-10000
add action=mark-connection chain=prerouting connection-mark=grad disabled=no \
new-connection-mark=gradpack passthrough=yes protocol=tcp src-port=\
9000-10000
add action=mark-connection chain=postrouting disabled=no dst-port=9000-10000 \
new-connection-mark=grad passthrough=yes protocol=tcp src-port=9000-10000
/ip firewall nat
add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=\
no dst-port=80 protocol=tcp to-ports=8080
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=redirect chain=dstnat comment="Redirecionamento do Proxy" disabled=\
yes dscp=4 dst-port=80 protocol=tcp src-address=192.168.30.0/24 to-ports=\
8080
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.30.0/24 to-addresses=0.0.0.0
add action=accept chain=dstnat comment=\
"\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" disabled=no \
dst-address-list=nobalance
add action=accept chain=dstnat comment=Radios disabled=yes layer7-protocol=\
Radios
add action=accept chain=dstnat comment=JC disabled=yes dst-address=\
200.147.36.16 protocol=tcp
add action=accept chain=dstnat comment=\
"Com essas regras estabiliza o MSN,Hotmail,Gmail e outros" disabled=no \
dst-address=207.46.0.0/16
add action=accept chain=dstnat disabled=no dst-address=64.4.0.0/24
add action=accept chain=dstnat disabled=no dst-address=65.54.0.0/24
add action=accept chain=dstnat disabled=no dst-address=207.68.128.0/24
add action=accept chain=dstnat disabled=no dst-address=64.4.0.0/24
add action=accept chain=dstnat disabled=no dst-address=213.199.144.0/24
add action=accept chain=dstnat disabled=no dst-address=65.52.0.0/24
add action=accept chain=dstnat disabled=no dst-address=200.208.0.0/24
add action=accept chain=dstnat disabled=no dst-address=200.249.150.0/24
add action=accept chain=dstnat disabled=no dst-address=200.167.67.0/24
add action=accept chain=dstnat disabled=no dst-address=200.179.42.0/24
add action=accept chain=dstnat disabled=no dst-address=200.249.84.24
add action=accept chain=dstnat disabled=no dst-address=200.201.173.24
add action=accept chain=dstnat disabled=no dst-address=200.201.174.24
add action=accept chain=dstnat disabled=no dst-address=200.220.254.24
add action=accept chain=dstnat disabled=no dst-address=200.217.233.0/24
add action=accept chain=dstnat disabled=no dst-address=200.172.181.0/24
add action=accept chain=dstnat disabled=no dst-address=200.141.204.0/24
add action=accept chain=dstnat comment=WinBox connection-limit=100,32 disabled=\
no dst-port=8291 protocol=tcp time=0s-0s,sun,mon,tue,wed,thu,fri,sat
add action=dst-nat chain=dstnat comment="acesso puty mk-auth" disabled=yes \
dst-port=75 protocol=tcp to-addresses=172.31.255.2 to-ports=22
add action=accept chain=dstnat comment="Radio Uol" disabled=no dst-address=\
200.221.8.24 protocol=tcp
add action=accept chain=dstnat comment=CEF disabled=no dst-address=200.201.0.16
add action=accept chain=dstnat disabled=no src-address=200.155.0.16
add action=accept chain=dstnat disabled=no dst-address=200.141.204.24
add action=dst-nat chain=dstnat disabled=no dst-port=82 protocol=tcp \
to-addresses=172.31.255.2 to-ports=10000
add action=dst-nat chain=dstnat disabled=no dst-port=86 protocol=tcp \
to-addresses=172.31.255.2 to-ports=80
add action=accept chain=dstnat disabled=no dst-address=200.221.0.16 protocol=\
tcp
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
Re: Como Configurar webproxy para mikrotik 5.20 ???
essa regras evitam o cache do youtube? e de outros videos?