+ Responder ao Tópico



  1. #1

    Padrão proxy-full a 4 meses tentando nao funciona

    olá amigos o que estou fazendo de arrado ou deichando de fazer pro cash-full funcionar ??
    eu uso o modem em bridge com o mk discando PPoE.
    usando hotspot e controle de banda pelo hotspot user profile ..

    essas são as minha configurações ..


    [admin@MikroTik] > export
    #by RouterOS 2.9.27


    / ip pool
    add name="pool_Clientes" ranges=192.168.1.10-192.168.1.254


    / ip dns
    set primary-dns=200.204.0.10 secondary-dns=200.204.0.138 \
    allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w


    / ip address
    add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
    interface=Cliente comment="" disabled=no


    / ip proxy
    set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 \
    maximal-server-connectons=1000


    / ip firewall mangle
    add chain=forward in-interface=Link connection-mark=test-conn \
    action=mark-packet new-packet-mark=test-down passthrough=no \
    comment="DOWN-DIRECT \\CONNECTION" disabled=no

    add chain=output protocol=tcp src-port=3128 content=X-Cache:HIT \
    action=mark-connection new-connection-mark=squid-connection-HIT \
    passthrough=yes comment="Cache-squid" disabled=no

    add chain=output connection-mark=squid-connection-HIT action=mark-packet \
    new-packet-mark=squid-packet-HIT passthrough=no comment="" disabled=no

    add chain=forward src-address=192.168.1.0/24 action=mark-connection \
    new-connection-mark=test-conn passthrough=yes comment="CONN-MARK" \
    disabled=no

    add chain=output out-interface=Cliente dst-address=192.168.1.0/24 \
    action=mark-packet new-packet-mark=test-down passthrough=no \
    comment="DOWN-VIA PROXY" disabled=no

    add chain=prerouting in-interface=Cliente src-address=192.168.1.0/24 \
    action=mark-packet new-packet-mark=test-up passthrough=no comment="UP \
    TRAFFIC" disabled=no

    add chain=prerouting p2p=warez action=mark-connection \
    new-connection-mark=p2p-warez passthrough=yes \
    comment="Marca_p2p_warez_Para_Bloqueio" disabled=no

    add chain=prerouting connection-mark=p2p-warez action=mark-packet \
    new-packet-mark=pkt-warez passthrough=yes comment="" disabled=no

    add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=conexao-P2P passthrough=yes comment="ALL-p2p" \
    disabled=no

    add chain=prerouting connection-mark=conexao-P2P action=mark-connection \
    new-connection-mark=Pacotes-P2P passthrough=yes comment="" disabled=no



    / ip firewall nat
    add chain=srcnat src-address=192.168.1.0/24 action=masquerade \
    comment="masquerade hotspot network" disabled=no

    add chain=dstnat in-interface=Cliente protocol=tcp dst-port=80 action=redirect \
    to-ports=3128 comment="PROXY FULL" disabled=no



    / ip firewall filter
    add chain=input in-interface=Link protocol=tcp dst-port=3128 action=drop \
    comment="BLOQUEIO DO PROXY EXTERNO" disabled=no



    add chain=forward packet-mark=pkt-warez action=drop comment="Bloqueia Warez" \
    disabled=no



    / ip hotspot
    add name="hotspot1" interface=Cliente address-pool=pool_Clientes \
    profile=default idle-timeout=5m keepalive-timeout=none addresses-per-mac=1 \
    disabled=no



    / ip hotspot user
    add name="?????" password="???????" profile=default comment="AP-1" \
    disabled=no

    add server=hotspot1 name="????" password="?????" address=192.168.1.8 \
    mac-address=??:??:??:??:??:?? profile=64k/300k comment="" disabled=no


    / ip hotspot user profile
    set default name="default" idle-timeout=2h keepalive-timeout=1h \
    status-autorefresh=2m shared-users=1 transparent-proxy=yes \
    open-status-page=always advertise=no

    add name="128k/250k" address-pool=pool_Clientes idle-timeout=none \
    keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
    rate-limit="128k/250k" transparent-proxy=yes open-status-page=always \
    advertise=no
    add name="128k/256/" address-pool=pool_Clientes idle-timeout=none \
    keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
    rate-limit="128k/256k" transparent-proxy=yes open-status-page=always \
    advertise=no

    / ip web-proxy
    set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
    transparent-proxy=yes parent-proxy=0.0.0.0:0 \
    cache-administrator="webmastaer" max-object-size=7000KiB \
    cache-drive=system max-cache-size=15000000KiB max-ram-cache-size=128000KiB

    / ip web-proxy access
    add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
    disabled=no

    / ip web-proxy cache
    add url=":cgi-bin \\?" action=deny comment="no cache dynamic http pages" \
    disabled=no
    add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
    disabled=no
    add url="https://" action=deny comment="no cache dynamic https pages" \
    disabled=no


    / queue tree
    add name="P2P-IN" parent=global-in packet-mark=Pacotes_P2P limit-at=64000 \
    queue=default priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    add name="P2P-OUT" parent=global-in packet-mark=Pacotes_P2P limit-at=32000 \
    queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    add name="downstream" parent=Cliente packet-mark=test-down limit-at=9000000 \
    queue=default priority=1 max-limit=9000000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=yes

    add name="upstream" parent=global-in packet-mark=test-up limit-at=1024000 \
    queue=default priority=1 max-limit=1024000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=yes

    add name="Cache-full" parent=global-in packet-mark=squid-packet-HIT \
    limit-at=2000000 queue=default priority=8 max-limit=2000000 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no

    add name="WAREZ-IN" parent=global-in packet-mark=pkt-warez limit-at=64000 \
    queue=default priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    add name="WAREZ-OUT" parent=global-in packet-mark=pkt-warez limit-at=32000 \
    queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    alguem me ajuda pelo amor de deus ....

  2. #2

    Padrão

    esta praticamente toda minah configuração ai ..
    alguem se ablita a me ajudar ???
    ja tentei de tudo e nao consegui.

  3. #3

    Padrão

    Citação Postado originalmente por 14735 Ver Post
    ...add chain=output protocol=tcp src-port=3128 content=X-Cache:HIT...
    Dá um spaço em X-Cache:HIT (X-Cache: HIT), desmarque a opção de proxy transparente para os profiles que não são para enviar aviso.