[es] - u lanu bez ogranicenja, a prema internetu onako kako ja kazem !

Sa$a
Niš

Član broj: 7253
Poruke: 87
82.208.209.*

+3 Profil

Re: u lanu bez ogranicenja, a prema internetu onako kako ja kazem !

^{06.10.2007. u 01:34 - pre 201 meseci}

Part one:
Sto se tice HotSpota probaj da se igras Walled Garden i da probas da tu stavis lokalne opsege adresa koje nece ici kroz hotspot.
Part two:

Citat:

majstorovic: Ovo je problem gde je dosta ljudi zapelo, ja licno vec par mjeseci isitavam forume postavljam pitanja pitam ljude ali nema sanse da ovo rjesim.Sto se tice prioriteta kod queues ne radi, isto tako kod odredjivanja queues po interfejsima. Ne reaguje.Zatim, uputstva za packet mark i sl. npr. http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php jednostavno ne rade.Ima li nacina da se ovo rjesi?Dakle da se odvoji p2p i ostali saobracaj u mrezama od interneta?

probaj

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes protocol=gre comment="HIGH" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=20-21 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=22 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=23 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=25 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=29 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=53 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=80 protocol=tcp comment="" disabled=no
....... postavi portove koje hoces da budu high
add chain=prerouting action=mark-packet new-packet-mark=High passthrough=no connection-mark=high comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes p2p=all-p2p comment="P2P" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1214 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1214 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1337 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1337 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2323 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2323 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2705 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2705 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2710 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2710 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3306 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3306 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3128 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3128 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4242 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4242 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4500 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4501 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4501 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4661 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4661 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4662 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4662 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4663 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4663 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4664 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4664 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4665 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4665 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4667 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4667 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4668 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4668 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4669 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4669 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4670 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4670 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4671 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4671 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4672 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4672 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4673 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4673 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4674 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4674 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4678 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4678 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5500 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5500 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5501 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5502 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5503 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5504 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5555 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5555 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6257 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6257 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6346 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6346 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6347 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6347 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6667 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6667 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6699 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6699 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6881 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6881 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6882 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6882 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6883 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6883 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6884 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6884 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6885 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6885 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6886 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6886 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6887 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6887 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6888 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6888 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6889 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6889 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6969 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=7778 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=7778 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=8038 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=8038 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=Low passthrough=no connection-mark=p2p comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=medium passthrough=yes comment="MEDIUM" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=Medium passthrough=no connection-mark=medium comment="" disabled=no

/ queue tree
add name="1-HighA" parent=wlan1 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighB" parent=wlan2 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighC" parent=ether1 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighD" parent=ether2 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium1" parent=wlan1 packet-mark=Medium limit-at=4000000 queue=default priority=8 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium" parent=wlan2 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium3" parent=ether1 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium4" parent=ether2 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="8-P2Pa1" parent=wlan1 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pb1" parent=wlan2 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pc1" parent=ether1 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pd1" parent=ether2 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes

/queue simple
add name="korisnik" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default/default limit-at=256000/512000 max-limit=256000/512000 total-queue=default total-limit-at=7680000 total-max-limit=7680000 disabled=no
add name="korisnik High" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=High direction=both priority=1 queue=default/default limit-at=0/0 max-limit=256000/512000 total-queue=default disabled=no
add name="korisnik Low" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=Low direction=both priority=8 queue=default/default limit-at=0/0 max-limit=64000/64000 total-queue=default disabled=no
add name="korisnik Medium" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=Medium direction=both priority=6 queue=default/default limit-at=0/0 max-limit=64000/64000 total-queue=default disabled=no

E, a sad ono najgore :) za mene, objasnjenje gore napisanog:
(ip firewall mangle) imas tri "vrste" konekcija po najcesce koriscenim portovima (medium je ono sto nije markirano)
(queue tree) ogranicenje celokupnog saobracaja po gore definisanim konekcijama za celokupnu mrezu
(queue simple) ogranicenje korisnika koji ima protok 512k dl/256k ul
ovde mora da vodis racuna jer je medium ono sto ne spada ni pod high ni pod low a mnooooooogo se koristi za p2p saobracaj i nazalost voip, predefinisane ssh, telnet i ostale saobracaje koje bi trebalo staviti u high
Jos jedna stvar ovo nije kompletan spisak high portova (ovde se nalaze i "skupljeni" portovi za gamere) tako da broj high portova raste svakodnevno.
Varijacije na temu mangle, q3 i qs odradi kako tebi odgovara
Nadam se da sam makar malo pomogo
Pozz,
P.S. Uputstvo za MT je malo sturo opisano za "obicne smrtnike" ali zato forum i wiki sa njihovog sajta je ok.
P.S.S Ni tamo ne dobijaju svi odgovore na postavljeno pitanje

_{[Ovu poruku je menjao Sa$a dana 06.10.2007. u 15:37 GMT+1]}

_{[Ovu poruku je menjao Sa$a dana 06.10.2007. u 15:39 GMT+1]}

_{[Ovu poruku je menjao Sa$a dana 06.10.2007. u 16:53 GMT+1]}

Teorija - to je kada znate sve, a ništa ne radi
Praksa - to je kada sve radi, a neznate zašto
Mi smo spojili teoriju i praksu - kod nas NIŠTA ne radi i NE ZNAMO zašto
ex YT1ENG
KN03XH-16DQ

Odgovor na temu