hello
please help me. i am new in mikrotik. from last night facebook.com is not opening. and my all things are not going well. i limit user to 104k , but he’s getting 1m. please , help me.
my configuration is below:
:::: ip address
172.17.224.28/18 172.17.192.0 172.17.255.255 ether1
172.16.12.1/24 172.16.12.0 172.16.12.255 ether2
::::ppp profile
name=“104k” local-address=10.10.1.1 remote-address=104k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=104k/104k
dns-server=180.149.11.24,10.10.1.1
name=“124k” local-address=10.10.2.1 remote-address=124k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=96k/124k
dns-server=180.149.11.24,10.10.2.1
name=“166k” local-address=10.10.3.1 remote-address=166k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=128k/166k
dns-server=180.149.11.24,10.10.0.31
name=“200k” local-address=10.10.4.1 remote-address=200k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=144k/224k
dns-server=10.10.4.1,180.149.11.24
name=“256k” local-address=10.10.5.1 remote-address=256k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=160k/300k
dns-server=180.149.11.24,10.10.1.1
name=“512k” local-address=10.10.6.1 remote-address=512k use-compression=default
use-vj-compression=default use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=176k/512k
dns-server=10.10.6.1,180.149.11.24
::::/ip firewall filter
add action=accept chain=input comment=“ACEITAR CONEXOES PROXY” disabled=no
dst-port=8080 protocol=tcp
add action=accept chain=forward comment=“” connection-limit=100,32 disabled=
no protocol=tcp
add action=drop chain=forward comment=“” connection-limit=100,32 disabled=no
protocol=tcp
add action=reject chain=forward comment=“” connection-limit=5,32 disabled=no
p2p=all-p2p protocol=tcp reject-with=icmp-network-unreachable
add action=drop chain=input comment=
“Allow access from our local network. Edit this!” disabled=yes
src-address=10.10.0.0/24
add action=drop chain=input comment=“Drop invalid connections”
connection-state=invalid disabled=no
add action=accept chain=forward comment=“” disabled=no
add action=return chain=input comment=“Allow established connections”
connection-state=established disabled=no
add action=accept chain=input comment=“Allow related connections”
connection-state=related disabled=no
add action=accept chain=input comment=“Allow UDP” disabled=no protocol=udp
add action=accept chain=input comment=“Allow ICMP Ping” disabled=no protocol=
icmp
add action=accept chain=input comment=
“This is web proxy service for our customers. Edit this!” disabled=yes
dst-port=80 protocol=tcp src-address=10.10.0.0/24
add action=drop chain=input comment=“Log and drop everything else” disabled=
no
add action=accept chain=input comment=“Allow established connections”
connection-state=established disabled=no
add action=accept chain=input comment=“Allow related connections”
connection-state=related disabled=no
add action=accept chain=input comment=“Allow UDP” disabled=no protocol=udp
add action=accept chain=input comment=“Allow ICMP Ping” disabled=no protocol=
icmp
add action=accept chain=input comment=“From my home network” disabled=yes
src-address=10.10.0.0/24
add action=drop chain=input comment=“Log and drop everything else” disabled=
no
add action=accept chain=forward comment=“” disabled=no src-address=10.10.1.0
add action=accept chain=forward comment=“” disabled=no dst-address=10.10.1.0
add action=drop chain=traffic comment=“” disabled=no p2p=all-p2p
::::/ip firewall nat
add action=same chain=dstnat comment=“” disabled=no protocol=tcp
same-not-by-dst=no src-address=172.16.12.0/24 to-addresses=172.16.12.2
to-ports=210
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=53
in-interface=ether2 protocol=udp to-addresses=208.67.220.220 to-ports=53
add action=redirect chain=dstnat comment=“redirectonamento do proxy”
disabled=no dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether1
add action=redirect chain=dstnat comment=proxy disabled=yes dst-port=80
protocol=tcp to-ports=8080
add action=redirect chain=dstnat comment=“redirectonamento do proxy”
disabled=yes dst-port=80 protocol=tcp src-address=10.10.0.0/24 to-ports=
8080
add action=accept chain=dstnat comment=" " " " " " " SERVI\C7OS NOBRES
FORA DO PROXY" " " " " " " disabled=no dst-address-list=
nobalance protocol=tcp
add action=src-nat chain=srcnat comment=“” disabled=yes out-interface=ether1
src-address=10.10.1.0/24 to-addresses=192.168.1.1
::::mangle
/ip firewall mangle
add action=mark-connection chain=output comment=“2-PROXY FULL” disabled=no
dscp=4 new-connection-mark=proxyfull passthrough=yes protocol=tcp
src-port=8080
add action=mark-packet chain=output comment=“” connection-mark=proxyfull
disabled=no new-packet-mark=proxyfull passthrough=yes
add action=accept chain=forward comment=“” disabled=no
add action=accept chain=output comment=“accept proxy - no limit’s” disabled=
no dscp=4
add action=mark-connection chain=input comment=“” disabled=yes dscp=4
dst-port=8080 in-interface=ether2 new-connection-mark=proxy_hit
passthrough=no protocol=tcp src-address=10.10.0.0/24
add action=mark-packet chain=output comment=“” connection-mark=proxy_hit
disabled=yes dscp=4 new-packet-mark=proxy_hit passthrough=yes
add action=return chain=forward comment=“” connection-mark=proxyfull
disabled=no
add action=return chain=output comment=“” connection-mark=proxyfull disabled=
no
::::/ip proxy> print
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: “web-admin”
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: yes
cache-hit-dscp: 4
cache-drive: primary-master
::::: proxy access
/ip proxy access
add action=allow comment=“” disabled=no dst-host=*.facebook.com method=
CONNECT path=/
add action=allow comment=“Our Customers” disabled=yes dst-host=“”
src-address=10.10.0.0/24
add action=deny comment=“Deny using us as telnet and SMTP relay” disabled=yes
dst-port=23-25
add action=deny comment=“Deny evrything else” disabled=yes
add action=allow comment=“portas para MSN” disabled=no dst-port=1025-65535
add action=deny comment=“” disabled=no path=AD5AdClient31.dll redirect-to=
http://www.routero-os.com/propaganda/msn.htm
add action=deny comment=“” disabled=no path=ork.user redirect-to=
http://www.routero-os.com/propaganda/propaganda.html
add action=deny comment=“block telnet & spam e-mail relaying” disabled=no
dst-port=23-25
add action=allow comment=“” disabled=no dst-address=69.63.189.16 dst-port=80
::: cache
/ip proxy cache
add action=deny comment=“” disabled=yes dst-port=0-65535 path=“/cgi-bin \?”
add action=deny comment=“” disabled=no dst-host=“:cgi-bin \?”
add action=deny comment=“” disabled=no dst-host=https: path=/
add action=deny comment=“” disabled=no dst-host=“:chi-bin \\\?”
add action=deny comment=“” disabled=no dst-host=https: path=/
add action=allow comment=“” disabled=yes dst-host=httpyoutubeget_video*
dst-port=80
add action=allow comment=“” disabled=yes dst-host=httpyoutubevideo*
add action=allow comment=“” disabled=yes dst-host=
“httpyoutubeyva_get_video_inf o*”
add action=allow comment=“” disabled=yes dst-host=“;\.exe$”
add action=allow comment=“” disabled=yes dst-host=“;\.zip$”
add action=allow comment=“” disabled=yes dst-host=“;\.mpeg$”
add action=allow comment=“” disabled=yes dst-host=“;\.avi$”
add action=allow comment=“” disabled=yes dst-host=“;\.pdf$”
add action=allow comment=“” disabled=yes dst-host=“;\.css$”
add action=allow comment=“” disabled=yes dst-host=“;\.rar$”
add action=allow comment=“” disabled=yes dst-host=“;\.mov$”
add action=allow comment=“” disabled=yes dst-host=“;\.mpg$”
add action=allow comment=“” disabled=yes dst-host=“;\.iso$”
add action=allow comment=“” disabled=yes dst-host=“;\.bin$”
add action=allow comment=“” disabled=yes dst-host=“;\.dat$”
add action=allow comment=“” disabled=yes dst-host=“;\.mp3$”
please help me.
wiki.txt (8.66 KB)
