[ pena2008 @ 03.10.2012. 20:12 ] @
| Podigao sam web proxy na mikrotiku i sve super radi u lokalnoj mrezi međutim imam par korisnika koji na net idu preko vpn konekcije. Tim korisnicima neradi net kad je proxy upaljen. Zasto? Hvala |
|
[ pena2008 @ 03.10.2012. 20:12 ] @
[ Predrag Supurovic @ 04.10.2012. 10:41 ] @
Verovatno zato što nisi podesio da im radi net.
[ pena2008 @ 06.10.2012. 22:12 ] @
Zakljucio sam kad stavku pod brojem 22 disebliram net vpn korisnicima proradi. Za vpn je ovoren port 1723 i protocol 47 dali jos sta treba.
2 ;;; Drop SCANNER chain=input action=drop protocol=tcp src-address-list=Scanner 3 ;;; Log SCANNER chain=input action=log protocol=tcp in-interface=Opti_Internet dst-port=23,25,80,110,445,137,138,139 log-prefix=""SCANNER"" 4 ;;; Add to SCANNER list chain=input action=add-src-to-address-list protocol=tcp address-list=Scanner address-list-timeout=1d in-interface=Opti_Internet dst-port=23,25,80,110,445,137,138,139 5 ;;; Drop after add to SCANNER chain=input action=drop protocol=tcp in-interface=Opti_Internet dst-port=23,25,80,110,445,137,138,139 6 ;;; Accept established connections chain=input action=accept connection-state=established 7 ;;; Accept related connections chain=input action=accept connection-state=related 8 ;;; Accept Winbox chain=input action=accept protocol=tcp dst-port=8291 9 ;;; Accept Web Winbox chain=input action=accept protocol=tcp dst-port=881 10 X ;;; VPN UDP 500 chain=input action=accept protocol=udp dst-port=500 11 ;;; VPN TCP 443 chain=input action=accept protocol=tcp dst-port=443 12 ;;; VPN TCP 1723 chain=input action=accept connection-state=new protocol=tcp dst-port=1723 connection-type=pptp 13 chain=input action=accept connection-state=new protocol=gre connection-type=pptp 14 ;;; Allow limited pings chain=input action=accept protocol=icmp limit=50/5s,2 15 ;;; From our LAN chain=input action=accept src-address=10.44.0.0/16 in-interface=ether_local 16 ;;; Drop invalid connections chain=input action=drop connection-state=invalid 17 ;;; UDP chain=input action=accept protocol=udp 18 ;;; LOG SMTP virus or spammers chain=forward action=log protocol=tcp dst-port=25 connection-limit=5,32 limit=5,2 log-prefix="SPAMMER" 19 ;;; Detect and add-list SMTP virus or spammers chain=forward action=add-src-to-address-list protocol=tcp address-list=Spamer address-list-timeout=1d dst-port=25 connection-limit=5,32 limit=5,2 20 ;;; BLOCK SPAMMERS OR INFECTED USERS chain=forward action=drop protocol=tcp src-address-list=Spamer dst-port=25 21 ;;; Drop excess pings chain=input action=drop protocol=icmp 22 X ;;; Drop everything else chain=input action=drop 23 ;;; da nije slucajno otvoren proxy chain=input action=drop protocol=tcp in-interface=Opti_Internet dst-port=8080 [ anon115774 @ 08.10.2012. 12:46 ] @
A gde ti je input za dns?
Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.
|