Seguridad Wireless - Wifi
Equipos y materiales => Puntos de acceso, routers, switchs y bridges => Mikrotik => Mensaje iniciado por: Samuelongui en 25-04-2011, 16:52 (Lunes)
-
Iba a hacer un manual de marcado de paquetes y encolamiento yo mismo, pero al ver que en youtube habían 2 videos, os los voy a poner.
La finalidad de este tutorial es marcar los paquetes según el puerto de destino, para que se le de una prioridad y una velocidad de navegación, ejemplo:
Imaginaros que compartis vuestra ADSL con un familiar y le da por poneros el Torrent a toda mecha, dejándoos casi sin velocidad a vosotros para navegar, jugar a algun juego online, etc. De esta forma veremos como dar una velocidad máxima a los P2P y como restarles prioridad frente a los paquetes del puerto 80 (http). Más información aquí (http://es.wikipedia.org/wiki/Calidad_de_servicio)
Los vídeos están muy bien la verdad, solo que en el primero de ellos, fijaros en la pantalla de la derecha (la que ya está configurada), ya que en el de la izquierda comete algunos errores (no lo hace tal y como lo tiene en la derecha), seguramente por las prisas por no alargar el video.
[ Invalid YouTube link ]
Estos videos están realizados por Rodrigo Anrrango de Configurar Mikrotik Wireless (http://configurarmikrotikwireless.com/), todos los créditos para él.
Un saludo.
-
Hola Samuel, ya tengo un RB750G y he seguido todo los pasos que has puesto en tu manual para crear el hotspot ( impresionante! ) todo de lujo, incluso lo he personalizado un poco para la wifi que estoy montando en un camping. He creado los perfiles y limitado el ancho de banda segun los perfiles. El tema es que aun asi los usuarios van a poder petar el ancho de banda que les tenga otorgado, por lo cual para que todo este perfecto estaria muy interesante bloquear el p2p. Esto que pones en este post podria tener algo que ver pero esto habla de limitar los puertos no?, no seria efectivo en la actuliadad porque muchos programas utilizan aleatoriamente los puertos para realizar el intercambio. He estado leyendo por ahi y he encontrado esto... el problema es que a mi de saca un error en la linea 20 y ahi la verdad me pierdo. Una ayudita? :P
First I have marked p2p traffic and than all other traffic, what I have done you can find it below:
for p2p traffic I have configured as follows:
[admin@MikroTik] ip firewall mangle> add src-address=10.84.0.0/24 mark-flow=p2p-out p2p=all-p2p action=passthrough
[admin@MikroTik] ip firewall mangle> add dst-address=10.84.0.0/24 mark-flow=p2p-in p2p=all-p2p action=passthrough
[admin@MikroTik] queue type> add name="p2p-out" kind=pcq pcq-rate=32000 pcq-classifier=src-address
[admin@MikroTik] queue type> add name="p2p-in" kind=pcq pcq-rate=32000 pcq-classifier=dst-address
[admin@MikroTik] queue tree> add name="p2p-in" parent=global-in flow=p2p-in queue=p2p-in
[admin@MikroTik] queue tree> add name="p2p-out" parent=global-out flow=p2p-out queue=p2p-out
for all other traffic I have configured as follows:
ip firewall mangle add action=accept mark-flow=all
queue type add name=PCQ-Download kind=pcq pcq-rate=131072 pcq-classifier=dst-address
queue type add name=PCQ-Upload kind=pcq pcq-rate=131072 pcq-classifier=src-address
queue tree add parent=global-in queue=PCQ-Download flow=all
queue tree add parent=global-out queue=PCQ-Upload flow=all
I have found where the trick was,
under ip firewall mangle instead of add action=passthrough should be used add acction=accept, in order not to ignore the first rule and jump to the next one, which is limiting the bandwidth and not P2P.
-
Efectivamente los P2P no se limitan como está en el video.
Si cada usuario tiene su ancho de banda limitado (bien por Hotspot, bien por Queue simple), ¿por qué no les dejas el P2P libre? Es decir, tienen asignado xK de subida y xK de bajada, pues que lo usen como quieran (digo yo).
Para limitar el P2P lei hace algún tiempo, que era mediante la capa 7. La verdad que nunca lo he probado. En Google seguro que encontrarás algo al respecto, pruebalo y comentas ;)
-
Efectivamente los P2P no se limitan como está en el video.
Si cada usuario tiene su ancho de banda limitado (bien por Hotspot, bien por Queue simple), ¿por qué no les dejas el P2P libre? Es decir, tienen asignado xK de subida y xK de bajada, pues que lo usen como quieran (digo yo).
Para limitar el P2P lei hace algún tiempo, que era mediante la capa 7. La verdad que nunca lo he probado. En Google seguro que encontrarás algo al respecto, pruebalo y comentas ;)
El problema es que si tengo treinta megas de salida a internet, le doy diez a cada usuario, pero uno pone en marcha el P2P el ping nos sube a los tres (<650ms)
-
Yo no bloqueo los p2p, unicamente los limito por content y les asigno una velocidad global por queue tree, he oido buenos comentarios de layer7 bloqueando los p2p, pero mejor limitarlos, asi mas seguro!
-
Me gustaria implementar esos Qos, pero se me dificulta verlo en el video, tendras algun export o codigo para implementarlo?
O simplemente el nombre de lo que se esta haciendo en los videos para buscar info!
Gracias de nuevo
-
Por si no se ven los videos:
Export Mangle QoS
/ip firewall mangle
add action=mark-packet chain=prerouting comment="Marcado de paquetes FTP" disabled=no new-packet-mark=ftp_in passthrough=no \
protocol=tcp src-port=20
add action=mark-packet chain=postrouting disabled=no dst-port=20 new-packet-mark=ftp_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=ftp_21_in passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=postrouting disabled=no dst-port=21 new-packet-mark=ftp_21_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SSH" disabled=no new-packet-mark=ssh_in passthrough=no \
protocol=tcp src-port=22
add action=mark-packet chain=postrouting disabled=no dst-port=22 new-packet-mark=ssh_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes TELNET" disabled=no new-packet-mark=telnet_in passthrough=no \
protocol=tcp src-port=23
add action=mark-packet chain=postrouting disabled=no dst-port=23 new-packet-mark=telnet_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SMTP" disabled=no new-packet-mark=smtp_in passthrough=no \
protocol=tcp src-port=25
add action=mark-packet chain=postrouting disabled=no dst-port=25 new-packet-mark=smtp_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SMTP sobre SSL" disabled=no new-packet-mark=smtp_ssl_in \
passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=postrouting disabled=no dst-port=465 new-packet-mark=smtp_ssl_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes DNS" disabled=no new-packet-mark=dns_in passthrough=no \
protocol=tcp src-port=53
add action=mark-packet chain=postrouting disabled=no dst-port=53 new-packet-mark=dns_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=dns_udp_in passthrough=no protocol=udp src-port=53
add action=mark-packet chain=postrouting disabled=no dst-port=53 new-packet-mark=dns_udp_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Marcado de paquetes WWW" disabled=no new-packet-mark=www_in passthrough=no \
protocol=tcp src-port=80
add action=mark-packet chain=postrouting disabled=no dst-port=80 new-packet-mark=www_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes POP3" disabled=no new-packet-mark=pop3_in passthrough=no \
protocol=tcp src-port=110
add action=mark-packet chain=postrouting disabled=no dst-port=110 new-packet-mark=pop3_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=pop3_995_in passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=postrouting disabled=no dst-port=995 new-packet-mark=pop3_995_up passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SQL" disabled=no new-packet-mark=sql_in passthrough=no \
protocol=tcp src-port=118
add action=mark-packet chain=postrouting disabled=no dst-port=118 new-packet-mark=sql_up passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=sql_udp_in passthrough=no protocol=udp src-port=118
add action=mark-packet chain=postrouting disabled=no dst-port=118 new-packet-mark=sql_udp_up passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Marcado de paquetes IMAP" disabled=no new-packet-mark=imap_in passthrough=no \
protocol=tcp src-port=143
add action=mark-packet chain=postrouting disabled=no dst-port=143 new-packet-mark=imap_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=imap_993_in passthrough=no protocol=tcp src-port=993
add action=mark-packet chain=postrouting disabled=no dst-port=993 new-packet-mark=imap_993_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes HTTPS" disabled=no new-packet-mark=https_in passthrough=no \
protocol=tcp src-port=443
add action=mark-packet chain=postrouting disabled=no dst-port=443 new-packet-mark=https_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN" disabled=no new-packet-mark=msn_in passthrough=no \
protocol=tcp src-port=1863
add action=mark-packet chain=postrouting disabled=no dst-port=1863 new-packet-mark=msn_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes VoIP" disabled=no new-packet-mark=voip_in passthrough=no \
protocol=udp src-port=5060
add action=mark-packet chain=postrouting disabled=no dst-port=5060 new-packet-mark=voip_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=voip_5061_in passthrough=no protocol=tcp src-port=5061
add action=mark-packet chain=postrouting disabled=no dst-port=5061 new-packet-mark=voip_5061_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN archivos" disabled=no new-packet-mark=msn_files_in \
passthrough=no protocol=tcp src-port=6891-6900
add action=mark-packet chain=postrouting disabled=no dst-port=6891-6900 new-packet-mark=msn_files_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN voz" disabled=no new-packet-mark=msn_voz_in passthrough=no \
protocol=tcp src-port=6901
add action=mark-packet chain=postrouting disabled=no dst-port=6901 new-packet-mark=msn_voz_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes WINBOX" disabled=no dst-port=8291 new-packet-mark=winbox_in \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting disabled=no new-packet-mark=winbox_out passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=prerouting comment="Marcado de paquetes P2P" disabled=no new-packet-mark=p2p_in p2p=all-p2p \
passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=p2p_out p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no new-packet-mark=emule_in passthrough=no protocol=tcp src-port=4662
add action=mark-packet chain=postrouting disabled=no dst-port=4672 new-packet-mark=emule_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6346_in passthrough=no protocol=tcp src-port=6346
add action=mark-packet chain=postrouting disabled=no dst-port=6346 new-packet-mark=gnutella_6346_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6347_in passthrough=no protocol=udp src-port=6347
add action=mark-packet chain=postrouting disabled=no dst-port=6347 new-packet-mark=gnutella_6347_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6348_in passthrough=no protocol=udp src-port=6348
add action=mark-packet chain=postrouting disabled=no dst-port=6348 new-packet-mark=gnutella_6348_out passthrough=no protocol=udp
Export Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWNLOAD packet-mark="" parent=global-in \
priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UPLOAD packet-mark="" parent=global-out \
priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=www_down packet-mark=www_in parent=\
DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=www_up packet-mark=www_out parent=UPLOAD \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=dns_down packet-mark=dns_in parent=\
global-in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=dns_up packet-mark=dns_out parent=\
global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=winbox_down packet-mark=winbox_in parent=\
global-in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=winbox_up packet-mark=winbox_out parent=\
global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_down packet-mark=pop3_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_up packet-mark=pop3_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp_down packet-mark=smtp_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp_up packet-mark=smtp_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p_down packet-mark=p2p_in parent=\
DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p_up packet-mark=p2p_out parent=UPLOAD \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_995_down packet-mark=pop3_995_in \
parent=DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_995_up packet-mark=pop3_995_up \
parent=UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_down packet-mark=imap_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_up packet-mark=imap_out parent=\
UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_993_down packet-mark=imap_993_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_993_up packet-mark=imap_993_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_down packet-mark=ftp_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_21_down packet-mark=ftp_21_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_up packet-mark=ftp_out parent=UPLOAD \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_21_out packet-mark=ftp_21_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_files_down packet-mark=msn_files_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_files_up packet-mark=msn_files_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_voz_down packet-mark=msn_voz_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_voz_up packet-mark=msn_voz_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_down packet-mark=voip_in parent=\
DOWNLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_up packet-mark=voip_out parent=\
UPLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_5061_down packet-mark=voip_5061_in \
parent=DOWNLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_5061_up packet-mark=voip_5061_out \
parent=UPLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=https_down packet-mark=https_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=https_up packet-mark=https_out parent=\
UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ssh_download packet-mark=ssh_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ssh_out packet-mark=ssh_out parent=UPLOAD \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smt_ssl_down packet-mark=ssh_out parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smt_ssl_up packet-mark=smtp_ssl_out \
parent=UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_down packet-mark=msn_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_up packet-mark=msn_out parent=UPLOAD \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=emule_down packet-mark=emule_in parent=\
DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=emule_up packet-mark=emule_out parent=\
UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6346_down packet-mark=\
gnutella_6346_in parent=DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6346_up packet-mark=\
gnutella_6346_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_down packet-mark=sql_in parent=\
DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_up packet-mark=sql_up parent=UPLOAD \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_udp_down packet-mark=sql_udp_in \
parent=DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_udp_up packet-mark=sql_udp_up parent=\
UPLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=telnet_down packet-mark=telnet_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=telnet_up packet-mark=telnet_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6347_down packet-mark=\
gnutella_6347_in parent=DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6347_up packet-mark=\
gnutella_6347_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6348_up packet-mark=\
gnutella_6348_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6348_down packet-mark=\
gnutella_6348_in parent=DOWNLOAD priority=8 queue=default
He añadido más que no aparecen en el video.
-
Hola a todos los amigos del foro, la verdad he leido esto peor no tengo aun muy claro como colocar calidad de servicio a mi RB, estoy desarrollando un proyecto para mi tesis, y tengo una red ubiquiti y con RB aplicando OSPF, MPLS, VPN, y ps tambien quisiera aplicar calidad de servicio a mi red LAN, alguien me podria ayudar con esto??, la QoS es para ver camaras IP de un extremo a otro, VoIP, FTP, y trafico web, agradeceria mucho que me ayudaran con esto, ps leo post y cada vez me confundo mas...
Gracias ;)
-
Hola su script funciona perfecto solo tuve que cambiar algunos detalles para que mi routerboard lo aceptara..buenísimo marcado de paquetes .saludos
-
hola a todos, alguien pudiera indicarme como agregar este script a un rb 750, gracias!!!, soy nuevo en esto de mikrotik...
Por si no se ven los videos:
Export Mangle QoS
/ip firewall mangle
add action=mark-packet chain=prerouting comment="Marcado de paquetes FTP" disabled=no new-packet-mark=ftp_in passthrough=no \
protocol=tcp src-port=20
add action=mark-packet chain=postrouting disabled=no dst-port=20 new-packet-mark=ftp_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=ftp_21_in passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=postrouting disabled=no dst-port=21 new-packet-mark=ftp_21_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SSH" disabled=no new-packet-mark=ssh_in passthrough=no \
protocol=tcp src-port=22
add action=mark-packet chain=postrouting disabled=no dst-port=22 new-packet-mark=ssh_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes TELNET" disabled=no new-packet-mark=telnet_in passthrough=no \
protocol=tcp src-port=23
add action=mark-packet chain=postrouting disabled=no dst-port=23 new-packet-mark=telnet_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SMTP" disabled=no new-packet-mark=smtp_in passthrough=no \
protocol=tcp src-port=25
add action=mark-packet chain=postrouting disabled=no dst-port=25 new-packet-mark=smtp_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SMTP sobre SSL" disabled=no new-packet-mark=smtp_ssl_in \
passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=postrouting disabled=no dst-port=465 new-packet-mark=smtp_ssl_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes DNS" disabled=no new-packet-mark=dns_in passthrough=no \
protocol=tcp src-port=53
add action=mark-packet chain=postrouting disabled=no dst-port=53 new-packet-mark=dns_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=dns_udp_in passthrough=no protocol=udp src-port=53
add action=mark-packet chain=postrouting disabled=no dst-port=53 new-packet-mark=dns_udp_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Marcado de paquetes WWW" disabled=no new-packet-mark=www_in passthrough=no \
protocol=tcp src-port=80
add action=mark-packet chain=postrouting disabled=no dst-port=80 new-packet-mark=www_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes POP3" disabled=no new-packet-mark=pop3_in passthrough=no \
protocol=tcp src-port=110
add action=mark-packet chain=postrouting disabled=no dst-port=110 new-packet-mark=pop3_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=pop3_995_in passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=postrouting disabled=no dst-port=995 new-packet-mark=pop3_995_up passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes SQL" disabled=no new-packet-mark=sql_in passthrough=no \
protocol=tcp src-port=118
add action=mark-packet chain=postrouting disabled=no dst-port=118 new-packet-mark=sql_up passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=sql_udp_in passthrough=no protocol=udp src-port=118
add action=mark-packet chain=postrouting disabled=no dst-port=118 new-packet-mark=sql_udp_up passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Marcado de paquetes IMAP" disabled=no new-packet-mark=imap_in passthrough=no \
protocol=tcp src-port=143
add action=mark-packet chain=postrouting disabled=no dst-port=143 new-packet-mark=imap_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=imap_993_in passthrough=no protocol=tcp src-port=993
add action=mark-packet chain=postrouting disabled=no dst-port=993 new-packet-mark=imap_993_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes HTTPS" disabled=no new-packet-mark=https_in passthrough=no \
protocol=tcp src-port=443
add action=mark-packet chain=postrouting disabled=no dst-port=443 new-packet-mark=https_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN" disabled=no new-packet-mark=msn_in passthrough=no \
protocol=tcp src-port=1863
add action=mark-packet chain=postrouting disabled=no dst-port=1863 new-packet-mark=msn_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes VoIP" disabled=no new-packet-mark=voip_in passthrough=no \
protocol=udp src-port=5060
add action=mark-packet chain=postrouting disabled=no dst-port=5060 new-packet-mark=voip_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=voip_5061_in passthrough=no protocol=tcp src-port=5061
add action=mark-packet chain=postrouting disabled=no dst-port=5061 new-packet-mark=voip_5061_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN archivos" disabled=no new-packet-mark=msn_files_in \
passthrough=no protocol=tcp src-port=6891-6900
add action=mark-packet chain=postrouting disabled=no dst-port=6891-6900 new-packet-mark=msn_files_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes MSN voz" disabled=no new-packet-mark=msn_voz_in passthrough=no \
protocol=tcp src-port=6901
add action=mark-packet chain=postrouting disabled=no dst-port=6901 new-packet-mark=msn_voz_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Marcado de paquetes WINBOX" disabled=no dst-port=8291 new-packet-mark=winbox_in \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting disabled=no new-packet-mark=winbox_out passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=prerouting comment="Marcado de paquetes P2P" disabled=no new-packet-mark=p2p_in p2p=all-p2p \
passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=p2p_out p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no new-packet-mark=emule_in passthrough=no protocol=tcp src-port=4662
add action=mark-packet chain=postrouting disabled=no dst-port=4672 new-packet-mark=emule_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6346_in passthrough=no protocol=tcp src-port=6346
add action=mark-packet chain=postrouting disabled=no dst-port=6346 new-packet-mark=gnutella_6346_out passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6347_in passthrough=no protocol=udp src-port=6347
add action=mark-packet chain=postrouting disabled=no dst-port=6347 new-packet-mark=gnutella_6347_out passthrough=no protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=gnutella_6348_in passthrough=no protocol=udp src-port=6348
add action=mark-packet chain=postrouting disabled=no dst-port=6348 new-packet-mark=gnutella_6348_out passthrough=no protocol=udp
Export Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWNLOAD packet-mark="" parent=global-in \
priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UPLOAD packet-mark="" parent=global-out \
priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=www_down packet-mark=www_in parent=\
DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=www_up packet-mark=www_out parent=UPLOAD \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=dns_down packet-mark=dns_in parent=\
global-in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=dns_up packet-mark=dns_out parent=\
global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=winbox_down packet-mark=winbox_in parent=\
global-in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=winbox_up packet-mark=winbox_out parent=\
global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_down packet-mark=pop3_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_up packet-mark=pop3_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp_down packet-mark=smtp_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp_up packet-mark=smtp_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p_down packet-mark=p2p_in parent=\
DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p_up packet-mark=p2p_out parent=UPLOAD \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_995_down packet-mark=pop3_995_in \
parent=DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop3_995_up packet-mark=pop3_995_up \
parent=UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_down packet-mark=imap_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_up packet-mark=imap_out parent=\
UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_993_down packet-mark=imap_993_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=imap_993_up packet-mark=imap_993_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_down packet-mark=ftp_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_21_down packet-mark=ftp_21_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_up packet-mark=ftp_out parent=UPLOAD \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ftp_21_out packet-mark=ftp_21_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_files_down packet-mark=msn_files_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_files_up packet-mark=msn_files_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_voz_down packet-mark=msn_voz_in \
parent=DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_voz_up packet-mark=msn_voz_out \
parent=UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_down packet-mark=voip_in parent=\
DOWNLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_up packet-mark=voip_out parent=\
UPLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_5061_down packet-mark=voip_5061_in \
parent=DOWNLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=voip_5061_up packet-mark=voip_5061_out \
parent=UPLOAD priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=https_down packet-mark=https_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=https_up packet-mark=https_out parent=\
UPLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ssh_download packet-mark=ssh_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ssh_out packet-mark=ssh_out parent=UPLOAD \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smt_ssl_down packet-mark=ssh_out parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smt_ssl_up packet-mark=smtp_ssl_out \
parent=UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_down packet-mark=msn_in parent=\
DOWNLOAD priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=msn_up packet-mark=msn_out parent=UPLOAD \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=emule_down packet-mark=emule_in parent=\
DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=emule_up packet-mark=emule_out parent=\
UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6346_down packet-mark=\
gnutella_6346_in parent=DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6346_up packet-mark=\
gnutella_6346_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_down packet-mark=sql_in parent=\
DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_up packet-mark=sql_up parent=UPLOAD \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_udp_down packet-mark=sql_udp_in \
parent=DOWNLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sql_udp_up packet-mark=sql_udp_up parent=\
UPLOAD priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=telnet_down packet-mark=telnet_in parent=\
DOWNLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=telnet_up packet-mark=telnet_out parent=\
UPLOAD priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6347_down packet-mark=\
gnutella_6347_in parent=DOWNLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6347_up packet-mark=\
gnutella_6347_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6348_up packet-mark=\
gnutella_6348_out parent=UPLOAD priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=gnutella_6348_down packet-mark=\
gnutella_6348_in parent=DOWNLOAD priority=8 queue=default
He añadido más que no aparecen en el video.