交流 › RouterOS › 只要有mangle就無法進入網頁

kingofsdtw 发表于 2011-9-19 04:48:18

只要有mangle就無法進入網頁

本帖最后由 kingofsdtw 于 2011-9-19 17:14 编辑

像是
http://video.eyny.com/index.php/channel/view/2.html


只要我mangel port80&21的 packet就無法進入
請問有解嗎?


# sep/19/2011 04:49:08 by RouterOS 5.4
# software id = 4SA9-XXXX
#
/ip firewall mangle
add action=mark-connection chain=forward disabled=yes new-connection-mark=\
    web_con passthrough=yes port=80 protocol=tcp
add action=mark-packet chain=forward connection-mark=web_con disabled=yes \
    new-packet-mark=web passthrough=no
add action=mark-connection chain=forward disabled=yes new-connection-mark=\
    ftp_con passthrough=yes port=21 protocol=tcp
add action=mark-packet chain=forward connection-mark=ftp_con disabled=yes \
    new-packet-mark=ftp passthrough=no


/queue tree 是空的

pppoe clinet (ADSL) 自己有產生一個change mass

kingofsdtw 发表于 2011-9-20 16:28:06

filter:
# sep/20/2011 16:20:35 by RouterOS 5.4
# software id = 4SA9-XXXX

mangle
## sep/19/2011 04:49:08 by RouterOS 5.4
# software id = 4SA9-xxxx
#
/ip firewall mangle
add action=mark-connection chain=forward disabled=yes new-connection-mark=\
    web_con passthrough=yes port=80 protocol=tcp
add action=mark-packet chain=forward connection-mark=web_con disabled=yes \
    new-packet-mark=web passthrough=no
add action=mark-connection chain=forward disabled=yes new-connection-mark=\
    ftp_con passthrough=yes port=21 protocol=tcp
add action=mark-packet chain=forward connection-mark=ftp_con disabled=yes \
    new-packet-mark=ftp passthrough=no


NAT:
/ip firewall nat
add action=masquerade chain=srcnat comment="\B3o\A4@\B1\F8\A4\A3\AF\E0\A7R,\A7\
    _\ABhNAT\AA\BA\A5\CE\A4\E1\A5X\A4\A3\A5h" disabled=no
add action=dst-nat chain=dstnat comment="\B3o\A4@\B1\F8\ACOPORT\ACM\AEg\BDd\A8\
    \D2,(dst-address=123.123.123.123\B3o\B8\CC\ADn\B6\F1\A4JWAN\AA\BAIP),(to-a\
    ddresses=192.168.88.5\ADn\B4\AB\A6\A8\B1z\A4\BA\BA\F4\A6\F8\AAA\BE\B9\AA\
    \BAIP\A6\EC\A7})" disabled=yes dst-address=123.123.123.123 dst-port=21 \
    protocol=tcp to-addresses=192.168.88.5 to-ports=21

Route:
# sep/20/2011 16:21:36 by RouterOS 5.4
# software id = 4SA9-XXXX
#

Tree
# sep/20/2011 16:22:08 by RouterOS 5.4
# software id = 4SA9-XXXX
#
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
    max-limit=0 name=Download parent=lan priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=1M \
    max-limit=12M name=Q1 packet-mark=web parent=Download priority=5 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
    max-limit=0 name=Q2 parent=Download priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=6M \
    max-limit=12M name=Q2_1 packet-mark=ftp parent=Q2 priority=6 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=1M \
    max-limit=12M name=Q2_3 packet-mark=no-mark parent=Q2 priority=7 queue=\
    default

我很確定mangle disable就可以正常連上 0.0

9939781 发表于 2011-9-20 16:42:52

passthrough=no改为YES就行了

qlxsj 发表于 2011-9-20 17:09:53

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
   max-limit=0 name=Download parent=lan priority=8

max-limit是不是没有给带宽啊。

kingofsdtw 发表于 2011-9-20 18:39:15

Tree目前是關閉的0.0簡單說:目前只有mangle..就連不上很多網頁.
(但比較大眾的網頁很順.例如.yahoo.pchome很順)

http://video.eyny.com/index.php/channel/view/2.html就連不上了~一關閉mangle，
重新整理又可以連上



# sep/20/2011 16:22:08 by RouterOS 5.4
# software id = 4SA9-XXXX
#
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
    max-limit=0 name=Download parent=lan priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=1M \
    max-limit=12M name=Q1 packet-mark=web parent=Download priority=5 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
    max-limit=0 name=Q2 parent=Download priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=6M \
    max-limit=12M name=Q2_1 packet-mark=ftp parent=Q2 priority=6 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=1M \
    max-limit=12M name=Q2_3 packet-mark=no-mark parent=Q2 priority=7 queue=\
    default

qlhz 发表于 2011-9-20 19:06:54

http://video.eyny.com/index.php/channel/view/2.html
我这里怎没用ros也打不开呢

qlhz 发表于 2011-9-20 19:16:46

楼主是否多线啊，我这边电信的adsl是打不开这个网站的。是否有标记得和没有标记时候走不同的线路呢。

kingofsdtw 发表于 2011-9-21 03:07:29

本帖最后由 kingofsdtw 于 2011-9-21 03:07 编辑

我這邊沒經過ROS可以正常連入Q_Q!

例如youtube部分影片~ 經由mangle 也是會"一定"讀取失敗

拔掉mangle就正常了..很明顯

kingofsdtw 发表于 2011-9-26 03:26:21

9939781 发表于 2011-9-20 16:42 static/image/common/back.gif
passthrough=no改为YES就行了

的確設定成passthrough就可以了

但是一般不是要設定成NO @@?

NO才不會把封包往下標記?

查看完整版本: 只要有mangle就無法進入網頁