Amigos,
já pesquesei bastante vários testes, restore, teste já estou para ficar doido.
O que necessito, tenho uma RB450G trabalhando com hotspot + thunder e mk-auth e junto tem um link ptp com outra RB450 e não consigo fazer o thunder fazer cache para a segunda RB.
Poderiam verificar no que estou errando.
segue configs:
RB50G + MK-AUTH + THUNDER + HOTPOT + DHCP_SERVER + PONTO-A-PONTO
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ;;; Link GVT
ether1 ether 1500 1520 1520
1 R ;;; MK-AUTH
ether2 ether 1500 1520 1520
2 R ;;; THUNDER
ether3 ether 1500 1520 1520
3 R ;;; CLIENTES
ether4 ether 1500 1520 1520
4 R ;;; Link PTP Valparaiso
ether5 ether 1500 1520 1520
5 R Link GVT pppoe-out 1480
-------------------------------------------------------------------
ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; PG CORTE
10.3.0.1/22 10.3.0.0 ether4
1 ;;; CLIENTES
10.5.40.1/22 10.5.40.0 ether4
2 ;;; MKAUTH
172.31.255.1/30 172.31.255.0 ether2
3 ;;; THUNDER
173.31.255.1/30 173.31.255.0 ether3
4 ;;; ACESSO EXTERNO ANTENAS
172.0.0.11/24 172.0.0.0 ether4
5 ;;; IP MODEM
192.168.1.2/24 192.168.1.0 ether1
6 ;;; PTP
192.0.0.1/29 192.0.0.0 ether5
7 D 177.43.23.9/32 187.115.210.85 Link GVT
--------------------------------------------------------------------
/ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 173.31.255.2 1
1 ADS 0.0.0.0/0 187.115.210.85 1
2 ADC 10.3.0.0/22 10.3.0.1 ether4 0
3 ADC 10.5.40.0/22 10.5.40.1 ether4 0
4 ADC 172.0.0.0/24 172.0.0.11 ether4 0
5 ADC 172.31.255.0/30 172.31.255.1 ether2 0
6 ADC 173.31.255.0/30 173.31.255.1 ether3 0
7 ADC 187.115.210.85/32 177.43.23.9 Link GVT 0
8 ADC 192.0.0.0/29 192.0.0.1 ether5 0
9 ADC 192.168.1.0/24 192.168.1.2 ether1 0
---------------------------------------------------------------------
/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 ;;; place hotspot rules here
chain=hs-input action=passthrough
2 ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
3 chain=pre-hs-input action=passthrough
4 ;;; Bloqueio SSH portas 22-23
chain=input action=drop protocol=tcp src-address=!172.31.255.0/30 dst-port=22-23
5 chain=input action=drop protocol=tcp src-address=!172.31.255.0/30 in-interface=Link GVT dst-port=22-23
6 ;;; Bloquear conexoes invalidas
chain=forward action=drop connection-state=invalid
7 ;;; Permitir Conexoes estabelecidas
chain=input action=accept connection-state=established
8 ;;; Permitir ips para ping
chain=input action=accept protocol=icmp dst-address=!172.31.255.2 icmp-options=8:0-255
9 ;;; Bloqueio de virus
chain=virus action=accept
10 ;;; Drop invalid connections
chain=forward action=drop connection-state=invalid
11 ;;; Established Connections
chain=forward action=accept connection-state=established
12 ;;; Related connections
chain=forward action=accept connection-state=related
13 ;;; !!! Check for well-known viruses !!!
chain=forward action=jump jump-target=virus
14 ;;; UDP
chain=forward action=accept protocol=udp
15 ;;; Allow limited Pings
chain=forward action=accept protocol=icmp limit=50/5s,2
16 ;;; Drop excess pings
chain=forward action=drop protocol=icmp
17 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid
18 ;;; Accept related connections
chain=input action=accept connection-state=related
19 ;;; !!! Check for well-known viruses !!!
chain=input action=jump jump-target=virus
20 ;;; UDP
chain=input action=accept protocol=udp
21 ;;; Allow limited pings
chain=input action=accept protocol=icmp limit=50/5s,2
22 ;;; Drop excess pings
chain=input action=drop protocol=icmp
23 ;;; SSH for demo purposes
chain=input action=accept protocol=tcp dst-port=22
24 ;;; Telnet for demo purposes
chain=input action=accept protocol=tcp dst-port=23
25 ;;; http for demo purposes
chain=input action=accept protocol=tcp dst-port=80
26 ;;; winbox for demo purposes
chain=input action=accept protocol=tcp dst-port=3987
27 ;;; Log and drop everything else
chain=input action=accept
------------------------------------------------------------------------------
/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; PG CORTE
chain=dstnat action=dst-nat to-addresses=172.31.255.2 to-ports=85 protocol=tcp src-address=10.3.0.2-10.3.3.254 dst-address=!172.31.255.2
1 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
2 ;;; NAT VALPARAISO
chain=srcnat action=masquerade src-address=192.0.0.0/29
3 ;;; NAT MKAUTH
chain=srcnat action=masquerade src-address=172.31.255.0/30 dst-address=!172.31.255.1-172.31.255.2 out-interface=Link GVT
4 ;;; NAT THUNDER
chain=srcnat action=masquerade src-address=173.31.255.0/30 dst-address=!173.31.255.1-173.31.255.2 out-interface=Link GVT
5 ;;; NAT CLIENTES
chain=srcnat action=masquerade src-address=10.5.40.0/22 dst-address=!172.31.255.2 out-interface=Link GVT
6 X ;;; NAT PTP MKAUTH
chain=srcnat action=masquerade src-address=192.0.0.0/29 dst-address=!172.31.255.2 out-interface=Link GVT
7 ;;; REDIRECT MKAUTH
chain=dstnat action=dst-nat to-addresses=172.31.255.2 to-ports=80 protocol=tcp dst-port=8080
8 ;;; SSH MKAUTH
chain=dstnat action=dst-nat to-addresses=172.31.255.2 to-ports=22 protocol=tcp dst-port=222
9 ;;; REDIRECT THUNDER
chain=dstnat action=dst-nat to-addresses=173.31.255.2 to-ports=82 protocol=tcp dst-port=8081
10 ;;; WINBOX VALPARAISO
chain=dstnat action=dst-nat to-addresses=192.0.0.4 to-ports=8291 protocol=tcp dst-port=8292
11 ;;; SSH THUNDER
chain=dstnat action=dst-nat to-addresses=173.31.255.2 to-ports=22 protocol=tcp dst-port=8082
12 ;;; MKAUTH 1812
chain=dstnat action=dst-nat to-addresses=172.31.255.2 to-ports=1812 protocol=udp dst-port=1812
13 ;;; MKAUTH 1813
chain=dstnat action=dst-nat to-addresses=172.31.255.2 to-ports=1813 protocol=udp dst-port=1813
------------------------------------------------------------------------------------------
/ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; REDIRECT CLIENTES TO THUNDER
chain=prerouting action=mark-routing new-routing-mark=Thunder_Router passthrough=yes protocol=tcp src-address=10.5.40.0/22 dst-address-list=!NO_CACHE in-interface=!ether3 dst-port=80
src-mac-address=!90:E6:BA:08:0D:D4
1 X ;;; REDIRECT CLIENTES TO THUNDER VALPARAISO
chain=prerouting action=mark-routing new-routing-mark=Thunder_Router passthrough=no protocol=tcp src-address=192.0.0.0/29 dst-address-list=!NO_CACHE in-interface=!ether3 dst-port=80
2 ;;; CACHE FULL THUNDER
chain=postrouting action=mark-packet new-packet-mark=CACHE FULL passthrough=yes dscp=18
3 ;;; WINBOX FULL
chain=output action=mark-connection new-connection-mark=WINBOX_FULL passthrough=yes protocol=tcp src-port=8291
4 ;;; TODOS P2P
chain=prerouting action=mark-connection new-connection-mark=p2p-conn passthrough=yes p2p=all-p2p src-address-list=!com-p2p
5 chain=prerouting action=accept
:::::::::::::::::::::::::::::::::Na outra RB450;
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 X ether1 ether 1500 1526 1526
1 X ether2 ether 1500 1522 1522
2 R ;;; Link Ocidental
ether3 ether 1500 1522 1522
3 R ;;; Switch
ether4 ether 1500 1522 1522
4 R ;;; Rede Sem hotspot
ether5 ether 1500 1522 1522
---------------------------------------------------------------------------------------------------
/ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.0.0.1 1
1 ADC 10.5.50.0/24 10.5.50.1 ether4 0
2 ADC 192.0.0.0/29 192.0.0.4 ether3 0
3 ADC 192.168.30.0/24 192.168.30.2 ether5 0
---------------------------------------------------------------------------------------------------
/ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; HOTSPOT-CLIENTES
10.5.50.1/24 10.5.50.0 ether4
1 ;;; REDE LIVRE
192.168.30.2/24 192.168.30.0 ether5
2 ;;; Link PTP
192.0.0.4/29 192.0.0.0 ether3
Respostas