configuracion de DNS en thunder y Mk

Publicado por delfpc, Noviembre 04, 2012, 12:16:54 AM

Tema anterior - Siguiente tema

delfpc

Antes de todo, debo agradecer al buen gesto de JOEMG6 por compartir su amplio conocimiento, referente al thunder y toda sus aplicaciones.

Bueno, vamos al grano;

Actualmente tengo configurado los DNS, sin embargo tengo las dudas si son las correctas (motivo a que visualizo demora en la carga de la misma pagina www.google.com); comparto y agradeceré si me ayudan con la corrección.

Mi infraestructura es la siguiente:




Configuracion de DNS en el mikrotik




y en el Thunder Reporte 1.0, es el siguiente:

Squid.conf
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 192.168.10.1
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------


Ajustes - DNS

search proxy.routero-os.com
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4


De antemano agradesco, vuestro apoyo.

ingjaab

pero el thunder sale 192.168.10.2 mmmm si pones 192.168.2.2 tinees que cambiar la ip
Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

delfpc

claro, en squid.conf tengo la siguiente confiiguracion

#----------------------------------------------------------------------
#Redireccionamiento Thunder - REGEx
#----------------------------------------------------------------------
acl thunder_lst url_regex -i "/etc/thunder/thunder.lst"
cache deny thunder_lst
cache_peer 192.168.2.2 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.2.2 allow thunder_lst
cache_peer_access 192.168.2.2 deny all
#----------------------------------------------------------------------

ingjaab

Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

roxdng

si tienes cachedns en mkt apunta los dns de squid y tc a la interfaz del mkt que esta haciendo de gateway

delfpc

interface del thunder

This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.2.1
dns-search alpamayo.tk

ingjaab

mmmmmmmm manda una imagen esta activo los dos o te sale offline
Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

delfpc

gracias ingjaab, por la ayuda; debo manifestarte que hay cache y hits; pero en algunos momentos se pone lento y eso que solo tengo una carga de 30 pcs (soy cabinero), es por ello mi duda en la configuración de los DNS, aunque tambien lo probé en horas que no tengo cliente y efectivamente demora en ubicar la paginas webs.

aqui viene la foto del thunder report




roxdng

tu procesador esta un poco justo, como andas de memoria?

pon una imagen de ajustes dns.

delfpc

gracias por la atención roxdng, ........ la configuración de los DNS en el thunder report esta lineas arriba, sin embargo, adjunto la foto ...



roxdng

Debes quitar 127.0.0.1
Abajo debes apuntar los dns que usas en mkt

Haz una prueba en windows con con ipconfig/all
Y pega la dns que te muestra windows

delfpc

esto arroja en windows



entonces según la recomendación quedando así:

search proxy.routero-os.com
nameserver 192.168.10.1


ingjaab

resta muy regusto ve , ram mimino 4g saludos y poco disco
Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

delfpc

el disco duro es de 2TB y la memoria de 8 Gb; asimismo se aprecia el disco duro solo tiene 1% de uso y la memoria solo el 5%; segun thunder report 1.0,



y sigo agradeciendo por sus apoyo

ingjaab

Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

roxdng

Cita de: ingjaab en Noviembre 06, 2012, 01:27:45 PM
vamos al marcado mangle  8) ???

Y el marcado que tiene que ver con los dns ?

luistec

Si se esta utilizando el DNS caché del mikrotik lo ideal seria desactivar el del thunder, esto se hace solo quitando la linea
nameserver 127.0.0.1
En los ajustes del DNS (/etc/resolv.conf).

Saludos.

ingjaab

Cita de: roxdng en Noviembre 06, 2012, 02:12:31 PM
Y el marcado que tiene que ver con los dns ?
es que tiene lentitud en las paginas , el cree que son los dns , yo el marcado por eso que mande su marcado desde filter rules hasta , mangle , lo mas seguro que tiene algo bloqueado las conexiones
Mueres siendo un héroe, o vives lo suficiente para convertirte en villano

delfpc

RB750

filter Rules
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0   ;;; servidores valve
    chain=forward action=accept protocol=udp dst-port=27015-27150,28123,28092

1   ;;; valve tcp
    chain=forward action=accept protocol=tcp dst-port=27015-27045

2   ;;; tcp rakion aceppt
    chain=forward action=accept protocol=tcp dst-port=58006,58004,58008

3   ;;; accept rakion
    chain=forward action=accept protocol=udp dst-port=40702-40738,27782,14732,30702,58006

4   chain=forward action=drop protocol=tcp dst-port=56000-59000

5   chain=forward action=drop protocol=udp dst-port=10000-27000,27151-30000,57074


mangle

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; pc-delfin sin balanced
    chain=prerouting action=accept src-address=192.168.10.27

1   ;;; Dota sin Balanced
    chain=prerouting action=accept protocol=tcp in-interface=Local dst-port=6003-6299,18598,18597,18599

2   ;;; Dota sin Balanced udp
    chain=prerouting action=accept protocol=udp in-interface=Local dst-port=6003-6299,18598

3   ;;; Trafico wow
    chain=prerouting action=mark-routing new-routing-mark=trafico_wow passthrough=no protocol=tcp in-interface=Local dst-port=8085-8187

4   ;;; Sin Balanced HTTP
    chain=prerouting action=mark-routing new-routing-mark=trafico_http passthrough=no protocol=tcp dst-port=80

5   ;;; Trafico 443
    chain=prerouting action=mark-routing new-routing-mark=trafico_443 passthrough=no protocol=tcp dst-port=443

6 X ;;; Dota 2 sin Balanced
    chain=prerouting action=accept protocol=udp in-interface=Local dst-port=27015-27150,28123

7   ;;; Trafico SOFTNYX - tcp - line2
    chain=prerouting action=mark-routing new-routing-mark=trafico_softnyx passthrough=no protocol=tcp dst-port=40702-40738,2600

8   ;;; Trafico SOFTNYX - udp - line2
    chain=prerouting action=mark-routing new-routing-mark=trafico_softnyx passthrough=no protocol=udp dst-port=40702,27782,14732,30702

9 X ;;; Trafico SOFTNYX - udp
    chain=prerouting action=mark-routing new-routing-mark=trafico_unknow passthrough=yes

10   ;;; ****Inicio de Balanceo*****
    chain=prerouting action=mark-connection new-connection-mark=pppoe-out1_conn passthrough=yes connection-state=new in-interface=pppoe-out1

11   chain=prerouting action=mark-connection new-connection-mark=pppoe-out2_conn passthrough=yes connection-state=new in-interface=pppoe-out2

12   chain=output action=mark-routing new-routing-mark=to_pppoe-out1 passthrough=yes connection-mark=pppoe-out1_conn

13   chain=output action=mark-routing new-routing-mark=to_pppoe-out2 passthrough=yes connection-mark=pppoe-out2_conn

14   chain=prerouting action=mark-connection new-connection-mark=pppoe-out1_conn passthrough=yes connection-state=new dst-address-type=!local in-interface=Local
    per-connection-classifier=both-addresses:2/0

15   chain=prerouting action=mark-connection new-connection-mark=pppoe-out2_conn passthrough=yes connection-state=new dst-address-type=!local in-interface=Local
    per-connection-classifier=both-addresses:2/1

16   chain=prerouting action=mark-routing new-routing-mark=to_pppoe-out1 passthrough=yes in-interface=Local connection-mark=pppoe-out1_conn

17   chain=prerouting action=mark-routing new-routing-mark=to_pppoe-out2 passthrough=yes in-interface=Local connection-mark=pppoe-out2_conn


nat

Flags: X - disabled, I - invalid, D - dynamic
0   chain=srcnat action=masquerade src-address=192.168.8.0/24 out-interface=pppoe-out1

1   chain=srcnat action=masquerade src-address=192.168.8.0/24 out-interface=pppoe-out2

2   ;;; Redireccin para Dota
    chain=dstnat action=dst-nat to-addresses=192.168.8.100 to-ports=6000-6299 protocol=tcp dst-address=190.41.79.101 dst-port=6000-6299

3   ;;; Loop Back - Dota
    chain=srcnat action=src-nat to-addresses=192.168.8.1 to-ports=6000-6299 protocol=tcp dst-address=192.168.8.100 dst-port=6000-6299

delfpc

PC - ADMINISTRADOR - MK

Filter

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0   ;;; Acepta thunder 3.1.x
     chain=forward action=accept src-address=192.168.2.0/30

1   chain=forward action=drop protocol=tcp src-address=192.168.10.30 dst-port=58941

2   ;;; Bloqueo puerto 21,22,23
     chain=forward action=drop protocol=tcp in-interface=WAN dst-port=21,22,23

3   ;;; Bloqueo Externo Thunder
     chain=forward action=drop protocol=tcp in-interface=WAN dst-port=3128,8080


nat

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   chain=srcnat action=masquerade out-interface=WAN

1   ;;; Paso sin proxy - Pando Audition
     chain=dstnat action=accept protocol=tcp dst-address-list=pando dst-port=80

2   ;;; no pasar por Thunder
     chain=dstnat action=accept protocol=tcp dst-address-list=no-cache dst-port=80

3 X ;;; Paso sin proxy - 10.27
     chain=dstnat action=accept protocol=tcp src-address=192.168.10.30 dst-port=80

4   ;;; Redirect Thunder 3.1.x
     chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp src-address=!192.168.2.2 dst-port=80

5   ;;; SSH
     chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=22 protocol=tcp dst-address=192.168.8.100 dst-port=22

6   ;;; radmin
     chain=dstnat action=dst-nat to-addresses=192.168.10.30 to-ports=4890 protocol=tcp dst-address=192.168.8.100 dst-port=4890

7   ;;; Dota
     chain=dstnat action=dst-nat to-addresses=192.168.10.50 to-ports=6103 protocol=tcp dst-address=192.168.8.100 dst-port=6103

8   chain=dstnat action=dst-nat to-addresses=192.168.10.2 to-ports=6104 protocol=tcp dst-address=192.168.8.100 dst-port=6104

9   chain=dstnat action=dst-nat to-addresses=192.168.10.10 to-ports=6112 protocol=tcp dst-address=192.168.8.100 dst-port=6112

10   chain=dstnat action=dst-nat to-addresses=192.168.10.11 to-ports=6113 protocol=tcp dst-address=192.168.8.100 dst-port=6113

11   chain=dstnat action=dst-nat to-addresses=192.168.10.12 to-ports=6114 protocol=tcp dst-address=192.168.8.100 dst-port=6114

12   chain=dstnat action=dst-nat to-addresses=192.168.10.13 to-ports=6115 protocol=tcp dst-address=192.168.8.100 dst-port=6115

13   chain=dstnat action=dst-nat to-addresses=192.168.10.14 to-ports=6116 protocol=tcp dst-address=192.168.8.100 dst-port=6116

14   chain=dstnat action=dst-nat to-addresses=192.168.10.15 to-ports=6117 protocol=tcp dst-address=192.168.8.100 dst-port=6117

15   chain=dstnat action=dst-nat to-addresses=192.168.10.16 to-ports=6118 protocol=tcp dst-address=192.168.8.100 dst-port=6118

16   chain=dstnat action=dst-nat to-addresses=192.168.10.17 to-ports=6119 protocol=tcp dst-address=192.168.8.100 dst-port=6119

17   chain=dstnat action=dst-nat to-addresses=192.168.10.18 to-ports=6120 protocol=tcp dst-address=192.168.8.100 dst-port=6120

18   chain=dstnat action=dst-nat to-addresses=192.168.10.19 to-ports=6121 protocol=tcp dst-address=192.168.8.100 dst-port=6121

19   chain=dstnat action=dst-nat to-addresses=192.168.10.20 to-ports=6122 protocol=tcp dst-address=192.168.8.100 dst-port=6122

20   chain=dstnat action=dst-nat to-addresses=192.168.10.21 to-ports=6123 protocol=tcp dst-address=192.168.8.100 dst-port=6123

21   chain=dstnat action=dst-nat to-addresses=192.168.10.22 to-ports=6124 protocol=tcp dst-address=192.168.8.100 dst-port=6124

22   chain=dstnat action=dst-nat to-addresses=192.168.10.23 to-ports=6125 protocol=tcp dst-address=192.168.8.100 dst-port=6125

23   chain=dstnat action=dst-nat to-addresses=192.168.10.24 to-ports=6126 protocol=tcp dst-address=192.168.8.100 dst-port=6126

24   chain=dstnat action=dst-nat to-addresses=192.168.10.25 to-ports=6127 protocol=tcp dst-address=192.168.8.100 dst-port=6127

25   chain=dstnat action=dst-nat to-addresses=192.168.10.30 to-ports=6130 protocol=tcp dst-address=192.168.8.100 dst-port=6130

26   chain=dstnat action=dst-nat to-addresses=192.168.10.27 to-ports=6129 protocol=tcp dst-address=192.168.8.100 dst-port=6129

27   ;;; Ghost Proxy
     chain=dstnat action=dst-nat to-addresses=192.168.10.27 to-ports=6131 protocol=tcp dst-address=192.168.8.100 dst-port=6131

28   ;;; Dota GHost
     chain=dstnat action=dst-nat to-addresses=192.168.10.27 to-ports=6000 protocol=tcp dst-address=192.168.8.100 dst-port=6000

29   ;;; control ciber
     chain=dstnat action=dst-nat to-addresses=192.168.10.30 to-ports=4891 protocol=tcp dst-address=192.168.8.100 dst-port=4891


mangle

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0   ;;; Game WoW =====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=wow-connection passthrough=yes protocol=tcp dst-port=8085-8187

1   chain=postrouting action=mark-packet new-packet-mark=wow-packs passthrough=yes connection-mark=wow-connection

2 X ;;; Web Local =====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=web-connection passthrough=yes protocol=tcp src-address=192.168.10.0/24 dst-address=192.168.2.2 dst-port=80
     content=!X-Cache: HIT from Thunder dscp=!12

3 X chain=postrouting action=mark-packet new-packet-mark=web-packs passthrough=yes connection-mark=web-connection

4 X ;;; Game Sc =====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=sc-connection passthrough=yes protocol=udp dst-port=6112

5 X chain=postrouting action=mark-packet new-packet-mark=sc-packs passthrough=yes connection-mark=sc-connection

6   ;;; Game Dota =====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=dota-connection passthrough=yes protocol=tcp dst-port=6000-6299

7   chain=postrouting action=mark-packet new-packet-mark=dota-packs passthrough=yes connection-mark=dota-connection

8   ;;; Game Maple =====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=maple-connection passthrough=yes protocol=tcp dst-port=8585

9   chain=postrouting action=mark-packet new-packet-mark=maple-packs passthrough=yes connection-mark=maple-connection

10   ;;; THUNDER CACHE FULL(TC 3.1.x) ======================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=thunder-connection passthrough=yes protocol=tcp src-address=192.168.2.2 content=X-Cache: HIT from Thunder

11   chain=postrouting action=mark-packet new-packet-mark=thunder-packs passthrough=yes connection-mark=thunder-connection

12   ;;; (TC 3.1.x)=====================================================================================================================
     chain=postrouting action=mark-connection new-connection-mark=proxy-hits passthrough=yes protocol=tcp src-address=192.168.2.2 content=X-Cache: HIT from proxy.routero-os.com

13   chain=postrouting action=mark-packet new-packet-mark=proxy-squid passthrough=yes connection-mark=proxy-hits