Controle de conexões simultâneas (Mikrotik)
Publicado; 30 \30\-03:00 agosto \30\-03:00 2007 Arquivado em: firewall, iptables, mikrotik 21 ComentáriosEstava vendo os últimos posts no forum under-linux.org, e vi uma solução bem bacana postada pelo AirKing (Glauber Mattar).
Ele criou um script de controle de conexões simultâneas para o mikrotik.
Para implementar no seu mikrotik, basta copiar o conteúdo e executar no terminal.
Vejam abaixo a solução:
/ip firewall mangle add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=21 \ action=mark-packet new-packet-mark=semlimite passthrough=yes \ comment="Marcando Pacotes Sem Limite Conexao" disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=22 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=23 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=25 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=53 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=80 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=110 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=443 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=8080 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no add chain=forward src-address=192.168.0.0/24 protocol=tcp dst-port=6891-6901 \ action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \ disabled=no /ip firewall filter add chain=forward src-address=192.168.0.0/24 protocol=tcp tcp-flags=syn \ packet-mark=!semlimite connection-limit=25,32 action=drop comment="Limitando \ numero conexoes simultaneas" disabled=no
OBS.: Não esqueça de alterar o IP conforme a sua necessidade.
Artigo reproduzido com a autorização do autor.
Source: Under-Linux.org Fórum – Limite de Conexoes – Metodo mais flexivel
[WISP]tik Guy 
Ola Luciano,
Parabéns pelo brilhante trabalho.
no caso do script acima, ele cria limites pra conexões simultâneas por porta ou não cria nada.
desculpe mas nao manjo muito do mikrotik
Abraço
Nesta modalidade é uma conexão por porta!
Mas eu estou desenvolvendo um script para marcar conexões por IP!
Ola eu notei que esse script ta com problema ele ploquea o msn e orkut..
Estarei verificando isso cara. Obrigado pela dica.
Gostaria de adquirir versao completa do Mikrotik, se for possivel conseguir isso agradeceria muito por isso
Basta acessar o site da Mikrotik e comprar via cartão internacional, ou comprar RB via revendedores… tem também o site do representante oficial no Brasil, Mikrotik Brasil.
[…] cache full [wiki] Soluo Definitiva Para O Cache-full – FrumWEB Limite de conexao por portas Controle de conexões simultâneas (Mikrotik) [WISP]tik Guy Firewall /ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop […]
Estou com problema no meu mikrotik, estou com 4 adsl e os download estou caido nao conclui o que devo fazer para corrigir este problema, valeu obrigado.
[…] conexoes simultaneas mikrotik 3.20 GA_googleFillSlot("300×250-forum-last"); Veja se ajuda ai, Controle de conexões simultâneas (Mikrotik) ou em Firewall -> New Firewall Rule -> Chain = Forward em Src Andress o Ip do cliente, […]
ta na mão ai galera é só ir no new terminal e digitar ip firewall filter e colar isso aqui lá troque os ip’s é claro e coloque quantas conexoes vcs querem
//////
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.50 connection-limit 60,32 comment 192.168.1.50
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.51 connection-limit 60,32 comment 192.168.1.51
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.52 connection-limit 60,32 comment 192.168.1.52
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.53 connection-limit 60,32 comment 192.168.1.53
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.54 connection-limit 60,32 comment 192.168.1.54
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.55 connection-limit 60,32 comment 192.168.1.55
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.56 connection-limit 60,32 comment 192.168.1.56
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.57 connection-limit 60,32 comment 192.168.1.57
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.58 connection-limit 60,32 comment 192.168.1.58
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.59 connection-limit 60,32 comment 192.168.1.59
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.60 connection-limit 60,32 comment 192.168.1.60
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.61 connection-limit 60,32 comment 192.168.1.61
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.62 connection-limit 60,32 comment 192.168.1.62
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.63 connection-limit 60,32 comment 192.168.1.63
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.64 connection-limit 60,32 comment 192.168.1.64
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.65 connection-limit 60,32 comment 192.168.1.65
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.66 connection-limit 60,32 comment 192.168.1.66
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.67 connection-limit 60,32 comment 192.168.1.67
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.68 connection-limit 60,32 comment 192.168.1.68
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.69 connection-limit 60,32 comment 192.168.1.69
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.70 connection-limit 60,32 comment 192.168.1.70
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.71 connection-limit 60,32 comment 192.168.1.71
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.72 connection-limit 60,32 comment 192.168.1.72
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.73 connection-limit 60,32 comment 192.168.1.73
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.74 connection-limit 60,32 comment 192.168.1.74
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.75 connection-limit 60,32 comment 192.168.1.75
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.76 connection-limit 60,32 comment 192.168.1.76
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.77 connection-limit 60,32 comment 192.168.1.77
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.78 connection-limit 60,32 comment 192.168.1.78
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.79 connection-limit 60,32 comment 192.168.1.79
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.80 connection-limit 60,32 comment 192.168.1.80
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.81 connection-limit 60,32 comment 192.168.1.81
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.82 connection-limit 60,32 comment 192.168.1.82
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.83 connection-limit 60,32 comment 192.168.1.83
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.84 connection-limit 60,32 comment 192.168.1.84
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.85 connection-limit 60,32 comment 192.168.1.85
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.86 connection-limit 60,32 comment 192.168.1.86
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.87 connection-limit 60,32 comment 192.168.1.87
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.88 connection-limit 60,32 comment 192.168.1.88
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.89 connection-limit 60,32 comment 192.168.1.89
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.90 connection-limit 60,32 comment 192.168.1.90
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.91 connection-limit 60,32 comment 192.168.1.91
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.92 connection-limit 60,32 comment 192.168.1.92
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.93 connection-limit 60,32 comment 192.168.1.93
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.94 connection-limit 60,32 comment 192.168.1.94
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.95 connection-limit 60,32 comment 192.168.1.95
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.96 connection-limit 60,32 comment 192.168.1.96
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.97 connection-limit 60,32 comment 192.168.1.97
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.98 connection-limit 60,32 comment 192.168.1.98
add chain forward action drop tcp-flags syn protocol tcp src-address 192.168.1.99 connection-limit 60,32 comment 192.168.1.99
Undeniably believe that which you stated. Your favourite justification seemed to be on the internet the simplest thing to
remember of. I say to you, I definitely get annoyed at the same
time as folks think about worries that they just do not recognise about.
You controlled to hit the nail upon the highest and also
defined out the whole thing without having
side effect , people could take a signal. Will
probably be back to get more. Thanks
Thanks to visit blog and contribute with your opinion.
hello!,I like your writing so much! proportion we be in contact extra approximately
your article on AOL? I need an expert on this area to solve
my problem. Maybe that’s you! Having a look forward to peer you.
We can talk about that. Send me a private email about: lucianosds @ gmail.com [remove the spaces around @ sign]
What’s up to all, as I am actually eager of reading this website’s post to be updated on a regular basis.
It includes good data.
I’d like to thank you for the efforts you have put in writing this website. I really hope to check out the same high-grade content by you later on as well. In fact, your creative writing abilities has encouraged me to get my own, personal blog now 😉
Hello my friend! I want to say that this article is amazing, great written and include approximately all important infos.
I would like to look extra posts like this .
I similar to the helpful information you supply within your articles.
I am going to bookmark your blog- and test once again here regularly.
I’m somewhat certain I will learn a lot of new stuff right here! All the best for the following!
Hey there! Do you use Twitter? I’d like to follow you if that would be okay. I’m absolutely enjoying your
blog and look forward to new updates.
Nice post. I study something tougher on completely different blogs everyday.
It’ll always be stimulating to learn content from different writers and apply just a little one thing at their store. I’d prefer make use of some with all the content within this little weblog whether you don’t mind. Natually I’ll supply you with a hyperlink on your own web blog. Nice one for sharing.
Hi I am so glad I found your site, I really found you by
accident, while I was browsing on Bing for something else,
Anyhow I am here now and would just like to say cheers for a incredible post and a all round thrilling
blog (I also love the theme/design), I don’t have time to go
through it all at the minute but I have saved it and also
added your RSS feeds, so when I have time I will be back to read a lot more, Please do keep
up the fantastic work.