Skip to forum content

Komunitas Indonesia Open Source

You are not logged in. Please login or register.

Active topics Unanswered topics

Mikrotik + Proxy ( Bebas, Distro apa ajja)

Komunitas Indonesia Open Source → Warnet → Mikrotik + Proxy ( Bebas, Distro apa ajja)

Pages 1

You must login or register to post a reply

Posts: 9

1 Topic by eenpahlefi 23-07-2012 15:38:37

eenpahlefi
2 dB
Offline

Registered: 21-01-2011
Posts: 46

Topic: Mikrotik + Proxy ( Bebas, Distro apa ajja)

Assalamualaikum Wr.wb

Disini saya ingin share, setting mikrotik buat warnet dengan fitur layer7 + PCC + Connection Byte, dan limit youtube,

Langsung aja yah ke praktek..

Maaf akang - akang yang senior, rule nya tak bocorin ama para newbi, hehe

Trus yang di bawah ada tambahan, setting buat proxy nya ipfire,
Ipfire adalah distro baru, lanjutan dari ipcop, cuma beda deplover, dan dia pke kernel Monolithic Kernel, sangat ringan menurut saya, bahkan router sejenis ClearOs, dan ubuntu pun, menurut saya kalah ringan ama dia, hhe,, maaf kalo disini ada yang master ubuntu
hikz..

TOPOLOGO NYA NIH...

MODE PPOE CLIENT (MIKROTIK)

IP ADDRESS :: 192.168.1.1/24 (LAN)

IP ADDRESS :: 192.168.2.2/24 (MODEM)

IP ADDRESS :: 192.168.90.1/24 (SQUID)

MODEM MODE BRIDGE

IP ADDRESS :: 192.168.2.1 ( IP MODEM ADSL ENTE, HEHE)

NAT MIKROTIK

chain=srcnat action=masquerade

out-interface=speedy1

REDIRECT CLIENT TO PROXY

chain=dstnat action=dst-nat

to-addresses=192.168.90.2 to-ports=3128

protocol=tcp src-address=192.168.1.0/24

dst-port=80,8080

MASQUERADE PROXY (TAMBAHAN, BIASANYA KALO PKE CLEAR OS, CLIENT GK BISA BROWSING, COBA TAMBAHIN RULE ITU, SAYA KEMARIN SUKSES, HEHE)

chain=srcnat action=masquerade

out-interface=squid

DNS RESOLVER

chain=dstnat action=dst-nat

to-addresses=192.168.90.2 to-ports=3128

protocol=tcp src-address=192.168.1.0/24

dst-port=80,8080

chain=dstnat action=redirect to-ports=53

protocol=tcp dst-port=53

LAYER7

Name : Konten

^.*get.+\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*$

Name : Youtube

^.*get.+.c.youtube.com.*$

DSCP TOSS PRIORITAS ZPH HIT, HARUS PALING ATAS, HAHAHAHAHA

chain=prerouting action=mark-packet new-packet-mark=paket-HIT

passthrough=no in-interface=Squid dscp=12

chain=forward action=mark-packet new-packet-mark=paket-HIT passthrough=no

in-interface=Squid dscp=12

Point Blank

chain=game action=mark-connection new-connection-mark=Game

passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=tcp dst-address=203.89.146.0/23 dst-port=39100

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=tcp dst-address=203.89.146.0/23 dst-port=39110

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=tcp dst-address=203.89.146.0/23 dst-port=39220

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=tcp dst-address=203.89.146.0/23 dst-port=39190

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=tcp dst-address=203.89.146.0/23 dst-port=49100

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>

protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010

Ayodance

chain=game action=mark-connection new-connection-mark=Game

passthrough=yes protocol=tcp dst-port=18901-18909

Atlantica

chain=game action=mark-connection new-connection-mark=Game

passthrough=yes protocol=tcp dst-address=203.89.147.0/24 dst-port=4300

LOSS SAGA

chain=game action=mark-connection new-connection-mark=Game

passthrough=yes protocol=udp dst-port=14000-14132

Packet Game Online

chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no

connection-mark=Game

Poker

chain=forward action=mark-connection new-connection-mark=Poker_con

passthrough=yes protocol=tcp content=statics.poker.static.zynga.com

chain=forward action=mark-connection new-connection-mark=Poker_con

passthrough=yes protocol=tcp dst-port=9339

chain=forward action=mark-connection new-connection-mark=Poker_con

passthrough=yes protocol=tcp dst-port=843

chain=forward action=mark-packet new-packet-mark=Poker passthrough=no

connection-mark=Poker_con

UPLOAD

chain=prerouting action=mark-packet new-packet-mark=Upload

passthrough=no protocol=tcp src-address=192.168.1.0/24 in-interface=Lan

Youtube

chain=forward action=mark-connection new-connection-mark=youtube

passthrough=yes protocol=tcp layer7-protocol=youtube in-interface=Squid

out-interface=speedy1

chain=forward action=mark-packet new-packet-mark=linit-youtube

passthrough=no connection-mark=youtube

LIMIT DOWNLOAD Proxy

chain=forward action=mark-connection new-connection-mark=Download_pr

passthrough=yes layer7-protocol=kontens in-interface=Squid

out-interface=speedy1

chain=forward action=mark-packet new-packet-mark=Download_prx

passthrough=no connection-mark=Download_pr

Browse

chain=forward action=mark-connection new-connection-mark=Browse-Proxy

passthrough=yes protocol=tcp in-interface=Squid out-interface=speedy1

packet-mark=!linit-youtube connection-mark=!Download_pr

chain=forward action=mark-packet new-packet-mark=Browse_prx passthrough=n>

connection-mark=Browse-Proxy

LIMIT DOWNLOAD

chain=forward action=mark-connection new-connection-mark=Download

passthrough=yes protocol=tcp in-interface=speedy1 out-interface=Lan

packet-mark=!Game_pkt connection-mark=!Poker_con

connection-bytes=155000-4294967295

chain=forward action=mark-packet new-packet-mark=Download_pkt

passthrough=no packet-mark=!Game_pk connection-mark=Download

QUEUE TYPE

name="Download" kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address

pcq-total-limit=2000

name="Game" kind=pcq pcq-rate=0 pcq-limit=50

pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

name="Upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address

pcq-total-limit=2000

name="Proxy" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=dst-address

pcq-total-limit=2000

name="Lan" kind=pcq pcq-rate=1024000 pcq-limit=50 pcq-classifier=dst-address

pcq-total-limit=2000

QUEUE SIMPLE HIT

name="paket-HIT" dst-address=0.0.0.0/0 interface=all parent=none

packet-marks=paket-HIT direction=both priority=1 queue=default-small/default-small

limit-at=1G/1G max-limit=1G/1G burst-limit=0/0 burst-threshold=0/0

burst-time=0s/0s total-queue=default-small

QUEUE TREE

name="Main_Browse" parent=global-out limit-at=0 priority=8 max-limit=1M burst-limit=>

burst-threshold=0 burst-time=0s

name="Youtube" parent=Main_Browse packet-mark=linit-youtube limit-at=0 queue=default

priority=8 max-limit=5k burst-limit=0 burst-threshold=0 burst-time=0s

name="Download_Proxy" parent=Main_Browse packet-mark=Download_prx limit-at=0

queue=Proxy priority=5 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

name="Limit_Browsing" parent=Main_Browse packet-mark=Browse_prx limit-at=0

queue=default priority=3 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s

====MAIN BROWSE 1 PARENT, ANAK NYA YOUTUBE, DOWNLOAD PROXY, LIMIT BROWSING====

(GAME)

name="Game" parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=>

max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

(POKER)

name="Poker" parent=global-out packet-mark=Poker limit-at=0 queue=Game priority=3

max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

(UPLOAD)

name="Main-Upload" parent=global-in limit-at=0 priority=8 max-limit=256k

burst-limit=0 burst-threshold=0 burst-time=0s

name="Upload" parent=Main-Upload packet-mark=Upload limit-at=0 queue=Upload

priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

====MAIN UPLOAD 1 PARENT, ANAK NYA UPLOAD====

(DOWNLOAD-LAN)

name="Download-Lan" parent=global-out packet-mark=Download_pkt limit-at=0

queue=Download priority=8 max-limit=256k burst-limit=0 burst-threshold=0

burst-time=0s

MIKROTIK + IPFIRE SETTINGAN DUDULZMIKROTIK INTERFACE

IP ADDRESS : 192.168.2.1/24 ( WAN)

IP ADDRESS : 192.168.1.1/24 (LAN)

IP ADDRESS : 192.168. 88.1/24 (PROXYGREEN)

IP ADDRESS : 192.168.90.1/24 (SQUID/RED)PROXY CPU INTERFACE

IP ADDRESS : 192.168.88.2 (GREEN)

IP ADDRESS : 192.168.90.2 (RED)WEB CONFIG : https://192.168.88.2:444/cgi-bin/index.cgiSSH SERVER AKTIFKAN

Enabled on Green: Proxy port: Transparent on Green: PORT 3128Network based access control = isi dengan 192.168.1.0/24

192.168.88.0/24

eenpahlefi's Website

2 Reply by ervin 26-08-2012 13:06:35

ervin
No Signal
Offline

Registered: 26-08-2012
Posts: 4

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

aslm. para master, mohon pencerahanya dong...5 hari 6 malam opreck MT+SQUID g berhasil juga... squid ubuntu lusca
kaya gini terus....@newbie

1345948729.567 0 127.0.0.1 TCP_MISS/200 2829 GET cache_object://localhost/i
nfo - NONE/- text/plain
1345953399.273 0 127.0.0.1 TCP_MISS/200 2829 GET cache_object://localhost/i
nfo - NONE/- text/plain

root@proxy:~# squid -N -d 1 -D
2012/08/26 12:05:44| parseConfigFile: squid.conf:1 unrecognized: ' #-----------------------------------------------------#'
2012/08/26 12:05:44| Squid is already running! Process ID 1010

ni squid.conf...copas sana sini
#-----------------------------------------------------#
# LUSCA - High Performance Configuration #
#-----------------------------------------------------#
# updated by cikal #
# Updated: 22.05.2012 #
#-----------------------------------------------------#

http_port 3128 transparent
cache_mem 8 MB
server_http11 on #gunakan ini untuk internal proxy
icp_port 0 #gunakan ini jika bukan untuk internal proxy

pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
mime_table /usr/share/squid/mime.conf
ipcache_size 256
ipcache_low 98
ipcache_high 99
fqdncache_size 256

maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
maximum_object_size 256 MB
cache_swap_low 98%
cache_swap_high 99%
cache_dir aufs /cache 200000 64 256
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_log /dev/null
cache_store_log /dev/null
redirect_rewrites_host_header off
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl dynamic urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0
acl network src 192.168.0.0/24
acl network src 192.168.1.0/24

http_access allow manager
http_access allow localhost
http_access allow network
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
http_gzip on
http_gzip_types text/plain,text/html,text/xml,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

#Dynamic Contain
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex (khm|mt)[0-9]?.google.com
acl store_rewrite_list_domain_CDN url_regex photos-[a-z].ak.fbcdn.net
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$
acl store_rewrite_list_domain_CDN url_regex (khm|mt)[0-9]?.google.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex streamate.doublepimp.com.*\.js\? \.doubleclick\.net.* yieldmanager cpxinteractive quantserve\.com

acl dontrewrite url_regex yimg.com redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\? threadless.*\.jpg\?r=
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod

storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain store_rewrite_list_path
storeurl_access deny all
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 99

max_stale 10 years
acl QUERY urlpath_regex -i \.(ini|ui|lst|inf|pak|ver|patch)$
acl QUERY urlpath_regex -i (dat.asp|afs.dat|notice.swf|patchlist.txt|hackshield|captcha|reset.css|update.ver|notice.html|updates.txt|gamenotice)
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320
refresh_pattern ^http://www.google.com/.* 720 100% 4320
refresh_pattern ^http://*.aqworlds.*/.* 720 100% 4320
refresh_pattern ^http://*.games.* 720 100% 4320#speedtest
#refresh_pattern .speedtest.* 0 60% 10 negative-ttl=0
refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js) 0 50% 180 store-stale negative-ttl=0

refresh_pattern ^http://www.bekas.com/.* 720 100% 4320
refresh_pattern ^http://www.sisminbakum.com/.* 720 100% 4320
refresh_pattern ^http://www.glodokshop.com/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://photo-*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.mynicespace.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.ripway.*/.* 720 100% 4320
refresh_pattern ^http://*.kewlshare.*/.* 720 100% 4320
refresh_pattern ^http://*.chiboik.*/.* 720 100% 4320
refresh_pattern ^http://*.mylovelygirl.*/.* 720 100% 4320
refresh_pattern ^http://*.homebsd.*/.* 720 100% 4320
refresh_pattern ^http://*.ripway.*/.* 720 100% 4320
refresh_pattern ^http://*.photobucket.*/.* 720 100% 4320
refresh_pattern ^http://*.imageshack.*/.* 720 100% 4320
refresh_pattern ^http://*.youtube.*/.* 720 100% 4320
refresh_pattern ^http://*.slide.*/.* 720 100% 4320
refresh_pattern ^http://*.rockyou.*/.* 720 100% 4320
refresh_pattern ^http://*.myspace.*/.* 720 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.profiles.friendster.*/.* 10080 100% 4320
refresh_pattern ^http://*.divine-music.*/.* 100800 100% 4320
refresh_pattern ^http://*.*.id/.* 720 100% 4320
refresh_pattern ^http://*.imageshack.*/.* 100800 100% 4320
refresh_pattern ^http://*.photobucket.*/.* 100800 100% 4320
refresh_pattern ^http://*.gemscool.*/.* 720 100% 4320
refresh_pattern ^ftp:// 30 50% 86400
refresh_pattern -i youtube.com/.* 10080 90% 43200
refresh_pattern (/cgi-bin/|\?) 0 0% 0
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
strip_query_terms off
fqdncache_size 4096
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 95
shutdown_lifetime 10 seconds
memory_pools off
buffered_logs off
log_icp_queries off
logfile_rotate 1
log_fqdn off
forwarded_for off
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 2 minutes
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_page_fault_warning 2
nonhierarchical_direct on
prefer_direct off
cache_mgr kepsuktv
cache_effective_user proxy
cache_effective_group proxy
visible_hostname SpeedProxy
unique_hostname MyHigh-Proxy
cachemgr_passwd none all
client_db on
max_filedescriptors 8192
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on

# TAG: ZPH
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

dan gmn redirrect bener mas..karna dah coba2 pi g nge-hit juga (g tau apa salahnya)..jika berkenan mohon referensi ttg squid lusca yg cocok buat newbie...heeeeee

MOHON SHARENYA PARA MASTER

3 Reply by lupasaya06 13-09-2012 09:36:14

lupasaya06
No Signal
Offline

Registered: 13-09-2012
Posts: 6

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

thks infonya

grosir pakaian anak - pakaian anak branded

4 Reply by zb-net 08-11-2012 21:11:31

zb-net
No Signal
Offline

Registered: 22-02-2012
Posts: 2

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

terimakasih bang... share ilmumya bermanfaat

saya instal ipcop proxy lusca+rb750..bisakah setingan ini di terapkan?...

5 Reply by pembolang 30-11-2012 16:05:29

pembolang
2 dB
Offline

From: sukabumi
Registered: 30-11-2012
Posts: 10

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

asyik dapet ilmu lagi....,,wah musti banyak belajar neh
ane masih nuebie mohon bimbingan semuanya

download software gratis
downlaod film gratis
chord gitar terbaru
cibadak cyber

pembolang's Website

6 Reply by mazzalee 05-04-2013 09:05:32

mazzalee
No Signal
Offline

Registered: 28-04-2011
Posts: 8

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

topologinya gimana itu boss ?!?

begini :

MODEM ===> MIKROTIK ===> PROXY ===> CLIENT

ato begini :

MODEM ===> MIKROTIK ===> CLIENT
|
|
PROXY

aku mau buat topologi yang kedua, dengan setting mikrotik seperti ini :

interface set 0 name=ether1 comment="MODEM"
interface set 1 name=ether2 comment="CLIENT"
interface set 2 name=ether3 comment="IPCOP"

ip route add gateway=192.168.0.1

ip dns set servers=8.8.8.8,8.8.4.4 allow-remoterequests=yes

ip firewall nat add action=masquerade out-interface=ether1 chain=srcnat

ping dari client ==> Mikrotik : Reply
ping dari client ==> modem : Reply
ping dari mikrotik ==> IPCop (Green) : Timed out

tapi jika topologi seperti ini :

MODEM ===> IPCOP ===> CLIENT

dia lancar jaya.

dimana itu boss letak kesalahannya ?!?

7 Reply by mazzalee 19-04-2013 21:28:14

mazzalee
No Signal
Offline

Registered: 28-04-2011
Posts: 8

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

eenpahlefi wrote:

Assalamualaikum Wr.wb
Disini saya ingin share, setting mikrotik buat warnet dengan fitur layer7 + PCC + Connection Byte, dan limit youtube,
Langsung aja yah ke praktek..
Maaf akang - akang yang senior, rule nya tak bocorin ama para newbi, hehe
Trus yang di bawah ada tambahan, setting buat proxy nya ipfire,
Ipfire adalah distro baru, lanjutan dari ipcop, cuma beda deplover, dan dia pke kernel Monolithic Kernel, sangat ringan menurut saya, bahkan router sejenis ClearOs, dan ubuntu pun, menurut saya kalah ringan ama dia, hhe,, maaf kalo disini ada yang master ubuntu
hikz..

TOPOLOGO NYA NIH...

MODE PPOE CLIENT (MIKROTIK)
IP ADDRESS :: 192.168.1.1/24 (LAN)
IP ADDRESS :: 192.168.2.2/24 (MODEM)
IP ADDRESS :: 192.168.90.1/24 (SQUID)

MODEM MODE BRIDGE
IP ADDRESS :: 192.168.2.1 ( IP MODEM ADSL ENTE, HEHE)

NAT MIKROTIK

chain=srcnat action=masquerade
out-interface=speedy1

REDIRECT CLIENT TO PROXY

chain=dstnat action=dst-nat
to-addresses=192.168.90.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24
dst-port=80,8080

MASQUERADE PROXY (TAMBAHAN, BIASANYA KALO PKE CLEAR OS, CLIENT GK BISA BROWSING, COBA TAMBAHIN RULE ITU, SAYA KEMARIN SUKSES, HEHE)

chain=srcnat action=masquerade
out-interface=squid

DNS RESOLVER

chain=dstnat action=dst-nat
to-addresses=192.168.90.2 to-ports=3128
protocol=tcp src-address=192.168.1.0/24
dst-port=80,8080

chain=dstnat action=redirect to-ports=53
protocol=tcp dst-port=53

LAYER7
Name : Konten

^.*get.+\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*$

Name : Youtube
^.*get.+.c.youtube.com.*$

DSCP TOSS PRIORITAS ZPH HIT, HARUS PALING ATAS, HAHAHAHAHA
chain=prerouting action=mark-packet new-packet-mark=paket-HIT
passthrough=no in-interface=Squid dscp=12

chain=forward action=mark-packet new-packet-mark=paket-HIT passthrough=no
in-interface=Squid dscp=12

Point Blank
chain=game action=mark-connection new-connection-mark=Game
passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=tcp dst-address=203.89.146.0/23 dst-port=39100

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=tcp dst-address=203.89.146.0/23 dst-port=39110

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=tcp dst-address=203.89.146.0/23 dst-port=39220

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=tcp dst-address=203.89.146.0/23 dst-port=39190

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=tcp dst-address=203.89.146.0/23 dst-port=49100

chain=game action=mark-connection new-connection-mark=Game passthrough=ye>
protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010

Ayodance
chain=game action=mark-connection new-connection-mark=Game
passthrough=yes protocol=tcp dst-port=18901-18909

Atlantica
chain=game action=mark-connection new-connection-mark=Game
passthrough=yes protocol=tcp dst-address=203.89.147.0/24 dst-port=4300

LOSS SAGA
chain=game action=mark-connection new-connection-mark=Game
passthrough=yes protocol=udp dst-port=14000-14132

Packet Game Online
chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no
connection-mark=Game

Poker
chain=forward action=mark-connection new-connection-mark=Poker_con
passthrough=yes protocol=tcp content=statics.poker.static.zynga.com

chain=forward action=mark-connection new-connection-mark=Poker_con
passthrough=yes protocol=tcp dst-port=9339

chain=forward action=mark-connection new-connection-mark=Poker_con
passthrough=yes protocol=tcp dst-port=843

chain=forward action=mark-packet new-packet-mark=Poker passthrough=no
connection-mark=Poker_con

UPLOAD
chain=prerouting action=mark-packet new-packet-mark=Upload
passthrough=no protocol=tcp src-address=192.168.1.0/24 in-interface=Lan

Youtube
chain=forward action=mark-connection new-connection-mark=youtube
passthrough=yes protocol=tcp layer7-protocol=youtube in-interface=Squid
out-interface=speedy1

chain=forward action=mark-packet new-packet-mark=linit-youtube
passthrough=no connection-mark=youtube

LIMIT DOWNLOAD Proxy
chain=forward action=mark-connection new-connection-mark=Download_pr
passthrough=yes layer7-protocol=kontens in-interface=Squid
out-interface=speedy1

chain=forward action=mark-packet new-packet-mark=Download_prx
passthrough=no connection-mark=Download_pr

Browse
chain=forward action=mark-connection new-connection-mark=Browse-Proxy
passthrough=yes protocol=tcp in-interface=Squid out-interface=speedy1
packet-mark=!linit-youtube connection-mark=!Download_pr

chain=forward action=mark-packet new-packet-mark=Browse_prx passthrough=n>
connection-mark=Browse-Proxy

LIMIT DOWNLOAD
chain=forward action=mark-connection new-connection-mark=Download
passthrough=yes protocol=tcp in-interface=speedy1 out-interface=Lan
packet-mark=!Game_pkt connection-mark=!Poker_con
connection-bytes=155000-4294967295

chain=forward action=mark-packet new-packet-mark=Download_pkt
passthrough=no packet-mark=!Game_pk connection-mark=Download

QUEUE TYPE

name="Download" kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000

name="Game" kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

name="Upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address
pcq-total-limit=2000

name="Proxy" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000

name="Lan" kind=pcq pcq-rate=1024000 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000

QUEUE SIMPLE HIT

name="paket-HIT" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=paket-HIT direction=both priority=1 queue=default-small/default-small
limit-at=1G/1G max-limit=1G/1G burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default-small

QUEUE TREE

name="Main_Browse" parent=global-out limit-at=0 priority=8 max-limit=1M burst-limit=>
burst-threshold=0 burst-time=0s

name="Youtube" parent=Main_Browse packet-mark=linit-youtube limit-at=0 queue=default
priority=8 max-limit=5k burst-limit=0 burst-threshold=0 burst-time=0s

name="Download_Proxy" parent=Main_Browse packet-mark=Download_prx limit-at=0
queue=Proxy priority=5 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

name="Limit_Browsing" parent=Main_Browse packet-mark=Browse_prx limit-at=0
queue=default priority=3 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s

====MAIN BROWSE 1 PARENT, ANAK NYA YOUTUBE, DOWNLOAD PROXY, LIMIT BROWSING====

(GAME)
name="Game" parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=>
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

(POKER)
name="Poker" parent=global-out packet-mark=Poker limit-at=0 queue=Game priority=3
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

(UPLOAD)
name="Main-Upload" parent=global-in limit-at=0 priority=8 max-limit=256k
burst-limit=0 burst-threshold=0 burst-time=0s

name="Upload" parent=Main-Upload packet-mark=Upload limit-at=0 queue=Upload
priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

====MAIN UPLOAD 1 PARENT, ANAK NYA UPLOAD====

(DOWNLOAD-LAN)
name="Download-Lan" parent=global-out packet-mark=Download_pkt limit-at=0
queue=Download priority=8 max-limit=256k burst-limit=0 burst-threshold=0
burst-time=0s

MIKROTIK + IPFIRE SETTINGAN DUDULZMIKROTIK INTERFACE

IP ADDRESS : 192.168.2.1/24 ( WAN)
IP ADDRESS : 192.168.1.1/24 (LAN)
IP ADDRESS : 192.168. 88.1/24 (PROXYGREEN)
IP ADDRESS : 192.168.90.1/24 (SQUID/RED)PROXY CPU INTERFACE

IP ADDRESS : 192.168.88.2 (GREEN)
IP ADDRESS : 192.168.90.2 (RED)WEB CONFIG : https://192.168.88.2:444/cgi-bin/index.cgiSSH SERVER AKTIFKAN
Enabled on Green: Proxy port: Transparent on Green: PORT 3128Network based access control = isi dengan 192.168.1.0/24
192.168.88.0/24

koreksi dikit. sekedar meluruskan, karena bisa fatal jika salah penempatan kabel.
IP ADDRESS :: 192.168.90.1/24 (SQUID) harus nya 192.168.88.0 (GREEN). ether PROXY nyolok ke PCI green
thanks.

8 Reply by eenpahlefi 04-04-2014 00:45:49

eenpahlefi
2 dB
Offline

Registered: 21-01-2011
Posts: 46

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

pembolang wrote:

asyik dapet ilmu lagi....,,wah musti banyak belajar neh
ane masih nuebie mohon bimbingan semuanya

sama2 belajar gan..

eenpahlefi's Website

9 Reply by long123 24-08-2015 12:12:44

long123
4 dB
Offline

Registered: 05-06-2015
Posts: 51

Re: Mikrotik + Proxy ( Bebas, Distro apa ajja)

chain=dstnat action=dst-nat

to-addresses=192.168.90.2 to-ports=3128

protocol=tcp src-address=192.168.1.0/24

dst-port=80,8080

xiaomi mi3 review

Posts: 9

Pages 1

You must login or register to post a reply

Komunitas Indonesia Open Source → Warnet → Mikrotik + Proxy ( Bebas, Distro apa ajja)

Jump to forum:

Powered by PunBB, supported by Informer Technologies, Inc.