Panduan setting MikroTik + External Web Proxy dengan ClearOS 5.2
– Buat Mangle (Keperluan Bandwidth Manager)
/ip firewall mangle add chain=postrouting content=”X-Cache: HIT” protocol=tcp action=mark-connection new-connection-mark=proxy_con comment=”PROXY-EXT” passthrough=yes ;
/ip firewall mangle add chain=postrouting connection-mark=proxy_con comment=”PROXY-EXT” action=mark-packet new-packet-mark=proxy-down passthrough=no ;
/ip firewall mangle add chain=prerouting src-address=192.168.0.200 in-interface=lan action=mark-packet new-packet-mark=billing-up comment=BILLING passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-browse connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-limit connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-game passthrough=no ;
:for i from=1 to=9 do={
/ip firewall mangle add chain=prerouting src-address=(“192.168.0.20″ . $i) in-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-up”) comment=(“PC” . $i ) passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-browse”) connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-limit”) connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-game”) passthrough=no ;
}
:for i from=10 to=40 do={
/ip firewall mangle add chain=prerouting src-address=(“192.168.0.2″ . $i) in-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-up”) comment=(“PC” . $i ) passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-browse”) connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-limit”) connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-game”) passthrough=no ;
}
/ip firewall mangle add chain=prerouting src-address=192.168.0.250 in-interface=lan action=mark-packet new-packet-mark=proxy-up comment=PROXY passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.250 out-interface=lan action=mark-packet new-packet-mark=proxy-down passthrough=no ;
/ip firewall mangle add chain=prerouting src-address=192.168.0.0/24 in-interface=lan action=mark-packet new-packet-mark=lan-up comment=LAN passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-browse connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-limit connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-game passthrough=no ;
– Bikin Queue (Simple Queue Bandwidth Manager)
/queue simple add name=proxy-up packet-marks=proxy-up ;
/queue simple add name=proxy-down packet-marks=proxy-down ;
/queue simple add name=billing-up packet-marks=billing-up max-limit=80000/80000 ;
/queue simple add name=billing-browse packet-marks=billing-browse max-limit=256000/256000 ;
/queue simple add name=billing-limit packet-marks=billing-limit max-limit=80000/80000 ;
/queue simple add name=billing-game packet-marks=billing-game max-limit=256000/256000 ;
:for i from=1 to=40 do={
/queue simple add name=(“pc” . $i . “-up”) packet-marks=(“pc” . $i . “-up”) max-limit=80000/80000 ;
/queue simple add name=(“pc” . $i . “-browse”) packet-marks=(“pc” . $i . “-browse”) max-limit=256000/256000 ;
/queue simple add name=(“pc” . $i . “-limit”) packet-marks=(“pc” . $i . “-limit”) max-limit=80000/80000 ;
/queue simple add name=(“pc” . $i . “-game”) packet-marks=(“pc” . $i . “-game”) max-limit=256000/256000 ;
}
/queue simple add name=lan-up packet-marks=lan-up max-limit=80000/80000 ;
/queue simple add name=lan-browse packet-marks=lan-browse max-limit=256000/256000 ;
/queue simple add name=lan-limit packet-marks=lan-limit max-limit=80000/80000 ;
/queue simple add name=lan-game packet-marks=lan-game max-limit=256000/256000 ;
– Bikin Nat (Redirect External Proxy)
/ip firewall nat add chain=dstnat src-address=!192.168.0.250 protocol=tcp dst-port=80-82 in-interface=lan action=dst-nat to-addresses=192.168.0.250 to-ports=3128
– Bikin Script cekproxy (Cek koneksi ke External Proxy)
:if ([/ping 192.168.0.250 count=1]=1) do={
/system script run proxy_on ;
} else={
/system script run proxy_off ;
}
– Bikin scheduller cekproxy
/system scheduller add name=cekproxy on-event=”/system script run cekproxy” interval=5s
– Bikin script proxy_off
:foreach i in=[/ip firewall nat find comment=proxy] do={
:if ([/ip firewall nat get $i disabled]=false) do={
/ip firewall nat set $i disabled=yes ;
}
– Bikin script proxy_on
:foreach i in [/ip firewall nat find comment=proxy] do={
:if ([/ip firewall nat get $i disabled]=true) do={
/ip firewall nat set $i disabled=no ;
}
}
– Setting ClearOS 5.2 Sebagai External Web Proxy
1. Instal sebagai Stand Alone – No Firewall
2. Setting LAN Card dengan Profile – External
3. Setting IP Address / Subnet sesuai dengan MikroTik
4. Setting Gateway dengan IP Address MikroTik
5. Edit file /etc/firewall sebagai akun root dengan command :
vi /etc/firewall (enter)
Ubah bagian :
SQUID_TRANSPARENT=”off”
menjadi : ..
SQUID_TRANSPARENT=”on”
6. Restart squid dengan command :
/etc/init.d/squid restart (enter)
– Buat Mangle (Keperluan Bandwidth Manager)
/ip firewall mangle add chain=postrouting content=”X-Cache: HIT” protocol=tcp action=mark-connection new-connection-mark=proxy_con comment=”PROXY-EXT” passthrough=yes ;
/ip firewall mangle add chain=postrouting connection-mark=proxy_con comment=”PROXY-EXT” action=mark-packet new-packet-mark=proxy-down passthrough=no ;
/ip firewall mangle add chain=prerouting src-address=192.168.0.200 in-interface=lan action=mark-packet new-packet-mark=billing-up comment=BILLING passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-browse connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-limit connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.200 out-interface=lan action=mark-packet new-packet-mark=billing-game passthrough=no ;
:for i from=1 to=9 do={
/ip firewall mangle add chain=prerouting src-address=(“192.168.0.20″ . $i) in-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-up”) comment=(“PC” . $i ) passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-browse”) connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-limit”) connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.20″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-game”) passthrough=no ;
}
:for i from=10 to=40 do={
/ip firewall mangle add chain=prerouting src-address=(“192.168.0.2″ . $i) in-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-up”) comment=(“PC” . $i ) passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-browse”) connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-limit”) connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=(“192.168.0.2″ . $i) out-interface=lan action=mark-packet new-packet-mark=(“pc” . $i . “-game”) passthrough=no ;
}
/ip firewall mangle add chain=prerouting src-address=192.168.0.250 in-interface=lan action=mark-packet new-packet-mark=proxy-up comment=PROXY passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.250 out-interface=lan action=mark-packet new-packet-mark=proxy-down passthrough=no ;
/ip firewall mangle add chain=prerouting src-address=192.168.0.0/24 in-interface=lan action=mark-packet new-packet-mark=lan-up comment=LAN passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-browse connection-bytes=0-250000 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-limit connection-bytes=250001-4294967295 protocol=tcp passthrough=no ;
/ip firewall mangle add chain=postrouting dst-address=192.168.0.0/24 out-interface=lan action=mark-packet new-packet-mark=lan-game passthrough=no ;
– Bikin Queue (Simple Queue Bandwidth Manager)
/queue simple add name=proxy-up packet-marks=proxy-up ;
/queue simple add name=proxy-down packet-marks=proxy-down ;
/queue simple add name=billing-up packet-marks=billing-up max-limit=80000/80000 ;
/queue simple add name=billing-browse packet-marks=billing-browse max-limit=256000/256000 ;
/queue simple add name=billing-limit packet-marks=billing-limit max-limit=80000/80000 ;
/queue simple add name=billing-game packet-marks=billing-game max-limit=256000/256000 ;
:for i from=1 to=40 do={
/queue simple add name=(“pc” . $i . “-up”) packet-marks=(“pc” . $i . “-up”) max-limit=80000/80000 ;
/queue simple add name=(“pc” . $i . “-browse”) packet-marks=(“pc” . $i . “-browse”) max-limit=256000/256000 ;
/queue simple add name=(“pc” . $i . “-limit”) packet-marks=(“pc” . $i . “-limit”) max-limit=80000/80000 ;
/queue simple add name=(“pc” . $i . “-game”) packet-marks=(“pc” . $i . “-game”) max-limit=256000/256000 ;
}
/queue simple add name=lan-up packet-marks=lan-up max-limit=80000/80000 ;
/queue simple add name=lan-browse packet-marks=lan-browse max-limit=256000/256000 ;
/queue simple add name=lan-limit packet-marks=lan-limit max-limit=80000/80000 ;
/queue simple add name=lan-game packet-marks=lan-game max-limit=256000/256000 ;
– Bikin Nat (Redirect External Proxy)
/ip firewall nat add chain=dstnat src-address=!192.168.0.250 protocol=tcp dst-port=80-82 in-interface=lan action=dst-nat to-addresses=192.168.0.250 to-ports=3128
– Bikin Script cekproxy (Cek koneksi ke External Proxy)
:if ([/ping 192.168.0.250 count=1]=1) do={
/system script run proxy_on ;
} else={
/system script run proxy_off ;
}
– Bikin scheduller cekproxy
/system scheduller add name=cekproxy on-event=”/system script run cekproxy” interval=5s
– Bikin script proxy_off
:foreach i in=[/ip firewall nat find comment=proxy] do={
:if ([/ip firewall nat get $i disabled]=false) do={
/ip firewall nat set $i disabled=yes ;
}
– Bikin script proxy_on
:foreach i in [/ip firewall nat find comment=proxy] do={
:if ([/ip firewall nat get $i disabled]=true) do={
/ip firewall nat set $i disabled=no ;
}
}
– Setting ClearOS 5.2 Sebagai External Web Proxy
1. Instal sebagai Stand Alone – No Firewall
2. Setting LAN Card dengan Profile – External
3. Setting IP Address / Subnet sesuai dengan MikroTik
4. Setting Gateway dengan IP Address MikroTik
5. Edit file /etc/firewall sebagai akun root dengan command :
vi /etc/firewall (enter)
Ubah bagian :
SQUID_TRANSPARENT=”off”
menjadi : ..
SQUID_TRANSPARENT=”on”
6. Restart squid dengan command :
/etc/init.d/squid restart (enter)
Posted by Unknown on Minggu, 04 Maret 2012 - Rating: 4.5
Title : Panduan setting MikroTik + External Web Proxy dengan ClearOS 5.2
Description : Panduan setting MikroTik + External Web Proxy dengan ClearOS 5.2 – Buat Mangle (Keperluan Bandwidth Manager) /ip firew...
Description : Panduan setting MikroTik + External Web Proxy dengan ClearOS 5.2 – Buat Mangle (Keperluan Bandwidth Manager) /ip firew...
0 Response to "Panduan setting MikroTik + External Web Proxy dengan ClearOS 5.2"
Posting Komentar