Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
27Activity
0 of .
Results for:
No results containing your search query
P. 1
Mikrotik - External Squid - Simple Queue

Mikrotik - External Squid - Simple Queue

Ratings: (0)|Views: 5,238|Likes:
Published by lucentia

More info:

Published by: lucentia on Sep 15, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

06/25/2011

pdf

text

original

 
Mikrotik - External Squid - Simple QueueIni ada sedikit how-to mengenai bagaimana menggunakan External Proxy (Squid) untuk network yang di routing oleh Mikrotik.Ini adalah kumpulan cari-cari dan tanya-tanya salah satunya obrolan dgn Bos Logan diLW.. silahkan feedback dan koreksinya...Permasalahan awal gw adalah, traffic yang berasal dari proxy tidak tercatat sehinggatidak di shape oleh Simple Queue ..Oke, coba dari awal ya ..Semisal ada 2 ethernet di Mikrotik 
Code:
[tjdykb@mt] > /interface printFlags: X - disabled, D - dynamic, R - running# NAMETYPE RX-RATE TX-RATE MTU0 R public ether 0 0 15001 R local ether 0 0 1500dan ada 1 ip publik ke backhaul serta 2 ip local;
Code:
[tjdykb@mt] > /ip ad pr Flags: X - disabled, I - invalid, D - dynamic# ADDRESS NETWORK BROADCAST INTERFACE0 202.149.69.109/29 202.149.69.104 202.149.69.111 public1 172.16.5.1/29 172.16.5.0 172.16.5.7 local2 172.16.9.1/30 172.16.9.0 172.16.9.3 localSquid Box memiliki IP Address 172.16.9.2..dan ada dua rule NAT .. pada rule ini dapat dilihat bahwa yang dilewatin ke proxy hanyatraffic ke dst-port 80 untuk link International (!iix-ip), iix-ip adalah address-list untuk ip-ip iix .. (sudah pernah ada tutorialnya mengenai hal ini)
Code:
[tjdykb@mt] > /ip firewall nat printFlags: X - disabled, I - invalid, D - dynamic0 chain=dstnat in-interface=local src-address=172.16.5.0/29 protocol=tcp dst-
 
 port=80 dst-address-list=!iix-ip action=redirect to-ports=31281 chain=srcnat out-interface=public src-address-list=pelangganaction=masqueradeDimana kita telah mengaktifkan proxy built in pada Mikrotik dengan parent 172.16.9.2yang squidnya berjalan di port 3128
Code:
[tjdykb@mt] > /ip proxy printenabled: yes port: 3128 parent-proxy: 172.16.9.2:3128maximal-client-connecions: 1000maximal-server-connectons: 1000Kemudian Manglenya .. ada address-list pelanggan yang isinya ip yang di nat ..
Code:
[tjdykb@mt] > /ip firewall mangle printFlags: X - disabled, I - invalid, D - dynamic0 ;;; IIX-Intl Trafficchain=prerouting src-address-list=pelanggan action=mark-connection new-connection-mark=Con Mark Semua passthrough=yes1 chain=prerouting connection-mark=Con Mark Semua src-address-list=pelanggan dst-address-list=!iix-ip action=mark-connectionnew-connection-mark=Con Mark Intl passthrough=yes2 chain=prerouting connection-mark=Con Mark Intl action=mark-packet new- packet-mark=Intl Traffic passthrough=no3 chain=prerouting connection-mark=Con Mark Semua action=mark-packetnew-packet-mark=IIX Traffic passthrough=no4 chain=output out-interface=local connection-mark=Con Mark Intlaction=mark-packet new-packet-mark=Intl Traffic passthrough=noIni simple queuenya ..
Code:
 
[tjdykb@mt] > /queue simple printFlags: X - disabled, I - invalid, D - dynamic0 name="mine-intl" target-addresses=172.16.5.0/29 dst-address=0.0.0.0/0interface=all parent=none packet-marks=Intl Traffic direction=both priority=1queue=default-small/default-small limit-at=64000/64000 max-limit=64000/64000 burst-time=1m/1m total-queue=default-small1 name="mine-IIX" target-addresses=172.16.5.0/29 dst-address=0.0.0.0/0interface=all parent=none packet-marks=IIX Traffic direction=both priority=1queue=default-small/default-small limit-at=512000/512000 max-limit=2000000/2000000 burst-time=2m/2m total-queue=default-smallMangle #0-#3 standar untuk nandain mana traffic intl mana traffic iix, sementara mangle#4 untuk menandakan paket yg berasal dari proxy ke arah local network ,tanpa ini traffictdk akan tercatat oleh Mikrotik akibatnya tidak terkena shaping, karenanya saya kurang paham .. mohon ditambahin..Sedikit tambahan ini script iptables di box proxy, jangan lupa di squid.conf dimasukkinacl ip mikrotiknya... (172.16.9.0/30)
Code:
#!/bin/sh# ------------------------------------------------------------------------------------# See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html# (c) 2006, nixCraft under GNU/GPL v2.0+# -------------------------------------------------------------------------------------# squid server IPSQUID_SERVER="172.16.9.2"# Interface connected to InternetINTERNET="eth1"# Interface connected to LANLAN_IN="eth1"# Squid portSQUID_PORT="3128"# DO NOT MODIFY BELOW# Clean old firewalliptables -Fiptables -Xiptables -t nat -Fiptables -t nat -Xiptables -t mangle -F

Activity (27)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
arijm1707 liked this
02021983 liked this
Ligo Net liked this
riskin liked this
170885 liked this
anjrotabalabala liked this
Nanda'ku Dian liked this
Nanda'ku Dian liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->