Dari pada ga nulis..sebernya nih tekhnik lama buat LB + PROXY external (masih LUSCA) tapi saya rasa bis dimplementasikan proxy apapun
ok langsung cekidot aj.......
disini saya ga akan jelaskan dari awal so kalau udah terbiasa dengan mikrotik pasti paham
/ip address
add address=192.168.177.1/24 interface=2local network=192.168.177.0
add address=192.168.99.1/24 comment=hOTSPOT interface=HOTSPOT network=\
192.168.99.0
add address=192.168.1.2/24 comment=publik1 interface=1public network=\
192.168.1.0
add address=192.168.2.2/24 comment=publik2 interface=6public2 network=\
192.168.2.0
add address=102.102.102.2/24 comment=ProxyServer interface=4proxy network=\
102.102.102.0
2.kemudian bikin nat dan transparent proxy nya dulu
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="LOCAL NAT ISP1" out-interface=\
1public
add action=masquerade chain=srcnat comment="PROXY NAT ISP2" out-interface=\
6public2
add action=dst-nat chain=dstnat comment=TRANSPARENT-TCP dst-port=53 protocol=\
tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-UDP dst-port=53 protocol=\
udp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS-UDP-PROXY dst-port=53 \
in-interface=4proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS-TCP-PROXY dst-port=53 \
in-interface=4proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=PROXY dst-port=80,3128 protocol=tcp \
src-address-list=!noproxy to-addresses=102.102.102.1 to-ports=3128
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="LOCAL NAT ISP1" out-interface=\
1public
add action=masquerade chain=srcnat comment="PROXY NAT ISP2" out-interface=\
6public2
add action=dst-nat chain=dstnat comment=TRANSPARENT-TCP dst-port=53 protocol=\
tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-UDP dst-port=53 protocol=\
udp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS-UDP-PROXY dst-port=53 \
in-interface=4proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS-TCP-PROXY dst-port=53 \
in-interface=4proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=PROXY dst-port=80,3128 protocol=tcp \
src-address-list=!noproxy to-addresses=102.102.102.1 to-ports=3128
3.kemudian buat mangle untuk paketanya
/ip firewall mangle
add action=mark-packet chain=forward comment="SQUID PROXY HIT" dscp=12 \
new-packet-mark=PROXY-HIT passthrough=no
add action=mark-connection chain=input comment=\
"PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new in-interface=\
1public new-connection-mark=public1-conn
add action=mark-connection chain=input connection-state=new in-interface=\
6public2 new-connection-mark=public2-conn
add action=mark-connection chain=prerouting connection-state=established \
in-interface=1public new-connection-mark=public1-conn
add action=mark-connection chain=prerouting connection-state=established \
in-interface=6public2 new-connection-mark=public2-conn
add action=mark-connection chain=prerouting connection-state=related \
in-interface=1public new-connection-mark=public1-conn
add action=mark-connection chain=prerouting connection-state=related \
in-interface=6public2 new-connection-mark=public2-conn
add action=mark-routing chain=output connection-mark=public1-conn \
new-routing-mark=1public passthrough=no
add action=mark-routing chain=output connection-mark=public2-conn \
new-routing-mark=6public2 passthrough=no
add action=mark-connection chain=prerouting comment="MARK ALL 4proxy CONN" \
connection-state=new dst-address-type=!local dst-port=80 in-interface=\
4proxy new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=new \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-packet chain=forward comment="PCC RULE ---- MARK HTTP" \
connection-mark=pr_1public new-packet-mark=http_pppoe1_pkt passthrough=no
add action=mark-packet chain=forward connection-mark=pr_6public2 \
new-packet-mark=http_pppoe2_pkt passthrough=no
add action=mark-routing chain=prerouting comment="PCC RULE ---- MARK ROUTE" \
connection-mark=pr_1public new-routing-mark=1public
add action=mark-routing chain=prerouting connection-mark=pr_6public2 \
new-routing-mark=6public2
add action=mark-packet chain=forward comment="SQUID PROXY HIT" dscp=12 \
new-packet-mark=PROXY-HIT passthrough=no
add action=mark-connection chain=input comment=\
"PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new in-interface=\
1public new-connection-mark=public1-conn
add action=mark-connection chain=input connection-state=new in-interface=\
6public2 new-connection-mark=public2-conn
add action=mark-connection chain=prerouting connection-state=established \
in-interface=1public new-connection-mark=public1-conn
add action=mark-connection chain=prerouting connection-state=established \
in-interface=6public2 new-connection-mark=public2-conn
add action=mark-connection chain=prerouting connection-state=related \
in-interface=1public new-connection-mark=public1-conn
add action=mark-connection chain=prerouting connection-state=related \
in-interface=6public2 new-connection-mark=public2-conn
add action=mark-routing chain=output connection-mark=public1-conn \
new-routing-mark=1public passthrough=no
add action=mark-routing chain=output connection-mark=public2-conn \
new-routing-mark=6public2 passthrough=no
add action=mark-connection chain=prerouting comment="MARK ALL 4proxy CONN" \
connection-state=new dst-address-type=!local dst-port=80 in-interface=\
4proxy new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=new \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_1public per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \
dst-address-type=!local dst-port=80 in-interface=4proxy \
new-connection-mark=pr_6public2 per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp
add action=mark-packet chain=forward comment="PCC RULE ---- MARK HTTP" \
connection-mark=pr_1public new-packet-mark=http_pppoe1_pkt passthrough=no
add action=mark-packet chain=forward connection-mark=pr_6public2 \
new-packet-mark=http_pppoe2_pkt passthrough=no
add action=mark-routing chain=prerouting comment="PCC RULE ---- MARK ROUTE" \
connection-mark=pr_1public new-routing-mark=1public
add action=mark-routing chain=prerouting connection-mark=pr_6public2 \
new-routing-mark=6public2
4.kemudian bikin route untuk mengarahkan local ke ISP
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=1public
add check-gateway=ping distance=2 gateway=192.168.1.1 routing-mark=1public
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=6public2
add check-gateway=ping distance=2 gateway=192.168.2.1 routing-mark=6public2
add check-gateway=ping comment="Default Route pppoe1 - Distance 1" distance=1 \
gateway=192.168.1.1
add check-gateway=ping comment="Default Route pppoe2 - Distance 1" distance=2 \
gateway=192.168.2.1
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=1public
add check-gateway=ping distance=2 gateway=192.168.1.1 routing-mark=1public
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=6public2
add check-gateway=ping distance=2 gateway=192.168.2.1 routing-mark=6public2
add check-gateway=ping comment="Default Route pppoe1 - Distance 1" distance=1 \
gateway=192.168.1.1
add check-gateway=ping comment="Default Route pppoe2 - Distance 1" distance=2 \
gateway=192.168.2.1
dah gitu aja ya bro...
perlu dicatat silahkan dikoreksi dulu sesuaikan dengan mikrotik dan kebutuhan anda.....soalnya ni hasil export setingan saya so pasti dah sesuai dengan device saya
hasilnya akan seperti ini kira2
Contoh kebetulan yang dipake yang ke hotspot saja jadi yg ada aktifitas yang kehotspot
perlu dicatat silahkan dikoreksi dulu sesuaikan dengan mikrotik dan kebutuhan anda.....soalnya ni hasil export setingan saya so pasti dah sesuai dengan device saya
hasilnya akan seperti ini kira2
Contoh kebetulan yang dipake yang ke hotspot saja jadi yg ada aktifitas yang kehotspot
Ni hasil capture Proxynya
0 komentar:
Post a Comment
ilmu lebih berharga dari pada uang