rss

LB 2 LINE ISP+ PROXY EKSTERNAL

Berikut adalah contoh setting Routerboard/Mikrotik menggunakan 2 koneksi ISP TelkomSpeedy plus Proxy Server Exkternal. Penerapan mohon disesuaikan dengan kondisi jaringan, IP Address, dan Proxy Server anda.
(Artikel ini saya ambil dari Group Facebook punya saya)

IP ADDRESS IN MODEM ADSL MODE BRIDGE :
Modem1 : 192.168.3.1
Modem2 : 192.168.4.1


IP ADDRESS IN CPU PROXY SERVER :
192.168.27.27



IP ADDRESS IN MIKROTIK:
Modem1 : 192.168.3.2/24
Modem2 : 192.168.4.2/24
LAN : 192.168.1.1/24
Proxy : 192.168.27.1/24


INTERFACE NAME :
ether1 : Modem1
ether2 : Modem2
ether3 : LAN
ether4 : Proxy

INTERFACE LIST :
/interface
add name="Modem1" type="ether" mtu=1500 l2mtu=1524
add name="Modem2" type="ether" mtu=1500 l2mtu=1524
add name="LAN" type="ether" mtu=1500 l2mtu=1524
add name="Proxy" type="ether" mtu=1500 l2mtu=1524

 IP ADDRESS LIST :
/ip addr
add address=192.168.3.2/24 network=192.168.3.0 interface=Modem1 actual-interface=Modem1
add address=192.168.4.2/24 network=192.168.4.0 interface=Modem2 actual-interface=Modem2
add address=192.168.1.1/24 network=192.168.1.0 interface=LAN actual-interface=LAN
add address=192.168.27.1/24 network=192.168.27.0 interface=Proxy actual-interface=Proxy

 PPP-PPPoE CLIENT :
/interface pppoe-client
add name="pppoe-speedy1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem1 user="*******@telkom.net" \
password="******" profile=default service-name="anjelanet1" ac-name="" add-default-route=no dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2

add name="pppoe-speedy2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem2 user="********@telkom.net" \
password="********" profile=default service-name="anjelanet2" ac-name="" add-default-route=no dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2

 ********* = ISI DGN USERNAME & PASSWORD SPEEDY ANDA

 IP DNS :
IP--->>DNS--->>SETTING
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok melalui akun openDNS) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145
Gunakan IP DNS ISP anda (IP DNS terbaik adalah IP DNS dengan loop terpendek yaitu IP DNS ISP di wilayah anda)

IP DHCP SERVER :
DHCP-->DHCP Setup-->DHCP Server Interface=LAN-->NEXT..............FINISH
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145

IP FIRWALL NAT :
/ip fi nat
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=3128 protocol=tcp dst-address-list=!Local+Proxy \
in-interface=LAN dst-port=80,81,8080,3128 comment="TRANSPARENT PROXY"

add chain=srcnat action=masquerade out-interface=pppoe-speedy1 comment="MASQUERADE"
add chain=srcnat action=masquerade out-interface=pppoe-speedy2
add chain=srcnat action=masquerade out-interface=Modem1
add chain=srcnat action=masquerade out-interface=Modem2

 add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=LAN dst-port=53 comment="TRANSPARENT DNS"
add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=LAN dst-port=53
add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Proxy dst-port=53
add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Proxy dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=22 protocol=tcp dst-address="IP PUBLIK" \
dst-port=2221 comment="SSH PROXY OUT REMOTE TO WINsCP"
  "IP PUBLIK" : Isi dengan IP Publik Internet Speedy anda

 IP FIREWALL ADDRESS-LIST
/ip fi addr
add list=LAN-NeT address=192.168.1.0/24
add list=Proxy-NeT address=192.168.27.0/24
add list=Local+Proxy address=192.168.1.0/24
add list=Local+Proxy address=192.168.27.0/24

 IP FIREWALL MANGLE :
/ip fi ma

Routing :
add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=49100 comment="Router POINTBLANK"
add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=udp \
dst-address=203.89.146.0/23 dst-port=40000-40010
add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=39190

PPPoE CONN :
add chain=input action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=new \
in-interface=pppoe-speedy1 comment="PPPoE CONN"
add chain=input action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=new \
in-interface=pppoe-speedy2
add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=established \
in-interface=pppoe-speedy1
add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=established \
in-interface=pppoe-speedy2
add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=related \
in-interface=pppoe-speedy1
add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=related \
in-interface=pppoe-speedy2

add chain=output action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=no connection-mark=pppoe1-conn
add chain=output action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=no connection-mark=pppoe2-conn

HTTP CONN :
add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp \
src-address-type="" dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
per-connection-classifier=both-addresses-and-ports:2/0 comment="HTTP CONN"
add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
per-connection-classifier=both-addresses-and-ports:2/1
add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 \
per-connection-classifier=both-addresses-and-ports:2/0
add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 \
per-connection-classifier=both-addresses-and-ports:2/1


MARK-HTTP ROUTE :
add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=Proxy \
connection-mark=http-pppoe1 comment="MARK-HTTP ROUTE"
add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=Proxy \
connection-mark=http-pppoe2
 
NON-HTTP CONN :
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 \
per-connection-classifier=both-addresses-and-ports:2/0 comment="NON-HTTP CONN"
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 \
per-connection-classifier=both-addresses-and-ports:2/1
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 \
per-connection-classifier=both-addresses-and-ports:2/0
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 \
per-connection-classifier=both-addresses-and-ports:2/1
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
per-connection-classifier=both-addresses-and-ports:2/0
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
per-connection-classifier=both-addresses-and-ports:2/1
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp \
dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 \
add hain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp \
dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1


MARK NON HTTP ROUTE :
add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=LAN \
connection-mark=non-http-pppoe1 comment="MARK NON HTTP ROUTE"
add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=LAN \
connection-mark=non-http-pppoe2


CRITICAL CONN :
add chain=postrouting action=change-dscp new-dscp=1 protocol=tcp dst-port=53 comment="CRITICAL CONN"
add chain=postrouting action=change-dscp new-dscp=1 protocol=icmp
add chain=postrouting action=change-dscp new-dscp=1 protocol=udp dst-port=53
add chain=postrouting action=mark-connection new-connection-mark=critical-conn passthrough=yes dscp=1
add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passthrough=no connection-mark=critical-conn

PROXY-HIT :
add chain=prerouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no protocol=tcp \
in-interface=Proxy dscp=12 comment="PROXY-HIT"
add chain=postrouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no out-interface=LAN dscp=12


IP ROUTE :
/ip r
 add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 gateway-status=pppoe-speedy1 reachable check-gateway=ping distance=1 \
scope=30 target-scope=10 comment="Default-Route-speedy1-Distance-1"
add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 gateway-status=pppoe-speedy2 reachable check-gateway=ping distance=2 \
scope=30 target-scope=10 routing-mark=PointBlank comment="Default-Route-speedy2-Distance-2"
add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 gateway-status=pppoe-speedy1 reachable check-gateway=ping distance=1 \
scope=30 target-scope=10 routing-mark=pppoe-speedy1
add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 gateway-status=pppoe-speedy2 reachable check-gateway=ping distance=1 \
scope=30 target-scope=10 routing-mark=pppoe-speedy2

No comments:

Post a Comment

Give Me Your Comment, No SPAM No JUNK:

Posting Terbaru

 

Pengikut Blog Ini