Code:
bahan : - RB750 VER 4.9 - 2 Line Speedy Paket Office - Ubuntu Versi 9.10 SETTING PADA SISI MIKROTIK : /ip adrress - 172.19.196.1/24 interface proxy - 192.168.88.1/24 interface lan - 192.168.1.1/24 interface modem-1 - 192.168.2.1/24 interface modem-2 catatan : dial lewat mikrotik dgn modem sbg brigde ip pada mesin ubuntu 172.19.196.100
Code:
/ip firewall mangle
add action=mark-packet chain=prerouting comment=proxy-hit disabled=no dscp=12 \
new-packet-mark=proxy-hit passthrough=yes
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT packet-mark=proxy-hit parent=global-out priority=1 \
queue=default
Code:
/ip firewall mangle
add action=mark-connection chain=input comment=\
"PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new disabled=no \
in-interface=pppoe_1 new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_1 new-connection-mark=\
pppoe1_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_2 new-connection-mark=\
pppoe2_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
disabled=no new-routing-mark=pppoe_2 passthrough=no
Code:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"PCC RULE MARK HTTP CONN" connection-state=established disabled=no \
dst-address-type=!local dst-port=80 in-interface=proxy \
new-connection-mark=http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=80 in-interface=\
proxy new-connection-mark=http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=80 in-interface=\
proxy new-connection-mark=http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=80 in-interface=\
proxy new-connection-mark=http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
Code:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"PCC RULE ---- MARK - NON -HTTP CONN" connection-state=established \
disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=!80 \
in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
Code:
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"PCC RULE ---- MARK - HTTP ROUTE" connection-mark=http_pppoe_1 disabled=\
no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment=\
"PCC RULE MARK NON HTTP ROUTE" connection-mark=non.http_pppoe_1 \
disabled=no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
Code:
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
out-interface=pppoe_1
add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
out-interface=pppoe_2
add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
out-interface=proxy
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=\
53 in-interface=lan protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=lan protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no \
dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lan \
protocol=tcp to-addresses=172.19.196.100 to-ports=3128
add action=dst-nat chain=dstnat comment="REMOTE PROXY" disabled=no \
dst-address=125.165.40.xxx dst-port=22 protocol=tcp to-addresses=\
172.19.196.100 to-ports=22
Code:
/ip firewall address-list add address=192.168.88.0/24 comment="" disabled=no list=lanNET add address=172.19.196.0/24 comment="" disabled=no list=proxyNET
Code:
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no \
distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 target-scope=10
0 komentar: