Breaking News
Loading...
20 October 2011

Load Balancing + Proxy +mikrotik

Tutorial ini saya buat untuk menjawab banyak pertanyaan bagaimana menggabungkan 2 line speedy + proxy eksternal dgn ubuntu, sekaligus solusi agar game online terutama game Poker dan Poinblank lancar tanpa masalah ip ilegal lagi.


Code:
bahan :
- RB750 VER 4.9
- 2 Line Speedy Paket Office
- Ubuntu Versi 9.10


SETTING PADA SISI MIKROTIK :

/ip adrress
  
  - 172.19.196.1/24 interface proxy
  - 192.168.88.1/24 interface lan
  - 192.168.1.1/24  interface modem-1
  - 192.168.2.1/24  interface modem-2

catatan : dial lewat mikrotik dgn modem sbg brigde
ip pada mesin ubuntu 172.19.196.100
BAYPASS PROXY
Code:
/ip firewall mangle 

add action=mark-packet chain=prerouting comment=proxy-hit disabled=no dscp=12 \
    new-packet-mark=proxy-hit passthrough=yes

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=HIT packet-mark=proxy-hit parent=global-out priority=1 \
    queue=default
PCC RULE MARK ALL PPPoE CONN
Code:
/ip firewall mangle
add action=mark-connection chain=input comment=\
    "PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new disabled=no \
    in-interface=pppoe_1 new-connection-mark=pppoe1_conn passthrough=yes

add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
    passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no in-interface=pppoe_1 new-connection-mark=\
    pppoe1_conn passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no in-interface=pppoe_2 new-connection-mark=\
    pppoe2_conn passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
    passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
    passthrough=yes

add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
    disabled=no new-routing-mark=pppoe_1 passthrough=no

add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
    disabled=no new-routing-mark=pppoe_2 passthrough=no
PCC RULE MARK HTTP CONN
Code:
/ip firewall mangle

add action=mark-connection chain=prerouting comment=\
    "PCC RULE MARK HTTP CONN" connection-state=established disabled=no \
    dst-address-type=!local dst-port=80 in-interface=proxy \
    new-connection-mark=http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no dst-address-type=!local dst-port=80 in-interface=\
    proxy new-connection-mark=http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local dst-port=80 in-interface=\
    proxy new-connection-mark=http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local dst-port=80 in-interface=\
    proxy new-connection-mark=http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
PCC RULE MARK NON HTTP CONN
Code:
/ip firewall mangle

add action=mark-connection chain=prerouting comment=\
    "PCC RULE ---- MARK - NON -HTTP CONN" connection-state=established \
    disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
    new-connection-mark=non.http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no dst-address-type=!local dst-port=!80 \
    in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
    new-connection-mark=non.http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
    new-connection-mark=non.http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no dst-address-type=!local in-interface=lan \
    new-connection-mark=non.http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp

add action=mark-connection chain=prerouting comment="" connection-state=\
    established disabled=no dst-address-type=!local in-interface=lan \
    new-connection-mark=non.http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local in-interface=lan \
    new-connection-mark=non.http_pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp

add action=mark-connection chain=prerouting comment="" connection-state=\
    related disabled=no dst-address-type=!local in-interface=lan \
    new-connection-mark=non.http_pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
PCC RULE MARK HTTP dan NON HTTP ROUTE
Code:
/ip firewall mangle

add action=mark-routing chain=prerouting comment=\
    "PCC RULE ---- MARK - HTTP ROUTE" connection-mark=http_pppoe_1 disabled=\
    no new-routing-mark=pppoe_1 passthrough=yes

add action=mark-routing chain=prerouting comment="" connection-mark=\
    http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes

add action=mark-routing chain=prerouting comment=\
    "PCC RULE  MARK NON HTTP ROUTE" connection-mark=non.http_pppoe_1 \
    disabled=no new-routing-mark=pppoe_1 passthrough=yes

add action=mark-routing chain=prerouting comment="" connection-mark=\
    non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
NAT

Code:
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
    out-interface=pppoe_1

add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
    out-interface=pppoe_2

add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
    out-interface=proxy

add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=\
    53 in-interface=lan protocol=udp to-ports=53

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
    in-interface=lan protocol=tcp to-ports=53

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
    in-interface=proxy protocol=udp to-ports=53

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
    in-interface=proxy protocol=tcp to-ports=53

add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no \
    dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lan \
    protocol=tcp to-addresses=172.19.196.100 to-ports=3128

add action=dst-nat chain=dstnat comment="REMOTE PROXY" disabled=no \
    dst-address=125.165.40.xxx dst-port=22 protocol=tcp to-addresses=\
    172.19.196.100 to-ports=22
ADDRESS LIST
Code:
/ip firewall address-list
add address=192.168.88.0/24 comment="" disabled=no list=lanNET
add address=172.19.196.0/24 comment="" disabled=no list=proxyNET
ROUTE
Code:
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no \
    distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no \
    distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 target-scope=10

0 komentar:

Post a Comment

 
Toggle Footer