05 December 2011

Menggabungkan 2 Line Speedy +proxy

 setting LB+ipcop di V3.30....
setting di bawa ini v3.20...apa bisa di modif jadi sperti master akangan punya..tq dolo ee

Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R local ether 0 0 1500
1 R speedy1 ether 0 0 1500
2 R speedy2 ether 0 0 1500
3 R squidproxy ether 0 0 1500

IP Address

Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.50/24 192.168.0.0 192.168.0.255 local
1 192.168.1.2/24 192.168.1.0 192.168.1.255 speedy1
2 192.168.2.2/24 192.168.2.0 192.168.2.255 speedy2
3 192.168.3.5/24 192.168.3.0 192.168.3.255 squidproxy

Mangle

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Mangle Squid
chain=forward content=X-Cache: HIT action=mark-connection new-connection-mark=squid_con
passthrough=yes

1 chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt
passthrough=no

2 ;;; LB Squid
chain=prerouting connection-mark=!squid_con connection-state=new nth=1,1,0
action=mark-connection new-connection-mark=line1 passthrough=yes

3 chain=prerouting connection-mark=line1 action=mark-routing new-routing-mark=route-line1
passthrough=no

4 chain=prerouting connection-mark=squid_con connection-state=new nth=1,1,1
action=mark-connection new-connection-mark=line2 passthrough=yes

5 chain=prerouting connection-mark=line2 action=mark-routing new-routing-mark=route-line2
passthrough=no

6 ;;; Mangle Squid
chain=forward connection-mark=!squid_con action=mark-packet new-packet-mark=http_pkt
passthrough=no

7 chain=forward protocol=icmp connection-mark=all_con action=mark-packet
new-packet-mark=icmp_pkt passthrough=no

8 chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt
passthrough=no

NAT

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Masquerade
chain=srcnat out-interface=speedy1 action=masquerade

1 chain=srcnat out-interface=speedy2 action=masquerade

2 ;;; Untuk IP Cop
chain=dstnat protocol=tcp dst-port=81 action=dst-nat to-addresses=192.168.3.1 to-ports=81

3 X ;;; Untuk HTTPS IPCOP
chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.1 to-ports=445

4 ;;; Redirect Mik to Squid
chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-port=80 action=dst-nat
to-addresses=192.168.3.1 to-ports=878

5 X chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-port=443 action=dst-nat
to-addresses=192.168.3.1 to-ports=800

IP Route

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.0.0/24 192.168.0.50 local
1 ADC 192.168.1.0/24 192.168.1.2 speedy1
2 ADC 192.168.2.0/24 192.168.2.2 speedy2
3 ADC 192.168.3.0/24 192.168.3.5 squidproxy
4 A S ;;; default routing connection
0.0.0.0/0 r 192.168.1.1 speedy1
5 A S 0.0.0.0/0 r 192.168.1.1 speedy1
6 A S 0.0.0.0/0 r 192.168.2.1 speedy2


atau pakai setingan yang ini



Load balancing Mikrotik kali ini saya coba dengan 2 line speedy digabungkan dengan mesin squid web proxy, berbeda dengan load balancing versi sebelum ini. Pada load balancing kali ini saya tambahkan redirect ke squid dengan mengunakan mikrotik sebagai mesin load balancer-nya.
Langkah pertama install dulu mikrotik seperti di tutorial ini, lalu sebelum mencoba, saya sarankan mereset mikrotik dulu, supaya kembali pada settingan default. untuk reset bisa menggunkan perintah : “/sy reset“.
Setelah Mikrotik diinstall, pastikan dulu bahwa interface pada mikrotik ada 4biji, interface 1 menuju ke klient, interface 2 menuju ke Speedy 1, interface 3 menuju ke speedy 2 dan interface 4 menuju ke squid web proxy.
untuk setting squid bisa dilihat disini, dan baiklah kita mulai copy paste setting dibawah ini pada terminal Mikrotik :
/in ethset ether1 name="intranet"  disabled=no
set ether2 name="speedy-1"  disabled=no
set ether3 name="speedy-2"  disabled=no
set ether4 name="proxy"  disabled=no
/ip addadd address=192.168.1.2/24 interface=speedy-1 comment="ke speedy-1"
add address=192.168.2.2/24 interface=speedy-2 comment="ke speedy-2"
add address=192.168.11.1/27 interface=intranet comment="ke Hub"
add address=192.168.10.2/30 interface=proxy comment="ke-proxy"
/ ip dnsset primary-dns=202.134.1.10 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=4048KiB cache-max-ttl=1w
/ ip firewall mangleadd chain=prerouting in-interface=intranet connection-state=new nth=1,2,0 action=mark-connection new-connection-mark=satu passthrough=yes comment=""
add chain=prerouting in-interface=intranet connection-mark=satu action=mark-routing new-routing-mark=satu passthrough=no comment=""
add chain=prerouting in-interface=intranet connection-state=new nth=1,2,1 action=mark-connection new-connection-mark=dua passthrough=yes comment=""
add chain=prerouting in-interface=intranet connection-mark=dua action=mark-routing new-routing-mark=dua passthrough=no comment="" disabled=no
add chain=prerouting in-interface=proxy connection-state=new nth=1,2,0 action=mark-connection new-connection-mark=tiga passthrough=yes comment=""
add chain=prerouting in-interface=proxy connection-mark=tiga action=mark-routing new-routing-mark=tiga passthrough=no comment=""
add chain=prerouting in-interface=proxy connection-state=new nth=1,2,1 action=mark-connection new-connection-mark=empat passthrough=yes comment=""
add chain=prerouting in-interface=proxy connection-mark=empat action=mark-routing new-routing-mark=empat passthrough=no comment="" disabled=no
/ ip firewall natadd chain=srcnat out-interface=speedy-1 connection-mark=satu action=src-nat to-addresses=192.168.1.1 to-ports=0-65535 comment="" disabled=no
add chain=srcnat out-interface=speedy-2 connection-mark=dua action=src-nat to-addresses=192.168.2.1 to-ports=0-65535 comment="" disabled=no
nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=3128
add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=3128
/ ip firewall connection trackingset enabled=yes tcp-syn-sent-timeout=2s tcp-syn-received-timeout=2s tcp-established-timeout=1d tcp-fin-wait-timeout=5s tcp-close-wait-timeout=5s tcp-last-ack-timeout=5s tcp-time-wait-timeout=5s tcp-close-timeout=5s udp-timeout=5s udp-stream-timeout=1m icmp-timeout=5s generic-timeout=5m tcp-syncookie=no
/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=satu comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=dua comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
/ ip proxyset enabled=yes port=3128 parent-proxy=192.168.10.1:3128 maximal-client-connecions=1000 maximal-server-connectons=1000
Ohya mikrotik yang saya gunakan untuk testing kali ini adalah versi bajakan 2.9.27, untuk versi 3 keatas silahkan lihat setting mangle-nya pada tulisan ini dan tulisan ini. ohya kalo pake bajakan saya sarankan setelah settingannya berjalan, silahkan beli Mikrotik ASLI ya!!
Previous Post
Next Post
Related Posts

0 komentar: