05 April 2012

hit proxy

Leave a Reply Tags:
  1. /ip firewall mangle
  2. add action=mark-packet chain=prerouting comment="HIT DSCP 12" disabled=no dscp=12 new-packet-mark=HIT passthrough=no
  3. add action=mark-packet chain=prerouting comment="L7-HIT PROXY" disabled=no layer7-protocol=Httphit new-packet-mark=Hit-L7 passthrough=no
  4. add action=mark-packet chain=prerouting comment=L7-MISS disabled=no layer7-protocol=httpmisses new-packet-mark=missproxy-L7 passthrough=no
  5. add action=mark-connection chain=prerouting comment="--------------------------NTH Local------------------------" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi1 nth=3,1 passthrough=yes
  6. add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=no
  7. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi2 nth=3,2 passthrough=yes
  8. add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
  9. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi3 nth=3,3 passthrough=yes
  10. add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no
  11. add action=mark-connection chain=prerouting comment="--------------------------NTH Proxy------------------------" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi1 nth=3,1 passthrough=yes
  12. add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=no
  13. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi2 nth=3,2 passthrough=yes
  14. add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=no
  15. add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi3 nth=3,3 passthrough=yes
  16. add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Proxy new-routing-mark=pppoe_3 passthrough=no
  17. /ip firewall nat
  18. add action=masquerade chain=srcnat comment=Masquerade disabled=no out-interface=pppoe_1
  19. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_2
  20. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_3
  21. add action=masquerade chain=srcnat comment="" disabled=no out-interface=Proxy
  22. add action=redirect chain=dstnat comment="By Pass DNS PROXIESS >>DIRECT" disabled=yes dst-port=53 protocol=udp to-ports=53
  23. add action=redirect chain=dstnat comment="" disabled=yes dst-port=53 protocol=tcp to-ports=53
  24. add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY disable this to bypass squid" disabled=no dst-port=80,8080,3128 protocol=tcp src-address=10.20.30.0/24 src-address-list=Local to-addresses=192.168.10.2 to-ports=3128
  25. add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=10.20.30.200 dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.10.2
  26. add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.10.2 to-ports=53
  27. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.10.2 to-ports=53
  28. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53
  29. add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53
  30. add action=dst-nat chain=dstnat comment="DMZ 1" disabled=no dst-port=81,22 in-interface=pppoe_1 protocol=tcp to-addresses=192.168.10.2
  31. add action=dst-nat chain=dstnat comment="DMZ 2" disabled=no dst-port=81,22 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
  32. add action=dst-nat chain=dstnat comment="REMOTE OP" disabled=no dst-port=5900 in-interface=pppoe_2 protocol=tcp to-addresses=10.20.30.230
  33. add action=dst-nat chain=dstnat comment="DMZ ------- CHECK BEFORE ENABLED" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_3 protocol=tcp to-addresses=192.168.10.2
  34. add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
     
     RAW Paste Data
     
     /ip firewall mangle
    add action=mark-packet chain=prerouting comment="HIT DSCP 12" disabled=no dscp=12 new-packet-mark=HIT passthrough=no
    add action=mark-packet chain=prerouting comment="L7-HIT PROXY" disabled=no layer7-protocol=Httphit new-packet-mark=Hit-L7 passthrough=no
    add action=mark-packet chain=prerouting comment=L7-MISS disabled=no layer7-protocol=httpmisses new-packet-mark=missproxy-L7 passthrough=no
    add action=mark-connection chain=prerouting comment="--------------------------NTH Local------------------------" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi1 nth=3,1 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi2 nth=3,2 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=spidi3 nth=3,3 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no
    add action=mark-connection chain=prerouting comment="--------------------------NTH Proxy------------------------" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi1 nth=3,1 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi2 nth=3,2 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi2 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=no
    add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=spidi3 nth=3,3 passthrough=yes
    add action=mark-routing chain=prerouting comment="" connection-mark=spidi3 disabled=no in-interface=Proxy new-routing-mark=pppoe_3 passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat comment=Masquerade disabled=no out-interface=pppoe_1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_2
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe_3
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=Proxy
    add action=redirect chain=dstnat comment="By Pass DNS PROXIESS >>DIRECT" disabled=yes dst-port=53 protocol=udp to-ports=53
    add action=redirect chain=dstnat comment="" disabled=yes dst-port=53 protocol=tcp to-ports=53
    add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY disable this to bypass squid" disabled=no dst-port=80,8080,3128 protocol=tcp src-address=10.20.30.0/24 src-address-list=Local to-addresses=192.168.10.2 to-ports=3128
    add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=10.20.30.200 dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.10.2 to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.10.2 to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53
    add action=dst-nat chain=dstnat comment="DMZ 1" disabled=no dst-port=81,22 in-interface=pppoe_1 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="DMZ 2" disabled=no dst-port=81,22 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="REMOTE OP" disabled=no dst-port=5900 in-interface=pppoe_2 protocol=tcp to-addresses=10.20.30.230
    add action=dst-nat chain=dstnat comment="DMZ ------- CHECK BEFORE ENABLED" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_3 protocol=tcp to-addresses=192.168.10.2
    add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=192.168.10.2 dst-port=81,22,21 in-interface=pppoe_2 protocol=tcp to-addresses=192.168.10.2
Previous Post
Next Post
Unknown

Related Posts

0 komentar: