09 June 2012

Load Balance 2 Line Speedy + external Proxy

Berikut script :
Set Interface disesuiakan Gan:
/ip adrress
- 192.168.4.1/24 interface proxy
- 192.168.1.1/24 interface lokal
- 192.168.2.1/24  interface modem1
- 192.168.3.1/24  interface modem2

/interface pppoe-client
add ac-name=”" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”"
dial-on-demand=no disabled=no interface=modem1 max-mru=1480 max-mtu=1480
mrru=disabled name=”spedaku” user=”******@telkom.net” password=”***” profile=default
service-name=”" use-peer-dns=no
add ac-name=”" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”"
dial-on-demand=no disabled=no interface=modem2 max-mru=1480 max-mtu=1480
mrru=disabled name=”spedamu” user=”******@telkom.net” password=”***” profile=default
service-name=”" use-peer-dns=no

/ip firewall mangle
add action=mark-packet chain=prerouting comment=proxy-hit disabled=no dscp=12
new-packet-mark=proxy-hit passthrough=yes
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=HIT packet-mark=proxy-hit parent=global-out priority=1
queue=default

## mangel
/ip firewall mangle
add action=mark-connection chain=input comment=
“PCC RULE —- MARK ALL PPPoE CONN” connection-state=new disabled=no
in-interface=pppoe_1 new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-connection chain=input comment=”" connection-state=new
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn
passthrough=yes
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no in-interface=pppoe_1 new-connection-mark=
pppoe1_conn passthrough=yes
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no in-interface=pppoe_2 new-connection-mark=
pppoe2_conn passthrough=yes
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn
passthrough=yes
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn
passthrough=yes
add action=mark-routing chain=output comment=”" connection-mark=pppoe1_conn
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment=”" connection-mark=pppoe2_conn
disabled=no new-routing-mark=pppoe_2 passthrough=no

/ip firewall mangle
add action=mark-connection chain=prerouting comment=
“PCC RULE MARK HTTP CONN” connection-state=established disabled=no
dst-address-type=!local dst-port=80 in-interface=proxy
new-connection-mark=http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no dst-address-type=!local dst-port=80 in-interface=
proxy new-connection-mark=http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local dst-port=80 in-interface=
proxy new-connection-mark=http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local dst-port=80 in-interface=
proxy new-connection-mark=http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=
“PCC RULE —- MARK – NON -HTTP CONN” connection-state=established
disabled=no dst-address-type=!local dst-port=!80 in-interface=lokal
new-connection-mark=non.http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no dst-address-type=!local dst-port=!80
in-interface=lokal new-connection-mark=non.http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lokal
new-connection-mark=non.http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lokal
new-connection-mark=non.http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no dst-address-type=!local in-interface=lokal
new-connection-mark=non.http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment=”" connection-state=
established disabled=no dst-address-type=!local in-interface=lokal
new-connection-mark=non.http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local in-interface=lokal
new-connection-mark=non.http_pppoe_1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment=”" connection-state=
related disabled=no dst-address-type=!local in-interface=lokal
new-connection-mark=non.http_pppoe_2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp

/ip firewall mangle
add action=mark-routing chain=prerouting comment=
“PCC RULE —- MARK – HTTP ROUTE” connection-mark=http_pppoe_1 disabled=
no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment=”" connection-mark=
http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment=
“PCC RULE  MARK NON HTTP ROUTE” connection-mark=non.http_pppoe_1
disabled=no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment=”" connection-mark=
non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
#Nat
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no
out-interface=spedaku
add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no
out-interface=spedamu
add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no
out-interface=proxy
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=
53 in-interface=lokal protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment=”" disabled=no dst-port=53
in-interface=lokal protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=”" disabled=no dst-port=53
in-interface=proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment=”" disabled=no dst-port=53
in-interface=proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no
dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lokal
protocol=tcp to-addresses=192.168.4.2 to-ports=3128
add action=dst-nat chain=dstnat comment=”REMOTE PROXY” disabled=no
dst-address=118.96.40.xxx dst-port=22 protocol=tcp to-addresses=
192.168.4.2 to-ports=22

#Addres List
/ip firewall address-list
add address=192.168.1.0/24 comment=”" disabled=no list=lanNET
add address=192.168.4.0/24 comment=”" disabled=no list=proxyNET
#Routing
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
spedaku routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
spedamu routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no
distance=1 dst-address=0.0.0.0/0 gateway=spedaku scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no
distance=2 dst-address=0.0.0.0/0 gateway=spedamu scope=30 target-scope=10

Catatan tambahan :
Di Edisi Berikutnya sy tambahkan Rule untuk Optimalisasi pada Game Online dan POker Untuk Optimal dan Terbebas dari LAG…
Rule untuk game online dan Poker masih di evaluasi lebih lanjut.. jadi mohon sabar yaaaa.. :-)
Load Balance 2 Line Speedy + external Proxy Suport Game Online dan Poker
Previous Post
Next Post
Related Posts

0 komentar: