Cara Setting Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External

Dengan Router Mikrotik di tambah
Squid ProxyExternal seperti ubuntu,ClearOs,IpCop Dll…Performa akan menjadi mantab,apalagi menggunakan Squid Lusca…Cache semua pada di telan…Ok berikut ini saya post Cara Setting Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External,Untuk Setting Squid nya nggak saya post karena…Ini Label Mikrotik,Untuk Setting squid lihat di label Squid,,,

Ip Addess MengarahMikrotik =192.168.0.5 Ke Modem (internet)
Ip Address Mengarah Local =192.168.34.1 Ke Client
Ip Address Mengarah Squid Proxy =192.168.35.1 Ke Squid Proxy
Ip Address Squid Proxy =192.168.35.2 Ip Squid Proxy External

Terobosan….:
Total bandwidth dari Modem (internet) 4 MB
Client Download dari Modem dilimit dengan queue tree,jika file datanya telah tersimpan di Squid Proxy maka otomatis tidak terlimit alias lepas Loss
Untuk client yang download file seperti .flv .exe .rar .zip youtube dll…..dilimit 1 MB untuk semua file bagi rata,kecuali yang berbau bokep….bokep saya kasih 128 aja bagi rata…..nah…jika extention seperti .flv .exe .rar .zip youtube dll tersebut pernah di download…otomatis tersimpan di Squid proxy ..dan otomatis tidak terlimit extention tersebut…alias lepas loss….
Untuk ping ….ini perlu….bagi bagi client yang main poker,pointblank,atau game lainnya..saya gunakan queue tree juga…tapi tidak di limit…
Untuk Upload…tidak perlu di limit…demi kenyamanan pemain game
Berikut langkahnya dari awal…dari Router Mikrotik belum berisi..alias kosong…:
Kita mainkan di new terminal semua:

1. Set interface:
/interface set 0 name=public \
;/interface set 1 name=local \
;/interface set 2 name=proxy

2. Set Ip address (Sesuaikan Ip address dgn jaringan anda):
/ip address add address=192.168.0.5 \
netmask=255.255.255.0 \
interface=public \
;/ip address add address=192.168.34.1 \
netmask=255.255.255.0 \
interface=local \
;/ip address add address=192.168.35.1 \
netmask=255.255.255.0 \
interface=proxy

3. Set Gateway (Sesuaikan Gateway dengan gateway jaringan anda):
/ip route add gateway=192.168.0.1
4. Set DNS (sesuaikan DNS sengan jaringan anda):
A. Cara set DNS Untuk RB Os versi 4.XX kebawah:
/ip dns set primary-dns=203.130.208.18 \
;/ip dns set secondary-dns=203.130.193.74 \
allow-remote-requests=yes
B. Cara set DNS untuk RB Os versi 4.XX keatas:
/ip dns set servers=203.130.208.18,203.130.193.74 \
allow-remote-requests=yes

5. Set Ip Firewall Nat …..
termasuk nat untuk redirect ke proxy…saya gunakan port 3128 pada squid saya (ip addressnya sesuaikan dengan jaringan anda):
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.34.0/24 action=masquerade \
src-address-list=” client” \
comment=”LOCAL NAT MASQUERADE”
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.35.0/24 action=masquerade \
src-address-list=” proxy” \
comment=”PROXY NAT MASQUERADE”
/ip firewall nat add action=dst-nat chain=dstnat \
comment=”REDIRECT KE PROXY” disabled=no \
dst-port=80,8080,3128 in-interface=local \
protocol=tcp src-address=!192.168.35.0/24 \
to-addresses=192.168.35.2 to-ports=3128
/ip firewall nat add action=dst-nat \
chain=dstnat comment=”TRANSPARENT DNS UDP LOCAL” \
disabled=no dst-port=53 in-interface=local \
protocol=udp to-ports=53
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=local \
protocol=tcp to-ports=53 comment=”TRANSPARENT DNS TCP LOCAL”
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=udp to-ports=53 comment=”TRANSPARENT DNS UDP PROXY”
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=tcp to-ports=53 comment=”TRANSPARENT DNS TCP PROXY”

6. Selanjutnya Keamanan jaringan :
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER1″ \
address-list-timeout=2w chain=input \
comment=”PORT SCANNER2 KE ADDRESS \
LIST ” disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER2″ address-list-timeout=2w \
chain=input comment=”NMAP FIN Stealth scan” disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER3″ address-list-timeout=2w \
chain=input comment=”SYN/FIN scan” disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER4″ address-list-timeout=2w \
chain=input comment=”SYN/RST scan” disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER5″ address-list-timeout=2w \
chain=input comment=”FIN/PSH/URG scan” disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER6″ address-list-timeout=2w \
chain=input comment=”ALL/ALL scan” disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER7″ address-list-timeout=2w \
chain=input comment=”NMAP NULL scan” disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input \
comment=”BLOK PORT SCANNER” disabled=no \
src-address-list=”PORT SCANNER1″
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN MENDIRIKAN KONEKSI” \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN KONEKSI TERKAIT” \
connection-state=related disabled=no
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN PING LOCAL” \
disabled=no protocol=icmp \
src-address-list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN PING PROXY” disabled=no \
protocol=icmp src-address-list=\
“wirelessrouterproxy.blogspot.com proxy”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN INPUT DARI LOCAL” disabled=no \
src-address-list=”wirelessrouterproxy.blogspot.com client”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN INPUT DARI PROXY” disabled=no \
src-address-list=”wirelessrouterproxy.blogspot.com proxy”
/ip firewall filter add action=jump chain=forward \
comment=”FILTER PAKET YANG JELEK” disabled=no \
jump-target=tcp protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=udp \
protocol=udp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK SMTP” disabled=no dst-port=25 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK RPC2portmapper” disabled=no \
dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NBT” disabled=no dst-port=137-139 \
protocol=tcp
/ip firewall filter add action=drop \
chain=tcp comment=”TOLAK CIFS” disabled=no \
dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NFS” disabled=no dst-port=2049 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NETBUS” disabled=no dst-port=20034 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK BackOriffice” disabled=no dst-port=\
3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”BLOK DHCP” disabled=no dst-port=67-68 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK P2P” disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK TFTP” disabled=no dst-port=69 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK PRC portmapper” disabled=no \
dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK PRC portmapper” disabled=no \
dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NETBUS” disabled=no \
dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp \
comment=”BLOK NBT” disabled=no dst-port=137-139 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”BLOK NFS” disabled=no dst-port=2049 \
protocol=udp
/ip firewall filter add action=drop \
chain=udp comment=”TOLAK BackOriffice” \
disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment=”limit packets 5/secs” \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment=”limit packets 5/secs” \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward \
comment=”Allow Established connections” \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward \
comment=”Allow Forward from LOCAL Network” \
disabled=no src-address-list=\
“ client”
/ip firewall filter add action=accept chain=forward \
comment=”Allow Forward from PROXY Network” \
disabled=no src-address-list=\
“ proxy”

7. Selanjutnya buat address list untuk client anda…tujuannya hanya ip address yang di buat ini yang bisa terkoneksi ke internet…jika client anda melebihi sebanayak yang terdaftar di bawah ini…silahkan di tambah..sesuai dgn jumlah client anda….(Sesuaikan ip addresnya dengan jaringan anda):
/ip firewall address-list \
add address=192.168.35.2 \
comment=”SQUID PROXY EXTERNAL” \
disabled=no list=\
“ proxy”
/ip firewall address-list \
add address=192.168.34.2 \
comment=”CLIENT1″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.3 \
comment=”CLIENT2″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.4 \
comment=”CLIENT3″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.5 \
comment=”CLIENT4″ \
disabled=no list=\
“client”
/ip firewall address-list \
add address=192.168.34.6 \
comment=”CLIENT5″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.7 \
comment=”CLIENT6″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.8 \
comment=”CLIENT7″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.9 \
comment=”CLIENT8″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.10 \
comment=”CLIENT9″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.11 \
comment=”CLIENT10″ \
disabled=no list=\
“ client”
/ip firewall address-list \
add address=192.168.34.12 \
comment=”CLIENT11″ \
disabled=no list=\
“client”

8. Selanjutnya Firwall layer7,yang nanti nya untuk limit .exe .zip .rar dll:
/ip firewall layer7-protocol add name=YOUTUBE regexp=”http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
-9][\\x09-\\x0d -~]*(content-type: video)”
/ip firewall layer7-protocol add name=”EXE” \
regexp=”\\.(exe)”
/ip firewall layer7-protocol add name=”RAR” \
regexp=”\\.(rar)”
/ip firewall layer7-protocol add name=”7z” \
regexp=”\\.(7z)”
/ip firewall layer7-protocol add name=”CAB” \
regexp=”\\.(cab)”
/ip firewall layer7-protocol add name=”ASF” \
regexp=”\\.(asf)”
/ip firewall layer7-protocol add name=”MOV” \
regexp=”\\.(mov)”
/ip firewall layer7-protocol add name=”WMV” \
regexp=”\\.(wmv)”
/ip firewall layer7-protocol add name=”MPG” \
regexp=”\\.(mpg)”
/ip firewall layer7-protocol add name=”MPEG” \
regexp=”\\.(mpeg)”
/ip firewall layer7-protocol add name=”MKV” \
regexp=”\\.(mkv)”
/ip firewall layer7-protocol add name=”ZIP” \
regexp=”\\.(zip)”
/ip firewall layer7-protocol add name=”AVI” \
regexp=”\\.(avi)”
/ip firewall layer7-protocol add name=”FLV” \
regexp=”\\.(flv)”
/ip firewall layer7-protocol add name=”WAV” \
regexp=”\\.(wav)”
/ip firewall layer7-protocol add name=”RM” \
regexp=”\\.(rm)”
/ip firewall layer7-protocol add name=”MP3″ \
regexp=”\\.(mp3)”
/ip firewall layer7-protocol add name=”MP4″ \
regexp=”\\.(mp4)”
/ip firewall layer7-protocol add name=”RAM” \
regexp=”\\.(ram)”
/ip firewall layer7-protocol add name=”RMVB” \
regexp=”\\.(rmvb)”
/ip firewall layer7-protocol add name=”DAT” \
regexp=”\\.(dat)”
/ip firewall layer7-protocol add name=”DAA” \
regexp=”\\.(daa)”
/ip firewall layer7-protocol add name=”ISO” \
regexp=”\\.(iso)”
/ip firewall layer7-protocol add name=”NRG” \
regexp=”\\.(nrg)”
/ip firewall layer7-protocol add name=”BIN” \
regexp=”\\.(bin)”
/ip firewall layer7-protocol add name=”VCD” \
regexp=”\\.(vcd)”
9. Selanjutanya Mangle…….
A. Mangle Suid Hit:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SQUID PROXY HIT” \
disabled=no dscp=12 \
new-packet-mark=”PROXY HIT” passthrough=no
Mangle Squid koneksi dan squid Paket:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”BROWSING SQUID” disabled=no \
dst-address-list=”! client” \
dst-port=80,443 new-connection-mark=”SQUID KONEKSI” \
passthrough=yes protocol=tcp \
src-address-list=” proxy”
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SQUID PAKET” \
connection-mark=”SQUID KONEKSI” disabled=no \
new-packet-mark=”SQUID PAKET” passthrough=no
B. Mangle Semua koneksi masuk dan koneksi keluar:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”TANDA SEMUA KONEKSI” disabled=no \
dst-address-list=”! client” \
in-interface=local new-connection-mark=”SEMUA KONEKSI MASUK” \
passthrough=yes
/ip firewall mangle add action=mark-connection \
chain=forward disabled=no \
new-connection-mark=”SEMUA KONEKSI KELUAR” \
out-interface=local passthrough=yes \
src-address-list=”! client” \
comment=”SEMUA KONEKSI KELUAR”
/ip firewall mangle add chain=prerouting \
action=mark-packet new-packet-mark=”SEMUA PAKET_MASUK”\
passthrough=yes connection-mark=”SEMUA KONEKSI MASUK” \
comment=”SEMUA PAKET MASUK”
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”SEMUA PAKET KELUAR” \
passthrough=yes connection-mark=”SEMUA KONEKSI KELUAR”
comment=”SEMUA PAKET KELUAR”
C. Mangle Browsing koneksi yang koneksi dari semua koneksi masuk:
/ip firewall mangle add action=mark-connection chain=prerouting \
comment=”BROWSING CLIENT” \
connection-mark=”SEMUA KONEKSI MASUK” disabled=no \
new-connection-mark=”BROWSING KONEKSI” \
passthrough=yes protocol=tcp
D. Mangle Koneksi ICMP dengan dscp1:
/ip firewall mangle add action=mark-connection \
chain=postrouting disabled=no dscp=1 \
new-connection-mark=”ICMP KONEKSI” passthrough=yes \
comment=”ICMP KOMEKSI”

E. Mangle Game koneksi yang koneksi dari semua koneksi masuk:
F. Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari port game tersebut:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”POINT BLANK” \
connection-mark=”SEMUA KONEKSI MASUK” \
disabled=no dst-port=40000-40010 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”POKER” \
connection-mark=”SEMUA KONEKSI MASUK” \
disabled=no dst-port=9339,843 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”RF ONLINE” \
connection-mark=”SEMUA KONEKSI MASUK” disabled=no \
dst-port=10001,10002,10003,10004,10005,10006,10007 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=udpG. Mangle ICMP PAKET:
/ip firewall mangle add action=mark-packet \
chain=postrouting connection-mark=”ICMP KONEKSI” \
disabled=no new-packet-mark=”ICMP PAKET” passthrough=no \
comment=”ICMP PAKET”

H. Selanjutnya mangle Game Paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SEMUA GAME DIPAKETKAN” \
connection-mark=”GAME KONEKSI” disabled=no \
new-packet-mark=”GAME PAKET” passthrough=no

I. Selanjutnya Bowsing paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”BROWSING PAKET” \
connection-bytes=0-131072 \
connection-mark=”BROWSING KONEKSI” \
disabled=no new-packet-mark=”BROWSING PAKET” \
passthrough=no protocol=tcpJ. Change dscp ICMP dan Port 53:
/ip firewall mangle add action=change-dscp \
chain=postrouting comment=”ICMP CHANGE DSCP” \
disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=udp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=tcp

K. Mangle Extention file seperti .zip .rar .flv .exe dll :
/ip firewall mangle add action=mark-connection \
chain=forward comment=”EXTENTION KONEKSI” \
disabled=no in-interface=local \
new-connection-mark=”EXTENTION KONEKSI” \
passthrough=yes
/ip firewall mangle add action=mark-packet \
chain=forward comment=”YOUTUBE MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”YOUTUBE” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”WMV MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”WMV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”EXE MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”EXE” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ZIP MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ZIP” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RAR MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RAR” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MPG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MPG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MPEG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MPEG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MP3 MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MP3″ passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MOV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MOV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ISO MARK” disabled=no \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ISO” \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MKV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MKV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”FLV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”FLV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”AVI MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”AVI” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CAB MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”CAB” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ASF MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ASF” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”WAV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”WAV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RM MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RM” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RAM MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RAM” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RMVB MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RMVB” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”DAT MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”DAT” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”DAA MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”DAA” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”NRG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”NRG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”BIN MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”BIN” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”VCD MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”VCD” passthrough=no

L. Mangle Paket client (sesuaikan Ip addressnya dengan ip address client jaringan anda):
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT1″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.2 \
new-packet-mark=”CLIENT1″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT2″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.3 \
new-packet-mark=”CLIENT2″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT3″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.4 \
new-packet-mark=”CLIENT3″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT4″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.5 \
new-packet-mark=”CLIENT4″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT5″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.6 \
new-packet-mark=”CLIENT5″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT6″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.7 \
new-packet-mark=”CLIENT6″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT7″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.8 \
new-packet-mark=”CLIENT7″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT8″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.9 \
new-packet-mark=”CLIENT8″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT9″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.10 \
new-packet-mark=”CLIENT9″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT10″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.11 \
new-packet-mark=”CLIENT10″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT11″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.12 \
new-packet-mark=”CLIENT11″ \
passthrough=no protocol=tcp
10. Queue Tree

A. Queue tree ICMP prioritas ke 1:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”ICMP PING” \
packet-mark=”ICMP PAKET” parent=public priority=1 \
queue=”default”

B. Queue Squid Hit Prioritas ke 2:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”SQUID HIT” \
packet-mark=”PROXY HIT” parent=local priority=2 \
queue=default

C. Queue Limit Extention prioritas ke 3 (jika anda ingin melimit yang berbeda silahkan ubah max-limitnya):
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=1000000 \
name=”LIMIT FILE EXTENTION” parent=global-out priority=3
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”AVI” packet-mark=AVI parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”EXE” packet-mark=”EXE” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”FLV” packet-mark=”FLV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”YOUTUBE” packet-mark=”YOUTUBE” \
parent=”LIMIT FILE EXTENTION” priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ISO” packet-mark=iso parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name=”MP3″ \
packet-mark=”MP3″ parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name=”MP4″ \
packet-mark=”MP4″ parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”MPEG” packet-mark=”MPEG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”MPG” packet-mark=”MPG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RAR” packet-mark=”RAR” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”WMV” packet-mark=”WMV” \
parent=”LIMIT FILE EXTENTION” priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ZIP” packet-mark=”ZIP” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”CAB” packet-mark=”CAB” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ASF” packet-mark=”ASF” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”MOV” packet-mark=”MOV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”MKV” packet-mark=”MKV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”WAV” packet-mark=”WAV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RM” packet-mark=”RM” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RAM” packet-mark=”RAM” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RMVB” packet-mark=”RMVB” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”DAT” packet-mark=”DAT” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”DAA” packet-mark=”DAA” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”NRG” packet-mark=”NRG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”BIN” packet-mark=”BIN” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”VCD” packet-mark=”VCD” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default

D. Queue tree Semua Upload Prioritas ke 4 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”+++TOTAL UPLOAD+++” \
packet-mark=”SEMUA PAKET MASUK” \
parent=public priority=4 queue=default

E. Total download Prioritas ke 5 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”+++TOTAL DOWNLOAD+++” packet-mark=”SEMUA PAKET KELUAR” \
parent=global-out priority=5

F. Game download Prioritas ke 6 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”GAME DOWNLOAD” packet-mark=”GAME PAKET” \
parent=”+++TOTAL DOWNLOAD+++” priority=6 \
queue=default

G. Queue Browsing Paket Priority ke 7
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”BROWSING PAKET” packet-mark=”BROWSING PAKET” \
parent=”+++TOTAL DOWNLOAD+++” priority=7 queue=default
Queue tree Total download client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”+++TOTAL DOWNLOAD CLIENT+++” \
parent=”+++TOTAL DOWNLOAD+++” priority=8

H. Queue tree client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT1″ packet-mark=”CLIENT1″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT2″ packet-mark=”CLIENT2″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT3″ packet-mark=”CLIENT3″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT4″ packet-mark=”CLIENT4″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT5″ packet-mark=”CLIENT5″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT6″ packet-mark=”CLIENT6″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT7″ packet-mark=”CLIENT7″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT8″ packet-mark=”CLIENT8″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT9″ packet-mark=”CLIENT9″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT10″ packet-mark=”CLIENT10″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT11″ packet-mark=”CLIENT11″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default

Mikrotik + Transparent Proxy Terpisah + Web Filtering

Pekerjaan saya yang tertunda selama ini adalah membangun sebuah Proxy Server terpisah dari Mikrotik yang sudah dilengkapi dengan Web Filtering.
Untuk Proxy Server yang terpisah saya kali ini menggunakan Red Hat Linux sebagai operating system dan Squid sebagai aplikasi proxy serta Dansguardian sebagai aplikasi Web Filtering
Kesulitan saya selama ini adalah membuat agar semua akses web browsing via port 80 agar terfilter terlebih dahulu pada Proxy Server.
Beberapa kali saya mencoba menggunakan fitur Web Proxy Mikrotik lalu saya parent kan dengan Proxy Server yang saya bangun terpisah. Kegagalannya adalah selain mikrotik menjadi tambah berat, kesalahan setting Access Control List yang membuat Mikrotik dapat digunakan sebagai proxy dari user diluar jaringan, sudah barang tentu hal ini dapat membuat bandwidth terkuras.
Akhirnya saya berkeinginan agar user dalam jaringan hanya menggunakan proxy diluar fasilitas yang tersedia di Mikrotik. Proxy server ini saya sejajarkan dengan ip user sehingga menggunakan ip local.
Adapun kesulitan saya selama ini adalah melakukan redirect request dari user ke mikrotik melalui port 80 menuju proxy server.  teknik redirect port 80 ke ip tertentu.
Adapun detailnya sbb :
Mikrotik : 192.168.0.1
Internet : eth1
Lan : eth2
Proxy  : 192.168.0.254
port : 3128
———–
di asumsikan bahwa transparent proxy sudah berjalan normal pada Proxy Server
1. Table NAT ( IP > Firewall > NAT )
dst-nat, src-address = !192.168.0.254 protocol=tcp dst-port=80 in-interface=ether2 action=dstnat to-addresses=192.168.0.254 to-port=3128
src-nat, src-address=192.168.0.0/24 out-interface=ether2 action=srcnat to-addresses=192.168.0.1 to-port=0-65535
2. Table Filter Rules
chain=forward src-address=192.168.0.0/24 dst-address=192.168.0.254 dst-port=3128 in-interface=ether2 out-interface=ether1 action=accept
dengan script ini akhirnya transparent proxy tanpa menggunakan fitur proxy Mikrotik dapat berjalan dengan sempurna.

TENTANG Mikrotik RouterOS™

Mikrotik RouterOS™" adalah sistem operasi dan perangkat lunak yang dapat digunakan untuk menjadikan komputer biasa menjadi router network yang handal,mencakup berbagai fitur yang dibuat untuk ip network dan jaringan wireless.

Mikrotik RouterOS™, merupakan sistem operasi Linux base yang diperuntukkan sebagai network router. Didesain untuk memberikan kemudahan bagi penggunanya. Administrasinya bisa dilakukan melalui Windows Application (WinBox). Selain itu instalasi dapat dilakukan pada Standard komputer PC (Personal Computer). PC yang akan dijadikan router Mikrotik pun tidak memerlukan resource yang cukup besar untuk penggunaan standard, misalnya hanya sebagai gateway. Untuk keperluan beban yang besar (network yang kompleks, routing yang rumit) disarankan untuk mempertimbangkan pemilihan resource/spesifikasi PC yang memadai.

Dalam dunia router, mesin yang berfungsi mengarahkan alamat di Internet, Cisco merupakan nama yang sudah tidak diragukan lagi. Tetapi di dunia lain, nama Mikrotik, yang berbentuk software, lumayan dikenal sebagai penyedia solusi murah untuk fungsi router, bahkan kita dapat membuat router sendiri dari computer rumahan.

Jenis-Jenis Mikrotik

* Mikrotik RouterOS™ yang berbentuk software yang dapat di-download di www.Mikrotik.com. Dapat diinstal pada komputer rumahan (PC).
* BUILT-IN Hardware Mikrotik dalam bentuk perangkat keras yang khusus dikemas dalam board router yang didalamnya sudah terinstal Mikrotik RouterOS™.

Fitur-Fitur Mikrotik

1. Address List, Pengelompokan IP address berdasarkan nama.
2. Asynchronous, Mendukung serial PPP dial-in/dialout, dengan otentikasi CHAP,
PAP, MSCHAPv1 dan MSCHAPv2, Radius, dial on demand, modem pool hingga 128 ports.
3. Bonding, Mendukung dalam pengkombinasian beberapa antarmuka ethernet ke dalam 1
pipa pada koneksi yang cepat.
4. Bridge, Mendukung fungsi bridge spanning tree, multiple bridge interface, bridge
firewalling.
5. Data Rate Management, QoS berbasis HTB dengan penggunaan busrt, PCQ, RED, SFQ,
FIFO queue, CIR, MIR, limit antar peer to peer.
6. DHCP, Mendukung DHCP tiap antar muka; DHCP relay; DHCP client, multiple network
DHCP; static and dynamic DHCP leases.
7. Firewall and NAT, Mendukung pemfilteran koneksi peer to peer, source NAT dan
destination NAT. Mampu memfilter berdasarkan MAC, IP address, range port,
protokol IP, pemilihan opsi protokol seperti ICMP, TCP flags dan MSS.
8. Hotspot, Hotspot gateway dengan otentifikasi RADIUS. Mendukung limit data rate,
SSL, HTTPS.
9. IPSec, Protokol AH dan ESP untuk IPSec; MODP Diffie-Hellman groups 1, 2, 5; MD5
dan algoritma SHA1 hashing; algoritma enkripsi menggunakan DES, 3DES, AES-128,
AES-129, AES-256; Perfect Forwarding Secresy (PFS) MODP groups 1, 2, 5.
10.ISDN, Mendukung ISDN dial-in/dial out. Dengan otentikasi PAP, CHAP, MSCHAPv1
dan MSCHAPv2, Radius. Mendukung 128K bundle, Cisco HDLC, x751, x75ui, x75bui
line protokol.
11.M3P, Mikrotik Protokol Paket Packer untuk wireless links dan ethernet.
12.MNDP, Mikrotik Discovery Neighbor Protocol, juga mendukung Cisco Discovery
Protocol (CDP).
13.Monitoring/Accounting, Laporan traffic IP, log, statistik graphs yang dapat
diakses melalui HTTP.
14.NTP, Network Time Protokol untuk server dan client; sinkronisasi menggunkan
system GPS.
15.Point to Point Tunneling Protocol, PPTP, PPPoE dan L2TP Access Concentrators;
protokol otentikasi menggunakan PAP, CHAP, MSCHAPv1, MSCHAPv2; otentikasi dan
laporan RADIUs; enkripsi MPPE; kompresi untuk PpoE; Limit data rate.
16.Proxy, Cache untuk FTP dan HTTP proxy server; HTTPS proxy; transparent proxy
untuk DNS dan HTTP; mendukung protokol SOKCS; mendukung parent proxy; statik DNS
17.Routing, Routing statik dan dinamik; RIP v1/v2, OSPF v2, BGP v4.
18.SDSL, Mendukung Single Line DSL; mode pemutusan jalur koneksi dan jaringan.
19.Simple Tunnels, Tunnel IPIP dan EoIP (Ethernet over IP).
20.SNMP, Mode akses read only.
21.Synchronous, V.35, V.24, E1/T1, X21, DS3 (T3) media types; sync-PPP, Cisco HDLC;
Frame Relay line protocol; ANSI-617d (ANDI atau annex D) dan Q933a (CCIT atau
annex A); Frame Relay jenis LMI.
22.Tool, Ping; Traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer;
Dinamic DNS update.
23.UpnP, Mendukung antar muka universal Plug and Play.
24.VLAN, Mendukung Virtual LAN IEEE802.1q untuk jaringan ethernet dan wireless;
multiple VLAN; VLAN bridging.
25.VOIP, Mendukung aplikasi voice over IP.
26.VRPP, Mendukung Virtual Router Redudant Protocol.
27.Winbox, Aplikasi mode GUI untuk meremote dan mengkonfigurasi Mikrotik RouterOS.

Setting Mikrotik rb 750 G + 2 line speedy + proxy squid

Settingan sederhana load balancing 2 speedy + squid
tidak cocok buat Warnet Game Online

topologinya

speedy1----|
|------- mikrotik RB 750 G-------LAN-----client
speedy2---- |
|
squid ubuntu 9.10

seting modem menjadi bridge
ip address
modem 1 192.168.1.1
modem 2 192.168.2.1
proxy 192.168.3.2

ip mikrotik
lan 192.168.0.1
modem1 192.168.1.2
modem2 192.168.2.2
proxy 192.168.3.1



/ip firewall address-list \
add address=192.168.3.2 \
comment=”SQUID PROXY EXTERNAL” \
disabled=no list=\
“ ip squid”
 
pppoe
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-1" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-2" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

set nat
/ip firewall nat
add chain=srcnat action=masquerade out-interface=PPPoE-1 comment="" disabled=no
add chain=srcnat action=masquerade out-interface=PPPoE-2 comment="" disabled=no

/ip firewall nat
add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=80 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=8080 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=3128 in.-interface=ip lan


set manggel
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Mangel" connection-state=new disabled=no in-interface=lan nth=2,1 new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=lan nth=2,2 new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Mark Paket" in-interface=lan connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=lan connection-mark=ADSL-2 disabled=no new-routing-mark=speedy-2-conn passthrough=no

set Proxy
add action=mark-connection chain=prerouting comment="proxy" in-interface=proxy connection-state=new nth=2,1 disabled=no new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" in-interface=proxy connection-state=new nth=2,2 disabled=no new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Proxy mark" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

IP Route
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1 , scope=30 target-scope=10 routing-mark=modem1

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe2 gateway-interface=PPPoE-2 scope=30 target-scope=10 routing-mark=modem2

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1, PPPoE-2 scope=30 target-scope=10

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe1 gateway-interface=PPPoE-1 scope=30 target-scope=10 routing-mark=modem1



Untuk Proxynya

#==================================#
# Proxy Server Versi 2.7.Stable3
#==================================#
################################################## ###############
# Port
################################################## ###############
http_port 3128 transparent
icp_port 3130
prefer_direct off
################################################## ###############
# Cache & Object
################################################## ###############
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
################################################## ###############
# cache_dir
cache_dir aufs /home/proxy1 9000 32 128
cache_dir aufs /home/proxy2 9000 32 128
cache_dir aufs /home/proxy3 9000 32 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
################################################## ###############
# Rules: Safe Port
################################################## ###############
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8q
acl lan src 192.168.0.0/27
acl modem1 src 192.168.1.0/24
acl modem2 src 192.168.2.0/24
acl proxy src 192.168.3.0/24
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow lan
http_access allow modem2
http_access allow modem2
http_access allow proxy
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
################################################## ###############
# Refresh Pattern
################################################## ###############
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
################################################## ###############
# HAVP + Clamav
################################################## ###############
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
################################################## ###############
# HIERARCHY (BYPASS CGI)
################################################## ###############
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
################################################## ###############
# SNMP
################################################## ###############
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
################################################## ###############
# ALLOWED ACCESS
################################################## ###############
acl persegi src 192.168.0.0/24 ## Sesuaikan
http_access allow persegi
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow persegi
icp_access allow localhost
icp_access deny all
always_direct deny all
################################################## ###############
# Cache CGI & Administrative
################################################## ###############
cache_mgr batamwarnet@batamwarnet.com
cachemgr_passwd 123 all
visible_hostname proxy.bless.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
cache_mgr enchone@bless.net
################################################## ###############
# Squid ZPH
################################################## ###############

seting pembagian hardisk di squid
1 gb /boot flad
3 gb /
4 gb /usr
4 gb /var
1 gb swap
15 gb/home/proxy1
15 gb/home/proxy2
15 gb/home/proxy3
sisanya di jadiin share, hdd ukuran 80 gb...

oke itu dulu semoga bermanfaat ya