22 March 2012

LOAD BALANCING pada MIKROTIK di RB 750

LOAD BALANCING pada MIKROTIK di RB 750

Disini mencoba membuat load balancing dengan menggunakan routerboard RB 750 indoor yang mempunyai 5 interface, apabila kita ingin membuat load balancing failover pada mikrotik versi 4.11, disini saya menggunakan 2 jalur input WAN dengan 1 jalur output yang ditujukan pada Local Area Network.
Disini diatur interface dengan setting
- LAN = 192.168.1.0/24
- Uplink = WAN 1 = 192.168.20.6/28
- Uplink = WAN 2 = 192.168.10.12/24
Disini saya menggunakan 2 ISP WLAN, kalo di tempat anda menggunakan telkom speedy maka lihat dulu line tersebut mempunyai gateway yang sama atau tidak .  Apabila gateway sama,  anda harus setting PPPOE (mikrotik yang dial PPPOE sendiri),  maka anda pilih salahsatu dari gateway yang sama itu buat PPPOE yang lain bikin setting PPPOE dial dari modem yaitu modem yang jadi gateway.  Hal ini digunakan biar traffik jalan dengan maksimal, biasanya kalo cuma PPPOE dial mikrotik dengan gateway yang sama loadbalancing kurang maksimal bahkan sering terjadi 1 gateway saja yang jalan aktif.
Setting di mikrotik versi 4.11 adalah sebagai berikut :
/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=conn_1
passthrough=yes connection-state=new in-interface=LAN nth=2,1
add chain=prerouting action=mark-routing new-routing-mark=conn_1
passthrough=no in-interface=LAN connection-mark=conn_1
add chain=prerouting action=mark-connection new-connection-mark=conn_2
passthrough=yes connection-state=new in-interface=LAN nth=1,1
add chain=prerouting action=mark-routing new-routing-mark=conn_2
passthrough=no in-interface=LAN connection-mark=conn_2
/ip firewall nat
add chain=srcnat action=masquerade out-interface=WAN1 connection-mark=conn_1
add chain=srcnat action=masquerade out-interface=WAN2 connection-mark=conn_2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.20.14 scope=255 target-scope=10 routing-mark=conn_1 comment=”"disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.10.100 scope=255 target-scope=10 routing-mark=conn_2 comment=”"disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.20.14 scope=255 target-scope=10 comment=”"disabled=no
squid.conf  (lusca)

squid.conf (lusca)

# default listen port 8000 with transparent mode,
# change properly with your own port
http_port 8000 transparent

 http1.1 handling
server_http11 on

# cache manager name
cache_mgr Comstuff

# remove http-header "FORWARDER-FOR" to client that connected through squid
#forwarded_for off

# name of squid server
visible_hostname Comstuff

# caching option (memory, directory,)
cache_mem 16 MB
cache_dir aufs D:/luscacache/cache0 7000 16 256
coredump_dir D:/luscacache/

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
minimum_object_size 512 bytes
maximum_object_size 1024000 KB
maximum_object_size_in_memory 64 KB
store_avg_object_size 13 KB
offline_mode off

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
client_persistent_connections off
server_persistent_connections on

request_timeout 1 minute
store_avg_object_size 13 KB
pconn_timeout 15 seconds
negative_dns_ttl 60 seconds
positive_dns_ttl 6 hours
client_lifetime 6 hours
read_timeout 30 minutes
shutdown_lifetime 10 seconds
uri_whitespace strip
negative_ttl 30 seconds
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
cache_swap_high 99
cache_swap_low 98

fqdncache_size 16384
ipcache_size 4096
ipcache_low 98
ipcache_high 99

memory_pools off
reload_into_ims on
pipeline_prefetch on

acl advertise url_regex -i "C:/squid/etc/ads.block"
deny_info http://i1210.photobucket.com/albums/cc412/udinkepsuk/udinkepsuk.jpg advertise
http_access deny advertise

#acl blockedsites dstdomain "C:/squid/etc/sites.block"
#http_access deny blockedsites

#dns_defnames on

## dns cache to localhost if using unbound
# dns_nameservers 127.0.0.1

# choose one of format log below
# default is using complete log format
#logformat squid  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

access_log D:/luscacache/access.log squid
cache_store_log none
cache_log  D:/luscacache/cache.log
logfile_rotate 1
log_ip_on_direct off
log_icp_queries off
log_fqdn off
buffered_logs off


## use if your connection must set manual proxy configuration
## cache_peer IP_PARENT_PROXY parent PORT_PARENT_PROXY 0 round-robin no-query no-digest
## wheres IP_PARENT_PROXY is IP Adress of parent proxy
## and PORT_PARENT_PROXY is PORT of parent proxy listening on.
# cache_peer IP_PARENT_PROXY parent PORT_PARENT_PROXY 0 round-robin no-query no-digest



acl all src 0.0.0.0/0.0.0.0
acl localNet src 192.168.0.0/24 192.168.1.0/24 192.168.3.0/24 192.168.212.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl PURGE method PURGE

# Yahoo! Messenger
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com

acl ymregex url_regex yupdater.yim ymsgr myspaceim

# Other protocols Yahoo!Messenger uses ??
acl ym dstdomain .skype.com .imvu.com


## LUSCA
acl speedtest dstdom_regex -i speedtest.*\.
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex streamate.doublepimp.com.*\.js\? photos-[a-z].ak.fbcdn.net \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl dontrewrite url_regex redbot\.org \.php
acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplayback\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/videoplay\?
acl videocache_allow_url url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
acl videocache_allow_url url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.files\.youporn\.com\/(.*)\/flv\/
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ www\.tube8\.com\/(.*)\/
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)
acl videocache_allow_url url_regex -i video\.break\.com\/(.*)\.(flv|mp4)
acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .redtube.com .cdn.dailymotion.com

acl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]*
acl getmethod method GET

storeurl_access allow speedtest
storeurl_access allow videocache_allow_url
storeurl_access allow videocache_allow_dom
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

# REWRITE FEATURE
# PLEASE INSTALL strawberry perl first to enable this feature.
#
#storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
#storeurl_rewrite_children 2
#storeurl_rewrite_concurrency 99
# END OF REWRITE FEATURE

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 129600 90% 129600 ignore-reload store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)       129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 override-expire override-lastmod ignore-no-cache store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store negative-ttl=10080 store-stale
refresh_pattern ^http://(cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id) 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^http://(kh|khmdb|mw1)\.google\.com 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) 129600 999999% 129600 override-expire ignore-reload ignore-private negative-ttl=10080 store-stale
refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store negative-ttl=10080 store-stale
refresh_pattern facebook\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern .fbcdn\.net.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (zynga|zgncdn)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (ninjasaga|mafiawars|cityville|crowdstar)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (yimg|ytimg|twimg)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern (photobucket|overclockersclub)\.com.*\/ 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern ^http:\/\/image|images|pics|thumbs[0-9]\. 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-no-store store-stale
refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 90% 129600 ignore-no-cache ignore-private override-expire ignore-reload
refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod negative-ttl=10080 store-stale
refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js) 129600 999999% 129600 store-stale negative-ttl=0
refresh_pattern code.google.com.*(svn|download) 86400 50% 129600 reload-into-ims

## END LUSCA


# ANTI VIRUS
refresh_pattern avast.com.*\.vpx  43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#fb
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 1440 60% 525600 override-expire store-stale
refresh_pattern .fbcdn.net.*\.(jpg|gif|png)  1440 60% 131400 ignore-no-cache override-expire ignore-reload store-stale negative-ttl=0


#images facebook
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

# games facebook
refresh_pattern ^http:\/\/apps.facebook.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.zynga.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.farmville.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.ninjasaga.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.mafiawars.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.crowdstar.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.popcap.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale


#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)\? 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))\? 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)\? 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav)\? 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))\? 129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 180 95% 43200 override-lastmod reload-into-ims store-stale


########### END OF REFRESH PATTERN OPTION ################

global_internal_static off
max_stale 10 years
retry_on_error on
read_ahead_gap 32 KB


#acl time time SMTWHFA 09:00-23:59
#acl host url_regex -i "C:/squid/etc/host.acl"
#acl lambat url_regex -i "C:/squid/etc/lambat.acl"
#acl download urlpath_regex -i "C:/squid/etc/download.acl"

#delay_pools 3
#delay_access 1 allow host
#delay_access 1 deny all
#delay_access 2 allow download
#delay_access 2 deny all
#delay_access 3 allow lambat time
#delay_access 3 deny all

#delay_class 1 2
#delay_class 2 2
#delay_class 3 2

#delay_parameters 1 -1/-1 -1/-1
#delay_parameters 2 -1/-1 2000/100000
#delay_parameters 3 -1/-1 2000/100000

http_access allow PURGE manager localhost
http_access allow ym
http_access allow localhost
http_access allow localNet

http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all


#header_access From deny all
#header_access Referer deny all
#header_access Server deny all
#header_access User-Agent deny all
#header_access WWW-Authenticate deny all
#header_access Link deny all

        header_access Accept-Encoding deny all
        header_access Proxy-Connection deny all
        header_access Cache-Control deny all
        header_access X-Cache deny all
        header_access X-Cache-Lookup deny all
        header_access X-Powered-By deny all
        header_access Via deny all
#        header_access Rewrite-URL deny all
#        header_access X-Rewrite-URL deny all
        header_access Forwarded-For deny all
        header_access X-Forwarder-For deny all
#        header_access Pragma deny all
#        header_access Keep-Alive deny all


zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

# LUSCA
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on
# END LUSCA

21 March 2012

Instalasi Mikrotik sebagai bandwidth management dengan Squid Proxy Server

Instalasi Mikrotik sebagai bandwidth management dengan Squid Proxy Server

Instalasi Mikrotik sebagai bandwidth management dengan Squid Proxy Server
Bisa dipergunakan untuk Warnet, Laboratorium Perguruan tinggi atau Sekolah

–[1]– Persiapan

Percobaan saat dilakukan dengan menggunakan PC, uraian spesifikasinya sbb:

o Spesifikasi Mesin Proxy pake CentOs 4.4
­ Prosesor Pentium 4 Cpu Clock 2.4 Ghz
­ RAM 512 MB
­ Harddisk 40 GB
­ satu buah Card LAN Dlink

o Spesifikasi Mesin Mikrotik
­ Prosesor Pentium III Cpu Clock 1,3 Ghz
­ RAM 256 MB
­ Harddisk 40 GB
­ 2 Card LAN Dlink + 1 prolink

Mesin silahkan disesuaikan sesuai kondisi yang ada.

(a) Skema/topologi jaringan

Asumsi:

Koneksi Internet dengan menggunakan xDSL menggunakan modem, bisa lewat
infrastuktur telkom atau provider lainnya. Untuk koneksi melalui provider
wireless bisa disesuaikan.

_(
o­­+      ____|
|     /    |  Telpon
|   _/
­(
+­­[_] Splitter
|
|   +­­­­+
+­­­|    | Modem xDSL
+­­*­+
(1)|             +­­­+
|             |   |   (3)
|             |  +|­­­­­­­­­+
|   +­­­­­+   |  |. . . . . |
|  a|     |   |  +­­|­|­|­|­+
+­­­|=====|   |     | | | |
|     |   |     | | | |
|     |­­­+     +­|­|­|­­[client 1]
+­­­­|     |b          +­|­|­­­­­­­­­­­­[client 2]
|   c|     |             +­|­­­­­­­­­­­­­­­­­­­­­­[client 3]
|    L­­­­­J               +­­­­­­­­[client n]
|      (2)
d|
+­­­­­+
|     | (4)
|=====|
|     |
|     |
|     |
|     |
L­­­­­J

Keterangan skema

(1) = Modem xDSL (Ip Address : 192.168.1.1/24)
(2) = Mikrotik Box dengan 3 ethernet card yaitu a (publik), b (local) dan c (Proxy)
(3) = Switch

Untuk sambungan ke Client. Asumsi Client Jumlahnya 20 Client
Range Ip Address : 192.168.0.0/27
Alokasi Ip Client = 192.168.0.1­192.168.0.30
Ip Net ID : 192.168.0.0/27
Ip Broadcast : 192.168.0.31/27

(4) = Proxy Server Box

(b) Alokasi IP Address

[*] Mikrotik Box

Keterangan Skema
a = ethernet card 1 (Publik) ­> Ip Address : 192.168.1.2/24
b = ethernet card 2 (Local) ­> Ip Address : 192.168.0.30/27
c = ethernet card 3 (Proxy) ­> Ip Address : 192.168.2.1/30

Gateway : 192.168.1.1 (ke Modem)

[*] Client
Client 1 ­ Client n, Ip Address : 192.168.0.n …. n (1­30)

Contoh:
Client 6
Ip Address : 192.168.0.6/27
Gateway : 192.168.0.30 (ke Mikrotik Box)

[*] Linux untuk Proxy

d = ethernet card 4 (Linux) ­> Ip Address : 192.168.2.2/30
Gateway : 192.168.2.1/30 (ke ethernet 3 di Mikrotik)

CATATAN :
­ Angka dibelakang Ip address ( /27) sama dengan nilai netmasknya
untuk angka (/27) nilainya sama dengan 255.255.255.224.

Untuk Sub Netmask blok ip address Local kelas C, dapat diuraikan
sebagai berikut :

Subnetmask kelas C
——————­
255.255.255.0 = 24 ­> 254 mesin
.. .128 = 25 ­> 128 mesin
.. .192 = 26 ­> 64 mesin
.. .224 = 27 ­> 32 mesin
.. .240 = 28 ­> 16 mesin
.. .248 = 29 ­> 8 mesin
.. .252 = 30 ­> 4 mesin
.. .254 = 31 ­> 2 mesin
.. .255 = 32 ­> 1 mesin

!! Perlu dikurangin juga untuk 2 Ip adress yang tidak digunakan pada mesin.
Yaitu 1 ip address untuk Network ID dan 1 ip address untuk broadcast

­ Susunan kabel UTP antara (2)­Mikrotik Box dengan (4)­Linux Box adalah Cross,

–[2]– Konfigurasi Dasar

Sebagaimana  di  gambarkan  pada  skema  jaringan  diatas,  jenis  sistem  operasi  yang  perlu
disiapkan  ada  Sistem  Operasi  untuk  Router  yaitu  Mikrotik  RouterOS  versi  2.9.27  level  6  dan
Sistem Operasi Gnu/Linux distro CentOs versi 4.4 yang dipakai nantinya untuk mesin Proxy.






Informasi  untuk  mikrotik  ini  dapat  dilihat  pada  official  websitenya  di  http://www.mikrotik.com
dan http://www.mikrotik.co.id untuk Indonesia.

Silahkan  siapkan  dulu  ISOnya,  andaikata  pembaca  belum  mempunyainya,  untuk  ISO  sample
silahkan download di SINI.
Begitu juga untuk Linux CentOs nya,silahkan download dahulu ISO nya di
http://mirror.nsc.liu.se/CentOS/4.4/isos/i386/. CentOS ini versi 4.4.
Sesuaikan saja Sistem Operasinya jika pembaca ingin memamakai Sistem Operasi yang berbeda
dari percobaan yang dilakukan. Misalnya untuk mikrotik memakai MT Versi 2.8.x atau diatasnya
lagi,  begitu  juga  dengan  Linux,  silahkan  dipilih  sendiri  Distrobusi  yang  disukai.  Secara  konsep
konfigurasinya sama.
Nah,  di  anggap  kedua  mesin  telah  siap  beroperasi  tentu  telah  di  installkan  pada  kedua  mesin,
Untuk Mikrotik silahkan lihat metode instalasinya di SINI juga di SINI. Sedangkan untuk CentOs,
jika pembaca ingin membuat partisi khusus untuk /cache/ silahkan saja, Memang percobaan kali
ini partisinya dibuat khusus.

Konfigurasi dasar.

(a) Mikrotik

­ Instalasi paket SYSTEM, SECURITY, DHCP (optional)

­ Set Ip addressnya sesuai dengan Skema, karena memeliki 3 card lan, maka
di set IP address untuk ketiga card tersebut. Sesuaikan nama interfacenya
berdasarkan skema diatas, berarti ada nama interface yaitu:
1. interface Public
2. interface Local
3. interface Proxy

#Interface
——————————————————————————­
[admin@MikroTik] interface> print
Flags: X ­ disabled, D ­ dynamic, R ­ running
# NAME TYPE RX­RATE TX­RATE MTU
0 R public ether 0 0 1500
1 R proxy ether 0 0 1500
2 R local ether 0 0 1500
[admin@MikroTik] interface>
——————————————————————————­

Tentu saja nama interface boleh tidak sesuai dengan nama diatas, terserah
pembaca. Yang jelas ketiga interface diatas memiliki Subnet Ip address ber
beda, perhatikan skema.

# IP Address
——————————————————————————
[admin@MikroTik] > ip address print
Flags: X ­ disabled, I ­ invalid, D ­ dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.2/24 192.168.1.0 192.168.1.255 public
1 192.168.0.30/27 192.168.0.0 192.168.0.31 local
2 192.168.2.1/30 192.168.2.0 192.168.2.3 proxy
[admin@MikroTik] >
­ Set Ip Gateway atau routing. Untuk mikrotik gatewaynya ke Modem yaitu 192.168.1.1

# Ip Gateway
[admin@MikroTik] > ip route print
Flags: X ­ disabled, A ­ active, D ­ dynamic,
C ­ connect, S ­ static, r ­ rip, b ­ bgp, o ­ ospf
# DST­ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.2.0/30 192.168.2.1 proxy
1 ADC 192.168.0.0/27 192.168.0.30 local
2 ADC 192.168.1.0/24 192.168.1.2 public
3 A S 0.0.0.0/0 r 192.168.1.1 public

[admin@MikroTik] >

­ Set DNS
#Ip DNS


[admin@MikroTik] > [admin@MikroTik] >
invalid command name
[admin@MikroTik] > ip dns print
primary­dns: 203.130.193.74
secondary­dns: 202.134.0.155
allow­remote­requests: yes
cache­size: 10240KiB
cache­max­ttl: 1w
cache­used: 271KiB

                    [admin@MikroTik] >
­ Tambahkan rule di /ip firewall nat nya, untuk masquarade.
#Rule Firewall NAT, Redirect ke Web Proxy


[admin@MikroTik] ip firewall nat> pr
Flags: X ­ disabled, I ­ invalid, D ­ dynamic
0 chain=srcnat out­interface=public action=masquerade

1 chain=dstnat src­address=192.168.0.0/27 protocol=tcp dst­port=80
action=redirect to­ports=8080

2 chain=dstnat src­address=192.168.0.0/27 protocol=tcp dst­port=8000
action=redirect to­ports=3128

3 chain=dstnat src­address=192.168.0.0/27 protocol=tcp dst­port=3128
action=redirect to­ports=8080


# Bandwidth management dengan PCQ

### Set Trafik lewat Proxy dan Trafik Langsung

/ ip firewall mangle
add chain=prerouting src­address=192.168.n.n/27 action=mark­packet \
new­packet­mark=test­up passthrough=no comment=”UP TRAFFIC” disabled=no
add chain=forward src­address=192.168.14.n.n/27 action=mark­connection \
new­connection­mark=test­conn passthrough=yes comment=”CONN­MARK” \
disabled=no
add chain=forward in­interface=Public connection­mark=test­conn \
action=mark­packet new­packet­mark=test­down passthrough=no comment=” \
DOWN­DIRECT CONNECTION” disabled=no
add chain=output out­interface=Local dst­address=192.168.n.n/27 \
action=mark­packet new­packet­mark=test­down passthrough=no \
comment=”DOWN­VIA PROXY” disabled=no

##### Set PCQ type

/ queue type
add name=”pcq­download” kind=pcq pcq­rate=0 pcq­limit=50 \
pcq­classifier=dst­address pcq­total­limit=2000
add name=”pcq­upload” kind=pcq pcq­rate=0 pcq­limit=50 \
pcq­classifier=src­address pcq­total­limit=2000

####### ini Queue Treenya Simple Amat

/ queue tree
add name=”downstream” parent=Local packet­mark=test­down limit­at=0 \
queue=pcq­download priority=8 max­limit=0 burst­limit=0 burst­threshold=0 \
burst­time=0s disabled=no
add name=”upstream” parent=global­in packet­mark=test­up limit­at=0 \
queue=pcq­upload priority=8 max­limit=0 burst­limit=0 burst­threshold=0 \
burst­time=0s disabled=no

–[3]– Evaluasi
–[4]– Troubleshooting

­ Subnetmask antara interface Public dengan interface Proxy Sama, ping dari mikrotik ke mesin
linux tidak reply

19 March 2012

Tutorial Panduan Instalasi Ubuntu Server Squid Proxy Lusca  pakai gambar lengkap

Tutorial Panduan Instalasi Ubuntu Server Squid Proxy Lusca pakai gambar lengkap

  •  khusus bagi pemula yang ingin menginstall ubuntu server squid proxy ,lengkap bergambar mulai dari awal sampai akhir.persiapan yang harus dilakukan :
  •    1cd ubuntu server  (kalau tidak punya silahkan downdoand disini)
  •    2.lakukan booting dengan cd room (atur di bios)
  •    3.lakukan cara penginstallan seperti urutan gambar di bawah ini
















































































































































sumber:http://farounet.wordpress.com/2011/08/25/tutorial-panduan-instalasi-ubuntu-server-squid-proxy-lusca/