Karena setiap hari ada pertanyaan mengenai konfigurasi Mikrotik dan
Proxy Ubuntu, berikut ini saya berikan tutorial berupa script yang mungkin
dibutuhkan oleh para pengunjung blog ini. Script ini merupakan script yang
selama ini saya gunakan dan Alhamdulillah lancar-lancar saja. Sebelumnya untuk
Firewall Filter Rule anda bisa mengambil dari sini . Berikutnya mari kita belajar bersama …
hehehe lanjut bozzz…
Sebelum mengkonfigurasi Mikrotik, sebaiknya anda pahami terlebih dahulu
bahwa IP Address yang ada di settingan berikut adalah ip lokal. Oleh karena itu
sesuaikan dengan konfigurasi ip network lokal anda masing-masing. Settingan ini
adalah settingan untuk mikrotik menggunakan Ubuntu Proxy. Jika anda tidak
menggunakan Proxy sesuaikan dengan konfigurasi anda juga.
Jelasnya sebagai berikut :
Ether1=IP Public/IP Internet
Ether2=IP lokal
Ether3=IP ke Proxy
Pertama kita setting terlebih dahulu
:
1.Mangle
/ip firewall mangle
add action=mark-packet chain=prerouting comment=PROXY-HIT disabled=no dscp=12 \
new-packet-mark=proxy-hit passthrough=no
add action=mark-connection chain=prerouting comment=HTTP-CONN disabled=no \
in-interface=ether2 new-connection-mark=http_conn passthrough=no \
protocol=tcp src-address=192.168.1.0/24
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no \
new-packet-mark=http_conn passthrough=no
add action=jump chain=prerouting comment=”DNS SERVICE” connection-state=new \
disabled=no jump-target=udp-services protocol=udp
add action=mark-connection chain=udp-services disabled=no dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services disabled=no dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment=YM disabled=no dst-port=\
5050,5100 new-connection-mark=YM passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=YM disabled=no \
new-packet-mark=ym-conn passthrough=no
add action=mark-connection chain=prerouting comment=ICMP_KONEKSI disabled=no \
new-connection-mark=ICMP_KONEKSI passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_KONEKSI \
disabled=no new-packet-mark=ICMP_PAKET passthrough=no protocol=icmp
add action=change-mss chain=forward comment=”CHANGE MMS” disabled=no new-mss=\
1448 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-1448
add action=mark-packet chain=prerouting comment=PROXY-HIT disabled=no dscp=12 \
new-packet-mark=proxy-hit passthrough=no
add action=mark-connection chain=prerouting comment=HTTP-CONN disabled=no \
in-interface=ether2 new-connection-mark=http_conn passthrough=no \
protocol=tcp src-address=192.168.1.0/24
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no \
new-packet-mark=http_conn passthrough=no
add action=jump chain=prerouting comment=”DNS SERVICE” connection-state=new \
disabled=no jump-target=udp-services protocol=udp
add action=mark-connection chain=udp-services disabled=no dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services disabled=no dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment=YM disabled=no dst-port=\
5050,5100 new-connection-mark=YM passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=YM disabled=no \
new-packet-mark=ym-conn passthrough=no
add action=mark-connection chain=prerouting comment=ICMP_KONEKSI disabled=no \
new-connection-mark=ICMP_KONEKSI passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_KONEKSI \
disabled=no new-packet-mark=ICMP_PAKET passthrough=no protocol=icmp
add action=change-mss chain=forward comment=”CHANGE MMS” disabled=no new-mss=\
1448 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-1448
2.Queue type
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=\5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=downstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
add kind=pcq name=upstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=\5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=downstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
add kind=pcq name=upstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
3.Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”==KONDISI_PING==” packet-mark=ICMP_PAKET parent=\
global-total priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DOWN1 parent=ether2 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Downlink1 packet-mark=http_conn parent=DOWN1 priority=5 \
queue=downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT-1 packet-mark=proxy-hit parent=DOWN1 priority=5 queue=\
downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=UPLOAD-1 parent=ether1 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Up-Ether1 packet-mark=proxy-hit parent=UPLOAD-1 priority=5 \
queue=upstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Http-Proxy parent=ether3 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Proxy-Hit packet-mark=proxy-hit parent=Http-Proxy \
priority=5 queue=upstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”==KONDISI_PING==” packet-mark=ICMP_PAKET parent=\
global-total priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DOWN1 parent=ether2 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Downlink1 packet-mark=http_conn parent=DOWN1 priority=5 \
queue=downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT-1 packet-mark=proxy-hit parent=DOWN1 priority=5 queue=\
downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=UPLOAD-1 parent=ether1 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Up-Ether1 packet-mark=proxy-hit parent=UPLOAD-1 priority=5 \
queue=upstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Http-Proxy parent=ether3 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Proxy-Hit packet-mark=proxy-hit parent=Http-Proxy \
priority=5 queue=upstream
4.Queue Interface
/queue interface
set ether1 queue=upstream
set ether2 queue=downstream
set ether3 queue=ethernet-default
set ether1 queue=upstream
set ether2 queue=downstream
set ether3 queue=ethernet-default
5.Queue Simple
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-HTTP-CON \
packet-marks=http_conn parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-PROXY-HIT \
packet-marks=proxy-hit parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-1 \
packet-marks=http_conn parent=LAN-HTTP-CON priority=1 queue=\
upstream/downstream target-addresses=192.168.1.0/24 time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=default-small
add burst-limit=64k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=Client1 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client2 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-2 \
packet-marks=proxy-hit parent=LAN-PROXY-HIT priority=8 queue=\
upstream/downstream target-addresses=192.168.1.0/24 total-queue=\
default-small
add burst-limit=128k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client3 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.3/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-2 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=128k/128k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=\
Client-3 parent=LAN-2 priority=5 queue=default-small/default-small \
target-addresses=192.168.1.3/32 total-queue=default-small
add burst-limit=128k/256k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-1 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-HTTP-CON \
packet-marks=http_conn parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-PROXY-HIT \
packet-marks=proxy-hit parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-1 \
packet-marks=http_conn parent=LAN-HTTP-CON priority=1 queue=\
upstream/downstream target-addresses=192.168.1.0/24 time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=default-small
add burst-limit=64k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=Client1 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client2 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-2 \
packet-marks=proxy-hit parent=LAN-PROXY-HIT priority=8 queue=\
upstream/downstream target-addresses=192.168.1.0/24 total-queue=\
default-small
add burst-limit=128k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client3 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.3/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-2 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=128k/128k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=\
Client-3 parent=LAN-2 priority=5 queue=default-small/default-small \
target-addresses=192.168.1.3/32 total-queue=default-small
add burst-limit=128k/256k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-1 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
Selamat mengoprek….!!!!!
0 komentar: