INDONESIA BLOGGER

Jumat, 19 Oktober 2012

Setting Mikrotik rb 750 G + 2 line speedy + proxy squid


Settingan sederhana load balancing 2 speedy + squid
tidak cocok buat Warnet Game Online

topologinya

speedy1----|
|------- mikrotik RB 750 G-------LAN-----client
speedy2---- |
|
squid ubuntu 9.10

seting modem menjadi bridge
ip address
modem 1 192.168.1.1
modem 2 192.168.2.1
proxy 192.168.3.2

ip mikrotik
lan 192.168.0.1
modem1 192.168.1.2
modem2 192.168.2.2
proxy 192.168.3.1

pppoe
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-1" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-2" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

set nat
/ip firewall nat
add chain=srcnat action=masquerade out-interface=PPPoE-1 comment="" disabled=no
add chain=srcnat action=masquerade out-interface=PPPoE-2 comment="" disabled=no

/ip firewall nat
add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=80 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=8080 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=3128 in.-interface=ip lan


set manggel
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Mangel" connection-state=new disabled=no in-interface=lan nth=2,1 new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=lan nth=2,2 new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Mark Paket" in-interface=lan connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=lan connection-mark=ADSL-2 disabled=no new-routing-mark=speedy-2-conn passthrough=no

set Proxy
add action=mark-connection chain=prerouting comment="proxy" in-interface=proxy connection-state=new nth=2,1 disabled=no new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" in-interface=proxy connection-state=new nth=2,2 disabled=no new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Proxy mark" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

IP Route
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1 , scope=30 target-scope=10 routing-mark=modem1

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe2 gateway-interface=PPPoE-2 scope=30 target-scope=10 routing-mark=modem2

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1, PPPoE-2 scope=30 target-scope=10

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe1 gateway-interface=PPPoE-1 scope=30 target-scope=10 routing-mark=modem1



Untuk Proxynya

#==================================#
# Proxy Server Versi 2.7.Stable3
#==================================#
################################################## ###############
# Port
################################################## ###############
http_port 3128 transparent
icp_port 3130
prefer_direct off
################################################## ###############
# Cache & Object
################################################## ###############
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
################################################## ###############
# cache_dir
cache_dir aufs /home/proxy1 9000 32 128
cache_dir aufs /home/proxy2 9000 32 128
cache_dir aufs /home/proxy3 9000 32 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
################################################## ###############
# Rules: Safe Port
################################################## ###############
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8q
acl lan src 192.168.0.0/27
acl modem1 src 192.168.1.0/24
acl modem2 src 192.168.2.0/24
acl proxy src 192.168.3.0/24
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow lan
http_access allow modem2
http_access allow modem2
http_access allow proxy
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
################################################## ###############
# Refresh Pattern
################################################## ###############
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
################################################## ###############
# HAVP + Clamav
################################################## ###############
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
################################################## ###############
# HIERARCHY (BYPASS CGI)
################################################## ###############
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
################################################## ###############
# SNMP
################################################## ###############
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
################################################## ###############
# ALLOWED ACCESS
################################################## ###############
acl persegi src 192.168.0.0/24 ## Sesuaikan
http_access allow persegi
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow persegi
icp_access allow localhost
icp_access deny all
always_direct deny all
################################################## ###############
# Cache CGI & Administrative
################################################## ###############
cache_mgr batamwarnet@batamwarnet.com
cachemgr_passwd 123 all
visible_hostname proxy.bless.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
cache_mgr enchone@bless.net
################################################## ###############
# Squid ZPH
################################################## ###############

seting pembagian hardisk di squid
1 gb /boot flad
3 gb /
4 gb /usr
4 gb /var
1 gb swap
15 gb/home/proxy1
15 gb/home/proxy2
15 gb/home/proxy3
sisanya di jadiin share, hdd ukuran 80 gb...



Sameera ChathurangaPosted By Sameera Chathuranga

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation test link ullamco laboris nisi ut aliquip ex ea commodo consequat contact me

Thank You

6 komentar:

  1. untuk proxynya belum jelas. Terima kasih mau berbagi

    BalasHapus
    Balasan
    1. terima kasih buat koreksinya,,terima kasih kembali gan,,

      Hapus
  2. maaf, ni bang catur, teman bang mawan yah

    BalasHapus
    Balasan
    1. maaf bos,,bang catur yang mana ya ??

      Hapus
  3. There is certainly a lot to learn about this issue. I love all the points you
    made.

    Also visit my weblog; ช่างกุญแจ

    BalasHapus