Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 15 of 15
  1. #1
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    ip proxy direct (TIDAK BERFUNGSI)

    kenapa yah kok gq fungsi ????
    fungsi ip proxy direct bukan nya agar rule yg terdaftar di /ip proxy direct tidak melewati proxy, jadi dengan kata lain terhubung langsung dengan yang dituju.
    kenapa tidak berfungsi ????
    ada yang menggunakan fungsi ini ????
    misal gw buat rule seperti ini :

    /ip proxy direct
    add action=allow comment="PORT 9339" disabled=no dst-port=9339

    udah gw otak-atik action nya hit nya selalu 0

    ada yang bisa bantu ????

  2. #2
    Status
    Offline
    kweteng's Avatar
    VIP Member
    Join Date
    Nov 2009
    Location
    batu wae
    Posts
    797
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    iki maksude gimana to ?
    port 9339 itu port game poker, bukan port http (80) ya gak akan hit Click here to enlarge

  3. #3
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Setingan kumplitnya dong gan.. bingung kalo cuma gitu doang.. Click here to enlarge

  4. #4
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kweteng Click here to enlarge
    iki maksude gimana to ?
    port 9339 itu port game poker, bukan port http (80) ya gak akan hit Click here to enlarge
    gini toh mas, iki kan fungsi ne /ip proxy direct untuk direct (langsung) suatu web site ato suatu rule yang terdaftar di /ip proxy direct tsb.
    jadi inti ne kita gak mau port 9339 tu lwt proxy.
    yg d ats cuma contoh, semua udh ku cba, google.com jg ora iso.

    ok gini deh...kn saiki aku gunain nat untuk belo'in port 80 k port proxy, jd otomatis masuk dlm kategori ?
    nah agar ki gak lwt proxy cara na piye ?

    setau ku ya ada di /ip proxy direct tu, tp kok iki MT ne ra mudeng ya ?
    piye ki ?
    mumet Click here to enlarge

    note :
    Use Internal Proxy

    Click here to enlarge Originally Posted by antareja Click here to enlarge
    Setingan kumplitnya dong gan.. bingung kalo cuma gitu doang.. Click here to enlarge
    settingan yg mna yg d mksud gan ?
    mungkin ini yg d mksud agan ?

    Code:
    /ip proxy print
    enabled: yes
    src-address: 0.0.0.0
    port: 3128
    parent-proxy: 0.0.0.0
    parent-proxy-port: 0
    cache-administrator: "xxx@xxx"
    max-cache-size: 5000000KiB
    cache-on-disk: yes
    max-client-connections: 1000
    max-server-connections: 1000
    max-fresh-time: 3d
    serialize-connections: yes
    always-from-cache: yes
    cache-hit-dscp: 4
    cache-drive: primary-master
    mohon koreksi yah klo salah ?
    ato settingan yg mana ? hehe

  5. #5
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    kenapa yah kok gq fungsi ????
    fungsi ip proxy direct bukan nya agar rule yg terdaftar di /ip proxy direct tidak melewati proxy, jadi dengan kata lain terhubung langsung dengan yang dituju.
    kenapa tidak berfungsi ????
    ada yang menggunakan fungsi ini ????
    misal gw buat rule seperti ini :

    /ip proxy direct
    add action=allow comment="PORT 9339" disabled=no dst-port=9339

    udah gw otak-atik action nya hit nya selalu 0

    ada yang bisa bantu ????
    Hit pasti akan selalu nol, karena salah persepsi mengenai direct access.

    "If parent-proxy property is specified, it is possible to tell proxy server whether to try to pass the request to the parent proxy or to resolve it connecting to the requested server directly. Direct Access List is managed just like Proxy Access List described in the previous chapter except the action argument."

    Itu pengertian mengenai direct access, jadi yang dimaksud dengan direct itu adalah tidak melewati parent proxy, bukan berarti tidak menggunakan proxy.

  6. The Following User Says Thank You to xeon For This Useful Post:


  7. #6
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    Hit pasti akan selalu nol, karena salah persepsi mengenai direct access.

    "If parent-proxy property is specified, it is possible to tell proxy server whether to try to pass the request to the parent proxy or to resolve it connecting to the requested server directly. Direct Access List is managed just like Proxy Access List described in the previous chapter except the action argument."

    Itu pengertian mengenai direct access, jadi yang dimaksud dengan direct itu adalah tidak melewati parent proxy, bukan berarti tidak menggunakan proxy.
    oh gtu ya mas, berarti slh tanggap...hehe
    mklum nubie Click here to enlarge
    thanks dah kasih pencerahan...

  8. #7
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    gini toh mas, iki kan fungsi ne /ip proxy direct untuk direct (langsung) suatu web site ato suatu rule yang terdaftar di /ip proxy direct tsb.
    jadi inti ne kita gak mau port 9339 tu lwt proxy.
    yg d ats cuma contoh, semua udh ku cba, google.com jg ora iso.

    ok gini deh...kn saiki aku gunain nat untuk belo'in port 80 k port proxy, jd otomatis masuk dlm kategori ?
    nah agar ki gak lwt proxy cara na piye ?

    setau ku ya ada di /ip proxy direct tu, tp kok iki MT ne ra mudeng ya ?
    piye ki ?
    mumet Click here to enlarge

    note :
    Use Internal Proxy



    settingan yg mna yg d mksud gan ?
    mungkin ini yg d mksud agan ?

    Code:
    /ip proxy print
    enabled: yes
    src-address: 0.0.0.0
    port: 3128
    parent-proxy: 0.0.0.0
    parent-proxy-port: 0
    cache-administrator: "xxx@xxx"
    max-cache-size: 5000000KiB
    cache-on-disk: yes
    max-client-connections: 1000
    max-server-connections: 1000
    max-fresh-time: 3d
    serialize-connections: yes
    always-from-cache: yes
    cache-hit-dscp: 4
    cache-drive: primary-master
    mohon koreksi yah klo salah ?
    ato settingan yg mana ? hehe
    Lah, yang dibelokin pan cuma port 80, yang 9339 ga ikut dibelokin, berarti ya ga lewat proxy..

    Eniwe, udah dijawab sama yang di atas yah.. Tambahan: Silakan baca-baca gan..

  9. #8
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by antareja Click here to enlarge
    Lah, yang dibelokin pan cuma port 80, yang 9339 ga ikut dibelokin, berarti ya ga lewat proxy..

    Eniwe, udah dijawab sama yang di atas yah.. Tambahan: Silakan baca-baca gan..
    hehe...
    mksd na yg d ats cuma contoh aja...
    gak bs juga...

    oya untuk mslh saya ini apakah agan tau ?
    supaya suatu website/port tertentu tidak melewati proxy ????

    thanks link na Click here to enlarge

  10. #9
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    hehe...
    mksd na yg d ats cuma contoh aja...
    gak bs juga...

    oya untuk mslh saya ini apakah agan tau ?
    supaya suatu website/port tertentu tidak melewati proxy ????

    thanks link na Click here to enlarge
    ip proxy direct add dst-host=www.facebook.com dst-port=9339

  11. #10
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    hehe...
    mksd na yg d ats cuma contoh aja...
    gak bs juga...

    oya untuk mslh saya ini apakah agan tau ?
    supaya suatu website/port tertentu tidak melewati proxy ????

    thanks link na Click here to enlarge
    Kalo ane mah, paket-paket khusus di mangling dulu semua. Buat Facebook:
    Code:
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="-=L7 Zynga=-" disabled=\
        no layer7-protocol=zynga new-connection-mark="-=zynga=-" passthrough=yes
    add action=mark-packet chain=prerouting comment="L7 Zynga -> UP" disabled=no \
        layer7-protocol=zynga new-packet-mark=games_up passthrough=no
    add action=mark-packet chain=postrouting comment="L7 Zynga -> DOWN" \
        connection-mark="-=zynga=-" disabled=no new-packet-mark=games_down \
        out-interface=lokal passthrough=no
    add action=mark-connection chain=prerouting comment="apps.fb -> conn" \
        disabled=no dst-port=80 layer7-protocol=apps.fesbuk new-connection-mark=\
        ~fEsBuk~ passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="apps.fb -> UP" disabled=no \
        dst-port=80 layer7-protocol=apps.fesbuk new-packet-mark=fesbuk_up \
        passthrough=no protocol=tcp
    add action=mark-packet chain=prerouting comment="Game FB -> UP" disabled=no \
        layer7-protocol=crowdstar.com new-packet-mark=games_up passthrough=no
    add action=mark-packet chain=postrouting comment="Game FB -> DOWN" disabled=\
        no layer7-protocol=crowdstar.com new-packet-mark=games_down passthrough=\
        no
    add action=mark-packet chain=prerouting comment="Game FB -> UP" disabled=no \
        layer7-protocol=ninjasaga.com new-packet-mark=games_up passthrough=no
    add action=mark-packet chain=postrouting comment="Game FB -> DOWN" disabled=\
        no layer7-protocol=ninjasaga.com new-packet-mark=games_down passthrough=\
        no
    add action=mark-packet chain=prerouting comment="Game FB -> UP" disabled=no \
        layer7-protocol=mafiawars.com new-packet-mark=games_up passthrough=no
    add action=mark-packet chain=postrouting comment="Game FB -> DOWN" disabled=\
        no layer7-protocol=mafiawars.com new-packet-mark=games_down passthrough=\
        no
    add action=mark-connection chain=prerouting comment=".ak.fbcdn.net -> conn" \
        disabled=no layer7-protocol=fbcdn new-connection-mark=~fEsBuk~ \
        passthrough=yes
    add action=mark-packet chain=prerouting comment=".ak.fbcdn.net -> UP" \
        disabled=no layer7-protocol=fbcdn new-packet-mark=fesbuk_up passthrough=\
        no
    add action=mark-connection chain=prerouting comment="fb.com -> conn" \
        disabled=no layer7-protocol=fesbuk new-connection-mark=~fEsBuk~ \
        passthrough=yes
    add action=mark-packet chain=prerouting comment="fb.com -> UP" disabled=no \
        layer7-protocol=fesbuk new-packet-mark=fesbuk_up passthrough=no
    add action=mark-packet chain=output comment="fb.com -> DOWN" connection-mark=\
        ~fEsBuk~ disabled=no new-packet-mark=fesbuk_down out-interface=lokal \
        passthrough=no
    add action=mark-packet chain=postrouting comment="fb.com -> DOWN" disabled=no \
        layer7-protocol=fbcdn new-packet-mark=fesbuk_down out-interface=lokal \
        passthrough=no
    add action=mark-packet chain=postrouting comment="fb.com -> DOWN" disabled=no \
        layer7-protocol=fesbuk new-packet-mark=fesbuk_down out-interface=lokal \
        passthrough=no
    Baru terakhir:
    Code:
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment=++Browsing++ disabled=no \
        dst-port=80,443,21 new-connection-mark=++Browsing++ passthrough=yes \
        protocol=tcp
    add action=mark-packet chain=prerouting comment=http_up disabled=no dst-port=\
        80,443,21 in-interface=!Starcom new-packet-mark=http_up passthrough=no \
        protocol=tcp
    add action=mark-packet chain=postrouting comment=dl_down connection-bytes=\
        262146-4294967295 connection-mark=++Browsing++ disabled=no \
        new-packet-mark=dl_down passthrough=no protocol=tcp time=\
        9h-21h,sun,mon,tue,wed,thu,fri,sat
    add action=mark-packet chain=postrouting comment="http_down post" \
        connection-mark=++Browsing++ disabled=no new-packet-mark=http_down \
        passthrough=no
    Buat natnya mah biasa aja gan:
    Code:
    /ip firewall nat
    add action=redirect chain=dstnat comment=squidbox disabled=no dst-address=\
        !192.168.1.250 dst-port=80,3128,8080 protocol=tcp to-ports=8081
    Ane pake proxy internal mikrotik.. Prinsipnya, yang dibelokin ke proxy cuma port 80 aja, selain itu mah ga bakalan lewat proxy..
    Sekedar share konsep aja gan.. Click here to enlarge

  12. The Following User Says Thank You to antareja For This Useful Post:


  13. #11
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    oh bgono toh Click here to enlarge

    oya gan, gak sekalian l7 na export d mari ?

    thanks gan sblmnya...hehe

  14. #12
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    oh bgono toh Click here to enlarge

    oya gan, gak sekalian l7 na export d mari ?

    thanks gan sblmnya...hehe
    Silakan gan..
    Code:
    /ip firewall layer7-protocol
    add comment="" name=fesbuk regexp=.facebook.com
    add comment="" name=zynga regexp=.zynga.com
    add comment="" name=fbcdn regexp=.ak.fbcdn.net
    add comment="" name=crowdstar.com regexp=.crowdstar.com
    add comment="" name=ninjasaga.com regexp=.ninjasaga.com
    add comment="" name=mafiawars.com regexp=.mafiawars.com
    add comment="" name=farmville1 regexp=farmsrv.com
    add comment="" name=static.farmville.com regexp=static.farmville.com
    add comment="" name=cloudfront.net regexp=d3bbkh4a2992md.cloudfront.net
    add comment="" name=apps.fesbuk regexp=apps.facebook.com

  15. #13
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by antareja Click here to enlarge
    Silakan gan..
    Code:
    /ip firewall layer7-protocol
    add comment="" name=fesbuk regexp=.facebook.com
    add comment="" name=zynga regexp=.zynga.com
    add comment="" name=fbcdn regexp=.ak.fbcdn.net
    add comment="" name=crowdstar.com regexp=.crowdstar.com
    add comment="" name=ninjasaga.com regexp=.ninjasaga.com
    add comment="" name=mafiawars.com regexp=.mafiawars.com
    add comment="" name=farmville1 regexp=farmsrv.com
    add comment="" name=static.farmville.com regexp=static.farmville.com
    add comment="" name=cloudfront.net regexp=d3bbkh4a2992md.cloudfront.net
    add comment="" name=apps.fesbuk regexp=apps.facebook.com
    nanya gan, beda nya l7 sama content apaan yah ?
    hehehe...kbnyakan nnya nih...mklum masih bloon.
    Click here to enlarge

  16. #14
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhitek Click here to enlarge
    nanya gan, beda nya l7 sama content apaan yah ?
    hehehe...kbnyakan nnya nih...mklum masih bloon.
    Click here to enlarge
    Content, packet inspection hanya berdasarkan content dari suatu host yang dituju, regex target lebih kepada url-regex, filtering pada tingkatan aplikasi tidak bisa dilakukan / belum memungkinkan pada saat ini ex: blokir torrent, atau aplikasi p2p lainnya
    L7, packet inspection bisa lebih dalam sampai pada tingkatan aplikasi jadi regex bisa mengarah kepada suatu aplikasi sehingga bisa melakukan blokir pada tingkatan aplikasi ex: torrent, berbagai macam aplikasi p2p, dll

    CMIIW Click here to enlarge

  17. The Following User Says Thank You to oktama For This Useful Post:


  18. #15
    Status
    Offline
    dhitek's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    122
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by oktama Click here to enlarge
    Content, packet inspection hanya berdasarkan content dari suatu host yang dituju, regex target lebih kepada url-regex, filtering pada tingkatan aplikasi tidak bisa dilakukan / belum memungkinkan pada saat ini ex: blokir torrent, atau aplikasi p2p lainnya
    L7, packet inspection bisa lebih dalam sampai pada tingkatan aplikasi jadi regex bisa mengarah kepada suatu aplikasi sehingga bisa melakukan blokir pada tingkatan aplikasi ex: torrent, berbagai macam aplikasi p2p, dll

    CMIIW Click here to enlarge
    wow...mantab sekali om penjelasannya...thanks banget y om Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 22
    Last Post: 07-07-2013, 10:47
  2. Replies: 6
    Last Post: 25-10-2011, 00:54
  3. Queue Simple Macet atau tidak berfungsi
    By awarmanf in forum General Networking
    Replies: 3
    Last Post: 28-11-2009, 19:42
  4. Access list web proxy tdk berfungsi
    By awarmanf in forum Beginner Basics
    Replies: 4
    Last Post: 21-04-2008, 00:21
  5. Pppoe tak berfungsi pada 1 Jaringan
    By isurganteng in forum Beginner Basics
    Replies: 4
    Last Post: 01-03-2008, 18:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •