Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 13 of 13
  1. #1
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Apakah hotspot bisa dilewatkan proxy?

    Rekan-rekan,
    Berawal dari semakin berkembangnya warnet kami, maka dikembangkan hingga ke hotspot. Topologi seperti ini :

    Click here to enlarge

    Kemudian berkembang menjadi seperti ini :

    Click here to enlarge

    Berikut ini di MK nya :
    INTERFACENYA
    Code:
    [admin@MikroTik] > int print
    Flags: D - dynamic, X - disabled, R - running, S - slave 
     #     NAME                                                                                    TYPE             MTU   L2MTU
     0  R  ether1-modem                                                                            ether            1500  1524 
     1  R  ether2-lokal                                                                            ether            1500  1524 
     2     ether3                                                                                  ether            1500  1524 
     3  R  ether4-proxy                                                                            ether            1500  1524 
     4  R  ether5-hotspot                                                                          ether            1500  1524 
     5  R  Speedy                                                                                  pppoe-out        1480
    IP ADDRESS
    Code:
    [admin@MikroTik] > ip add pr
    Flags: X - disabled, I - invalid, D - dynamic 
     #   ADDRESS            NETWORK         BROADCAST       INTERFACE                                                          
     0   192.168.10.2/30    192.168.10.0    192.168.10.3    ether1-modem                                                       
     1   192.168.1.1/27     192.168.1.0     192.168.1.31    ether2-lokal                                                       
     2   192.168.40.1/30    192.168.40.0    192.168.40.3    ether4-proxy                                                       
     3   192.168.100.1/27   192.168.100.0   192.168.100.31  ether5-hotspot                                                     
     4 D 125.160.87.151/32  125.160.84.1    0.0.0.0         Speedy
    NAT
    Code:
    [admin@MikroTik] > ip fi nat print
    Flags: X - disabled, I - invalid, D - dynamic 
     0   chain=srcnat action=masquerade out-interface=ether1-modem 
    
     1   chain=srcnat action=masquerade out-interface=Speedy 
    
     2   ;;; SSH Proxy
         chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=22 protocol=tcp in-interface=Speedy dst-port=22 
    
     3   ;;; www-proxy
         chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=80 protocol=tcp in-interface=Speedy dst-port=80 
    
     4   ;;; Transparent-Proxy-Lokal
         chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=3128 protocol=tcp src-address=192.168.1.0/24 
         dst-address-list=!Local+Proxy in-interface=ether2-lokal dst-port=80 
    
     5 X ;;; Transparent-Proxy-Hotspot
         chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=3128 protocol=tcp src-address=192.168.100.0/27 
         dst-address-list=!Proxy in-interface=ether5-hotspot dst-port=80 
    
     6 X ;;; place hotspot rules here
         chain=unused-hs-chain action=passthrough 
    
     7   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=192.168.100.0/27
    (*****)
    MANGLE
    Code:
    [admin@MikroTik] > ip fi ma print
    Flags: X - disabled, I - invalid, D - dynamic 
    
     0   ;;; cache_proxy_hit
         chain=forward action=mark-packet new-packet-mark=hit passthrough=no in-interface=ether4-proxy dscp=12 
    
     1   chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no in-interface=ether4-proxy dscp=12
    SQUID.CONF
    Code:
    ### Konfigurasi Port
    http_port 3128 transparent
    prefer_direct off
    
    ### Bypass javascript, perl website (jika perlu) dan situs2 yang dekat (satu network) deklarasikan disini
    ### Untuk caching Facebook, lebih efektif jika ini di comment (nonaktif)
    #hierarchy_stoplist cgi-bin ? localhost
    #acl QUERY urlpath_regex cgi-bin \? localhost
    #no_cache deny QUERY
    
    ### Tuning Cache & Objek
    cache_mem 8 MB
    cache_swap_low 95
    cache_swap_high 97
    max_filedesc 8192
    
    server_http11 on
    maximum_object_size 700 MB
    minimum_object_size 0 bytes
    maximum_object_size_in_memory 32 KB
    ipcache_size 4096
    ipcache_low 95
    ipcache_high 97
    fqdncache_size 4096
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    
    ### Lokasi Cache
    cache_dir aufs /cache 40240 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    cache_swap_log /var/log/squid/swap.state
    
    ### DNS Server & Cache Queries
    #dns_nameservers 203.130.193.74 203.130.196.5
    #dns_nameservers 127.0.0.1
    
    ### Cache Options
    emulate_httpd_log off
    hosts_file /etc/hosts
    
    ### Objek-objek statis waktu peyimpanannya diperlama
    refresh_pattern -i \.(jp?g|gif|pnp|png|\?bm?)$  0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.jar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.klz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dif$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.avi$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.iso$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.3gp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mpeg$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xml$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.exe$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.zip$       0       90%     40320   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mp3$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.ver$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.erl$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xt$        0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xtp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.des$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.new$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.t2bk$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.smd$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.gi$        0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dat$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.luc$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.flv$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.html$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.htm$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.php$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.jsp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.swf$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.bin$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.pdf$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mp4$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i (/cgi-bin/|\?)     0     0%      0       ignore-reload override-expire reload-into-ims
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern .               480     50%     22160   reload-into-ims
    
    ### Access Control
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563              # https, snews
    acl SSL_ports port 873                  # rsync
    acl Safe_ports port 80                  # http
    acl Safe_ports port 21                  # ftp
    acl Safe_ports port 443 563             # https, snews
    acl Safe_ports port 70                  # gopher
    acl Safe_ports port 210                 # wais
    acl Safe_ports port 1025-65535          # unregistered ports
    acl Safe_ports port 280                 # http-mgmt
    acl Safe_ports port 488                 # gss-http
    acl Safe_ports port 591                 # filemaker
    acl Safe_ports port 777                 # multiling http
    acl Safe_ports port 631                 # cups
    acl Safe_ports port 873                 # rsync
    acl Safe_ports port 901                 # SWAT
    acl inputIP url_regex ^.[0-9]+\.[0-9]+\.[0-9]+/$
    acl inputIP url_regex ^.[0-9]+\.[0-9]+\.[0-9]+$
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    
    #http_access deny inputIP
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    
    ### ACL Akses
    acl LOCAL src 192.168.1.0/27
    acl LOCAL src 192.168.100.0/27
    http_access allow localhost
    icp_access allow localhost
    http_access allow ADMIN
    icp_access allow ADMINIS
    http_access deny all
    
    ### Administratif Squid
    #cache_mgr ADM
    
    #cachemgr_passwd AD
    visible_hostname proxy.pADmp
    cache_effective_user proxy
    cache_effective_group proxy
    coredump_dir /var/spool/squid
    pid_filename /var/run/squid.pid
    shutdown_lifetime 5 seconds
    logfile_rotate 7
    
    ### Monitoring SNMP
    #snmp_port 3401#acl snmpsquid snmp_community public
    #snmp_access allow snmpsquid localhost
    #snmp_access deny all
    
    ### Marking ZPH
    zph_mode tos
    zph_local 0x30
    
    #zph_parent 0
    #tcp_outgoing_tos 0x30 all
    PERMASALAHANNYA :
    Kenapa hotspotnya tidak dapat melewati proxy ?
    Saya sudah mencoba menerapkan untuk yang lokal bisa melewati proxy, dan konsep NAT hotspot juga saya mencoba seperti konsep lokal, namun tidak berjalan.
    Saya juga sudah mencoba menerapkan
    Mohon kiranya senior-senior dapat memberikan solusi pencerahan atau referensi yang bisa memberikan solusinya.
    Atas waktu dan kesediaanya memberikan solusi diucapkan terima kasih

    Mohon maaf, kalau codenya terlalu panjang. Pengen buat seperti punya agan adhie yang spoiler tu, blm bisa. Click here to enlarge mohon dipindakan bila tread ini salah tempat.


    Keterangan :
    (*****) : Saya disable, agar hotspot bisa jalan
    Last edited by mrjepara; 28-11-2010 at 01:56. Reason: Ada tambahan link yang ketinggalan

  2. #2
    Status
    Offline
    hikmahcell's Avatar
    Member Senior
    Join Date
    Apr 2009
    Location
    Tolitoli, Sulawesi Tengah, Indonesia, Indonesia
    Posts
    488
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    0
    sudah diset seperti ini?
    Click here to enlarge

  3. #3
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Ini screenshotny

    Udah tu gan

    Click here to enlarge
    padahal disini
    Click here to enlarge
    kalau dilihat proxy status running
    Click here to enlarge

    ---------- Post added at 12:51 ---------- Previous post was at 11:12 ----------

    Ini ada sedikit titik terang walaupun belum ketemu inti permasalahannya
    1. Saya reset rb saya, kemudian mulai lagi dari awal
    2. Pada saat ether5-hotspot, sy belum setup hotspotnya [nat sudah diarahkan ke proxy] bisa melewati proxy
    3. Setelah saya install hotspot, kemudian saya setting sesuai petunjuk agan hikmahcell di server profileny, hotspot tidak bisa kembali melewati proxy
    Click here to enlarge
    Kalau analisa saya, apabila muncul seperti itu salah satunya adalah kalau misalnya ip addressny belum dimasukkan ke proxy [padahal ini sudah dimasukkan], dan apabila saya disable natnya ether5-hotspotnya bisa melewati proxy.
    Mungkin dari rekan-rekan ada yang bisa membantu memberikan pencerahan?
    Terima kasih

  4. #4
    Status
    Offline
    uburcumi's Avatar
    :: Gw Banget Cing ::
    Join Date
    Jun 2009
    Location
    www.mikrotikservice.net
    Posts
    2,281
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    Redirect to proxy/transparent proxy taruh di paling bawah.

  5. #5
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Masih belum ada perubahan gan uburcumi. Yang bikin saya tambah penasaran. Kalau dalam posisi nat redirect ke proxy/transparent di browser ndak bisa,tapi kalau ping lewat command prompt windows bisa.
    Saya coba lihat di proxynya, kok seperti ini :
    Code:
    1290927564.849      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927565.047      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927565.241      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927565.445      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927565.630      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927565.816      0 192.168.40.1 TCP_DENIED/403 1398 GET http://www.google.co.                                             id/ - NONE/- text/html
    1290927569.164      0 192.168.40.1 TCP_DENIED/403 1456 GET http://pixel.facebook                                             .com/ajax/apps/usage_update.php? - NONE/- text/html
    1290927576.442      0 192.168.40.1 TCP_DENIED/403 1440 GET http://clients1.googl                                             e.co.id/complete/search? - NONE/- text/html
    1290927577.700      0 192.168.40.1 TCP_DENIED/403 1392 GET http://www.detik.com/                                              - NONE/- text/html
    1290927613.061      0 192.168.40.1 TCP_DENIED/403 1438 GET http://zbar.zynga.com                                             /zbar-new/adServer.php? - NONE/- text/html
    Padahal IP address client hotspot yang sedang dipakai di 192.168.100.3
    IP 192.168.40.1 adalah IP ether5-hotspot
    tambah penasaran saya Click here to enlarge
    Mungkin dari rekan-rekan yang bisa memberikan penjelasan?

    ---------- Post added at 14:09 ---------- Previous post was at 14:02 ----------

    Tambahan lagi gan,
    Click here to enlarge
    Setup hotspot otomatis [wizard] di nat akan muncul beberapa point, salah satunya disitu ada port 3128. Apakah itu berpengaruh atau ndak terhadap redirect ke proxynya?
    Terima kasih

  6. #6
    Status
    Offline
    maestro_smd's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    235
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Code:
    ### ACL Akses
    acl LOCAL src 192.168.1.0/27
    acl LOCAL src 192.168.100.0/27
    http_access allow localhost
    icp_access allow localhost
    http_access allow ADMIN
    icp_access allow ADMINIS
    http_access deny all
    Saya hanya menemukan set variable LOCAL untuk access control list, tapi mau diapain ni LOCAL...?

    acl LOCAL src 192.168.1.0/27 192.168.100.0/27
    http_access allow LOCAL

    Mungkin saya yg salah lihat...

  7. #7
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Terima kasih atas responnya gan. Mungkin ini squid.conf saya yang telah diperbaiki seperti ini
    Code:
    ### Konfigurasi Port
    http_port 3128 transparent
    prefer_direct off
    
    ### Bypass javascript, perl website (jika perlu) dan situs2 yang dekat (satu network) deklarasikan disini
    ### Untuk caching Facebook, lebih efektif jika ini di comment (nonaktif)
    #hierarchy_stoplist cgi-bin ? localhost
    #acl QUERY urlpath_regex cgi-bin \? localhost
    #no_cache deny QUERY
    
    ### Tuning Cache & Objek
    cache_mem 8 MB
    cache_swap_low 95
    cache_swap_high 97
    max_filedesc 8192
    
    server_http11 on
    maximum_object_size 700 MB
    minimum_object_size 0 bytes
    maximum_object_size_in_memory 32 KB
    ipcache_size 4096
    ipcache_low 95
    ipcache_high 97
    fqdncache_size 4096
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    
    ### Lokasi Cache
    cache_dir aufs /cache1 40240 16 256
    cache_dir aufs /cache2 40240 16 256
    cache_dir aufs /cache3 40240 16 256
    cache_dir aufs /cache4 40240 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    cache_swap_log /var/log/squid/swap.state
    
    ### DNS Server & Cache Queries
    #dns_nameservers 203.130.193.74 203.130.196.5
    #dns_nameservers 127.0.0.1
    
    ### Cache Options
    emulate_httpd_log off
    hosts_file /etc/hosts
    
    ### Objek-objek statis waktu peyimpanannya diperlama
    refresh_pattern -i \.(jp?g|gif|pnp|png|\?bm?)$  0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.jar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.klz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dif$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.avi$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.iso$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.3gp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mpeg$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xml$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.exe$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.zip$       0       90%     40320   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mp3$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.ver$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.erl$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xt$        0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.xtp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.des$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.new$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.t2bk$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.smd$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.gi$        0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.dat$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.luc$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.flv$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.html$      0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.htm$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.php$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.jsp$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.swf$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.bin$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.pdf$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i \.mp4$       0       90%     43200   ignore-reload override-expire reload-into-ims
    refresh_pattern -i (/cgi-bin/|\?)     0     0%      0       ignore-reload override-expire reload-into-ims
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern .               480     50%     22160   reload-into-ims
    
    ### Access Control
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563              # https, snews
    acl SSL_ports port 873                  # rsync
    acl Safe_ports port 80                  # http
    acl Safe_ports port 21                  # ftp
    acl Safe_ports port 443 563             # https, snews
    acl Safe_ports port 70                  # gopher
    acl Safe_ports port 210                 # wais
    acl Safe_ports port 1025-65535          # unregistered ports
    acl Safe_ports port 280                 # http-mgmt
    acl Safe_ports port 488                 # gss-http
    acl Safe_ports port 591                 # filemaker
    acl Safe_ports port 777                 # multiling http
    acl Safe_ports port 631                 # cups
    acl Safe_ports port 873                 # rsync
    acl Safe_ports port 901                 # SWAT
    acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
    acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    
    #http_access deny inputIP
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    
    ### ACL Akses
    acl proxysaya src 192.168.1.0/24
    acl proxysaya src 192.168.100.0/24
    http_access allow localhost
    icp_access allow localhost
    http_access allow proxysaya
    icp_access allow proxysaya
    http_access deny all
    
    ### Administratif Squid
    #cache_mgr proxysaya
    
    #cachemgr_passwd proxysaya
    visible_hostname proxy.proxysaya
    cache_effective_user proxy
    cache_effective_group proxy
    coredump_dir /var/spool/squid
    pid_filename /var/run/squid.pid
    shutdown_lifetime 5 seconds
    logfile_rotate 7
    
    ### Monitoring SNMP
    #snmp_port 3401#acl snmpsquid snmp_community public
    #snmp_access allow snmpsquid localhost
    #snmp_access deny all
    
    ### Marking ZPH
    zph_mode tos
    zph_local 0x30
    
    #zph_parent 0
    #tcp_outgoing_tos 0x30 all

  8. #8
    Status
    Offline
    uburcumi's Avatar
    :: Gw Banget Cing ::
    Join Date
    Jun 2009
    Location
    www.mikrotikservice.net
    Posts
    2,281
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    kalo memang acl bisa di pake ini 192.168.0.0/16 cukup 1 acl localhost jika ada di kelas C 192.xxx

  9. The Following User Says Thank You to uburcumi For This Useful Post:


  10. #9
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by uburcumi Click here to enlarge
    kalo memang acl bisa di pake ini 192.168.0.0/16 cukup 1 acl localhost jika ada di kelas C 192.xxx
    Click here to enlarge betul gan, sekarang sudah bisa melewati proxy, namun yang terbaca di proxy kok bukan ip client hotspot, melainkan ip ether5-hotspot. Mungkin bisa diberikan pencerahan gan?

    ---------- Post added at 14:57 ---------- Previous post was at 14:53 ----------

    Ada yang lupa gan... matur tengkyu..... Click here to enlarge cendolnya baru atu aja dulu gan.. nunggu pencerahan berikutnya baru kasih cendol lagi.....
    ini screenshotnya gan
    Click here to enlarge
    Last edited by mrjepara; 28-11-2010 at 16:06.

  11. #10
    Status
    Offline
    uburcumi's Avatar
    :: Gw Banget Cing ::
    Join Date
    Jun 2009
    Location
    www.mikrotikservice.net
    Posts
    2,281
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    pake satu masqurade.

    chain=srcnat out-interface=Speedy action=masquarade

    hilangkan masquarade yang lain, kecuali out-interface=Modem jika ingin masuk ke modem.

  12. The Following User Says Thank You to uburcumi For This Useful Post:


  13. #11
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by uburcumi Click here to enlarge
    pake satu masqurade.

    chain=srcnat out-interface=Speedy action=masquarade

    hilangkan masquarade yang lain, kecuali out-interface=Modem jika ingin masuk ke modem.
    Masquarade yang hotspot kan otomatis muncul pada saat setup hotspot, perlu disable ndak gan? soalnya masquarade skrg yg aktif hanya modem [skrg sudh disable], speedy ma hotspot.
    Sebenarnya sich permasalahan yang saya hadapi sudah terselesaikan, hanya yang masih mengganjal kok IP yang masuk IP port RB, bukan IP client hotspot. Apakah memang seperti itu ? [normal] atau ada yang perlu disempurnakan lagi?
    Last edited by mrjepara; 28-11-2010 at 16:21. Reason: untuk melengkapi

  14. #12
    Status
    Offline
    uburcumi's Avatar
    :: Gw Banget Cing ::
    Join Date
    Jun 2009
    Location
    www.mikrotikservice.net
    Posts
    2,281
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    maka dari itu gunakan satu masquarade, yg lain disable termasuk auto generate dari system hotspot.

  15. The Following 2 Users Say Thank You to uburcumi For This Useful Post:


  16. #13
    Status
    Offline
    mrjepara's Avatar
    Member
    Join Date
    Dec 2009
    Location
    Pontianak
    Posts
    110
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by uburcumi Click here to enlarge
    maka dari itu gunakan satu masquarade, yg lain disable termasuk auto generate dari system hotspot.
    Alhamdulillah, akhirnya setelah sekian lama berkutat ma masalah ini, mau posting pertanyaan takut kena marah, tp setelah baca-baca dengan lebih teliti rule posting, ternyata senior-senior tidak sekejam Click here to enlarge yang dibayangkan. Justru malah bersedia membantu, Click here to enlarge

    ayoo rekan-rekan newbie lainnya, jadikan forum tercinta ini sebagai forum pembelajaran bersama dengan mengikuti aturan yang sudah dibuat.

    Matur tengkyu master hikmah cell, maestro_smd dan special agan uburcumi serta rekan-rekan semua yang sudah membantu memecahkan masalah ini. I lup u pull Click here to enlarge
    Bravo forum mikrotik.
    [SOLVED]

  17. The Following 4 Users Say Thank You to mrjepara For This Useful Post:


 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 37
    Last Post: 25-04-2014, 17:30
  2. (ask) HOTSPOT ga bisa lewat proxy squid
    By cikruk21 in forum Wireless Networking
    Replies: 15
    Last Post: 08-05-2011, 09:20
  3. Apakah Bisa Seperti Ini Kk......
    By bgtoy in forum Beginner Basics
    Replies: 11
    Last Post: 17-07-2010, 14:44
  4. speedy jadi lambat kalo dilewatkan mikrotik
    By czephie in forum General Networking
    Replies: 5
    Last Post: 17-06-2010, 23:42
  5. ask:matikan proxy di hotspot gak bisa
    By ud1geol in forum HotSpot, The Dude & User Manager
    Replies: 0
    Last Post: 09-12-2009, 08:15

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •