Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 6 of 6
  1. #1
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Membatasi koneksi ke web-proxy (transparent)

    Dear rekan2,

    Bagaimana cara membatasi koneksi client ke web-proxy yg diset transparent. Untuk koneksi tcp saya sudah batasi sampai 15 koneksi.

    31 ;;; drop tcp syn more than 15
    chain=forward action=drop tcp-flags=syn protocol=tcp connection-limit=16,32
    Tetapi karena diset transparent proxy, jadi saya kira connection-limit di atas tdk kena untuk trafik dst-port=80 yg diredirect ke port 3128. Ada ide rekan2 bagaimana untuk membatasi koneksi masuk ke web-proxy mikrotik ? Soalnya tadi ada client LAN yg mem-flooding web-proxy shg koneksi jadi mampet padahal bandwidth belum habis terpakai.

    Terimaksih sebelumnya.

  2. #2
    Status
    Offline
    t3rm's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    665
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Met gabung ..
    Click here to enlarge

    Kalau proxy, koneksinya gak akan lewat forward.
    chain nya akan masuk input, coba ditest lagi dan dimonitor lagi apakah counter bytenya bertambah ..

    Click here to enlarge

  3. #3
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ini yang sudah saya tambahkan ke /ip firewall filter mikrotik :

    18 ;;; winbox
    chain=input action=accept dst-port=8291 protocol=tcp
    19 ;;; drop connection to proxy from internet
    chain=input action=drop in-interface=eth0 dst-port=3128 protocol=tcp
    20 ;;; limit connection to winproxy
    chain=input action=drop dst-port=3128 protocol=tcp connection-limit=51,32
    Catatan: eth0 adalah interface ke public network.

    Apakah seperti ini pembatasan akses ke web proxy mikrotik ? Limit koneksinya ini per ip kan ?

    Thanks.

  4. #4
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ralat euy,

    Setelah diuji coba ternyata kurang bumbu syn :-)

    Jadi rule no 20 di atas diedit sedikit shg menjadi:

    20 ;;; limit connection to winproxy
    chain=input action=drop tcp-flags=syn dst-port=3128 protocol=tcp connection-limit=26,32
    Akhirnya dah bebas macet sekarang.

    Thanks.

  5. #5
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bukannya kalo di batasi malah macet di client nya ?Click here to enlarge

  6. #6
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    bukannya kalo di batasi malah macet di client nya ?Click here to enlarge
    Awalnya enak, tahu2 agak mampet. Kayak kalo buka kompas, ada beberapa link yg ndak muncul gambarnya. Lantas gimana caranya untuk membatasi agar tidak ada akses berlebihan ke web proxy mikrotik ? Soalnya ada client ip tertentu yg saya liat koneksinya di winbox sampai ribuan dia akses port web proxy. Saat itu terjadi browsing mampet.

    Kalo di linux kernel 2.4, saya patch dengan patch-o-matic dg module conn-limit. Dan saya batasi koneksi ke proxy squid (transparent) sampai 20. User2 di warnet tdk ada yg mengeluh lambat. Maunya strategi ini saya terapkan di mikrotik, tapi kok ndak berhasil ya, maklum masih junior di mikrotik. Maklum dah.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 10
    Last Post: 17-10-2009, 12:51
  2. ..:Tolong bantu setting Transparent Proxy Server:..
    By arovah in forum General Networking
    Replies: 10
    Last Post: 26-05-2009, 10:02
  3. (ask) Bikin Proxy pada koneksi Fastnet a.k.a First media
    By cloaking in forum Beginner Basics
    Replies: 13
    Last Post: 07-04-2008, 12:39
  4. Transparent Bridge
    By unlimited_me in forum Wireless Networking
    Replies: 0
    Last Post: 28-08-2007, 17:20
  5. transparent bridge
    By lc4523 in forum Beginner Basics
    Replies: 16
    Last Post: 20-08-2007, 10:01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •