Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 6 of 6
  1. #1
    Status
    Offline
    flyingclover's Avatar
    Baru Gabung
    Join Date
    Jul 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [SOLVED] Bagaimana setup transparent internal web proxy + pcc load balancing mikrotik

    Salam,

    Saya baru setup server mikrotik v 5.18 di PC, dan sudah menerapkan load balancing yang ditulis di

    Mikrotik 4 WAN Load Balancing
    Code:
    http://aacable.wordpress.com/2011/06/04/mikrotik-4-wan-load-balance-pcc-complete-script-by-zaib/
    Code:
    /ip address
    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
    add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
    add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
    add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
    
    /ip firewall mangle
    add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
    add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
    add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
    
    add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
    add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
    add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
    
    add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
    
    #add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    #add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    #add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
    
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
    
    add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
    add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
    add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
    
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping
    
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
    
    /ip firewall nat
    add chain=srcnat out-interface=WAN1 action=masquerade
    add chain=srcnat out-interface=WAN2 action=masquerade
    add chain=srcnat out-interface=WAN3 action=masquerade

    WAN nya hanya ada 3 jadi dikondisikan demikian

    Terus saya enable web-proxy nya internal mikrotik, dengan ip kosong(pakai ip address mikrotik) dengan port 3128.

    Proxynya sendiri jalan kalau di browser clientnya di set proxy ke ip routernya (normal proxy). Sekarang kalau maunya transparant- jadi ngga perlu setting lagi di browser clientnya gimana ya bro? Saya udah ikutin tutorial akang di

    Code:
    http://www.forummikrotik.com/tutorial/2453-loadbalance-webproxy-internal-mikrotik.html
    Tapi justru ngga bisa browsing sama sekali
    Code:
    /ip firewall nat add chain=dstnat src-address-list="IP Lokal" protocol=tcp dst-port=80 in-interface=Interface Lokal action=redirect to-ports=3128
    Mohon pencerahannya Click here to enlarge, terima kasih.
    Last edited by flyingclover; 15-07-2012 at 12:06. Reason: Solved :)

  2. #2
    Status
    Online
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by flyingclover Click here to enlarge
    Salam,

    Saya baru setup server mikrotik v 5.18 di PC, dan sudah menerapkan load balancing yang ditulis di
    ...
    Code:
    ...
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
    ...
    ...
    Mohon pencerahannya Click here to enlarge, terima kasih.
    saya koreksi yang ini aja dulu,
    4/0,4/1,4/2 diganti 3/0,3/1,3/2
    Gunakan FreeRadius sebagai pengganti user manager

  3. #3
    Status
    Offline
    flyingclover's Avatar
    Baru Gabung
    Join Date
    Jul 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Oh maaf bro itu karena yang wan1 nya speednya double dari wan2 dan wan3, jadi saya nambahin pcc lagi untuk wan1 di bawahnya, jadi keadaan sekarang yang betul itu

    Code:
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes

  4. #4
    Status
    Offline
    flyingclover's Avatar
    Baru Gabung
    Join Date
    Jul 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Never mind, sudah bisa setelah nyari tutorial dari mikrotik.co.id Click here to enlarge

    Code:
    http://www.mikrotik.co.id/artikel_lihat.php?id=34
    Jadi semua rule sebelumnya dihapus terus dibuat ulang.
    Ini full script mikrotik, 3 ISP, ISP 1 speednya dua kali lipat dari ISP 2 atau ISP 3 - bagi koneksi pcc nya jadi 4, proxy di 3128
    Code:
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping 
    add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping 
    
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=eth3melsa1
    add action=masquerade chain=srcnat out-interface=eth4melsa2
    add action=masquerade chain=srcnat out-interface=eth1speedy
    
    /ip firewall nat
    add chain=dstnat protocol=tcp dst-port=80 in-interface=eth5lan action=redirect to-ports=3128 
    
    /ip firewall address-list
    add address=192.168.1.0/24 list=jarlokal
    add address=192.168.2.0/24 list=jarlokal
    add address=192.168.3.0/24 list=jarlokal
    add address=172.16.0.0/20 list=jarlokal
    
    /ip firewall mangle
    add action=accept chain=prerouting dst-address-list=jarlokal in-interface=eth5lan comment="trafik lokal"
    add action=accept chain=output dst-address-list=jarlokal 
    
    /ip firewall mangle
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth3melsa1 new-connection-mark=con-from-isp1 passthrough=yes comment="trafik dari isp1"
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth4melsa2 new-connection-mark=con-from-isp2 passthrough=yes comment="trafik dari isp2"
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth1speedy new-connection-mark=con-from-isp3 passthrough=yes comment="trafik dari isp3"
    
    /ip firewall mangle
    add action=jump chain=prerouting comment="lompat ke client-lb" connection-mark=no-mark in-interface=eth5lan jump-target=client-lb 
    add action=jump chain=output comment="lompat ke lb-proxy" connection-mark=no-mark out-interface=!eth5lan jump-target=lb-proxy 
    
    /ip firewall mangle
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:4/0 comment="awal loadbalancing klien"
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:4/1
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp2 passthrough=yes per-connection-classifier=both-addresses:4/2
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp3 passthrough=yes per-connection-classifier=both-addresses:4/3
    add action=return chain=client-lb comment="akhir dari loadbalancing"
    
    /ip firewall mangle
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:4/0 comment="awal load balancing proxy"
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:4/1
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp2 passthrough=yes per-connection-classifier=both-addresses:4/2
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp3 passthrough=yes per-connection-classifier=both-addresses:4/3
    add action=return chain=lb-proxy comment="akhir dari loadbalancing"
    
    /ip firewall mangle
    add action=jump chain=prerouting comment="marking route client" connection-mark=!no-mark in-interface=eth5lan jump-target=route-client
    add action=mark-routing chain=route-client connection-mark=to-isp1 new-routing-mark=route-to-isp1 passthrough=no
    add action=mark-routing chain=route-client connection-mark=to-isp2 new-routing-mark=route-to-isp2 passthrough=no
    add action=mark-routing chain=route-client connection-mark=to-isp3 new-routing-mark=route-to-isp3 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp3 new-routing-mark=route-to-isp3 passthrough=no
    add action=return chain=route-client disabled=no
    
    /ip firewall mangle
    add action=mark-routing chain=output comment="marking route proxy" connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 out-interface=!eth5lan passthrough=no
    add action=mark-routing chain=output connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 out-interface=!eth5lan passthrough=no 
    add action=mark-routing chain=output connection-mark=con-from-isp3 new-routing-mark=route-to-isp3 out-interface=!eth5lan passthrough=no 
    
    /ip route
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp1 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp1 distance=2
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp1 distance=3
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp2 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp2 distance=2 
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp2 distance=3
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp3 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp3 distance=2 
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp3 distance=3

  5. #5
    Status
    Offline
    flyingclover's Avatar
    Baru Gabung
    Join Date
    Jul 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Hmm update bro tentang ini, pakai script di atas ternyata hasilnya tidak sebagus yang diharapkan, ditambahin proxy justru jadi melambat browsingnya, cpu usage cukup tinggi (padahal dual core xeon) tapi usage sekitar 20-30%, biasanya di bawah 5%, mungkin karena usernya kebanyakan juga barangkali ya, saya tidak rekomendasi pakai script ini mentah mentah tanpa dimodif lagi supaya lebih efektif Click here to enlarge .

  6. #6
    Status
    Offline
    jonescosmos's Avatar
    Baru Gabung
    Join Date
    Dec 2012
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Thanks for this info, you saved me from a long search for solution

    Click here to enlarge Originally Posted by flyingclover Click here to enlarge
    Never mind, sudah bisa setelah nyari tutorial dari mikrotik.co.id Click here to enlarge

    Code:
    http://www.mikrotik.co.id/artikel_lihat.php?id=34
    Jadi semua rule sebelumnya dihapus terus dibuat ulang.
    Ini full script mikrotik, 3 ISP, ISP 1 speednya dua kali lipat dari ISP 2 atau ISP 3 - bagi koneksi pcc nya jadi 4, proxy di 3128
    Code:
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping 
    add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping 
    
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=eth3melsa1
    add action=masquerade chain=srcnat out-interface=eth4melsa2
    add action=masquerade chain=srcnat out-interface=eth1speedy
    
    /ip firewall nat
    add chain=dstnat protocol=tcp dst-port=80 in-interface=eth5lan action=redirect to-ports=3128 
    
    /ip firewall address-list
    add address=192.168.1.0/24 list=jarlokal
    add address=192.168.2.0/24 list=jarlokal
    add address=192.168.3.0/24 list=jarlokal
    add address=172.16.0.0/20 list=jarlokal
    
    /ip firewall mangle
    add action=accept chain=prerouting dst-address-list=jarlokal in-interface=eth5lan comment="trafik lokal"
    add action=accept chain=output dst-address-list=jarlokal 
    
    /ip firewall mangle
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth3melsa1 new-connection-mark=con-from-isp1 passthrough=yes comment="trafik dari isp1"
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth4melsa2 new-connection-mark=con-from-isp2 passthrough=yes comment="trafik dari isp2"
    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth1speedy new-connection-mark=con-from-isp3 passthrough=yes comment="trafik dari isp3"
    
    /ip firewall mangle
    add action=jump chain=prerouting comment="lompat ke client-lb" connection-mark=no-mark in-interface=eth5lan jump-target=client-lb 
    add action=jump chain=output comment="lompat ke lb-proxy" connection-mark=no-mark out-interface=!eth5lan jump-target=lb-proxy 
    
    /ip firewall mangle
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:4/0 comment="awal loadbalancing klien"
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:4/1
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp2 passthrough=yes per-connection-classifier=both-addresses:4/2
    add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp3 passthrough=yes per-connection-classifier=both-addresses:4/3
    add action=return chain=client-lb comment="akhir dari loadbalancing"
    
    /ip firewall mangle
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:4/0 comment="awal load balancing proxy"
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:4/1
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp2 passthrough=yes per-connection-classifier=both-addresses:4/2
    add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp3 passthrough=yes per-connection-classifier=both-addresses:4/3
    add action=return chain=lb-proxy comment="akhir dari loadbalancing"
    
    /ip firewall mangle
    add action=jump chain=prerouting comment="marking route client" connection-mark=!no-mark in-interface=eth5lan jump-target=route-client
    add action=mark-routing chain=route-client connection-mark=to-isp1 new-routing-mark=route-to-isp1 passthrough=no
    add action=mark-routing chain=route-client connection-mark=to-isp2 new-routing-mark=route-to-isp2 passthrough=no
    add action=mark-routing chain=route-client connection-mark=to-isp3 new-routing-mark=route-to-isp3 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 passthrough=no
    add action=mark-routing chain=route-client connection-mark=con-from-isp3 new-routing-mark=route-to-isp3 passthrough=no
    add action=return chain=route-client disabled=no
    
    /ip firewall mangle
    add action=mark-routing chain=output comment="marking route proxy" connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 out-interface=!eth5lan passthrough=no
    add action=mark-routing chain=output connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 out-interface=!eth5lan passthrough=no 
    add action=mark-routing chain=output connection-mark=con-from-isp3 new-routing-mark=route-to-isp3 out-interface=!eth5lan passthrough=no 
    
    /ip route
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp1 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp1 distance=2
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp1 distance=3
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp2 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp2 distance=2 
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp2 distance=3
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=route-to-isp3 distance=1
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-to-isp3 distance=2 
    add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=route-to-isp3 distance=3
    Thanks for this information, This solved my problem completely, but I want to know if I should activate Hotspot on the box, please reply. Thank you.Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 98
    Last Post: 05-06-2015, 10:08
  2. Replies: 1
    Last Post: 08-06-2010, 02:06
  3. Bagaimana setting load balancing 2 ISP dengan 2 router
    By lee140685 in forum General Networking
    Replies: 7
    Last Post: 11-09-2009, 06:24
  4. Tanya, bagaimana cara load balancing isp fastnet
    By ekor_kucing in forum General Networking
    Replies: 0
    Last Post: 12-08-2009, 18:13

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •