Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    rendyka's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    130
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    kalau pakai web proxy , mangle nggak jalan ?

    permisii...setelah lama nggak utak atik MT, sekarang utak atik lagi karena kemaren hdd nya jebol Click here to enlarge Click here to enlarge

    saya config menurut

    ada bbrp pertanyaan menyusul nih Click here to enlarge

    1. kalau web-proxy diaktifin, lalu traffic port 80 dibelokin ke proxy, mangle untuk conn nggak bisa alias nggak nyantol, yang berakibat speed jadi nggak stabil, kenapa bisa begini yah ? solusinya ?

    2. untuk melimit jumlah koneksi dari client, pakai cara yg mana yah ? aku sempet coba bbrp cara, tapi koq fail semua, maksud nya nggak ada yang jalan Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge

    3. untuk memberikan traffic priority pada packet dengan IP tertentu, kalau menggunakan queue tree alias pake mangle2an , gimana yah ?


    sekedar lampiran... ini config saya Click here to enlarge



    untuk NAT ::::

    0 chain=srcnat out-interface=Speedy src-address-list=client
    action=masquerade

    1 chain=srcnat out-interface=Speedy src-address-list=server
    action=masquerade

    2 X chain=dstnat in-interface=lan protocol=tcp dst-port=80 action=redirect
    to-ports=8888


    cat : yang nomer 2 itu untuk belokin ke web proxy, sementara saya disable, karena permasalahan nomer #1

    ----------

    untuk mangle ::::

    0 ;;; user1
    chain=prerouting in-interface=lan src-address=192.168.2.10
    action=mark-packet new-packet-mark=rendy-up passthrough=no

    1 chain=forward src-address=192.168.2.10 action=mark-connection
    new-connection-mark=rendy-conn passthrough=yes

    2 chain=forward in-interface=Speedy connection-mark=rendy-conn
    action=mark-packet new-packet-mark=rendy-down passthrough=no

    3 chain=output out-interface=lan dst-address=192.168.2.10 action=mark-packe>
    new-packet-mark=rendy-down passthrough=no

    4 ;;; user2
    chain=prerouting in-interface=lan src-address=192.168.2.11-192.168.2.12
    action=mark-packet new-packet-mark=wawan-up passthrough=no

    5 chain=forward src-address=192.168.2.11-192.168.2.12 action=mark-connectio>
    new-connection-mark=wawan-conn passthrough=yes

    6 chain=forward in-interface=Speedy connection-mark=wawan-conn
    action=mark-packet new-packet-mark=wawan-down passthrough=no

    cat : sebenarnya ada 10 user, tetapi semua user rule nya sama, sehingga contohnya 2 user aja yah....takutnya kebanyakan pusing bacanya

    ---------

    untuk queue nya pake queue tree :::::

    0 name="user1-down" parent=lan packet-mark=rendy-down limit-at=250000
    queue=default priority=1 max-limit=256000 burst-limit=0
    burst-threshold=0 burst-time=0s

    1 name="user2-down" parent=lan packet-mark=wawan-down limit-at=100000
    queue=default priority=3 max-limit=100000 burst-limit=0
    burst-threshold=0 burst-time=0s

    cat : sama, ada 10 user....


    teirma kasih untuk bantuan rekan2 semua Click here to enlarge Click here to enlarge
    Last edited by rendyka; 12-08-2008 at 01:22.

  2. #2
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Waks..... ribet banget!!! Yang perlu diperhatikan NAT-nya kok dobel2 segala?
    Kalo saran Akang neh, pilih salah 1 aja karena sudah bisa bekerja dengan baik, pilih "src-address" apa "Out-Interface"? Kalo IP-nya masih dlm 1 subnet kenapa ga 1 subnet itu aja di NAT?

    Queue pake simple queue dengan menggunakan parent atau "packet-marks" malah lebih enak ketimbang harus membuat mangle yang misal ada 100 client maka akan bikin 100 mangle lalu di queue tree juga dibikin 100. Simple Queue memang simple Click here to enlarge

  3. #3
    Status
    Offline
    rendyka's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    130
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    halo bro akang,
    itu natnya 2 , soalnya yang satu address list dari client, yg satu address list dari server , beda rules soalnya Click here to enlarge
    soalnya nggak semua IP boleh ngenet bro Click here to enlarge

    hmm....katanya klo simple queue lebih gampang bocor ? Click here to enlarge

    uhmm..pertanyaan gw lom ada jawaban nih Click here to enlarge

  4. #4
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Wah... kaya g nyambung nih, maksudnya gini, itu khan interface-nya masih satu, berarti 1 subnet, ya mending pake IP aja jangan 2-2nya. Wah kata siapa pake simple queue serng bocor? wakakakak Akang udah 1 taon pake Simple queue ga pernah bocor tuh Click here to enlarge

    Salah setting kali Click here to enlarge

  5. #5
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rendyka Click here to enlarge
    halo bro akang,
    itu natnya 2 , soalnya yang satu address list dari client, yg satu address list dari server , beda rules soalnya Click here to enlarge
    soalnya nggak semua IP boleh ngenet bro Click here to enlarge

    hmm....katanya klo simple queue lebih gampang bocor ? Click here to enlarge

    uhmm..pertanyaan gw lom ada jawaban nih Click here to enlarge
    coba pake output aja. ndak usah pake forward dan prerouting untuk packet-mark nya.

    kenapa add-list ndak di blok di firewall aja. jadi cukup satu add-list aja, cuma komentya yang beda2. biar ndak ribet.

    bocor.. ndak bocor semua tergantung rule di mangle. kalo emang rule benar, simple queue ndak akan jebol. kalo emang salah, biar pake queue tipe apa aja yah tetap bocor...
    Last edited by felix_sg; 13-08-2008 at 02:16. Reason: edit dikit

  6. #6
    Status
    Offline
    esetiawan's Avatar
    Calon Member
    Join Date
    May 2008
    Posts
    81
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Maafkan daku..tapi daku belum mengerti jua..
    Kisahnya Mirip dengan TS. Saya pakai 2 speedy, mode bridge, jikalau web proxy tidak diaktifkan maka mangle berjalan sempurna. Dalam artian Blok IP 192.168.100.128/25 berjalan ke speedy 2 dan 192.168.100.0/25 ke speedy 1.

    Nha kalau web proxy diaktifkan maka koneksi akan 'kabur-kabur' -an. Kadang semua koneksi lari ke speedy1 atau sebaliknya. Artinya mangle nggak jalan.. Click here to enlarge

    Setting Mangle/Route :
    / ip firewall mangle
    add chain=forward src-address-list=Warnet action=mark-connection \
    new-connection-mark="Query Net" passthrough=yes comment="" disabled=no
    add chain=forward connection-mark="Query Net" action=mark-packet \
    new-packet-mark=Users passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.100.128/25 \
    action=add-src-to-address-list address-list=Game address-list-timeout=1m \
    comment="" disabled=no
    add chain=prerouting src-address=192.168.100.0/25 \
    action=add-src-to-address-list address-list=Warnet address-list-timeout=1m \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK src-address-list=Warnet \
    action=mark-connection new-connection-mark=Warnet passthrough=yes \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK connection-mark=Warnet \
    src-address-list=Warnet action=mark-routing new-routing-mark=Input1 \
    passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK src-address-list=Game \
    action=mark-connection new-connection-mark=Games passthrough=yes \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK connection-mark=Games \
    src-address-list=Game action=mark-routing new-routing-mark=Input2 \
    passthrough=yes comment="" disabled=no

    Jadi semuanya mohon bantuannya yah..atau pakai squid eksternal aja...Terima kasih tak terhingga...

    + : Misalkan pakai chain output seperti kata bang Felix bagaimana sih contoh scriptnya...hehe..
    Last edited by esetiawan; 11-11-2008 at 15:52. Reason: Pakai chain output belum paham..oot saya

  7. #7
    Status
    Offline
    masQ's Avatar
    Newbie
    Join Date
    Nov 2009
    Location
    Surabaya
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by esetiawan Click here to enlarge
    Maafkan daku..tapi daku belum mengerti jua..
    Kisahnya Mirip dengan TS. Saya pakai 2 speedy, mode bridge, jikalau web proxy tidak diaktifkan maka mangle berjalan sempurna. Dalam artian Blok IP 192.168.100.128/25 berjalan ke speedy 2 dan 192.168.100.0/25 ke speedy 1.

    Nha kalau web proxy diaktifkan maka koneksi akan 'kabur-kabur' -an. Kadang semua koneksi lari ke speedy1 atau sebaliknya. Artinya mangle nggak jalan.. Click here to enlarge

    Setting Mangle/Route :
    / ip firewall mangle
    add chain=forward src-address-list=Warnet action=mark-connection \
    new-connection-mark="Query Net" passthrough=yes comment="" disabled=no
    add chain=forward connection-mark="Query Net" action=mark-packet \
    new-packet-mark=Users passthrough=yes comment="" disabled=no
    add chain=prerouting src-address=192.168.100.128/25 \
    action=add-src-to-address-list address-list=Game address-list-timeout=1m \
    comment="" disabled=no
    add chain=prerouting src-address=192.168.100.0/25 \
    action=add-src-to-address-list address-list=Warnet address-list-timeout=1m \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK src-address-list=Warnet \
    action=mark-connection new-connection-mark=Warnet passthrough=yes \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK connection-mark=Warnet \
    src-address-list=Warnet action=mark-routing new-routing-mark=Input1 \
    passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK src-address-list=Game \
    action=mark-connection new-connection-mark=Games passthrough=yes \
    comment="" disabled=no
    add chain=prerouting in-interface=LANDLINK connection-mark=Games \
    src-address-list=Game action=mark-routing new-routing-mark=Input2 \
    passthrough=yes comment="" disabled=no

    Jadi semuanya mohon bantuannya yah..atau pakai squid eksternal aja...Terima kasih tak terhingga...

    + : Misalkan pakai chain output seperti kata bang Felix bagaimana sih contoh scriptnya...hehe..
    Idem, masalah yang saya hadapi juga sama.
    Apa emang tidak ada solusinya ya? Apa emang tidak bisa menggunakan web-proxy?

    Pertanyaan di atas 1 tahun lebih gak ada jabawan... Click here to enlarge

  8. #8
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    setuju ma si Akang.. sepertinya salah setting...
    awal maen, aku pake dari Wiki gini, dan bisa di-split per IP, dan gak ada masalah apapun..

    klo bagian NAT, ya cukup satu aja.. dan jika ingin "di-filter" siapa yang bisa internet dan siapa yang tidak, cukup mainkan di address-list, dan masukkan di "you know where"..

    so ? intinya salah logika aja kok.. dan sekali lagi, tuts ini gak ada permasalahan berarti..
    Click here to enlarge

  9. #9
    Status
    Offline
    Raden_otonk's Avatar
    Member
    Join Date
    Feb 2010
    Posts
    121
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rendyka Click here to enlarge
    permisii...setelah lama nggak utak atik MT, sekarang utak atik lagi karena kemaren hdd nya jebol Click here to enlarge Click here to enlarge

    saya config menurut

    ada bbrp pertanyaan menyusul nih Click here to enlarge

    1. kalau web-proxy diaktifin, lalu traffic port 80 dibelokin ke proxy, mangle untuk conn nggak bisa alias nggak nyantol, yang berakibat speed jadi nggak stabil, kenapa bisa begini yah ? solusinya ?

    2. untuk melimit jumlah koneksi dari client, pakai cara yg mana yah ? aku sempet coba bbrp cara, tapi koq fail semua, maksud nya nggak ada yang jalan Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge

    3. untuk memberikan traffic priority pada packet dengan IP tertentu, kalau menggunakan queue tree alias pake mangle2an , gimana yah ?


    sekedar lampiran... ini config saya Click here to enlarge



    untuk NAT ::::

    0 chain=srcnat out-interface=Speedy src-address-list=client
    action=masquerade

    1 chain=srcnat out-interface=Speedy src-address-list=server
    action=masquerade

    2 X chain=dstnat in-interface=lan protocol=tcp dst-port=80 action=redirect
    to-ports=8888


    cat : yang nomer 2 itu untuk belokin ke web proxy, sementara saya disable, karena permasalahan nomer #1

    ----------

    untuk mangle ::::

    0 ;;; user1
    chain=prerouting in-interface=lan src-address=192.168.2.10
    action=mark-packet new-packet-mark=rendy-up passthrough=no

    1 chain=forward src-address=192.168.2.10 action=mark-connection
    new-connection-mark=rendy-conn passthrough=yes

    2 chain=forward in-interface=Speedy connection-mark=rendy-conn
    action=mark-packet new-packet-mark=rendy-down passthrough=no

    3 chain=output out-interface=lan dst-address=192.168.2.10 action=mark-packe>
    new-packet-mark=rendy-down passthrough=no

    4 ;;; user2
    chain=prerouting in-interface=lan src-address=192.168.2.11-192.168.2.12
    action=mark-packet new-packet-mark=wawan-up passthrough=no

    5 chain=forward src-address=192.168.2.11-192.168.2.12 action=mark-connectio>
    new-connection-mark=wawan-conn passthrough=yes

    6 chain=forward in-interface=Speedy connection-mark=wawan-conn
    action=mark-packet new-packet-mark=wawan-down passthrough=no

    cat : sebenarnya ada 10 user, tetapi semua user rule nya sama, sehingga contohnya 2 user aja yah....takutnya kebanyakan pusing bacanya

    ---------

    untuk queue nya pake queue tree :::::

    0 name="user1-down" parent=lan packet-mark=rendy-down limit-at=250000
    queue=default priority=1 max-limit=256000 burst-limit=0
    burst-threshold=0 burst-time=0s

    1 name="user2-down" parent=lan packet-mark=wawan-down limit-at=100000
    queue=default priority=3 max-limit=100000 burst-limit=0
    burst-threshold=0 burst-time=0s

    cat : sama, ada 10 user....


    teirma kasih untuk bantuan rekan2 semua Click here to enlarge Click here to enlarge

    kalo pake queue simple gimana yach.....Click here to enlargeClick here to enlargeClick here to enlarge

  10. #10
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Raden_otonk Click here to enlarge
    kalo pake queue simple gimana yach.....Click here to enlargeClick here to enlargeClick here to enlarge
    sama saja kek di atas..
    cuma pada target address nya di isi IP lan.0/24 atau
    sesuaikan sama kek /ip address list LAN

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mangle, Queue, Proxy??help me..urgent
    By pionkerton in forum General Networking
    Replies: 5
    Last Post: 27-09-2010, 13:53
  2. gimana Proxy jalan di queue tree
    By rj-45 in forum General Networking
    Replies: 18
    Last Post: 12-12-2009, 12:18
  3. pake Web-PRoxy nggak bisa masuk DALNet ?
    By rendyka in forum General Networking
    Replies: 8
    Last Post: 25-09-2008, 16:52
  4. [ASK] bener nggak kalo mangle upload / download gini ?
    By rendyka in forum General Networking
    Replies: 7
    Last Post: 17-05-2008, 04:12
  5. MiRC ke banned gara2 pakai web-proxy MT
    By bludab in forum Beginner Basics
    Replies: 46
    Last Post: 29-03-2008, 01:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •