Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [need help] rule pemisah bandwidth iix & ix + external proxy

    setelah kemarin tidak berhasil memisahkan bandwidth iix dan ix karena topologi external proxy, maka sekarang ganti topologi dimana squid sejajar dengan mikrotik ( menggunakan eth2 pada mikrotik ).

    tapi muncul permasalahan lagi. Jika squid di aktifkan dengan NAT maka semua traffic IIX akan lari pada traffic IX di queue tree. jika NAT squid saya disable, maka semua akan berjalan dengan sempurna

    untuk lebih jelas akan saya paparkan rule saya seperti di bawah ini :

    INTERFACE :
    192.168.1.0/24 = internet
    10.125.100.0/24 = local
    10.125.120.0/24 = squid

    NAT
    chain=srcnat out-interface=internet action=masquerade
    chain=dstnat src-address=10.125.100.0/24 protocol=tcp dst-port=80 dst-address-list=!ip-noc action=dst-nat to-addresses=10.125.120.2 to-ports=3128
    MANGLE UNTUK INTERNATIONAL
    chain=forward src-address=10.125.100.30 dst-address-list=!ip-iix action=mark-connection new-connection-mark=100-30-conn-ix passthrough=yes

    chain=forward connection-mark=100-30-conn-ix action=mark-packet new-packet-mark=100-30-dw-ix passthrough=no
    MANGLE UNTUK IIX
    chain=forward src-address=10.125.100.30 dst-address-list=ip-iix action=mark-connection new-connection-mark=100-30-conn-iix passthrough=yes

    chain=forward connection-mark=100-30-conn-iix action=mark-packet new-packet-mark=100-30-dw-iix passthrough=no
    MANGLE UNTUK UPLOAD
    chain=prerouting in-interface=local src-address=10.125.100.30 action=mark-packet new-packet-mark=100-30-upload passthrough=no
    QUEUE TREE
    download -->

    name="WKS-100-30-ix" parent=local packet-mark=100-30-dw-ix limit-at=50000 queue=download-pcq priority=3 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s

    name="WKS-100-30-iix" parent=local packet-mark=100-30-dw-iix limit-at=0 queue=download-pcq priority=3 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s

    upload -->

    name="WKS-100-30-up" parent=global-in packet-mark=100-30-upload limit-at=0 queue=upload-pcq priority=3 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s
    Mungkin akang2 senior bisa melihat di mana letak kesalahannya ? saya sudah mencoba hampir semua teknik yang telah di buat di forum ini, tapi hasilnya masih nihil Click here to enlarge Mohon pencerahannya kangmas senior Click here to enlarge
    Last edited by troyPollux; 27-05-2010 at 00:12.

  2. #2
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    siyal2nya saya kmrn mau bikin yg kayak di atas, cuman masih mentok, menyan nya kurang banyak kali ya Click here to enlarge

    yg saat ini jalan di tempat saya, intl dilariin semua ke proxy, iix langsing ke internet (ngga lewat proxy).

    mangle nya menggunakan forward

    1. dari interface squid ke local ->> intl
    2. dari interface internet ke local -->> iix

    dicoba dulu aja gan

  3. The Following User Says Thank You to c0nf For This Useful Post:


  4. #3
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by troyPollux Click here to enlarge
    MANGLE UNTUK INTERNATIONAL
    Code:
    chain=forward src-address=10.125.100.30 dst-address-list=!ip-iix action=mark-connection new-connection-mark=100-30-conn-ix passthrough=yes
    
    chain=forward connection-mark=100-30-conn-ix action=mark-packet new-packet-mark=100-30-dw-ix passthrough=no
    MANGLE UNTUK IIX
    Code:
    chain=forward src-address=10.125.100.30 dst-address-list=ip-iix action=mark-connection new-connection-mark=100-30-conn-iix passthrough=yes
    
    chain=forward connection-mark=100-30-conn-iix action=mark-packet new-packet-mark=100-30-dw-iix passthrough=no
    tuc address list=ip-iix ip nya ambil dari mana???
    bukanya ...

    coba di pelajari pisah dulu..
    dan ini untuk


  5. The Following User Says Thank You to putra_maiwa For This Useful Post:


  6. #4
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @c0nf : trims gan buat tips nya, saia coba dulu
    @putra_maiwa : iya gan di ambil dari nice, untuk petunjuk linknya, sudah saia terapkan gan, cuma belum coba proxy di masquerade. thx juga buat info nya gan

    saia coba dulu semua tips nya Click here to enlarge

  7. #5
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by troyPollux Click here to enlarge
    @c0nf : trims gan buat tips nya, saia coba dulu
    @putra_maiwa : iya gan di ambil dari nice, untuk petunjuk linknya, sudah saia terapkan gan, cuma belum coba proxy di masquerade. thx juga buat info nya gan

    saia coba dulu semua tips nya Click here to enlarge
    lebih bagus di coba satu dulu..
    maksudnya squid aja dulu, limitnya nanti.. klo sdh nat proxy sdh running
    baru ke bagian limiter...

  8. #6
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @putra_maiwa : sudah saya coba semua gan, tapi tetep traffic iix masih masuk ke international Click here to enlarge bw jalan sesuai harapan kalau nat proxy di disable :-(

  9. #7
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by troyPollux Click here to enlarge
    @putra_maiwa : sudah saya coba semua gan, tapi tetep traffic iix masih masuk ke international Click here to enlarge bw jalan sesuai harapan kalau nat proxy di disable :-(
    settingan mu bagaimana???

    lapakin limiter nya d sini..

    klo masih pake di atas masih bnyk salah...
    ini salah satunya...... src-address=10.125.100.30 gak perlu ada ip proxy
    Last edited by putra_maiwa; 27-05-2010 at 03:07.

  10. #8
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    queue tree masih sama gan, cuma yang 100.30 itu ip saya sendiri, kalau proxy 10.125.120.2

  11. #9
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by troyPollux Click here to enlarge
    queue tree masih sama gan, cuma yang 100.30 itu ip saya sendiri, kalau proxy 10.125.120.2
    coba ganti pake settingan akang aja...
    liat di link queue tree di atas

  12. #10
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sudah gan, kan sama dengan akang, berhasil kalau nat proxy di disable, ini mau coba cara terakhir mudah2an bisa......

  13. #11
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by troyPollux Click here to enlarge
    sudah gan, kan sama dengan akang, berhasil kalau nat proxy di disable, ini mau coba cara terakhir mudah2an bisa......
    coba ini
    mangle
    Code:
    /ip firewall mangle> p
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; limit client queue tree
         chain=forward action=mark-connection new-connection-mark=IIX-OPR 
         passthrough=yes src-address=192.168.1.2 dst-address-list=nice 
     1   chain=forward action=mark-connection new-connection-mark=INT-OPR 
         passthrough=yes src-address=192.168.1.2 dst-address-list=!nice 
     2   chain=forward action=mark-packet new-packet-mark=Up-IIX-OPR passthrough=n>
         in-interface=Lan connection-mark=IIX-OPR 
     3   chain=forward action=mark-packet new-packet-mark=Up-INTL-OPR 
         passthrough=no in-interface=Lan connection-mark=INT-OPR 
     4   chain=forward action=mark-packet new-packet-mark=Limit-IIX-OPR 
         passthrough=no connection-mark=IIX-OPR 
     5   chain=forward action=mark-packet new-packet-mark=Limit-INTL-OPR 
         passthrough=no connection-mark=INT-OPR 
     6   chain=forward action=mark-connection new-connection-mark=IIX-01 
         passthrough=yes src-address=192.168.1.3 dst-address-list=nice 
     7   chain=forward action=mark-connection new-connection-mark=INT-01 
         passthrough=yes src-address=192.168.1.3 dst-address-list=!nice 
     8   chain=forward action=mark-packet new-packet-mark=Up-IIX-01 passthrough=no 
         in-interface=Lan connection-mark=IIX-01 
     9   chain=forward action=mark-packet new-packet-mark=Up-INTL-01 passthrough=n>
         in-interface=Lan connection-mark=INT-01 
    10   chain=forward action=mark-packet new-packet-mark=Limit-IIX-01 
         passthrough=no connection-mark=IIX-01 
    11   chain=forward action=mark-packet new-packet-mark=Limit-INTL-01 
         passthrough=no connection-mark=INT-01
    nat proxy

    Code:
     /ip firewall nat> p
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; MASQUERADE WAN
         chain=srcnat action=masquerade out-interface=ether-wan 
    
     1   ;;; TRANSPARENT DNS
         chain=dstnat action=dst-nat to-ports=53 protocol=udp 
         in-interface=Lan dst-port=53 
    
     2   chain=dstnat action=dst-nat to-ports=53 protocol=tcp 
         in-interface=Lan dst-port=53 
    
     3   chain=dstnat action=dst-nat to-ports=53 protocol=udp 
         in-interface=ether-squid dst-port=53 
    
     4   chain=dstnat action=dst-nat to-ports=53 protocol=tcp 
         in-interface=ether-squid dst-port=53 
    
     5   chain=srcnat action=masquerade src-address=10.10.10.0/30 
    
     6   ;;; TRANSPARENT PROXY
         chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=3128 
         protocol=tcp dst-address=!209.11.168.0/24 dst-address-list=!ProxyNET 
         in-interface=Lan dst-port=80,8080,3128
    queue
    Code:
    /queue tree> p
    Flags: X - disabled, I - invalid 
     0   name="Total-Download" parent=Lan limit-at=0 priority=8 max-limit=0 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     1   name="Total-Upload" parent=Wan limit-at=0 priority=8 max-limit=0 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     2   name="Download-IIX" parent=Total-Download limit-at=0 priority=8 
         max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 
     3   name="Download-INT" parent=Total-Download limit-at=0 priority=8 
         max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 
     4   name="Upload-IIX" parent=Total-Upload limit-at=0 priority=8 max-limit=0 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     5   name="Upload-INT" parent=Total-Upload limit-at=0 priority=8 max-limit=0 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     6   name="AOPR-Down-Lokal" parent=Download-IIX packet-mark=Limit-IIX-OPR 
         limit-at=2M queue=default priority=8 max-limit=2M burst-limit=0 
         burst-threshold=0 burst-time=0s 
     7   name="AOPR-Down-Inter" parent=Download-INT packet-mark=Limit-INTL-OPR 
         limit-at=2M queue=default priority=8 max-limit=2M burst-limit=0 
         burst-threshold=0 burst-time=0s 
     8   name="AOPR-Up-Lokal" parent=Upload-IIX packet-mark=Up-IIX-OPR 
         limit-at=192k queue=default priority=8 max-limit=2M burst-limit=0 
         burst-threshold=0 burst-time=0s 
     9   name="AOPR-Up-Inter" parent=Upload-INT packet-mark=Up-INTL-OPR 
         limit-at=224k queue=default priority=8 max-limit=2M burst-limit=0 
         burst-threshold=0 burst-time=0s 
    10   name="Client01-Down-Lokal" parent=Download-IIX packet-mark=Limit-IIX-01 
         limit-at=224k queue=default priority=8 max-limit=256k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    11   name="Client01-Down-Inter" parent=Download-INT packet-mark=Limit-INTL-01 
         limit-at=192k queue=default priority=8 max-limit=224k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    12   name="Client01-Up-Lokal" parent=Upload-IIX packet-mark=Up-IIX-01 
         limit-at=192k queue=default priority=8 max-limit=265k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    13   name="Client01-Up-Inter" parent=Upload-INT packet-mark=Up-INTL-01 
         limit-at=224k queue=default priority=8 max-limit=256k burst-limit=0 
         burst-threshold=0 burst-time=0s
    Click here to enlarge

    Click here to enlarge

  14. #12
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Problem Solved!

    setelah 3 hari 3 malam ngubek2, akhirnya jalan juga gan Click here to enlarge

    @putra_maiwa : gan kalau pake rule nya sampeyan dengan chain forward malah nggak jalan di tempat ane kurang menyan kali mt saya

    nah akhirnya sedikit mengadaptasi yang di berikan kang novan akhirnya jalan deh. nih rule nya gan

    add chain=prerouting src-address=10.125.100.1 dst-address-list=ip-iix action=mark-connection new-connection-mark=wks-01-conn-iix passthrough=yes comment="WKS-01 CONNECTION"
    add chain=prerouting src-address=10.125.100.1 dst-address-list=!ip-iix action=mark-connection new-connection-mark=wks-01-conn-intl passthrough=yes

    :: buat traffic upload ::
    add chain=prerouting in-interface=local src-address=10.125.100.1 connection-mark=wks-01-conn-iix action=mark-packet new-packet-mark=wks-01-up-iix passthrough=no comment="WKS-01 - UPLOAD TRAFFIC"
    add chain=prerouting in-interface=local src-address=10.125.100.1 connection-mark=wks-01-conn-intl action=mark-packet new-packet-mark=wks-01-up-intl passthrough=no

    :: buat limit download di queue tree ::
    add chain=postrouting connection-mark=wks-01-conn-iix action=mark-packet new-packet-mark=wks-01-down-iix passthrough=no comment="WKS-01 PACKET MARK"
    add chain=postrouting connection-mark=wks-01-conn-intl action=mark-packet new-packet-mark=wks-01-down-intl passthrough=no
    setelah di uji coba, sudah nggak ada masalah lagi pada pemisahan bw IIX dan IX serta penerapan eksternal proxy.............. fiuhhh....... buat agan2 yang sudah mampir terima kasih banyak Click here to enlarge

    buat yang ngalamin problem nubi kaya' saya sekarang, mungkin rule di atas bisa di coba dulu

    PS : bilamana ada rule di atas yang bagi agan2 ternyata salah, mohon untuk koreksinya gan. maklum nubi hehehehehe
    Last edited by troyPollux; 31-05-2010 at 02:59. Reason: PROBLEM SOLVED!

  15. The Following User Says Thank You to troyPollux For This Useful Post:


  16. #13
    Status
    Offline
    arthalita01's Avatar
    Newbie
    Join Date
    Oct 2010
    Posts
    46
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    butuh ini saya Click here to enlarge

  17. #14
    Status
    Offline
    trikster2's Avatar
    Newbie
    Join Date
    Sep 2011
    Location
    Anfield
    Posts
    37
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    kok udah mengadaptasi tutor diatas, tetep aja kgk kepisah ya bandwidthnya Click here to enlarge

  18. #15
    Status
    Offline
    lasak12's Avatar
    Baru Gabung
    Join Date
    Apr 2008
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by trikster2 Click here to enlarge
    kok udah mengadaptasi tutor diatas, tetep aja kgk kepisah ya bandwidthnya Click here to enlarge
    Boleh di kopas disini kk, biar kita bahas rame2 Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 359
    Last Post: 17-03-2016, 18:38
  2. Buat rule ip proxy cache di 3.x
    By awarmanf in forum Tutorial
    Replies: 29
    Last Post: 02-12-2012, 20:26
  3. Dstnat untuk proxy external ke mikrotik dengan proxy internal
    By awarmanf in forum General Networking
    Replies: 3
    Last Post: 21-02-2010, 21:17
  4. ASK:Automatic Disable Rule NAT ke Eksternal Proxy
    By sridjokoonline in forum Scripting @ Mikrotik
    Replies: 4
    Last Post: 06-09-2009, 00:36
  5. [tanya] Web Proxy rule tidak jalan
    By cahyono.l in forum Beginner Basics
    Replies: 1
    Last Post: 28-05-2009, 17:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •