Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Mark paket browsing dari situs tertentu in case of proxy transparent

    Ide ini didapat saat membaca tulisan di situs: .
    Pada awalnya sempat bingung juga membaca maksud dan tujuan judul tulisan di atas, namun setelah membaca sampai tuntas ketahuan maksudnya yakni bagaimana agar browsing atau download, yang telah melalui proxy transparent, dari situs-situs tertentu bisa memiliki prioritas lebih tinggi atau mempunyai rate download lebih tinggi dibandingkan yang lain. Ini kalau saya tidak salah tafsir soalnya mangle-nya tidak diperlihatkan detailnya. Intinya penulis blog tersebut menggunakan mark routing untuk memisahkan koneksi ke situs-situs yang akan memperoleh prioritas lebih tinggi.
    Dari situ, saya mencoba teknik lain yaitu menggunakan mark connection pada mangle chain prerouting untuk koneksi dari client ke situs-situs tertentu protokol tcp port 80,3128,8080 (port2 tcp yang diredirect ke proxy transparent). Seperti ini contoh di bawah rule mangle mark connection untuk koneksi browsing ke nice:
    Code:
    add action=mark-connection chain=prerouting disabled=no \
        dst-address-list=nice dst-port=80,3128,8080 in-interface=lan \
        new-connection-mark=nice-con passthrough=yes protocol=tcp \
        src-address-list=clients
    Kemudian buat mangle untuk mark packet dari nice (paket download) seperti di bawah ini:
    Code:
    add action=mark-packet chain=forward comment="MARK nice-down" \
        connection-mark=nice-con disabled=no new-packet-mark=nice-down \
        out-interface=lan passthrough=yes
    Oya, saya masih menggunakan passthrough=yes. Jika paket telah berhasil ditangkap (counter naik di mangle) kemudian buat queuenya baru diset passthrough=no.

    Bagaimana rule lengkapnya?

    Code:
    /ip firewall nat
    add action=dst-nat chain=dstnat comment="DNS REDIRECT to proxy" disabled=no \
        dst-port=53 in-interface=lan protocol=udp src-address-list=clients \
        to-addresses=192.168.100.1 to-ports=53
    add action=dst-nat chain=dstnat comment="DNS REDIRECT to proxy" disabled=no \
        dst-port=53 in-interface=lan protocol=tcp src-address-list=clients \
        to-addresses=192.168.100.1 to-ports=53
    add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
        dst-port=53 in-interface=lan protocol=udp src-address-list=clients \
        to-ports=53
    add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
        dst-port=53 in-interface=lan protocol=tcp src-address-list=clients \
        to-ports=53
    add action=dst-nat chain=dstnat comment=proxy_external disabled=no \
        dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
        protocol=tcp src-address-list=clients-proxy to-addresses=192.168.100.1 \
        to-ports=8080
    ...
    Kode di bawah ini mangle untuk 5 buah uplink provider atau 5 koneksi spidi.
    Code:
    /ip firewall mangle
    add action=mark-packet chain=output comment="MARK PACKET local-icmp" \
        disabled=no new-packet-mark=local-icmp passthrough=no protocol=icmp
    #
    # MANGLE FOR MARK PACKET nice-down and intl-down
    #
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan1 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan1 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan2 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan2 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan3 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan3 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan4 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan4 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan5 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan5 \
        jump-target=intl-down
    add action=mark-packet chain=nice-down comment="downstream nice" disabled=no \
        new-packet-mark=wan-nice-down passthrough=no
    add action=mark-packet chain=intl-down comment="downstream international" \
        disabled=no new-packet-mark=wan-intl-down passthrough=no
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan1
    #
    # MANGLE FOR MARK PACKET nice-up and intl-up
    #
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan1
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan2
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan2
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan3
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan3
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan4
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan4
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan5
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan5
    add action=mark-packet chain=nice-up comment="upstream nice" disabled=no \
        new-packet-mark=wan-nice-up passthrough=no
    add action=mark-packet chain=intl-up comment="upstream international" \
        disabled=no new-packet-mark=wan-intl-up passthrough=yes
    #
    # MARK CONNECTION from client to nice proto tcp dst port 80,3128,8080
    # we are not using connection-state=new. Or using con-state=new doesn't matter
    # because the the packet will be redirected to proxy transparent. The problem
    # exists when not using proxy and use more than one uplink provider (multi wan).
    # So for preventive case not using con-state=new.
    #
    add action=mark-connection chain=prerouting disabled=no \
        dst-address-list=nice dst-port=80,3128,8080 in-interface=lan \
        new-connection-mark=nice-con passthrough=yes protocol=tcp \
        src-address-list=clients
    #
    # MARK PACKET directly from clients to proxy proto tcp dst port 8080
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET DIRECT to proxy clients-up" disabled=no dst-address-list=\
        proxy dst-port=8080 in-interface=lan new-packet-mark=clients-up \
        passthrough=no protocol=tcp
    #
    # MARK PACKET lokal-up
    #
    add action=mark-packet chain=prerouting comment="MARK PACKET LOCAL local-up" \
        disabled=no dst-address-list=local in-interface=lan new-packet-mark=\
        clients-local-up passthrough=no src-address-list=clients
    #
    # MARK PACKET from clients-up-www tcp dst port 80,3128,8080 (redirected to proxy)
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET clients tcp port 80,3128,8080 REDIRECT to proxy" disabled=no \
        dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
        new-packet-mark=clients-up-www passthrough=no protocol=tcp \
        src-address-list=clients
    #
    # MARK PACKET from clients-up to internet
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET clients-up" disabled=no in-interface=lan \
        new-packet-mark=clients-up passthrough=yes src-address-list=clients
    #
    # MARK PACKET proxy-hit from proxy
    #
    add action=mark-packet chain=forward comment="Proxy Cache Hits Mark" \
        disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp \
        src-port=8080
    #
    # MARK PACKET nice-down which connection-mark=nice-con
    # the packet from proxy will be catched too because we see connmark=nice-con
    #
    add action=mark-packet chain=forward comment="MARK nice-down" \
        connection-mark=nice-con disabled=no new-packet-mark=nice-down \
        out-interface=lan passthrough=yes
    #
    # MARK PACKET clients-down (from proxy)
    #
    add action=mark-packet chain=forward comment=\
        "MARK PACKET clients-down from proxy" disabled=no dst-address-list=\
        clients new-packet-mark=clients-down passthrough=no protocol=tcp \
        src-address-list=proxy src-port=8080
    #
    # MARK PACKET clients-local-down (local connection)
    #
    add action=mark-packet chain=forward comment="MARK PACKET LOCAL clients-down" \
        disabled=no dst-address-list=clients new-packet-mark=clients-local-down \
        passthrough=no src-address-list=local
    #
    # MARK PACKET clients-down (directly from internet)
    #
    add action=mark-packet chain=forward comment=\
        "MARK PACKET clients-down" disabled=no dst-address-list=clients \
        new-packet-mark=clients-down passthrough=no
    #
    # MANGLE LOAD BALANCING NTH / PCC GOES HERE
    #
    ...
    Dua mangle yang baru berwarna biru. Oya, tadi kan mark paket down dari nice diset passthrough=yes. Seperti ini tampilan trafik paket down dari nice (yang dikirim dari mesin proxy tentu):
    Click here to enlarge

    Kemudian passthrough diset no yang terjadi adalah:
    Click here to enlarge

    Terjadi lonjakan traffic yang tinggi dari 1704kbps ke 4.6mbps. Akhirnya passthrough diset kembali ke yes (karena belum buat queue-nya):
    Click here to enlarge

    ---

    Arief Yudhawarman
    Last edited by awarmanf; 06-08-2010 at 20:57.

  2. The Following 11 Users Say Thank You to awarmanf For This Useful Post:

    + Show/Hide list of the thanked


  3. #2
    Status
    Offline
    m3tr0mini's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Posts
    660
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ah pertamax dolo Click here to enlarge gan....______








    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge






    ijin untuk menyimak dolo

  4. #3
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    mantab juragan

  5. #4
    Status
    Offline
    dionipe's Avatar
    Member Senior
    Join Date
    Dec 2009
    Location
    Malang, Indonesia
    Posts
    455
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    1
    Feedback Score
    0
    wajib di stick neh.....


    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  6. #5
    Status
    Offline
    reges's Avatar
    Calon Member
    Join Date
    Jul 2008
    Posts
    93
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    syukur deh udah ada mengembangin ide saya Click here to enlarge

  7. #6
    Status
    Offline
    m3tr0mini's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Posts
    660
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @atas gw...yang punya ide dateng .ixiixixixixix








    ________:ngacir ada senpai....

  8. #7
    Status
    Offline
    alul89's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Kota Perwira
    Posts
    66
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ikut pekwan Click here to enlarge

  9. #8
    Status
    Offline
    dashmu.lyon's Avatar
    Baru Gabung
    Join Date
    Mar 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by alul89 Click here to enlarge
    ikut pekwan Click here to enlarge
    ho-oh ane juga Click here to enlarge

  10. #9
    Status
    Offline
    junkist's Avatar
    Member
    Join Date
    Jul 2009
    Posts
    130
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    saya masih belum mengerti mas Click here to enlarge

    apakah cache yg dipake menggunakan internal cache MT ? kalo internal kok bs punya alamat ip sendiri ? Mohon pencerahannya Click here to enlarge

  11. #10
    Status
    Offline
    mubarok's Avatar
    Newbie
    Join Date
    Aug 2010
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0

    nice

    [/CODE]
    Kemudian buat mangle untuk mark packet dari nice (paket download) seperti di bawah ini:
    [CODE]

    nice itu apa yaaClick here to enlarge

  12. #11
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mubarok Click here to enlarge
    [/CODE]
    Kemudian buat mangle untuk mark packet dari nice (paket download) seperti di bawah ini:
    [CODE]

    nice itu apa yaaClick here to enlarge
    nice adalah kumpulan alamat IP yang terhubung via IIX yang memungkinkan koneksi ke arah IIX mempunyai HOP yang lebih pendek dibandingkan ke international, tujuan memisahkan alamat IP ini tidak lain untuk meningkatkan efisiensi bandwith antar pengguna internet di dalam negri dimana transfer data antar pengguna IIX bisa mencapai 1Gbps (tergantung dari provider/upstreamer anda), IIX saat ini dijual lebih murah karena tidak membutuhkan VSAT untuk terhubung ke IP2 yang berada diluar negri, penggunaan nice lebih lengkap bisa dibaca di sekian penjelasan dari saya and CMIIW

  13. The Following 2 Users Say Thank You to oktama For This Useful Post:


  14. #12
    Status
    Offline
    boss_faith's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bro mau tanya, settingan diatas itu sudah memisahkan browsing lokal dan internasional ga? jadi kalo untuk browsing lokal pake ISP-A, trus kalo intl pake ISP-B ?

    kalo iya routing nya gmn bro? pake routing mark gitu ga?

    di tempat saya pakai 2 isp untuk memisahkan traffic lokal dan intl, tapi kalo di redirect ke proxy ext, ga jalan mangelnya. kalo di offkan nat redirect proxynya baru bisa.

    kira2 masalahnya ada dimana bro?

    thx.

  15. #13
    Status
    Offline
    ampenannet's Avatar
    Regional Mataram
    Join Date
    Feb 2010
    Location
    Mataram Lombok
    Posts
    358
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    7
    Feedback Score
    0
    Click here to enlarge Originally Posted by awarmanf Click here to enlarge
    Ide ini didapat saat membaca tulisan di situs: .
    Pada awalnya sempat bingung juga membaca maksud dan tujuan judul tulisan di atas, namun setelah membaca sampai tuntas ketahuan maksudnya yakni bagaimana agar browsing atau download, yang telah melalui proxy transparent, dari situs-situs tertentu bisa memiliki prioritas lebih tinggi atau mempunyai rate download lebih tinggi dibandingkan yang lain. Ini kalau saya tidak salah tafsir soalnya mangle-nya tidak diperlihatkan detailnya. Intinya penulis blog tersebut menggunakan mark routing untuk memisahkan koneksi ke situs-situs yang akan memperoleh prioritas lebih tinggi.
    Dari situ, saya mencoba teknik lain yaitu menggunakan mark connection pada mangle chain prerouting untuk koneksi dari client ke situs-situs tertentu protokol tcp port 80,3128,8080 (port2 tcp yang diredirect ke proxy transparent). Seperti ini contoh di bawah rule mangle mark connection untuk koneksi browsing ke nice:
    Code:
    add action=mark-connection chain=prerouting disabled=no \
        dst-address-list=nice dst-port=80,3128,8080 in-interface=lan \
        new-connection-mark=nice-con passthrough=yes protocol=tcp \
        src-address-list=clients
    Kemudian buat mangle untuk mark packet dari nice (paket download) seperti di bawah ini:
    Code:
    add action=mark-packet chain=forward comment="MARK nice-down" \
        connection-mark=nice-con disabled=no new-packet-mark=nice-down \
        out-interface=lan passthrough=yes
    Oya, saya masih menggunakan passthrough=yes. Jika paket telah berhasil ditangkap (counter naik di mangle) kemudian buat queuenya baru diset passthrough=no.

    Bagaimana rule lengkapnya?

    Code:
    /ip firewall nat
    add action=dst-nat chain=dstnat comment="DNS REDIRECT to proxy" disabled=no \
        dst-port=53 in-interface=lan protocol=udp src-address-list=clients \
        to-addresses=192.168.100.1 to-ports=53
    add action=dst-nat chain=dstnat comment="DNS REDIRECT to proxy" disabled=no \
        dst-port=53 in-interface=lan protocol=tcp src-address-list=clients \
        to-addresses=192.168.100.1 to-ports=53
    add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
        dst-port=53 in-interface=lan protocol=udp src-address-list=clients \
        to-ports=53
    add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
        dst-port=53 in-interface=lan protocol=tcp src-address-list=clients \
        to-ports=53
    add action=dst-nat chain=dstnat comment=proxy_external disabled=no \
        dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
        protocol=tcp src-address-list=clients-proxy to-addresses=192.168.100.1 \
        to-ports=8080
    ...
    Kode di bawah ini mangle untuk 5 buah uplink provider atau 5 koneksi spidi.
    Code:
    /ip firewall mangle
    add action=mark-packet chain=output comment="MARK PACKET local-icmp" \
        disabled=no new-packet-mark=local-icmp passthrough=no protocol=icmp
    #
    # MANGLE FOR MARK PACKET nice-down and intl-down
    #
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan1 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan1 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan2 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan2 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan3 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan3 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan4 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan4 \
        jump-target=intl-down
    add action=jump chain=prerouting comment=nice disabled=no in-interface=wan5 \
        jump-target=nice-down src-address-list=nice
    add action=jump chain=prerouting comment="" disabled=no in-interface=wan5 \
        jump-target=intl-down
    add action=mark-packet chain=nice-down comment="downstream nice" disabled=no \
        new-packet-mark=wan-nice-down passthrough=no
    add action=mark-packet chain=intl-down comment="downstream international" \
        disabled=no new-packet-mark=wan-intl-down passthrough=no
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan1
    #
    # MANGLE FOR MARK PACKET nice-up and intl-up
    #
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan1
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan2
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan2
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan3
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan3
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan4
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan4
    add action=jump chain=postrouting comment=nice disabled=no dst-address-list=\
        nice jump-target=nice-up out-interface=wan5
    add action=jump chain=postrouting comment="" disabled=no jump-target=intl-up \
        out-interface=wan5
    add action=mark-packet chain=nice-up comment="upstream nice" disabled=no \
        new-packet-mark=wan-nice-up passthrough=no
    add action=mark-packet chain=intl-up comment="upstream international" \
        disabled=no new-packet-mark=wan-intl-up passthrough=yes
    #
    # MARK CONNECTION from client to nice proto tcp dst port 80,3128,8080
    # we are not using connection-state=new. Or using con-state=new doesn't matter
    # because the the packet will be redirected to proxy transparent. The problem
    # exists when not using proxy and use more than one uplink provider (multi wan).
    # So for preventive case not using con-state=new.
    #
    add action=mark-connection chain=prerouting disabled=no \
        dst-address-list=nice dst-port=80,3128,8080 in-interface=lan \
        new-connection-mark=nice-con passthrough=yes protocol=tcp \
        src-address-list=clients
    #
    # MARK PACKET directly from clients to proxy proto tcp dst port 8080
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET DIRECT to proxy clients-up" disabled=no dst-address-list=\
        proxy dst-port=8080 in-interface=lan new-packet-mark=clients-up \
        passthrough=no protocol=tcp
    #
    # MARK PACKET lokal-up
    #
    add action=mark-packet chain=prerouting comment="MARK PACKET LOCAL local-up" \
        disabled=no dst-address-list=local in-interface=lan new-packet-mark=\
        clients-local-up passthrough=no src-address-list=clients
    #
    # MARK PACKET from clients-up-www tcp dst port 80,3128,8080 (redirected to proxy)
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET clients tcp port 80,3128,8080 REDIRECT to proxy" disabled=no \
        dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
        new-packet-mark=clients-up-www passthrough=no protocol=tcp \
        src-address-list=clients
    #
    # MARK PACKET from clients-up to internet
    #
    add action=mark-packet chain=prerouting comment=\
        "MARK PACKET clients-up" disabled=no in-interface=lan \
        new-packet-mark=clients-up passthrough=yes src-address-list=clients
    #
    # MARK PACKET proxy-hit from proxy
    #
    add action=mark-packet chain=forward comment="Proxy Cache Hits Mark" \
        disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp \
        src-port=8080
    #
    # MARK PACKET nice-down which connection-mark=nice-con
    # the packet from proxy will be catched too because we see connmark=nice-con
    #
    add action=mark-packet chain=forward comment="MARK nice-down" \
        connection-mark=nice-con disabled=no new-packet-mark=nice-down \
        out-interface=lan passthrough=yes
    #
    # MARK PACKET clients-down (from proxy)
    #
    add action=mark-packet chain=forward comment=\
        "MARK PACKET clients-down from proxy" disabled=no dst-address-list=\
        clients new-packet-mark=clients-down passthrough=no protocol=tcp \
        src-address-list=proxy src-port=8080
    #
    # MARK PACKET clients-local-down (local connection)
    #
    add action=mark-packet chain=forward comment="MARK PACKET LOCAL clients-down" \
        disabled=no dst-address-list=clients new-packet-mark=clients-local-down \
        passthrough=no src-address-list=local
    #
    # MARK PACKET clients-down (directly from internet)
    #
    add action=mark-packet chain=forward comment=\
        "MARK PACKET clients-down" disabled=no dst-address-list=clients \
        new-packet-mark=clients-down passthrough=no
    #
    # MANGLE LOAD BALANCING NTH / PCC GOES HERE
    #
    ...
    Dua mangle yang baru berwarna biru. Oya, tadi kan mark paket down dari nice diset passthrough=yes. Seperti ini tampilan trafik paket down dari nice (yang dikirim dari mesin proxy tentu):
    Click here to enlarge

    Kemudian passthrough diset no yang terjadi adalah:
    Click here to enlarge

    Terjadi lonjakan traffic yang tinggi dari 1704kbps ke 4.6mbps. Akhirnya passthrough diset kembali ke yes (karena belum buat queue-nya):
    Click here to enlarge

    ---

    Arief Yudhawarman
    Bagus jg, masih ngubek2 untuk versi modifnya Click here to enlarge Click here to enlarge Click here to enlarge

  16. #14
    Status
    Offline
    ampenannet's Avatar
    Regional Mataram
    Join Date
    Feb 2010
    Location
    Mataram Lombok
    Posts
    358
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    7
    Feedback Score
    0
    Masih binun ma address-list=local, address-list=clients. Kalo address-list=clients sih tau tp yg "local" gk kena ip nya si proxy jg kangClick here to enlarge

  17. #15
    Status
    Offline
    dskymc's Avatar
    Calon Member
    Join Date
    May 2010
    Location
    Manado
    Posts
    73
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wahhh mantepp.... Click here to enlarge

    ijin coba gan Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [asK] Mengarahkan user ke situs tertentu
    By joniquest in forum General Networking
    Replies: 8
    Last Post: 23-10-2011, 15:12
  2. [ASK] cache hanya situs tertentu di RB750
    By kid in forum General Networking
    Replies: 16
    Last Post: 28-03-2011, 22:25
  3. Allow Situs pada user tertentu
    By manyuz161 in forum General Networking
    Replies: 2
    Last Post: 30-06-2010, 13:40
  4. Blokir ads(iklan) situs tertentu
    By qhunyill99 in forum Scripting @ Mikrotik
    Replies: 6
    Last Post: 22-06-2010, 09:00
  5. [ask]proxy jalan tapi mikrotik tidak mau membypass situs tertentu
    By troyPollux in forum General Networking
    Replies: 0
    Last Post: 24-05-2010, 13:11

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •