Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    q-tink's Avatar
    Baru Gabung
    Join Date
    Jun 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    LB 2 isp + pisah iix int + ipcam + proxy eksternal

    Mohon bimbingannya utk para senior. mohon maaf kalo salah posting ditread sini..

    Ceritanya ane baru pasang winet di warnet ane utk lokal aja,
    mereka janjikan nanti disetting ulang utk mikrotiknya, mereka udah sempat setting awal yaitu gabungin 2 isp. tp utk proxy mereka bilg msh pending entah sampe kpn blm ada kbrnya. Click here to enlargeClick here to enlarge

    sebelum ane pake winet, konfigurasi yg ane buat lancar2 aja.
    speedy + proxyeksternal + ipcam.. semua berjalan lancar.. bahkan ngacir bgt utk browshing.

    tp setelah ane tambah winet, mereka konfigurasi ulang dari nol,,
    udah jalan winet + speedy nya bisa di pisahin, tp proxy + ipcamnya gk bs jalan,, ane bingung ni.. udah 3mlm ane gk bisa tidur ngutek2 ni mikrotik..Click here to enlargeClick here to enlargeClick here to enlarge

    Kalo dilihat salah rule di manglenya,, tp kok salah ya,, ane udah ikutin konf waktu awal dulu, apa diqueue nya ada yg kurang yah.. mohooooon Click here to enlarge

    tolong dibantu para senior..

    TKP :

    eth :

    Flags: D - dynamic, X - disabled, R - running, S - slave
    # NAME TYPE MTU L2MTU
    0 R ether 1 Speedy ether 1500 1526
    1 R ether 2 Lan ether 1500 1524
    2 R ether 3 Winet ether 1500 1524
    3 R ether 4 Proxy ether 1500 1524
    4 R ether 5 Camera ether 1500 1524
    5 R pppoe-speedy pppoe-out 1480

    ip add :

    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 116.197.88.187/24 116.197.88.0 116.197.88.255 ether 3 Winet
    1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether 2 Lan
    2 192.168.2.2/24 192.168.2.0 192.168.2.255 ether 1 Speedy
    3 D 110.137.88.88/32 110.137.88.1 0.0.0.0 pppoe-speedy
    4 192.168.3.5/24 192.168.3.0 192.168.3.255 ether 4 Proxy
    5 192.168.5.1/24 192.168.5.0 192.168.5.255 ether 5 Camera

    ip firewall nat :

    0 chain=srcnat action=masquerade out-interface=pppoe-speedy

    1 chain=srcnat action=masquerade out-interface=ether 3 Winet

    2 chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53

    3 ;;; DNS resolver
    chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53

    4 ;;; Untuk IP Cop
    chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=81
    protocol=tcp dst-port=81

    5 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=445
    protocol=tcp dst-port=445

    6 ;;; Redirect Mik to Squid
    chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=878
    protocol=tcp src-address=!192.168.3.0/24 dst-port=80


    ip firewall mangle :

    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Mark Connection
    chain=forward action=mark-connection new-connection-mark=con-iix
    passthrough=yes dst-address-list=nice in-interface=ether 2 Lan

    1 ;;; Mark Connection
    chain=forward action=mark-connection new-connection-mark=con-lan
    passthrough=yes dst-address-list=white-list in-interface=ether 2 Lan

    2 ;;; Mark routing
    chain=prerouting action=mark-routing
    new-routing-mark=routing-winet passthrough=yes
    src-address=192.168.0.0/24 connection-mark=con-iix

    chain=prerouting action=mark-routing
    new-routing-mark=routing-lan passthrough=yes
    src-address=192.168.0.0/24 connection-mark=con-lan

    3 chain=prerouting action=mark-routing new-routing-mark=routing-speedy
    passthrough=yes src-address=192.168.0.0/24
    connection-mark=!con-iix,con-lan

    4 ;;; Packet IXX
    chain=prerouting action=mark-packet new-packet-mark=packet-iix
    passthrough=no connection-mark=con-iix

    5 chain=output action=mark-packet new-packet-mark=packet-iix
    passthrough=no connection-mark=con-iix

    6 ;;; Packet Lan
    chain=prerouting action=mark-packet new-packet-mark=packet-lan
    passthrough=no connection-mark=con-lan

    7 chain=output action=mark-packet new-packet-mark=packet-lan
    passthrough=no connection-mark=con-lan

    8 ;;; Packet INT
    chain=prerouting action=mark-packet new-packet-mark=packet-int
    passthrough=no connection-mark=!con-iix,con-lan

    9 chain=output action=mark-packet new-packet-mark=packet-int
    passthrough=no connection-mark=!con-iix,con-lan

    10 ;;; Mangle Squid
    chain=forward action=mark-connection new-connection-mark=squid_con
    passthrough=yes content=X-Cache: HIT

    11 chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no
    connection-mark=squid_con

    12 chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no
    protocol=tcp src-port=80 connection-mark=!squid_con

    Route :

    1 A S ;;; Normal [ Disable Jika Winet Down ]
    0.0.0.0/0 r 116.197.88.1 1 e
    2 X S ;;; Enable Jika Winet Down
    0.0.0.0/0 110.137.88.1 1
    3 X S ;;; Enable Jika Speedy Down
    0.0.0.0/0 116.197.88.1 1
    4 A S ;;; Normal [ Disable Jika Speedy Down ]
    0.0.0.0/0 r 110.137.88.1 1 p
    5 A S ;;; Normal [ Disable Jika Winet Down ]
    0.0.0.0/0 r 116.197.88.1 1 e
    6 A S 10.5.1.0/29 r 116.197.88.1 1 e
    7 ADC 110.137.88.1/32 110.137.88.88 0 p
    8 ADC 116.197.88.0/24 116.197.88.187 0 e
    9 ADC 192.168.0.0/24 192.168.0.1 0 e
    10 ADC 192.168.2.0/24 192.168.2.2 0 e
    11 ADC 192.168.3.0/24 192.168.3.5 0 e
    12 ADC 192.168.5.0/24 192.168.5.1 0 e

    Queuesimple:

    0 name="IIX" target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0
    interface=all parent=none packet-marks=packet-iix direction=both
    priority=8 queue=default-small/default-small limit-at=0/0
    max-limit=0/0 burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    1 name="INT" target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0
    interface=all parent=none packet-marks=packet-int direction=both
    priority=8 queue=default-small/default-small limit-at=0/0
    max-limit=0/0 burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    2 name="Billing-IIX" target-addresses=192.168.0.2/32
    dst-address=0.0.0.0/0 interface=all parent=IIX
    packet-marks=packet-iix direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=256k/256k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    3 name="Billing-INT" target-addresses=192.168.0.2/32
    dst-address=0.0.0.0/0 interface=all parent=INT
    packet-marks=packet-int direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=200k/200k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    4 name="PC-01-IIX" target-addresses=192.168.0.3/32
    dst-address=0.0.0.0/0 interface=all parent=IIX
    packet-marks=packet-iix direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=256k/256k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    5 name="PC-01-INT" target-addresses=192.168.0.3/32
    dst-address=0.0.0.0/0 interface=all parent=INT
    packet-marks=packet-int direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=200k/200k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    6 name="PC-02-IIX" target-addresses=192.168.0.4/32
    dst-address=0.0.0.0/0 interface=all parent=IIX
    packet-marks=packet-iix direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=256k/256k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    7 name="PC-02-INT" target-addresses=192.168.0.4/32
    dst-address=0.0.0.0/0 interface=all parent=INT
    packet-marks=packet-int direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=200k/200k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    8 name="PC-03-IIX" target-addresses=192.168.0.5/32
    dst-address=0.0.0.0/0 interface=all parent=IIX
    packet-marks=packet-iix direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=256k/256k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    9 name="PC-03-INT" target-addresses=192.168.0.5/32
    dst-address=0.0.0.0/0 interface=all parent=INT
    packet-marks=packet-int direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=200k/200k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    10 name="PC-04-IIX" target-addresses=192.168.0.6/32
    dst-address=0.0.0.0/0 interface=all parent=IIX
    packet-marks=packet-iix direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=256k/256k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small

    11 name="PC-04-INT" target-addresses=192.168.0.6/32
    dst-address=0.0.0.0/0 interface=all parent=INT
    packet-marks=packet-int direction=both priority=8
    queue=default-small/default-small limit-at=0/0
    max-limit=200k/200k burst-limit=0/0 burst-threshold=0/0
    burst-time=0s/0s total-queue=default-small
    .
    .
    .
    .
    dst

  2. #2
    Status
    Offline
    q-tink's Avatar
    Baru Gabung
    Join Date
    Jun 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Duh kok sepi ya,, mohon pencerahannya dung para suhu,,
    ane beom bisa tidur nih,, Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  3. #3
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    memang agak rumit tp msh bs di atur Click here to enlarge

  4. #4
    Status
    Offline
    q-tink's Avatar
    Baru Gabung
    Join Date
    Jun 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    memang agak rumit tp msh bs di atur Click here to enlarge
    Gimana diaturnya kaka.. mohon dibantu.. Click here to enlargeClick here to enlarge

  5. #5
    Status
    Offline
    gobelxxx's Avatar
    Calon Member
    Join Date
    Oct 2008
    Location
    MEDAN city
    Posts
    97
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    hehe

    hehehhe ada om qting Click here to enlarge

    knapa sih ting..

    telp aja lah Click here to enlarge

  6. #6
    Status
    Offline
    q-tink's Avatar
    Baru Gabung
    Join Date
    Jun 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by gobelxxx Click here to enlarge
    hehehhe ada om qting Click here to enlarge

    knapa sih ting..

    telp aja lah Click here to enlarge
    ah lu bel ditelp sibuk bgt skrg..

    ntar mlm ya bel.. jam 12 gw telp.. Click here to enlargeClick here to enlarge musti kudu bantu.. pusyiing nih.. gak jalan2..
    Click here to enlargeClick here to enlargeClick here to enlarge

  7. #7
    Status
    Offline
    q-tink's Avatar
    Baru Gabung
    Join Date
    Jun 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Setelah ane liat tutorial akange, akhirnya ane bs memisahkan iix + int dan proxy eksternal berjalan baik.

    ane tinggal rubah di mangle.
    ip fi ma pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Mark Connection iix
    chain=forward action=mark-connection new-connection-mark=con-iix
    passthrough=no src-address-list=nice

    1 chain=forward action=mark-connection new-connection-mark=con-iix
    passthrough=no dst-address-list=nice

    2 ;;; Mark Connection int
    chain=forward action=mark-connection new-connection-mark=con-int
    passthrough=yes src-address-list=!nice

    3 chain=forward action=mark-connection new-connection-mark=con-int
    passthrough=yes dst-address-list=!nice

    4 chain=prerouting action=mark-packet new-packet-mark=packet-iix
    passthrough=yes connection-mark=con-iix

    5 chain=prerouting action=mark-packet new-packet-mark=packet-int
    passthrough=yes connection-mark=con-int

    6 ;;; Mark Connection Squid
    chain=forward action=mark-connection new-connection-mark=conn-squid
    passthrough=yes dst-address-list=nice in-interface=ether 2 Lan
    content=X-Cache : HIT

    7 ;;; Paket squid
    chain=forward action=mark-packet new-packet-mark=squid-pkt
    passthrough=no connection-mark=conn-squid

    8 chain=forward action=mark-packet new-packet-mark=http-pkt passthrough=no
    protocol=tcp src-port=80 connection-mark=!conn-squid

    9 X ;;; Mark routing
    chain=prerouting action=mark-routing new-routing-mark=routing-winet
    passthrough=yes src-address=192.168.0.0/24 connection-mark=con-iix

    10 X chain=prerouting action=mark-routing new-routing-mark=routing-speedy
    passthrough=yes src-address=192.168.0.0/24 connection-mark=!con-iix
    Nah yang ane mantok ni gk jalan2, gimana cara iix masuk ke isp winet(lokal), ane dah coba pk mark routing sesuai bold diatas. tp tetep gk jalan..
    kalo didisable baru jalan.. padahal tujuan ane biar yg main game masuk ke isp winet gt.
    mohon pencerahannya para suhu.. Click here to enlargeClick here to enlargeClick here to enlarge

  8. #8
    Status
    Offline
    fanatiCanz's Avatar
    Calon Member
    Join Date
    Sep 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    98
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ini turorial yang mana? bagi link nya dong.. Say ajuga lagi mumet soal itu.... Pisah IIX int ga jalan gara gara ada proxy eksternal.

    Click here to enlarge Originally Posted by q-tink Click here to enlarge
    Setelah ane liat tutorial akange, akhirnya ane bs memisahkan iix + int dan proxy eksternal berjalan baik.

    ane tinggal rubah di mangle.


    Nah yang ane mantok ni gk jalan2, gimana cara iix masuk ke isp winet(lokal), ane dah coba pk mark routing sesuai bold diatas. tp tetep gk jalan..
    kalo didisable baru jalan.. padahal tujuan ane biar yg main game masuk ke isp winet gt.
    mohon pencerahannya para suhu.. Click here to enlargeClick here to enlargeClick here to enlarge

  9. #9
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sebenernya jawabannya simple aja
    traffic kearah local jangan terkena marking-route
    jadi dalam pembentukan mark-con sebaiknya kita buat struktur pemisahan QOS dan NON-QOS
    kalo traffic NON-QOS kenak routing-mark, ketika traffic masuk ke routing decision, traffic tersebut jadi begong
    clue nya : terapkan routing-mark hanya kepada traffic yg akan keluar menuju internet

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Load balancing dengan proxy eksternal
    By awarmanf in forum General Networking
    Replies: 3
    Last Post: 05-05-2011, 15:41
  2. RB750G dan Proxy Squid Eksternal
    By agusfazri in forum Beginner Basics
    Replies: 3
    Last Post: 30-08-2010, 23:37
  3. ASK:Automatic Disable Rule NAT ke Eksternal Proxy
    By sridjokoonline in forum Scripting @ Mikrotik
    Replies: 4
    Last Post: 06-09-2009, 00:36
  4. Replies: 0
    Last Post: 25-07-2009, 21:07

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •