Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 16 to 30 of 62
  1. #16
    Status
    Offline
    Poer's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    25
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ijin menyimak, pingin belajar Proxy internal nya mikrotik.
    Click here to enlarge

  2. The Following 2 Users Say Thank You to Poer For This Useful Post:


  3. #17
    Status
    Offline
    riswan.effendy's Avatar
    Newbie
    Join Date
    Mar 2010
    Location
    Medan, Indonesia, Indonesia
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    Assalamualaikum, selamat siang dan salam sejahtera bagi pada rekan" forum mikrotik...

    pada awalnya saya ingin membuat sebuah proxy internal dengan memanfaatkan komputer bekas, setelah obrak abrik google dan forum ini saya menemukan setting mangle untuk proxy internal, kira" begini settinganya :

    sebelumnya di asumsikan bahwa :
    1. cache drive = primary-slave
    2. port = 3128
    3. Cache Hit DSCP (TOS) = 5
    4. ip mikrotik 192.168.1.1

    proxy cache
    Code:
    ip proxy cache print 
    Flags: X - disabled 
     #   DST-PORT             DST-HOST        PATH        METHOD  ACTION HITS      
     0                                        /*\?*               allow  1765      
     1                                        /cgi-bin/*          allow  0
    address-list
    Code:
    /ip firewall address-list print 
    Flags: X - disabled, D - dynamic 
     #   LIST                                       ADDRESS                                     
     0   ;;; my local network
         local-addr                                 192.168.1.0/24                  
     1   ;;; my src-nated local network hosts
         nat-addr                                   192.168.1.0/24
    nat
    Code:
    ip firewall nat print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Transparent Web Cache
         chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=80 
    
     1   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=8080 
    
     2   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=3128 
    
     3   ;;; ALL Masq
         chain=srcnat action=masquerade src-address-list=nat-addr 
    
     4   ;;; DNS Resolver
         chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 
    	 
     5   chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53
    mangle
    Code:
    /ip firewall mangle print
    Flags: X - disabled, I - invalid, D - dynamic 
     0 	 ;;; HIT TRAFFIC FROM PROXY
    	 chain=output out-interface=eth1-LAN dscp=5 action=mark-packet
    	 new-packet-mark=proxy-hit passthrough=no
    
     1   ;;; UP TRAFFIC
         chain=prerouting in-interface=eth1-LAN src-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-up passthrough=no 
    
     2   ;;; CONN-MARK
         chain=forward src-address-list=nat-addr action=mark-connection 
         new-connection-mark=test-conn passthrough=yes 
    
     3   ;;; DOWN-DIRECT CONNECTION
         chain=forward in-interface=PPPoE-Speedy connection-mark=test-conn 
    	 action=mark-packet new-packet-mark=test-down passthrough=no 
    
     4   ;;; DOWN-VIA PROXY
         chain=output out-interface=eth1-LAN dst-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-down passthrough=no
    dengan rule di atas maka akan di dapatkan kesimpulan :
    proxy cache


    address-list


    nat


    mangle


    setelah saya terapkan rule di atas saya mengalami beberapa masalah, di antaranya :


    setelah meng-oprek selama lebih dari 1 minggu saya menemukan rule mangle yang saya rasa tepat untuk proxy internal, berikut hasil copas nya :
    mangle
    Code:
    /ip firewall mangle print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; 1.[pack-up-global] Upstream Global
         chain=output action=mark-connection new-connection-mark=conn-up-global 
         passthrough=yes protocol=tcp out-interface=PPPoE-Speedy
    
     1   chain=output action=mark-packet new-packet-mark=pack-up-global 
         passthrough=no protocol=tcp out-interface=PPPoE-Speedy
         connection-mark=conn-up-global 
    
     2   ;;; 2.[pack-down-global] Trafic Downstream Global
         chain=input action=mark-connection new-connection-mark=conn-down-global 
         passthrough=yes protocol=tcp in-interface=PPPoE-Speedy
    
     3   chain=input action=mark-packet new-packet-mark=pack-down-global 
         passthrough=no protocol=tcp in-interface=PPPoE-Speedy
         connection-mark=conn-down-global 
    	 
     4   ;;; 3.[pack-proxy-hit] Proxy to Client / Proxy HIT
         chain=output action=mark-connection new-connection-mark=conn-proxy-hit 
         passthrough=yes protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 dscp=5 
    
     5   chain=output action=mark-packet new-packet-mark=pack-proxy-hit 
         passthrough=no protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 
         connection-mark=conn-proxy-hit dscp=5 
    
     6   ;;; 4.[pack-up-client] Upstream Client to Mikrotik
         chain=prerouting action=mark-connection 
         new-connection-mark=conn-up-client passthrough=yes protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN src-port=!3128 
         connection-mark=!conn-proxy-hit 
    
     7   chain=prerouting action=mark-packet new-packet-mark=pack-up-client 
          passthrough=no protocol=tcp src-address-list=nat-addr 
         in-interface=eth1-LAN src-port=!3128 connection-mark=conn-up-client 
    
     8   ;;; 5.[pack-down-direct] Downstream Direct Connection
         chain=forward action=mark-connection 
         new-connection-mark=conn-down-direct passthrough=yes protocol=tcp 
         dst-address-list=nat-addr in-interface=PPPoE-Speedy
         out-interface=eth1-LAN 
    
     9   chain=forward action=mark-packet new-packet-mark=pack-down-direct 
         passthrough=no protocol=tcp dst-address-list=nat-addr 
         in-interface=PPPoE-Speedyout-interface=eth1-LAN 
         connection-mark=conn-down-direct 
    
    10   ;;; 6.[pack-down-client] Downstream Direct Conn / Proxy to Client
         chain=output action=mark-connection new-connection-mark=conn-down-client 
         passthrough=yes protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=!conn-proxy-hit 
    
    11   chain=output action=mark-packet new-packet-mark=pack-down-client 
         passthrough=no protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=conn-down-client
    dari mangle di atas dapat di simpulkan sebagai berikut :


    demikian hasil dari 1 minggu saya oprek mikrotik untuk mendapatkan mangle yang sesuai dengan harapan, semoga rule di atas dapat membantu / memberikan pencerahan bagi rekan-rekan semuanya.

    update : queue tree
    Code:
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000 name="'Downstream" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=256000 name="'Upstream" packet-mark="" parent=global-in \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Upstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Downstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000000 name="''Proxy" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
        max-limit=0 name=A-SPACE packet-mark="" parent=global-in priority=8 \
        queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
        100000000 max-limit=1000000000 name="3.Proxy Hit" packet-mark=\
        pack-proxy-hit parent="''Proxy" priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=5.Down-Direct packet-mark=pack-down-direct parent=\
        "'Downstream" priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=1.Up-Global packet-mark=pack-up-global parent=\
        Global-Upstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=2.Down-Global packet-mark=pack-down-global parent=\
        Global-Downstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=6.Down-Client packet-mark=pack-down-client parent=\
        "'Downstream" priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64000 \
        max-limit=256000 name=4.Up-Client packet-mark=pack-up-client parent=\
        "'Upstream" priority=8 queue=default
    rule queue di atas dapat di sesuaikan dengan kebutuhan yg penting jgn langsung copy paste, di cek dulu satu-satu Click here to enlarge
    kalau berguna click thanks Click here to enlarge
    ane dah coba thread-nya gan, buat browsing ama, download ama upload memang ampuh, cuma ane heran kl mau main poker di facebook kok gak bisa ya..? mentok di loading poker-nya hbs itu gak ada respon apa2

  4. The Following 2 Users Say Thank You to riswan.effendy For This Useful Post:


  5. #18
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by riswan.effendy Click here to enlarge
    ane dah coba thread-nya gan, buat browsing ama, download ama upload memang ampuh, cuma ane heran kl mau main poker di facebook kok gak bisa ya..? mentok di loading poker-nya hbs itu gak ada respon apa2
    di komputer saya bagus" aja gan, coba clear cache di mikrotik dan browser agan dulu sama update flash playernya..mungkin stuck aja itu gan..

  6. The Following 2 Users Say Thank You to adh1et For This Useful Post:


  7. #19
    Status
    Offline
    cumi23's Avatar
    Baru Gabung
    Join Date
    Aug 2007
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    Assalamualaikum, selamat siang dan salam sejahtera bagi pada rekan" forum mikrotik...

    pada awalnya saya ingin membuat sebuah proxy internal dengan memanfaatkan komputer bekas, setelah obrak abrik google dan forum ini saya menemukan setting mangle untuk proxy internal, kira" begini settinganya :

    sebelumnya di asumsikan bahwa :
    1. cache drive = primary-slave
    2. port = 3128
    3. Cache Hit DSCP (TOS) = 5
    4. ip mikrotik 192.168.1.1

    proxy cache
    Code:
    ip proxy cache print 
    Flags: X - disabled 
     #   DST-PORT             DST-HOST        PATH        METHOD  ACTION HITS      
     0                                        /*\?*               allow  1765      
     1                                        /cgi-bin/*          allow  0
    address-list
    Code:
    /ip firewall address-list print 
    Flags: X - disabled, D - dynamic 
     #   LIST                                       ADDRESS                                     
     0   ;;; my local network
         local-addr                                 192.168.1.0/24                  
     1   ;;; my src-nated local network hosts
         nat-addr                                   192.168.1.0/24
    nat
    Code:
    ip firewall nat print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Transparent Web Cache
         chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=80 
    
     1   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=8080 
    
     2   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=3128 
    
     3   ;;; ALL Masq
         chain=srcnat action=masquerade src-address-list=nat-addr 
    
     4   ;;; DNS Resolver
         chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 
    	 
     5   chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53
    mangle
    Code:
    /ip firewall mangle print
    Flags: X - disabled, I - invalid, D - dynamic 
     0 	 ;;; HIT TRAFFIC FROM PROXY
    	 chain=output out-interface=eth1-LAN dscp=5 action=mark-packet
    	 new-packet-mark=proxy-hit passthrough=no
    
     1   ;;; UP TRAFFIC
         chain=prerouting in-interface=eth1-LAN src-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-up passthrough=no 
    
     2   ;;; CONN-MARK
         chain=forward src-address-list=nat-addr action=mark-connection 
         new-connection-mark=test-conn passthrough=yes 
    
     3   ;;; DOWN-DIRECT CONNECTION
         chain=forward in-interface=PPPoE-Speedy connection-mark=test-conn 
    	 action=mark-packet new-packet-mark=test-down passthrough=no 
    
     4   ;;; DOWN-VIA PROXY
         chain=output out-interface=eth1-LAN dst-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-down passthrough=no
    dengan rule di atas maka akan di dapatkan kesimpulan :
    proxy cache


    address-list


    nat


    mangle


    setelah saya terapkan rule di atas saya mengalami beberapa masalah, di antaranya :


    setelah meng-oprek selama lebih dari 1 minggu saya menemukan rule mangle yang saya rasa tepat untuk proxy internal, berikut hasil copas nya :
    mangle
    Code:
    /ip firewall mangle print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; 1.[pack-up-global] Upstream Global
         chain=output action=mark-connection new-connection-mark=conn-up-global 
         passthrough=yes protocol=tcp out-interface=PPPoE-Speedy
    
     1   chain=output action=mark-packet new-packet-mark=pack-up-global 
         passthrough=no protocol=tcp out-interface=PPPoE-Speedy
         connection-mark=conn-up-global 
    
     2   ;;; 2.[pack-down-global] Trafic Downstream Global
         chain=input action=mark-connection new-connection-mark=conn-down-global 
         passthrough=yes protocol=tcp in-interface=PPPoE-Speedy
    
     3   chain=input action=mark-packet new-packet-mark=pack-down-global 
         passthrough=no protocol=tcp in-interface=PPPoE-Speedy
         connection-mark=conn-down-global 
    	 
     4   ;;; 3.[pack-proxy-hit] Proxy to Client / Proxy HIT
         chain=output action=mark-connection new-connection-mark=conn-proxy-hit 
         passthrough=yes protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 dscp=5 
    
     5   chain=output action=mark-packet new-packet-mark=pack-proxy-hit 
         passthrough=no protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 
         connection-mark=conn-proxy-hit dscp=5 
    
     6   ;;; 4.[pack-up-client] Upstream Client to Mikrotik
         chain=prerouting action=mark-connection 
         new-connection-mark=conn-up-client passthrough=yes protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN src-port=!3128 
         connection-mark=!conn-proxy-hit 
    
     7   chain=prerouting action=mark-packet new-packet-mark=pack-up-client 
          passthrough=no protocol=tcp src-address-list=nat-addr 
         in-interface=eth1-LAN src-port=!3128 connection-mark=conn-up-client 
    
     8   ;;; 5.[pack-down-direct] Downstream Direct Connection
         chain=forward action=mark-connection 
         new-connection-mark=conn-down-direct passthrough=yes protocol=tcp 
         dst-address-list=nat-addr in-interface=PPPoE-Speedy
         out-interface=eth1-LAN 
    
     9   chain=forward action=mark-packet new-packet-mark=pack-down-direct 
         passthrough=no protocol=tcp dst-address-list=nat-addr 
         in-interface=PPPoE-Speedyout-interface=eth1-LAN 
         connection-mark=conn-down-direct 
    
    10   ;;; 6.[pack-down-client] Downstream Direct Conn / Proxy to Client
         chain=output action=mark-connection new-connection-mark=conn-down-client 
         passthrough=yes protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=!conn-proxy-hit 
    
    11   chain=output action=mark-packet new-packet-mark=pack-down-client 
         passthrough=no protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=conn-down-client
    dari mangle di atas dapat di simpulkan sebagai berikut :


    demikian hasil dari 1 minggu saya oprek mikrotik untuk mendapatkan mangle yang sesuai dengan harapan, semoga rule di atas dapat membantu / memberikan pencerahan bagi rekan-rekan semuanya.

    update : queue tree
    Code:
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000 name="'Downstream" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=256000 name="'Upstream" packet-mark="" parent=global-in \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Upstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Downstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000000 name="''Proxy" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
        max-limit=0 name=A-SPACE packet-mark="" parent=global-in priority=8 \
        queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
        100000000 max-limit=1000000000 name="3.Proxy Hit" packet-mark=\
        pack-proxy-hit parent="''Proxy" priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=5.Down-Direct packet-mark=pack-down-direct parent=\
        "'Downstream" priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=1.Up-Global packet-mark=pack-up-global parent=\
        Global-Upstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=2.Down-Global packet-mark=pack-down-global parent=\
        Global-Downstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=6.Down-Client packet-mark=pack-down-client parent=\
        "'Downstream" priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64000 \
        max-limit=256000 name=4.Up-Client packet-mark=pack-up-client parent=\
        "'Upstream" priority=8 queue=default
    rule queue di atas dapat di sesuaikan dengan kebutuhan yg penting jgn langsung copy paste, di cek dulu satu-satu Click here to enlarge
    kalau berguna click thanks Click here to enlarge
    p proxy cache print
    Flags: X - disabled
    # DST-PORT DST-HOST PATH METHOD ACTION HITS
    0 /*\?* allow 1765
    1 /cgi-bin/* allow 0

    ane nanya donk gan bagian path dengan syntax /*\?* ini mksdnya apa ya ?Click here to enlarge

  8. The Following 2 Users Say Thank You to cumi23 For This Useful Post:


  9. #20
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by cumi23 Click here to enlarge
    p proxy cache print
    Flags: X - disabled
    # DST-PORT DST-HOST PATH METHOD ACTION HITS
    0 /*\?* allow 1765
    1 /cgi-bin/* allow 0

    ane nanya donk gan bagian path dengan syntax /*\?* ini mksdnya apa ya ?Click here to enlarge
    kalo di pecah kira2 begini
    / = /
    * = any
    \? = ?
    * = any

  10. The Following 3 Users Say Thank You to adiputrolds For This Useful Post:


  11. #21
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ane nyontek di gan

  12. The Following 4 Users Say Thank You to adh1et For This Useful Post:


  13. #22
    Status
    Offline
    kevin25's Avatar
    Baru Gabung
    Join Date
    Apr 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Talking

    mantap gan terus berjuang Click here to enlarge

  14. The Following 2 Users Say Thank You to kevin25 For This Useful Post:


  15. #23
    Status
    Offline
    dansyah1's Avatar
    Baru Gabung
    Join Date
    Feb 2010
    Posts
    14
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    Assalamualaikum, selamat siang dan salam sejahtera bagi pada rekan" forum mikrotik...

    pada awalnya saya ingin membuat sebuah proxy internal dengan memanfaatkan komputer bekas, setelah obrak abrik google dan forum ini saya menemukan setting mangle untuk proxy internal, kira" begini settinganya :

    sebelumnya di asumsikan bahwa :
    1. cache drive = primary-slave
    2. port = 3128
    3. Cache Hit DSCP (TOS) = 5
    4. ip mikrotik 192.168.1.1

    proxy cache
    Code:
    ip proxy cache print 
    Flags: X - disabled 
     #   DST-PORT             DST-HOST        PATH        METHOD  ACTION HITS      
     0                                        /*\?*               allow  1765      
     1                                        /cgi-bin/*          allow  0
    address-list
    Code:
    /ip firewall address-list print 
    Flags: X - disabled, D - dynamic 
     #   LIST                                       ADDRESS                                     
     0   ;;; my local network
         local-addr                                 192.168.1.0/24                  
     1   ;;; my src-nated local network hosts
         nat-addr                                   192.168.1.0/24
    nat
    Code:
    ip firewall nat print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Transparent Web Cache
         chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=80 
    
     1   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=8080 
    
     2   chain=dstnat action=redirect to-ports=3128 protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN dst-port=3128 
    
     3   ;;; ALL Masq
         chain=srcnat action=masquerade src-address-list=nat-addr 
    
     4   ;;; DNS Resolver
         chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 
    	 
     5   chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53
    mangle
    Code:
    /ip firewall mangle print
    Flags: X - disabled, I - invalid, D - dynamic 
     0 	 ;;; HIT TRAFFIC FROM PROXY
    	 chain=output out-interface=eth1-LAN dscp=5 action=mark-packet
    	 new-packet-mark=proxy-hit passthrough=no
    
     1   ;;; UP TRAFFIC
         chain=prerouting in-interface=eth1-LAN src-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-up passthrough=no 
    
     2   ;;; CONN-MARK
         chain=forward src-address-list=nat-addr action=mark-connection 
         new-connection-mark=test-conn passthrough=yes 
    
     3   ;;; DOWN-DIRECT CONNECTION
         chain=forward in-interface=PPPoE-Speedy connection-mark=test-conn 
    	 action=mark-packet new-packet-mark=test-down passthrough=no 
    
     4   ;;; DOWN-VIA PROXY
         chain=output out-interface=eth1-LAN dst-address-list=nat-addr 
    	 action=mark-packet new-packet-mark=test-down passthrough=no
    dengan rule di atas maka akan di dapatkan kesimpulan :
    proxy cache


    address-list


    nat


    mangle


    setelah saya terapkan rule di atas saya mengalami beberapa masalah, di antaranya :


    setelah meng-oprek selama lebih dari 1 minggu saya menemukan rule mangle yang saya rasa tepat untuk proxy internal, berikut hasil copas nya :
    mangle
    Code:
    /ip firewall mangle print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; 1.[pack-up-global] Upstream Global
         chain=output action=mark-connection new-connection-mark=conn-up-global 
         passthrough=yes protocol=tcp out-interface=PPPoE-Speedy
    
     1   chain=output action=mark-packet new-packet-mark=pack-up-global 
         passthrough=no protocol=tcp out-interface=PPPoE-Speedy
         connection-mark=conn-up-global 
    
     2   ;;; 2.[pack-down-global] Trafic Downstream Global
         chain=input action=mark-connection new-connection-mark=conn-down-global 
         passthrough=yes protocol=tcp in-interface=PPPoE-Speedy
    
     3   chain=input action=mark-packet new-packet-mark=pack-down-global 
         passthrough=no protocol=tcp in-interface=PPPoE-Speedy
         connection-mark=conn-down-global 
    	 
     4   ;;; 3.[pack-proxy-hit] Proxy to Client / Proxy HIT
         chain=output action=mark-connection new-connection-mark=conn-proxy-hit 
         passthrough=yes protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 dscp=5 
    
     5   chain=output action=mark-packet new-packet-mark=pack-proxy-hit 
         passthrough=no protocol=tcp src-address=192.168.1.1 
         dst-address-list=nat-addr out-interface=eth1-LAN src-port=3128 
         connection-mark=conn-proxy-hit dscp=5 
    
     6   ;;; 4.[pack-up-client] Upstream Client to Mikrotik
         chain=prerouting action=mark-connection 
         new-connection-mark=conn-up-client passthrough=yes protocol=tcp 
         src-address-list=nat-addr in-interface=eth1-LAN src-port=!3128 
         connection-mark=!conn-proxy-hit 
    
     7   chain=prerouting action=mark-packet new-packet-mark=pack-up-client 
          passthrough=no protocol=tcp src-address-list=nat-addr 
         in-interface=eth1-LAN src-port=!3128 connection-mark=conn-up-client 
    
     8   ;;; 5.[pack-down-direct] Downstream Direct Connection
         chain=forward action=mark-connection 
         new-connection-mark=conn-down-direct passthrough=yes protocol=tcp 
         dst-address-list=nat-addr in-interface=PPPoE-Speedy
         out-interface=eth1-LAN 
    
     9   chain=forward action=mark-packet new-packet-mark=pack-down-direct 
         passthrough=no protocol=tcp dst-address-list=nat-addr 
         in-interface=PPPoE-Speedyout-interface=eth1-LAN 
         connection-mark=conn-down-direct 
    
    10   ;;; 6.[pack-down-client] Downstream Direct Conn / Proxy to Client
         chain=output action=mark-connection new-connection-mark=conn-down-client 
         passthrough=yes protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=!conn-proxy-hit 
    
    11   chain=output action=mark-packet new-packet-mark=pack-down-client 
         passthrough=no protocol=tcp src-address-list=nat-addr 
         out-interface=eth1-LAN connection-mark=conn-down-client
    dari mangle di atas dapat di simpulkan sebagai berikut :


    demikian hasil dari 1 minggu saya oprek mikrotik untuk mendapatkan mangle yang sesuai dengan harapan, semoga rule di atas dapat membantu / memberikan pencerahan bagi rekan-rekan semuanya.

    update : queue tree
    Code:
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000 name="'Downstream" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=256000 name="'Upstream" packet-mark="" parent=global-in \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Upstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=Global-Downstream packet-mark="" parent=PPPoE-Speedy \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=1000000000 name="''Proxy" packet-mark="" parent=global-out \
        priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
        max-limit=0 name=A-SPACE packet-mark="" parent=global-in priority=8 \
        queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
        100000000 max-limit=1000000000 name="3.Proxy Hit" packet-mark=\
        pack-proxy-hit parent="''Proxy" priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=5.Down-Direct packet-mark=pack-down-direct parent=\
        "'Downstream" priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=1.Up-Global packet-mark=pack-up-global parent=\
        Global-Upstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
        max-limit=0 name=2.Down-Global packet-mark=pack-down-global parent=\
        Global-Downstream priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
        max-limit=1000000 name=6.Down-Client packet-mark=pack-down-client parent=\
        "'Downstream" priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64000 \
        max-limit=256000 name=4.Up-Client packet-mark=pack-up-client parent=\
        "'Upstream" priority=8 queue=default
    rule queue di atas dapat di sesuaikan dengan kebutuhan yg penting jgn langsung copy paste, di cek dulu satu-satu Click here to enlarge
    kalau berguna click thanks Click here to enlarge

    update di :
    mantep Juragan..talarengkyu

  16. The Following 2 Users Say Thank You to dansyah1 For This Useful Post:


  17. #24
    Status
    Offline
    hafidz_bie's Avatar
    Baru Gabung
    Join Date
    Aug 2010
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak dulu, baru mau mulai belajar nih..hehe

  18. The Following User Says Thank You to hafidz_bie For This Useful Post:


  19. #25
    Status
    Offline
    pigtail's Avatar
    Baru Gabung
    Join Date
    Jul 2011
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by hafidz_bie Click here to enlarge
    ijin nyimak dulu, baru mau mulai belajar nih..hehe
    gan cara ngecache video youtube gmna?

  20. The Following 2 Users Say Thank You to pigtail For This Useful Post:


  21. #26
    Status
    Offline
    arief_eming's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    terima kasih atas pencerahan nyaClick here to enlarge

    ---------- Post added at 17:15 ---------- Previous post was at 17:12 ----------

    itu bagus pakai satu hardisk atau dua hardisk?maaf pemula tanya terusClick here to enlarge

  22. The Following 2 Users Say Thank You to arief_eming For This Useful Post:


  23. #27
    Status
    Offline
    bagus_15's Avatar
    Baru Gabung
    Join Date
    May 2010
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kyknya perlu dicoba dl nie triknya

  24. The Following 2 Users Say Thank You to bagus_15 For This Useful Post:


  25. #28
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pigtail Click here to enlarge
    gan cara ngecache video youtube gmna?
    youtube gak bisa gan, pake internal proxy, musti pake squid

    [/COLOR]itu bagus pakai satu hardisk atau dua hardisk?maaf pemula tanya terusClick here to enlarge[/QUOTE]

    bagusnya sih 2 harddisk, 1 buat OS, 1 nya buat cache


    Click here to enlarge Originally Posted by bagus_15 Click here to enlarge
    Kyknya perlu dicoba dl nie triknya
    silakan gan

  26. The Following 2 Users Say Thank You to adh1et For This Useful Post:


  27. #29
    sicang
    sicang's Avatar
    pke mangle ini di RB masih maknyus gk ya??

  28. The Following 2 Users Say Thank You to sicang For This Useful Post:


  29. #30
    Status
    Offline
    tyang_dusun's Avatar
    Member Super Senior
    Join Date
    Jun 2008
    Location
    Klaten, Jawa Tengah, Indonesia, Indonesia
    Posts
    521
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    ijin bookmark dul dh ....

  30. The Following 2 Users Say Thank You to tyang_dusun For This Useful Post:


 

 
Page 2 of 5 FirstFirst 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 22
    Last Post: 07-07-2013, 10:47
  2. [SHARE]mangle + queue
    By chibi in forum Beginner Basics
    Replies: 5
    Last Post: 11-01-2012, 09:18
  3. Dstnat untuk proxy external ke mikrotik dengan proxy internal
    By awarmanf in forum General Networking
    Replies: 3
    Last Post: 21-02-2010, 21:17

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •