Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    chibi's Avatar
    Newbie
    Join Date
    Dec 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0

    Proxy Terlimit download

    IP Nat
    Code:
     0   ;;; Added by webbox
         chain=srcnat action=masquerade out-interface=ether1 
    
     1   ;;; REDIRECT-SQUID
         chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=3128 
         protocol=tcp src-address=192.168.0.0/24 dst-address=!192.168.3.2 
         dst-port=80,8080,3128 
    
     2   chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 
    
     3   chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53
    IP > Mangle

    Code:
    0   ;;; ZIP MARK PACKET 
         chain=postrouting action=mark-packet new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP 
    
     1   ;;; EXE MARK PACKET 
         chain=postrouting action=mark-packet new-packet-mark=EXE passthrough=no layer7-protocol=EXE 
    
     2   ;;; SQUID PROXY HIT
         chain=forward action=mark-packet new-packet-mark=PROXY HIT passthrough=no dscp=12 
    
     3   ;;; SQUID PAKET
         chain=forward action=mark-packet new-packet-mark=SQUID PAKET passthrough=no connection-mark=SQUID KONEKSI 
    
     4   ;;; BROWSING SQUID
         chain=prerouting action=mark-connection new-connection-mark=SQUID KONEKSI passthrough=yes protocol=tcp src-address-list=IP Proxy dst-address-list=!IP User 
         dst-port=80,443 
    
     5   ;;; SQUID PROXY HIT
         chain=postrouting action=mark-packet new-packet-mark=Proxy passthrough=no dscp=12
    Quete

    Code:
    10   name="EXE" parent=LIMIT FILE EXTENTION packet-mark=EXE limit-at=0 
         queue=default priority=4 max-limit=0 burst-limit=0 burst-threshold=0 
         burst-time=0s 
    
    25   name="ZIP" parent=LIMIT FILE EXTENTION packet-mark=ZIP limit-at=0 
         queue=default priority=4 max-limit=0 burst-limit=0 burst-threshold=0 
         burst-time=0s


    permasalahan : limit download merusak untuk update patch pb dan ls yg ber'estensi zip dan exe

    pencerahan : adakah cara agar zip dan exe tetap di limit untuk publik saja dan download zip/exe dari proxy bebas dari limit Click here to enlarge

  2. #2
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mungkin bisa gunakan not dst-address-list, atau not src-address-list,
    itu loh, yang pake tanda pentung [!]

    yang di bawah mungkin bisa kasih yang lebih cerah lagi....

  3. #3
    Status
    Offline
    chibi's Avatar
    Newbie
    Join Date
    Dec 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    sudah ane coba gan di ip > firewall > mangle > pke itu ga mau hasil nihil

  4. #4
    Status
    Offline
    Inidian's Avatar
    Baru Gabung
    Join Date
    Jun 2008
    Posts
    19
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kenapa ga pake delay pool nya squid aja?

  5. #5
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by chibi Click here to enlarge
    IP Nat
    [CODE] 0 ;;; Added by webbox
    chain=srcnat action=masquerade out-interface=ether1 ... bla..bla..bla..
    ok..

    IP > Mangle

    0 ;;; ZIP MARK PACKET
    chain=postrouting action=mark-packet new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP
    tolong didefenisikan in-interfacenya.. dan jika ingin melimit dari inet, gunakan prerouting atau forward (inet => proxy gak melalui NAT lagi, yang melalui NAT hanya client => inet)
    contoh :
    Code:
         chain=prerouting in-interface=ether1 action=mark-packet new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP
    kalo memang pengen pake postrouting (mungkin fanatik?? Click here to enlarge Click here to enlargeeace: )
    pake rule ini
    Code:
    0   ;;; ZIP MARK PACKET 
         chain=postrouting action=mark-packet dst-address=192.168.3.2 new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP
    1 ;;; EXE MARK PACKET
    chain=postrouting action=mark-packet new-packet-mark=EXE passthrough=no layer7-protocol=EXE
    idem

    2 ;;; SQUID PROXY HIT
    chain=forward action=mark-packet new-packet-mark=PROXY HIT passthrough=no dscp=12
    saya kira ini sudah cukup!! mark packet sekali, trus dibuatkan queue selesai

    nah yang g ngerti tuh yang dibawah ini
    3 ;;; SQUID PAKET
    chain=forward action=mark-packet new-packet-mark=SQUID PAKET passthrough=no connection-mark=SQUID KONEKSI

    4 ;;; BROWSING SQUID
    chain=prerouting action=mark-connection new-connection-mark=SQUID KONEKSI passthrough=yes protocol=tcp src-address-list=IP Proxy dst-address-list=!IP User
    dst-port=80,443
    copas dari mana sih bro?? mark packet duluan trus mark koneksi??

    5 ;;; SQUID PROXY HIT
    chain=postrouting action=mark-packet new-packet-mark=Proxy passthrough=no dscp=12
    double marking?? mangle nomor 2 sudah melakukan hal serupa..

    permasalahan : limit download merusak untuk update patch pb dan ls yg ber'estensi zip dan exe

    pencerahan : adakah cara agar zip dan exe tetap di limit untuk publik saja dan download zip/exe dari proxy bebas dari limit Click here to enlarge
    cara anda hampir benar..
    selamat!!
    Last edited by Anto.PJ; 03-05-2012 at 21:43.

  6. #6
    Status
    Offline
    rijanarko's Avatar
    Member
    Join Date
    Feb 2011
    Posts
    149
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    permasalahan : limit download merusak untuk update patch pb dan ls yg ber'estensi zip dan exe

    pencerahan : adakah cara agar zip dan exe tetap di limit untuk publik saja dan download zip/exe dari proxy bebas dari limit Click here to enlarge[/QUOTE]

    coba ditambahin ini mas
    69 chain=forward action=mark-connection new-connection-mark=proxy
    passthrough=yes in-interface=4-proxy out-interface=5-local

    70 chain=forward action=mark-packet new-packet-mark=proxy-hit-packet
    passthrough=yes connection-mark=proxy

    pengalaman pribadi sih

  7. #7
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rijanarko Click here to enlarge
    69 chain=forward action=mark-connection new-connection-mark=proxy
    passthrough=yes in-interface=4-proxy out-interface=5-local

    70 chain=forward action=mark-packet new-packet-mark=proxy-hit-packet
    passthrough=yes connection-mark=proxy
    mm.. mau tanya.. HIT-packet itu apaan sih??

  8. #8
    Status
    Offline
    chibi's Avatar
    Newbie
    Join Date
    Dec 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    ok..


    tolong didefenisikan in-interfacenya.. dan jika ingin melimit dari inet, gunakan prerouting atau forward (inet => proxy gak melalui NAT lagi, yang melalui NAT hanya client => inet)
    contoh :
    Code:
         chain=prerouting in-interface=ether1 action=mark-packet new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP
    kalo memang pengen pake postrouting (mungkin fanatik?? Click here to enlarge Click here to enlargeeace: )
    pake rule ini
    Code:
    0   ;;; ZIP MARK PACKET 
         chain=postrouting action=mark-packet dst-address=192.168.3.2 new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP
    idem


    saya kira ini sudah cukup!! mark packet sekali, trus dibuatkan queue selesai

    nah yang g ngerti tuh yang dibawah ini

    copas dari mana sih bro?? mark packet duluan trus mark koneksi??


    double marking?? mangle nomor 2 sudah melakukan hal serupa..


    cara anda hampir benar..
    selamat!!
    Wah, maknyos gan, makasih ya atas pencerahannya Click here to enlarge

  9. #9
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    790
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by chibi Click here to enlarge

    permasalahan : limit download merusak untuk update patch pb dan ls yg ber'estensi zip dan exe

    pencerahan : adakah cara agar zip dan exe tetap di limit untuk publik saja dan download zip/exe dari proxy bebas dari limit Click here to enlarge
    buat PB dan LS doang khan?
    kalo menurut ane tinggal nambahin az dst adsres nya sama IP gemscool, kasih tanda negasi,
    jadi buat rule zip dan exe packet nya, mungkin arti nya bengini:
    file zip dan exe selain tujuan IP gemscool saja yg akan di tangkap sama rule tersebut,
    cmiw...Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] Client Hotspot tdk terlimit..Torch kelihatan aneh??
    By Blauwz in forum Wireless Networking
    Replies: 7
    Last Post: 08-12-2011, 20:29
  2. RT/RW net with Proxy server, download di RapidShared
    By mgunawan in forum Beginner Basics
    Replies: 3
    Last Post: 23-09-2010, 18:47

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •