Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Bandwidth control + zph patched squid

    Maksud subyek di atas adalah aplikasi bandwidth control mikrotik untuk meng-bypass trafik object internet yg cache hit dari proxy eksternal squid yang telah dipatch dengan zph . Bacaan dari forum sebelah

    Manualnya lengkap termasuk cara patching squid dan penerapannya di squid.conf.

    Saran, setelah dicoba sebaiknya coba2 mainan chain packet-mark, contoh di atas menggunakan chain postrouting. Punya saya begini:

    Code:
    /ip firewall mangle print
    ...
     5   ;;; Proxy Cache Hits Mark
         chain=input action=mark-packet new-packet-mark=proxy-hit passthrough=no src-address=172.17.1.2 src-port=3128 
         protocol=tcp tos=48
    ...
    Di mana ip 172.17.1.2 adalah ip proxy squid. Saya berpikir, karena lalu lintas network dari client / user ke proxy tidak di-nat maka kalau pakai chain postrouting - spt contoh di forum di atas - tdk jalan.

  2. #2
    Status
    Offline
    suhaq's Avatar
    Baru Gabung
    Join Date
    Dec 2007
    Posts
    17
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    cara menggunakannya disimple queue gmana ya, soalnya saya dah jalankan di simple queue bisa, cuma kok masih kelimit juga diclientnya ?Click here to enlarge

  3. #3
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by awarmanf Click here to enlarge
    Maksud subyek di atas adalah aplikasi bandwidth control mikrotik untuk meng-bypass trafik object internet yg cache hit dari proxy eksternal squid yang telah dipatch dengan zph . Bacaan dari forum sebelah

    Manualnya lengkap termasuk cara patching squid dan penerapannya di squid.conf.

    Saran, setelah dicoba sebaiknya coba2 mainan chain packet-mark, contoh di atas menggunakan chain postrouting. Punya saya begini:

    Code:
    /ip firewall mangle print
    ...
     5   ;;; Proxy Cache Hits Mark
         chain=input action=mark-packet new-packet-mark=proxy-hit passthrough=no src-address=172.17.1.2 src-port=3128 
         protocol=tcp tos=48
    ...
    Di mana ip 172.17.1.2 adalah ip proxy squid. Saya berpikir, karena lalu lintas network dari client / user ke proxy tidak di-nat maka kalau pakai chain postrouting - spt contoh di forum di atas - tdk jalan.
    kalau pake webproxy internal mikrotik bisa gag di terapin Click here to enlarge

  4. #4
    Status
    Offline
    maman's Avatar
    Calon Member
    Join Date
    Nov 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sy coba Squid 2.7stable3 + Dansguardian bawaan Ubuntu Server 64Bit Interpid + Mikrotik 3.23
    Topologi nya sbb:

    Code:
                INTERNET
                    |
                    |        Squid port 3128 + 
                    |------Dansguardian port 8080
                    |         10.10.10.10/30 
                    |
                 L  A  N
              172.16.1.5/24
    di squid.conf
    Code:
    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136
    Code:
    convert TOS ke DSCP.
    caranya gampang ubah dulu ke binary, lalu buang 2 bit di belakang.
    contoh gini:
    tos 0×30 = 110000
    lalu kita buang 2 bit dibelakang, semula 110000 menjadi 1100 = 12
    jadi, tos 0×30 = dscp 12 (dec)
    
    contoh lain:
    tos 0×20 = 100000 , setelah dibuang jadi 1000 = 8
    jadi, tos 0×20 = dscp 8 (dec)
    di Mangle Mikrotik nya saat Squid kirim TCP_MEM_HIT kok kan ke counter?
    Aneh? salah dimana nya ya?
    apa gara2 dansguardian nya ya?
    Code:
    /ip firewall mangle
    add action=mark-packet chain=forward comment=Proxy-HIT \
    dscp=12 new-packet-mark=Proxy-HIT passthrough=no disabled=no
    Pusing2

    | m | a | m | a | n |
    Last edited by maman; 06-05-2009 at 01:31.

  5. #5
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @atas

    bro,
    pake dansguardian+squid model diatas,

    Si Squid ngenalin client nya gak ( terdeteksi di access.log gak ?)
    Apakah client lan terdeteksi sebagai 127.0.0.1 (loopback) ?

    trus
    option tcp_outgoing_tos dipake gak ?


    saya pake metode mirip2 diatas, mengcounter dengan baik koq.

  6. #6
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    ------delete-----

    nih untuk yang pake internal proxy mikrotik..
    Last edited by sum14rdi; 06-05-2009 at 10:04. Reason: kasih link yang bener...biar gak ada kebingungan...

  7. #7
    Status
    Offline
    maman's Avatar
    Calon Member
    Join Date
    Nov 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kdebugx86 Click here to enlarge
    @atas
    bro,
    pake dansguardian+squid model diatas,
    Si Squid ngenalin client nya gak ( terdeteksi di access.log gak ?)
    Apakah client lan terdeteksi sebagai 127.0.0.1 (loopback) ?
    trus
    option tcp_outgoing_tos dipake gak ?
    saya pake metode mirip2 diatas, mengcounter dengan baik koq.
    wah bener client lan nya terdeteksi sebagai 127.0.0.1 (loopback)
    Jadi musti di apain ya? si Squid nya?
    Ini Log nya Squid
    Code:
    /var/log/dansguardian/access.log
    1241531224.440     22 127.0.0.1 TCP_HIT/200 673 GET http://www.sctv.co.id/tpls/website/img/previews/prv_video.gif - NONE/- image/gif
    1241531224.442      0 127.0.0.1 TCP_HIT/200 715 GET http://www.sctv.co.id/tpls/website/img/previews/prv_slide.gif - NONE/- image/gif
    1241531224.442      0 127.0.0.1 TCP_HIT/200 700 GET http://www.sctv.co.id/tpls/website/img/previews/prv_print.gif - NONE/- image/gif
    1241531224.611      0 127.0.0.1 TCP_HIT/200 963 GET http://www.sctv.co.id/tpls/website/img/previews/prv_email.gif - NONE/- image/gif
    1241531224.622      0 127.0.0.1 TCP_HIT/200 535 GET http://www.sctv.co.id/tpls/website/img/previews/prv_blank.gif - NONE/- image/gif
    1241531224.623      0 127.0.0.1 TCP_HIT/200 721 GET http://www.sctv.co.id/tpls/website/img/previews/prv_more.gif - NONE/- image/gif
    Ini Log nya Dansguardian
    Code:
    /var/log/dansguardian/access.log
    2009.5.6 16:51:32 - 10.10.10.9 http://ads3.kompas.com/www/delivery/afr.php?n=a36ee60d&zoneid=207&cb=INSERT_RANDOM_NUMBER_HERE  GET 1466 -20  1 200 text/html   -
    2009.5.6 16:51:32 - 10.10.10.9 http://ads3.kompas.com/www/delivery/afr.php?n=ac2e9e10&zoneid=216&cb=INSERT_RANDOM_NUMBER_HERE  GET 1363 -20  1 200 text/html   -
    2009.5.6 16:51:33 - 10.10.10.9 http://www.google-analytics.com/__utm.gif?utmwv=4.3&utmn=1129660854&utmhn=www.kompas.com&utmcs=UTF-8&utmsr=1024x768&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=KOMPAS.Com&utmhid=2029663658&utmr=-&utmp=/&utmac=UA-3374285-1&utmcc=__utma%3D194028855.1663506963.1225078811.1241505531.1241603500.378%3B%2B__utmz%3D194028855.1240886603.361.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)%3B *DENIED* Banned Regular Expression URL: (sex|fuck|boob|cunt|fetish|****|anal|hooter|asses|shemale|submission|porn|xxx|busty|knockers|slut|nude|naked|pussy)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) GET 0 0 Banned Regular Expression URLs 1 403 -   -
    2009.5.6 16:51:33 - 10.10.10.9 http://www.google-analytics.com/__utm.gif?utmwv=4.3&utmn=217956206&utmhn=www.kompas.com&utmcs=UTF-8&utmsr=1024x768&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=KOMPAS.Com&utmhid=2029663658&utmr=-&utmp=/&utmac=UA-3374285-79&utmcc=__utma%3D194028855.1663506963.1225078811.1241505531.1241603500.378%3B%2B__utmz%3D194028855.1240886603.361.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)%3B *DENIED* Banned Regular Expression URL: (sex|fuck|boob|cunt|fetish|****|anal|hooter|asses|shemale|submission|porn|xxx|busty|knockers|slut|nude|naked|pussy)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) GET 0 0 Banned Regular Expression URLs 1 403 -   -
    2009.5.6 16:51:33 - 10.10.10.9 http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=844426&PluID=0&ord=[timestamp]&rtu=-1  GET 62 0  1 302 -   -
    trus setting "tcp_outgoing_tos" di squid sudah di pasang
    Code:
    acl normal_service_net src 10.10.10.0/255.255.255.0
    tcp_outgoing_tos 0x30 normal_service_net
    tapi tetep gak ke Mangle di mikrotik nya? ANEH?

    Thx

    | m | a | m | a | n |
    Last edited by maman; 06-05-2009 at 18:03.

  8. #8
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @mas maman

    Mangle nya jangan forward coba, ganti postrouting atau prerouting.
    terus dicoba2 antara dscp 12. Click here to enlarge ... mangle ini ditaruh di rule paling atas.
    saya juga rada2 bingung sama angka2 ini mana yang bener.

    /ip firewall mangle

    Code:
    4   ;;; ZPH method 1
         chain=postrouting action=mark-packet 
         new-packet-mark=proxy-hit passthrough=no dscp=12
    untuk membuktikannya sudah jalan zphnya ke situs movie deh,
    kayak 21cineplex.com kalo kalo sudah aktif dan benar pasti movienya ngeload gak pake lama. jangan ke youtube, ga bakal hit.ribet.

    trus melenceng dikit ke soal dans

    kalo mau di squid terdeteksi client nya ( di access log)
    di confignya ditambahkan

    Code:
    follow_x_forwarded_for allow localhost
    nanti kalo mas maman suatu saat ngetrace user dari access.log,
    entah lewat tail atau lewat sarg nanti clientnya keliatan, jadi bukan si loopback yang nongol.
    trus kalo nanti pake delay poolnya si squid, kalo gak pake option itu kebobolan deh nanti.

    oya, squidnya harus di compile ulang pake option

    Code:
    --enable-follow-x-forwarded-for
    di /etc/dansguardian/dansguardian.conf juga harus di nyalakan option forwarded nya...


    semoga squidnya lebih bagus lagi mas.

    salam.


    kDEBUGx86
    Last edited by kdebugx86; 19-05-2009 at 15:46. Reason: antara zph, proxy-hit, squid dan dansguardian.. ( kayak lagunya iwan pales)

  9. #9
    Status
    Offline
    rantanplan's Avatar
    Member
    Join Date
    Jun 2008
    Posts
    165
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    menarik juga untuk dicoba nih squid ZPH + mikrotik ini
    Di NAT untuk client mengarah proxynya seperti apa ya?

  10. #10
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rantanplan Click here to enlarge
    menarik juga untuk dicoba nih squid ZPH + mikrotik ini
    Di NAT untuk client mengarah proxynya seperti apa ya?
    Pakai squid versi 7 sdh support zph, jadi ndak perlu dipatch lagi.

    Ini konfigurasi proxy eksternal squid.conf:

    Code:
    ...
    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136
    Kemudian di mangle mikrotik yang teratas, buat seperti ini:

    Code:
    /ip firewall mangle
    ...
     6   ;;; Proxy Cache Hits Mark
         chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no protocol=tcp src-port=3128 dscp=12
    Mikrotik ROS 2.9.50 sdh saya upgrade ke 3.19 (licensed). Repot juga waktu mau upgrade harus cari PC nganggur dulu untuk bakup (saya pakai mikrotik cr*ck 3.22 u/ sementara hehehe). Setelah sukses masukin rule satu satu dari konfigurasi mt 2.9.50 ke 3.19 baru ganti mikrotiknya.

  11. #11
    Status
    Offline
    w1z4rd's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    54
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    @awarmanf :
    Code:
    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136
    Kemudian di mangle mikrotik yang teratas, buat seperti ini:
    Code:
    /ip firewall mangle
    ...
     6   ;;; Proxy Cache Hits Mark
         chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no protocol=tcp src-port=3128 dscp=12
    Sebelumnya udah coba nerapin, tapi gak pake src-port dan dscp=48, bytes dan packet pada mangle jarang banget lewat.

    Nah pake cara akang awarmanf diatas kayanya bytes dan packet pada mangle terlihat agresif, tiap saya coba browsing site-site yang udah dicache, bytes dan packet jalan terus.

    Apakah ini menandakan bahwa ZPH pada Squid dan Mikrotik udah klop alias sesuai harapan ???.

  12. #12
    Status
    Offline
    rantanplan's Avatar
    Member
    Join Date
    Jun 2008
    Posts
    165
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nah saya dah coba nih pake squid 2.7 stable 3 memang sudah support zph, dan di mikrotik di NAT nya saya buat untuk meredirect request port 80 ke portnya squid saya set seperti :

    chain=dstnat src-address=192.168.10.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.11.2 to-ports=3128

    dan memang di mangle sudah terlihat trafiknya dan di simple queue pun sudah terlihat trafiknya...

    nah yang jadi pertanyaan saya, di liat lewat cachemgr byte hit rationya ko kecil ya???? malah yang bikin bingung Byte Hit Ratios nya sampe minus gt dan ga pernah tanpa minus persentasenya....Click here to enlarge

    Cache information for squid:
    Request Hit Ratios: 5min: 4.7%, 60min: 2.5%
    Byte Hit Ratios: 5min: -37.4%, 60min: -35.0%
    Request Memory Hit Ratios: 5min: 0.0%, 60min: 4.5%
    Request Disk Hit Ratios: 5min: 22.2%, 60min: 62.1%
    Storage Swap size: 603092 KB
    Storage Mem size: 3268 KB
    Mean Object Size: 9.81 KB
    Requests given to unlinkd: 0

    apa mungkin ada yang salah di settingan squidnya? atau memang seperti itu? tolong di bantu ya yang dah pada ngerti tentang settingan squid dan sudah pernah mencoba squid zph dan mikrotikini, kenapa seperti itu????

    makasih ya sebelumnya

  13. #13
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    RALAT untuk mangle dscp

    Click here to enlarge Originally Posted by awarmanf Click here to enlarge
    Kemudian di mangle mikrotik yang teratas, buat seperti ini:

    Code:
    /ip firewall mangle
    ...
     6   ;;; Proxy Cache Hits Mark
         chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no protocol=tcp src-port=3128 dscp=12
    Ralat, setelah saya cek ternyata hasilnya tidak sesuai yg diharapkan. Rule ip firewall mangle saya edit menjadi:

    Code:
     6   ;;; Proxy Cache Hits Mark
         chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no protocol=tcp src-port=3128 dscp=12
    Bagaimana cara cek ? Simple, saya pakai wget dan download object statik, misalnya gambar, . Sebelum saya edit hasil output wget seperti ini:

    Code:
    $ wget http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
    --09:30:13--  http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
               => `1242561057_13.jpg'
    Resolving www.ellf.ru... 88.212.204.110
    Connecting to www.ellf.ru|88.212.204.110|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 80,211 (78K) [image/jpeg]
    
    100%[==========================================================================>] 80,211         4.50K/s    ETA 00:00
    
    09:30:56 (2.37 KB/s) - `1242561057_13.jpg' saved [80211/80211]
    
    yudi@ubuntu:~/Desktop$ wget http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
    --09:30:58--  http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
               => `1242561057_13.jpg.1'
    Resolving www.ellf.ru... 88.212.204.110
    Connecting to www.ellf.ru|88.212.204.110|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 80,211 (78K) [image/jpeg]
    
    100%[==========================================================================>] 80,211         2.60K/s    ETA 00:00
    
    09:31:38 (2.38 KB/s) - `1242561057_13.jpg.1' saved [80211/80211]
    Meski sudah download, tapi kok masih lambat downloadnya, speednya saja 2.38K/s.

    Setelah saya edit mangle nya, hasil output mangle:

    Code:
    $ wget http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
    --09:36:26--  http://www.ellf.ru/uploads/posts/2009-05/1242561057_13.jpg
               => `1242561057_13.jpg.3'
    Resolving www.ellf.ru... 88.212.204.110
    Connecting to www.ellf.ru|88.212.204.110|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 80,211 (78K) [image/jpeg]
    
    100%[==========================================================================>] 80,211        --.--K/s             
    
    09:36:26 (1.30 MB/s) - `1242561057_13.jpg.3' saved [80211/80211]
    Speed K/s sampai ndak muncul saking cepetnya 1.30MB/s ! Click here to enlarge

    Thanks kepada rekan w1z4rd yg telah mengingatkan, waktu pertama kali pakai mangle prerouting, saya asal liat statistik jalan sdh merasa puas.
    Last edited by awarmanf; 19-05-2009 at 11:03.

  14. The Following User Says Thank You to awarmanf For This Useful Post:


  15. #14
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yang bener kalo dscp 12, kalo decimal 48. kalo saya jalan di postrouting, que tree.

  16. #15
    Status
    Offline
    rantanplan's Avatar
    Member
    Join Date
    Jun 2008
    Posts
    165
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @ bro kdebugx86
    apakah mengalami hal seperti yang saya alami ga? Bit Hit Ratio nya ko (-) gt ya??, sampai sekarang masih kaya gt padahal sdah 3 hari running squidnya..

    thanks

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Bandwidth control
    By onn in forum General Networking
    Replies: 4
    Last Post: 30-05-2011, 13:21
  2. Replies: 40
    Last Post: 23-02-2010, 15:27
  3. setting squid box
    By blogggger in forum General Networking
    Replies: 17
    Last Post: 11-08-2009, 17:14
  4. [Ask] Bandwith control utk pop3 dan smtp
    By bernard_guiliano in forum General Networking
    Replies: 0
    Last Post: 18-04-2008, 11:28

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •