Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 11 of 11
  1. #1
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Unhappy web proxy internal + Limit Bandwidth dengan extension

    mau tanya nih..

    gw pake web proxy internal mikrotik dan mau gabungin dengan tutorial yang ini



    cuma masalahnya bingung di nat nya nih...

    kan gw pake proxy internal, jadi gw redirect tuh ke port 3128

    nah klo gw redirect, gak jalan tuh tutorial yang diatas...


    tapi klo gw matiin redirect nya alias gak pake proxy, lancar tutorial yang diatas..


    mohon bantuan nya buat gabungin kedua nya nih.. dah gw coba utak atik segala macam tapi gak jadi jg... Click here to enlarge

  2. #2
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    waduh pada ga bs semua ya?

    mungkin atau gak mungkin ini metode nya?

  3. #3
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    paste config yang telah anda buat di router anda, disini....selanjutnya jika sudah anda paste disini, baru kita "plototin" rame2.....Click here to enlarge

  4. #4
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    paste config yang telah anda buat di router anda, disini....selanjutnya jika sudah anda paste disini, baru kita "plototin" rame2.....Click here to enlarge
    tul... kopas disindang nek.. ntu dah jadi tradisi.. klo cuap2 doang gak paham.. Click here to enlarge

  5. #5
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    0 chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=80
    action=redirect to-ports=3128

    1 chain=srcnat out-interface=speedy1 action=masquerade
    setting nat nya cuman gitu doang bro.. rule nomer 0 klo enable
    tutorial limit bandwidth dengan extension nya gak jalan bro.. tapi klo di disable rule itu, limit bandwidth nya jalan..

    nah klo rule 0 nya gak jalan kan berarti proxy internal gak kepake.. jadi lemot deh..

    nah buat gabungin nya gimana tuh?
    gak ngerti gw di bagian firewall nya nangkap address download darimana..

    dah gw coba firewall chain nya gw ganti2.. (sambil proxy internal nyala) klo gw ganti jadi input

    /ip firewall filter add chain=input \
    src-address=192.168.1.0/24 protocol=tcp content=.exe \
    action=add-dst-to-address-list address-list=cekek \
    address-list-timeout=01:00:00

    ketangkap address nya.. tapi address komputer gw yang ketangkap.. bukan address tempat downloadnya..

    bingung deh bro.. gw cuman otodidak aja bro blajar dari tutorial2, dari buku2 jadi krg ngerti sampe detail.. paling parah di buku, ternyata isi nya cuman dasar2 doang..

    mudah2 an ada yang punya solusi nya disini... makasih juragan..
    sori juragan masih nubi nih banyak nanya..

  6. #6
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    topologi jaringan sama pengalamatan ip ditempat juragan gimana?? dari penjelasan diatas kog kayak campur aduk antara 192.168.0.0/24 dengan 192.168.1.0/24

    dan kayaknya juragan "pelit" amat sama copas config mikrotiknya, ngasihnya seucrit-seucrit....tenang aja gan walau juragan copas yang complit...belum tentu cucok buat orang lain kog..

    sorry gan .......Click here to enlarge

  7. #7
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    topologi jaringan sama pengalamatan ip ditempat juragan gimana?? dari penjelasan diatas kog kayak campur aduk antara 192.168.0.0/24 dengan 192.168.1.0/24

    dan kayaknya juragan "pelit" amat sama copas config mikrotiknya, ngasihnya seucrit-seucrit....tenang aja gan walau juragan copas yang complit...belum tentu cucok buat orang lain kog..

    sorry gan .......Click here to enlarge
    oh itu yang diatas ip nya lupa diganti, mestinya 192.168.0.0/24

    mesti semua ya gan.. bentar ya.. banyak soalnya..

    ip firewall filter
    0 ;;; allow established connections
    chain=forward connection-state=established action=accept

    1 ;;; allow related connections
    chain=forward connection-state=related action=accept

    2 ;;; Drop Messenger Worm
    chain=virus protocol=udp dst-port=135-139 action=drop

    3 ;;; drop invalid connections
    chain=forward connection-state=invalid action=drop

    4 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=135-139 action=drop

    5 ;;; Worm
    chain=virus protocol=tcp dst-port=1433-1434 action=drop

    6 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=445 action=drop

    7 ;;; Drop Blaster Worm
    chain=virus protocol=udp dst-port=445 action=drop

    8 ;;; ________
    chain=virus protocol=tcp dst-port=593 action=drop

    9 ;;; ________
    chain=virus protocol=tcp dst-port=1024-1030 action=drop

    10 ;;; Drop MyDoom
    chain=virus protocol=tcp dst-port=1080 action=drop

    11 ;;; ________
    chain=virus protocol=tcp dst-port=1214 action=drop

    12 ;;; ndm requester
    chain=virus protocol=tcp dst-port=1363 action=drop

    13 ;;; ndm server
    chain=virus protocol=tcp dst-port=1364 action=drop

    14 ;;; screen cast
    chain=virus protocol=tcp dst-port=1368 action=drop

    15 ;;; hromgrafx
    chain=virus protocol=tcp dst-port=1373 action=drop

    16 ;;; cichlid
    chain=virus protocol=tcp dst-port=1377 action=drop

    17 ;;; Bagle Virus
    chain=virus protocol=tcp dst-port=2745 action=drop

    18 ;;; Drop Dumaru.Y
    chain=virus protocol=tcp dst-port=2283 action=drop

    19 ;;; Drop Beagle
    chain=virus protocol=tcp dst-port=2535 action=drop

    20 ;;; Drop Beagle.C-K
    chain=virus protocol=tcp dst-port=2745 action=drop

    21 ;;; Drop MyDoom
    chain=virus protocol=tcp dst-port=3127 action=drop

    22 ;;; Drop Backdoor OptixPro
    chain=virus protocol=tcp dst-port=3410 action=drop

    23 ;;; Worm
    chain=virus protocol=tcp dst-port=4444 action=drop

    24 ;;; Worm
    chain=virus protocol=udp dst-port=4444 action=drop

    25 ;;; Drop Sasser
    chain=virus protocol=tcp dst-port=5554 action=drop

    26 ;;; Drop Beagle.B
    chain=virus protocol=tcp dst-port=8866 action=drop

    27 ;;; Drop Dabber.A-B
    chain=virus protocol=tcp dst-port=9898 action=drop

    28 ;;; Drop Dumaru.Y, sebaiknya di didisable karena juga sering digunakan ut>
    pn atau webmin
    chain=virus protocol=tcp dst-port=10000 action=drop

    29 ;;; Drop MyDoom.B
    chain=virus protocol=tcp dst-port=10080 action=drop

    30 ;;; Drop NetBus
    chain=virus protocol=tcp dst-port=12345 action=drop

    31 ;;; Drop Kuang2
    chain=virus protocol=tcp dst-port=17300 action=drop

    32 ;;; Drop SubSeven
    chain=virus protocol=tcp dst-port=27374 action=drop

    33 ;;; Drop PhatBot, Agobot, Gaobot
    chain=virus protocol=tcp dst-port=65506 action=drop

    34 ;;; jump to the virus chain
    chain=forward action=jump jump-target=virus

    35 ;;; Accept established connections
    chain=input connection-state=established action=accept

    36 ;;; Accept related connections
    chain=input connection-state=related action=accept

    37 ;;; Drop invalid connections
    chain=input connection-state=invalid action=drop

    38 ;;; UDP
    chain=input protocol=udp action=accept

    39 ;;; Allow limited pings
    chain=input protocol=icmp limit=50/5s,2 action=accept

    40 ;;; Drop excess pings
    chain=input protocol=icmp action=drop

    41 ;;; FTP
    chain=input protocol=tcp dst-port=21 src-address-list=ournetwork
    action=accept

    42 ;;; SSH for secure shell
    chain=input protocol=tcp dst-port=22 src-address-list=ournetwork
    action=accept

    43 ;;; Telnet
    chain=input protocol=tcp dst-port=23 src-address-list=ournetwork
    action=accept

    44 ;;; Web
    chain=input protocol=tcp dst-port=80 src-address-list=ournetwork
    action=accept

    45 ;;; winbox
    chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork
    action=accept

    46 ;;; pptp-server
    chain=input protocol=tcp dst-port=1723 action=accept

    47 ;;; From Speedy
    chain=input src-address-list=ournetwork action=accept

    48 ;;; Log everything else
    chain=input action=log log-prefix="DROP INPUT"

    49 ;;; Drop everything else
    chain=input action=drop


    43 ;;; Telnet
    chain=input protocol=tcp dst-port=23 src-address-list=ournetwork
    action=accept

    44 ;;; Web
    chain=input protocol=tcp dst-port=80 src-address-list=ournetwork
    action=accept

    45 ;;; winbox
    chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork
    action=accept

    46 ;;; pptp-server
    chain=input protocol=tcp dst-port=1723 action=accept

    47 ;;; From Speedy
    chain=input src-address-list=ournetwork action=accept

    48 ;;; Log everything else
    chain=input action=log log-prefix="DROP INPUT"

    49 ;;; Drop everything else
    chain=input action=drop
    ip firewall nat

    0 ;;; buat torrent
    chain=dstnat dst-address=ip speedy protocol=tcp dst-port=28938 action=dst-nat
    to-addresses=192.168.0.253 to-ports=28938

    1 ;;; redirect ke proxy internal
    chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

    2 chain=srcnat out-interface=speedy1 action=masquerade
    ip firewall mangle

    0 ;;; bikin cepat ping dan dns
    chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes

    1 chain=prerouting protocol=icmp connection-mark=icmp-con action=mark-packet new-packet-mark=icmp-pkt
    passthrough=no

    2 chain=prerouting packet-mark=icmp-pkt action=change-tos new-tos=min-delay

    3 chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=53 action=mark-connection
    new-connection-mark=dns-con passthrough=yes

    4 chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=53 action=mark-connection
    new-connection-mark=dns-con passthrough=yes

    5 chain=prerouting connection-mark=dns-con action=mark-packet new-packet-mark=dns-pkt passthrough=yes

    6 chain=prerouting packet-mark=dns-pkt action=change-tos new-tos=min-delay

    7 chain=output content=X-Cache: HIT action=mark-connection new-connection-mark=proxy-con passthrough=yes

    8 chain=output connection-mark=proxy-con action=mark-packet new-packet-mark=proxy-pkt passthrough=no

    9 ;;; buat limit dengan internal proxy
    chain=prerouting in-interface=lokal src-address=192.168.0.0/24 action=mark-packet new-packet-mark=test-up
    passthrough=no

    10 chain=forward src-address=192.168.0.0/24 action=mark-connection new-connection-mark=test-conn passthrough=no

    11 chain=forward in-interface=speedy1 connection-mark=test-conn action=mark-packet new-packet-mark=test-down
    passthrough=no

    12 chain=output out-interface=lokal dst-address=192.168.0.0/24 action=mark-packet new-packet-mark=test-down
    passthrough=no
    ip web-proxy

    enabled: yes
    src-address: 0.0.0.0
    port: 3128
    hostname: "proxy"
    transparent-proxy: yes
    parent-proxy: 0.0.0.0:0
    cache-administrator: "x-com"
    max-object-size: 1024KiB
    cache-drive: system
    max-cache-size: unlimited
    max-ram-cache-size: unlimited
    status: running
    reserved-for-cache: 56876032KiB
    reserved-for-ram-cache: 2048KiB
    queue simple

    0 name="proxy-HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=proxy-pkt priority=1
    queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default

    1 name="Ping-queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp-pkt priority=1
    queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default
    queue tree

    0 name="pcq-down" parent=lokal packet-mark=test-down limit-at=0 queue=PCQ_download priority=2 max-limit=0
    burst-limit=0 burst-threshold=0 burst-time=0s

    1 name="pcq-up" parent=global-total packet-mark=test-up limit-at=0 queue=PCQ_upload priority=2 max-limit=0
    burst-limit=0 burst-threshold=0 burst-time=0s
    topologi network gw

    modem speedy bridge -> mikrotik -> client

    ada lagi yang mesti di copas ke sini bro?
    mohon bantuan nya bro2 yang dah jago mikrotik disini.. terima kasih bro2..
    Last edited by scarface_qwerty; 23-06-2009 at 12:32.

  8. The Following 2 Users Say Thank You to scarface_qwerty For This Useful Post:


  9. #8
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    coba untuk traping dst-address ini:
    /ip firewall filter add chain=forward \
    src-address=192.168.1.0/24 protocol=tcp content=.exe \
    action=add-dst-to-address-list address-list=cekek \
    address-list-timeout=01:00:00
    ditambahin in-interface=lokal
    untuk chainnya tetap chain=forward

  10. #9
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    coba untuk traping dst-address ini:

    ditambahin in-interface=lokal
    untuk chainnya tetap chain=forward
    btw ip gw 192.168.0.0/24 bro yang diatas salah post..

    dah gw coba bro caranya.. tetap aja gak bisa bro..

    tapi kalau misal gw download link nya gini

    ftp://majorgeeks.mirror.internode.on...lmcodec490.exe

    masuk address nya ke list nya bro..

    tapi klo download http tetap aja gak mo masuk..
    Last edited by scarface_qwerty; 23-06-2009 at 22:34. Reason: kacau2... aaaaa...

  11. #10
    Status
    Offline
    scarface_qwerty's Avatar
    Member
    Join Date
    Sep 2007
    Location
    ambon, maluku
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    akhirnya ketemu jg caranya..

    ada yang mesti dirubah, buat trapping dst address nya pake

    ip firewall filter

    chain=output out-interface=speedy1 protocol=tcp dst-port=80 content=.exe
    action=add-dst-to-address-list address-list=cekek
    address-list-timeout=1h
    trus di mangle nya jadi gini

    chain=prerouting in-interface=speedy1 src-address-list=cekek
    action=mark-packet new-packet-mark=cekek-bw passthrough=no
    selebih nya sama aja dengan ditutorial..

    terima kasih bantuan nya teman2 disini.. Click here to enlarge

  12. The Following 2 Users Say Thank You to scarface_qwerty For This Useful Post:


  13. #11
    Status
    Offline
    sawoenk's Avatar
    Baru Gabung
    Join Date
    Oct 2007
    Posts
    14
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    proxy internal

    saya pernah nyoba setting limit per file extention...tapi ga jalan apa mungkin gara2 blom saya terapkan yg diatas yah? trus pernah ad yg bilang web-proxy di mikrotik 2.9.27 bisa kebobol yah ? maksudnya bisa dimasukin org ato gmn yah saya krg paham, trus untuk yg versi 3.x masih rentan jg ga yah ?

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Limit Bandwidth dengan extension mengatasi Download Manager
    By ellabram in forum QOS & Traffic Shaping
    Replies: 69
    Last Post: 22-08-2012, 21:46
  2. auto change proxy base on extension file
    By Devilion in forum General Networking
    Replies: 3
    Last Post: 10-07-2011, 01:12
  3. (ASK)Limit bandwidth dengan Mac Address
    By rlim in forum General Networking
    Replies: 21
    Last Post: 14-04-2010, 15:33
  4. Replies: 5
    Last Post: 08-01-2010, 22:40
  5. {Help}Masalah Web Proxy Internal MT
    By s4kk1r in forum General Networking
    Replies: 13
    Last Post: 16-10-2008, 11:11

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •