Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    (ask) HOTSPOT ga bisa lewat proxy squid

    Assalamu'alaikum... selamat siang para jagoan mikrotik semua..

    Saya ada sedikit kebingungan, barangkali pada jagoan ada yang bisa memberi solusi dan pencerahan pada saya.
    Begini ceritanya :

    mikrotik RB750 :
    eth1 = WAN
    eth2 = warnet
    eth3 = proxy squid
    eth4 = hotspot

    topologi :
    Internet==mikrotik==warnet
    | ==hotspot
    |
    Proxy squid

    Masalahnya yaitu Hotspot ga mau lewat proxy squid Click here to enlarge . Berikut Rule NAT nya :

    0 chain=srcnat action=masquerade

    1 ;;; TRANSPARENT-proxy waret
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=local dst-port=80,8080,3128

    2 ;;; TRANSPARENT-proxy hotspot
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=rtrwnet dst-port=80,8080,3128

    3 ;;; TRANSPARENT-DNS
    chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=local dst-port=53

    4 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=local dst-port=53

    5 ;;; TRANSPARENT-DNS
    chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=rtrwnet dst-port=53

    6 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=rtrwnet dst-port=53

    7 chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=proxy dst-port=53

    8 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=proxy dst-port=53

    9 Rule otomatis dari settingan Hotspot


    * Kalau rule hotspot tersebut di taruh di atas rule yang membelokan ke proxy squid, maka user hotspot berjalan normal baik itu browsing ataupun user login pada saat pertama kali browsing. Tapi si hotspot tersebut ga lewat proxy squid alias langsung ke WAN.
    * Kalau rule hotspot di taruh di bawah rule yang membelokan ke proxy squid maka hotspot error, boro2 browsing.. login page aja ga muncul...

    udah pernah di coba memasukan IP & Port proxy squid di hotspot server profile tapi hasilnya sama saja

    Minta tolong dong para suhu master FMI pencerahan dan solusinya, agar login hotspot jalan & juga bisa lewat proxy squid si hotspotnya... Click here to enlarge

    Terima kasih, matur nuwun, hatur nuhun buat pencerahannya...

  2. #2
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by cikruk21 Click here to enlarge
    Assalamu'alaikum... selamat siang para jagoan mikrotik semua..

    Saya ada sedikit kebingungan, barangkali pada jagoan ada yang bisa memberi solusi dan pencerahan pada saya.
    Begini ceritanya :

    mikrotik RB750 :
    eth1 = WAN
    eth2 = warnet
    eth3 = proxy squid
    eth4 = hotspot

    topologi :
    Internet==mikrotik==warnet
    | ==hotspot
    |
    Proxy squid

    Masalahnya yaitu Hotspot ga mau lewat proxy squid Click here to enlarge . Berikut Rule NAT nya :

    0 chain=srcnat action=masquerade

    1 ;;; TRANSPARENT-proxy waret
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=local dst-port=80,8080,3128

    2 ;;; TRANSPARENT-proxy hotspot
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=rtrwnet dst-port=80,8080,3128

    3 ;;; TRANSPARENT-DNS
    chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=local dst-port=53

    4 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=local dst-port=53

    5 ;;; TRANSPARENT-DNS
    chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=rtrwnet dst-port=53

    6 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=rtrwnet dst-port=53

    7 chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=proxy dst-port=53

    8 chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=proxy dst-port=53

    9 Rule otomatis dari settingan Hotspot


    * Kalau rule hotspot tersebut di taruh di atas rule yang membelokan ke proxy squid, maka user hotspot berjalan normal baik itu browsing ataupun user login pada saat pertama kali browsing. Tapi si hotspot tersebut ga lewat proxy squid alias langsung ke WAN.
    * Kalau rule hotspot di taruh di bawah rule yang membelokan ke proxy squid maka hotspot error, boro2 browsing.. login page aja ga muncul...

    udah pernah di coba memasukan IP & Port proxy squid di hotspot server profile tapi hasilnya sama saja

    Minta tolong dong para suhu master FMI pencerahan dan solusinya, agar login hotspot jalan & juga bisa lewat proxy squid si hotspotnya... Click here to enlarge

    Terima kasih, matur nuwun, hatur nuhun buat pencerahannya...

    saya pernah ngalamin yang kayak gitu, dan solusi buat saya adalah:
    1) mengaktifkan internal web proxy, kemudian, pada bagian parent proxy, isikan proxy external anda dan portnya... (dan ini yang saya gunakan sampe skarang....)
    Code:
    /ip proxy
    set always-from-cache=no cache-administrator=email@hotspotku.com \
        cache-hit-dscp=12 cache-on-disk=no enabled=yes max-cache-size=none \
        max-client-connections=1000 max-fresh-time=1d max-server-connections=1000 \
        parent-proxy=ip.pr.ox.y parent-proxy-port=port.proxy port=3128 \
        serialize-connections=no src-address=0.0.0.0

    2) atau buat firewall baru
    Code:
    chain=hs-auth action=dst-nat to-addresses=ip.pr.ox.y to-ports=port.proxy protocol=tcp in-interface=lan dst-port=80
    (nahh, yang ini belum saya coba)


    catetan: kalo bisa, coba dulu yang nomor 2 (biar jadi report juga buwat saya.., he he he he....)...
    ntar kalo ga bisa, coba deh yang nomer 1...


    begitulah kira-kira.... Click here to enlarge
    Last edited by zdienos; 18-10-2010 at 12:32.

  3. The Following User Says Thank You to zdienos For This Useful Post:


  4. #3
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zdienos Click here to enlarge
    saya pernah ngalamin yang kayak gitu, dan solusi buat saya adalah:
    1) mengaktifkan internal web proxy, kemudian, pada bagian parent proxy, isikan proxy external anda dan portnya... (dan ini yang saya gunakan sampe skarang....)
    Code:
    /ip proxy
    set always-from-cache=no cache-administrator=email@hotspotku.com \
        cache-hit-dscp=12 cache-on-disk=no enabled=yes max-cache-size=none \
        max-client-connections=1000 max-fresh-time=1d max-server-connections=1000 \
        parent-proxy=ip.pr.ox.y parent-proxy-port=port.proxy port=3128 \
        serialize-connections=no src-address=0.0.0.0

    2) atau buat firewall baru
    Code:
    chain=hs-auth action=dst-nat to-addresses=ip.pr.ox.y to-ports=port.proxy protocol=tcp in-interface=lan dst-port=80
    (nahh, yang ini belum saya coba)


    catetan: kalo bisa, coba dulu yang nomor 2 (biar jadi report juga buwat saya.., he he he he....)...
    ntar kalo ga bisa, coba deh yang nomer 1...


    begitulah kira-kira.... Click here to enlarge
    thanks gan atas infonya, tar sore ( kalo sekarang masih jadi kuli pabrik ge..ge. ) ane coba cara 2 dulu.. Click here to enlarge

  5. #4
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    agan zdienos saya udah coba yg no2 ternyata tetep ga bisa, akhirnya pake yg no1. keliatannya sih jalan, tapi saya mau mastiin nangkap paketnya di mangle terus mau di loss di queue, cuma caranya gimana ya.. saya dah otak atik ga bisa2... ga bisa nangkap paketnya.. Click here to enlarge

  6. #5
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by cikruk21 Click here to enlarge
    agan zdienos saya udah coba yg no2 ternyata tetep ga bisa, akhirnya pake yg no1. keliatannya sih jalan, tapi saya mau mastiin nangkap paketnya di mangle terus mau di loss di queue, cuma caranya gimana ya.. saya dah otak atik ga bisa2... ga bisa nangkap paketnya.. Click here to enlarge
    oww..., nda bisa ya..???

    kalo nangkep, saya cuman pake ini koq...
    Code:
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="proxy lozz" disabled=no in-interface=eth5-proxy layer7-protocol=\
        proxy-hit new-packet-mark=proxy_lozz passthrough=no protocol=tcp
    sebelumnnya, bikin dulu L7 regexp
    Code:
    /ip firewall layer7-protocol
    add comment="" name=proxy-hit regexp=\
        "http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(x-cache: hit)"
    atau bisa pake settingan DSCP (TOS) di firewallnya..
    Last edited by zdienos; 19-10-2010 at 14:58.

  7. #6
    Status
    Offline
    buyungsandy's Avatar
    Member
    Join Date
    Dec 2009
    Location
    FirlyNET SAMARINDA
    Posts
    214
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zdienos Click here to enlarge
    oww..., nda bisa ya..???

    kalo nangkep, saya cuman pake ini koq...
    Code:
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="proxy lozz" disabled=no in-interface=eth5-proxy layer7-protocol=\
        proxy-hit new-packet-mark=proxy_lozz passthrough=no protocol=tcp
    itu marking nya Click here to enlarge

    TS itu kek nya bingung kenapa trafik g liwat proxy ... gt ea TS ??/ Click here to enlarge

    default hotspotnya itu ada dstnat nya hotspot,., itu yang halangin trafik lewat nat proxynya ts,,,,, Click here to enlarge

    coba browsing sambil intip interface,,, interface proxy ada trafik ga?

    --- dah bobok lagi
    Last edited by buyungsandy; 19-10-2010 at 13:06.

  8. #7
    Status
    Offline
    dutapsd's Avatar
    Member
    Join Date
    Sep 2007
    Location
    SURABAYA
    Posts
    246
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by cikruk21 Click here to enlarge
    1 ;;; TRANSPARENT-proxy waret
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=local dst-port=80,8080,3128

    2 ;;; TRANSPARENT-proxy hotspot
    chain=dstnat action=dst-nat to-addresses=192.168.2.2 to-ports=3128 protocol=tcp dst-address-list=!proxy
    in-interface=rtrwnet dst-port=80,8080,3128
    mas coba bantu ya, untuk rule nomor 1 dan 2 diatas, coba ganti yang tercetak tebal dengan src-address-list
    kemudian rule nomor 1 dan 8 jangan taruh diatas rule otomatisnya hotspot, jadi tarus semua rule di bawah rule hotspot.
    Sementara itu aja TS masukan dari saya .


    Last edited by dutapsd; 19-10-2010 at 14:40.

  9. #8
    Status
    Offline
    bandit's Avatar
    Baru Gabung
    Join Date
    Apr 2009
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba cek di hotspot server profile nya
    apakah sudah dimasukkan ip dan port squid nya?

  10. #9
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by bandit Click here to enlarge
    coba cek di hotspot server profile nya
    apakah sudah dimasukkan ip dan port squid nya?
    Click here to enlarge Originally Posted by cikruk21 Click here to enlarge
    .....
    udah pernah di coba memasukan IP & Port proxy squid di hotspot server profile tapi hasilnya sama saja
    ...
    Click here to enlarge

  11. #10
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Makasih semuana atas bantuan dan partisipasinya, sementara ini saya coba saran dari agan zdienos, cuma tinggal nangkap HITnya aja yg belum he.he..
    tar mau ta' coba lagi... Click here to enlarge

  12. #11
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    coba dicek juga di tutorial tentang Mikrotik + ZPH buat nangkap hitnya...
    A person's junk is another person's treasure.

  13. #12
    Status
    Offline
    kweteng's Avatar
    VIP Member
    Join Date
    Nov 2009
    Location
    batu wae
    Posts
    797
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau menggunakan RB jangan mengaktifkan internal web proxy, jadi berat. dan agar ip client hospot terkena rules dnat proxy perhatikan ini ;

    Code:
    /ip hotspot user profile
    set default  name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
    utk mangle hit sebaiknya menggunakan dscp

    Code:
    /ip fi ma
    add action=mark-packet chain=forward  dscp=12 in-interface=PROXY new-packet-mark=proxy-hit passthrough=no protocol=tcp
    rules transparent proxy external/squid
    Code:
    /ip fi nat
    add action=dst-nat chain=dstnat dst-address=!IP-PROXY dst-port=80 in-interface=LAN protocol=tcp src-address=\
        IPLAN-KITA to-addresses=IP-PROXY to-ports=3128
    CMIIW

  14. The Following 5 Users Say Thank You to kweteng For This Useful Post:


  15. #13
    Status
    Offline
    rizal90's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlargeClick here to enlarge

  16. #14
    Status
    Offline
    agusfazri's Avatar
    Calon Member
    Join Date
    Mar 2010
    Location
    Cijulang, Jawa Barat, Indonesia, Indonesia
    Posts
    88
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    good........Click here to enlarge

  17. #15
    Status
    Offline
    fgcp's Avatar
    Baru Gabung
    Join Date
    Aug 2010
    Location
    Jember
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    sip

    Click here to enlarge Originally Posted by kweteng Click here to enlarge
    kalau menggunakan RB jangan mengaktifkan internal web proxy, jadi berat. dan agar ip client hospot terkena rules dnat proxy perhatikan ini ;

    Code:
    /ip hotspot user profile
    set default  name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
    utk mangle hit sebaiknya menggunakan dscp

    Code:
    /ip fi ma
    add action=mark-packet chain=forward  dscp=12 in-interface=PROXY new-packet-mark=proxy-hit passthrough=no protocol=tcp
    rules transparent proxy external/squid
    Code:
    /ip fi nat
    add action=dst-nat chain=dstnat dst-address=!IP-PROXY dst-port=80 in-interface=LAN protocol=tcp src-address=\
        IPLAN-KITA to-addresses=IP-PROXY to-ports=3128
    CMIIW

    lagi tak jajal kang... sukses...
    Click here to enlargeClick here to enlarge

    tapi enek siji masalah maneh...
    hotspot akses proxy masih ikut kelimit..
    piye yo... Click here to enlargeClick here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 37
    Last Post: 25-04-2014, 17:30
  2. Replies: 15
    Last Post: 24-01-2012, 14:18
  3. Replies: 52
    Last Post: 22-06-2011, 07:31
  4. ask:matikan proxy di hotspot gak bisa
    By ud1geol in forum HotSpot, The Dude & User Manager
    Replies: 0
    Last Post: 09-12-2009, 08:15

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •