Selasa, 01 Maret 2011

Setting Mikrotik rb 750 G + 2 line speedy + proxy squid

Settingan sederhana load balancing 2 speedy + squid
tidak cocok buat Warnet Game Online

topologinya

speedy1----|
|------- mikrotik RB 750 G-------LAN-----client
speedy2---- |
|
squid ubuntu 9.10

seting modem menjadi bridge
ip address
modem 1 192.168.1.1
modem 2 192.168.2.1
proxy 192.168.3.2

ip mikrotik
lan 192.168.0.1
modem1 192.168.1.2
modem2 192.168.2.2
proxy 192.168.3.1

pppoe
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-1" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480 mrru=disabled name="PPPoE-2" user="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

set nat
/ip firewall nat
add chain=srcnat action=masquerade out-interface=PPPoE-1 comment="" disabled=no
add chain=srcnat action=masquerade out-interface=PPPoE-2 comment="" disabled=no

/ip firewall nat
add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=80 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=8080 in.-interface=ip lan

add chain=dstnat action=dst-nat to-address=ip squid proxy to-ports=3128 dst.-address-list=ip squid protocol=tcp dst.-port=3128 in.-interface=ip lan


set manggel
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Mangel" connection-state=new disabled=no in-interface=lan nth=2,1 new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=lan nth=2,2 new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Mark Paket" in-interface=lan connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=lan connection-mark=ADSL-2 disabled=no new-routing-mark=speedy-2-conn passthrough=no

set Proxy
add action=mark-connection chain=prerouting comment="proxy" in-interface=proxy connection-state=new nth=2,1 disabled=no new-connection-mark=ADSL-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" in-interface=proxy connection-state=new nth=2,2 disabled=no new-connection-mark=ADSL-2 passthrough=yes

add action=mark-routing chain=prerouting comment="Proxy mark" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

add action=mark-routing chain=prerouting comment="" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no

IP Route
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1 , scope=30 target-scope=10 routing-mark=modem1

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe2 gateway-interface=PPPoE-2 scope=30 target-scope=10 routing-mark=modem2

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1, PPPoE-2 scope=30 target-scope=10

add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ip yang diberi pppoe1 gateway-interface=PPPoE-1 scope=30 target-scope=10 routing-mark=modem1



Untuk Proxynya

#==================================#
# Proxy Server Versi 2.7.Stable3
#==================================#
################################################## ###############
# Port
################################################## ###############
http_port 3128 transparent
icp_port 3130
prefer_direct off
################################################## ###############
# Cache & Object
################################################## ###############
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
################################################## ###############
# cache_dir
cache_dir aufs /home/proxy1 9000 32 128
cache_dir aufs /home/proxy2 9000 32 128
cache_dir aufs /home/proxy3 9000 32 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
################################################## ###############
# Rules: Safe Port
################################################## ###############
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8q
acl lan src 192.168.0.0/27
acl modem1 src 192.168.1.0/24
acl modem2 src 192.168.2.0/24
acl proxy src 192.168.3.0/24
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow lan
http_access allow modem2
http_access allow modem2
http_access allow proxy
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
################################################## ###############
# Refresh Pattern
################################################## ###############
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
################################################## ###############
# HAVP + Clamav
################################################## ###############
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
################################################## ###############
# HIERARCHY (BYPASS CGI)
################################################## ###############
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
################################################## ###############
# SNMP
################################################## ###############
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
################################################## ###############
# ALLOWED ACCESS
################################################## ###############
acl persegi src 192.168.0.0/24 ## Sesuaikan
http_access allow persegi
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow persegi
icp_access allow localhost
icp_access deny all
always_direct deny all
################################################## ###############
# Cache CGI & Administrative
################################################## ###############
cache_mgr batamwarnet@batamwarnet.com
cachemgr_passwd 123 all
visible_hostname proxy.bless.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
cache_mgr enchone@bless.net
################################################## ###############
# Squid ZPH
################################################## ###############

seting pembagian hardisk di squid
1 gb /boot flad
3 gb /
4 gb /usr
4 gb /var
1 gb swap
15 gb/home/proxy1
15 gb/home/proxy2
15 gb/home/proxy3
sisanya di jadiin share, hdd ukuran 80 gb...

oke itu dulu semoga bermanfaat ya

4 komentar:

Anonim mengatakan...

proxy servernya pake apa gan?

HHRMA mengatakan...

thanks infonya gan. sangat berguna.

MITR@WARNET mengatakan...

Anom@bisa pake apa saja intinya external proxy

MITR@WARNET mengatakan...

@HHRMA@ ok Gan sama2

My Friends