Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Mikrotik + Squid (Perfect)

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 3

Mikrotik - menggunakan Squid sebagai Web Proxy sehingga lebih optimal

From SpeedyWiki
Jump to: navigation, search Sumber AdeldiaN http://opensource.telkomspeedy.com/forum/viewtopic.php?pid=18262

untuk lebih mudah saya menggunakan 2 virtual server, yaitu : 1. IP Mikrotik:


- 192.168.10.15 = local - 192.168.12.15 = proxy - 192.168.5.181 = public/ke modem speedy

2. IP squid (pakai IPCop)


- 192.168.12.1 = ip green(procy)

3. IP Client: 192.168.10.0/24 ok di ipcop disetting dulu bahwa web proxynya jalan di port 878 <= terserah anda aktifkan cachenya misal 15M atau 15000 <= untuk testing sekarang kita masuk ke mikrotiknya:
/ ip address add address=192.168.5.181/24 network=192.168.5.0 broadcast=192.168.5.255 \ interface=Public comment="" disabled=no add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 \ interface=Lan comment="" disabled=no add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 \ interface=Proxy comment="" disabled=no

setting route:
/ ip route add dst-address=0.0.0.0/0 gateway=192.168.5.15 scope=255 target-scope=10 \ comment="" disabled=no

setting dns:

/ ip dns set primary-dns=192.168.5.182 secondary-dns=192.168.5.205 \

allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w / ip dns static add name="192.168.5.3" address=192.168.5.3 ttl=1d

setting nat:
/ ip firewall nat add chain=dstnat protocol=tcp dst-port=81 action=dst-nat \ to-addresses=192.168.12.1 to-ports=81 comment="Untuk IP Cop" disabled=no add chain=dstnat protocol=tcp dst-port=445 action=dst-nat \ to-addresses=192.168.12.1 to-ports=445 comment="Untuk HTTPS IPCOP" \ disabled=no add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=80 \ action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" disabled=no add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=443 \ action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" \ disabled=no add chain=srcnat out-interface=Public action=masquerade comment="" disabled=no

Nat kemaren salah paste, mohon maaf ya

nah terus ini yang paling penting, setting manggle:


/ ip firewall mangle add chain=forward content="X-Cache: HIT" action=mark-connection \ new-connection-mark=squid_con passthrough=yes comment="" disabled=no add chain=forward connection-mark=squid_con action=mark-packet \ new-packet-mark=squid_pkt passthrough=no comment="" disabled=no add chain=forward connection-mark=!squid_con action=mark-connection \ new-connection-mark=all_con passthrough=yes comment="" disabled=no add chain=forward protocol=tcp src-port=80 connection-mark=all_con \ action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \ disabled=no add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \ new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \ action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \ disabled=no add chain=forward connection-mark=all_con action=mark-packet \ new-packet-mark=test_pkt passthrough=no comment="" disabled=no

terus queue :
/ queue simple add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \ packet-marks=squid_pkt direction=both priority=8 \ queue=default-small/default-small limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=no add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none \ direction=both priority=8 queue=default-small/default-small limit-at=0/0 \

max-limit=35000/256000 total-queue=default-small disabled=no add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all \ parent=none packet-marks=top_pkt direction=both priority=1 \ queue=default-small/default-small limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=no add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \ packet-marks=icmp_pkt direction=both priority=2 \ queue=default-small/default-small limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=no add name="The_other_port_queue" target-addresses=192.168.12.0/24 \ dst-address=0.0.0.0/0 interface=all parent=Main_Link packetmarks=http_pkt \ direction=both priority=8 queue=default-small/default-small \ limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small \ disabled=no add name="another_port" target-addresses=192.168.10.0/24 dstaddress=0.0.0.0/0 \ interface=all parent=Main_Link packet-marks=test_pkt direction=both \ priority=8 queue=default-small/default-small limit-at=0/0 \ max-limit=0/256000 total-queue=default-small disabled=no

hasilnya: pertama mencache:

kedua hasil cachenya:

semoga membantu teman-teman sekalian

You might also like