RSS

Mangle and Queue Mikrotik on Proxy Ubuntu Server

10 Dec

Karena setiap hari ada pertanyaan mengenai konfigurasi Mikrotik dan Proxy Ubuntu, berikut ini saya berikan tutorial berupa script yang mungkin dibutuhkan oleh para pengunjung blog ini. Script ini merupakan script yang selama ini saya gunakan dan Alhamdulillah lancar-lancar saja. Sebelumnya untuk Firewall Filter Rule anda bisa mengambil dari sini . Berikutnya mari kita belajar bersama … hehehe lanjut bozzz…

Sebelum mengkonfigurasi Mikrotik, sebaiknya anda pahami terlebih dahulu bahwa IP Address yang ada di settingan berikut adalah ip lokal. Oleh karena itu sesuaikan dengan konfigurasi ip network lokal anda masing-masing. Settingan ini adalah settingan untuk mikrotik menggunakan Ubuntu Proxy. Jika anda tidak menggunakan Proxy sesuaikan dengan konfigurasi anda juga.

Jelasnya sebagai berikut :

Ether1=IP Public/IP Internet

Ether2=IP lokal

Ether3=IP ke Proxy

Pertama kita setting terlebih dahulu :

1.Mangle

/ip firewall mangle
add action=mark-packet chain=prerouting comment=PROXY-HIT disabled=no dscp=12 \
new-packet-mark=proxy-hit passthrough=no
add action=mark-connection chain=prerouting comment=HTTP-CONN disabled=no \
in-interface=ether2 new-connection-mark=http_conn passthrough=no \
protocol=tcp src-address=192.168.1.0/24
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no \
new-packet-mark=http_conn passthrough=no
add action=jump chain=prerouting comment=”DNS SERVICE” connection-state=new \
disabled=no jump-target=udp-services protocol=udp
add action=mark-connection chain=udp-services disabled=no dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services disabled=no dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment=YM disabled=no dst-port=\
5050,5100 new-connection-mark=YM passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=YM disabled=no \
new-packet-mark=ym-conn passthrough=no
add action=mark-connection chain=prerouting comment=ICMP_KONEKSI disabled=no \
new-connection-mark=ICMP_KONEKSI passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_KONEKSI \
disabled=no new-packet-mark=ICMP_PAKET passthrough=no protocol=icmp
add action=change-mss chain=forward comment=”CHANGE MMS” disabled=no new-mss=\
1448 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-1448

2.Queue type

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=\
5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=downstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
add kind=pcq name=upstream pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=20000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10

3.Queue Tree

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”==KONDISI_PING==” packet-mark=ICMP_PAKET parent=\
global-total priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DOWN1 parent=ether2 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Downlink1 packet-mark=http_conn parent=DOWN1 priority=5 \
queue=downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT-1 packet-mark=proxy-hit parent=DOWN1 priority=5 queue=\
downstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=UPLOAD-1 parent=ether1 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Up-Ether1 packet-mark=proxy-hit parent=UPLOAD-1 priority=5 \
queue=upstream
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Http-Proxy parent=ether3 priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Proxy-Hit packet-mark=proxy-hit parent=Http-Proxy \
priority=5 queue=upstream

4.Queue Interface

/queue interface
set ether1 queue=upstream
set ether2 queue=downstream
set ether3 queue=ethernet-default

5.Queue Simple

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-HTTP-CON \
packet-marks=http_conn parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-PROXY-HIT \
packet-marks=proxy-hit parent=none priority=1 queue=upstream/downstream \
target-addresses=0.0.0.0/0 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-1 \
packet-marks=http_conn parent=LAN-HTTP-CON priority=1 queue=\
upstream/downstream target-addresses=192.168.1.0/24 time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=default-small
add burst-limit=64k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=Client1 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client2 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=0/0 name=LAN-2 \
packet-marks=proxy-hit parent=LAN-PROXY-HIT priority=8 queue=\
upstream/downstream target-addresses=192.168.1.0/24 total-queue=\
default-small
add burst-limit=128k/128k burst-threshold=64k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client3 \
parent=LAN-1 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.3/32 total-queue=default-small
add burst-limit=64k/64k burst-threshold=64k/64k burst-time=5s/5s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-2 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.2/32 total-queue=default-small
add burst-limit=128k/128k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/128k name=\
Client-3 parent=LAN-2 priority=5 queue=default-small/default-small \
target-addresses=192.168.1.3/32 total-queue=default-small
add burst-limit=128k/256k burst-threshold=128k/128k burst-time=5s/5s direction=\
both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=Client-1 \
parent=LAN-2 priority=5 queue=default-small/default-small target-addresses=\
192.168.1.1/32 total-queue=default-small
Selamat mengoprek….!!!!!

About these ads
 
52 Comments

Posted by on December 10, 2011 in Tutorial Mikrotik

 

52 responses to “Mangle and Queue Mikrotik on Proxy Ubuntu Server

  1. Borte John

    March 8, 2012 at 12:37 pm

    mas tamam saya sudah bisa memisahkan BW lokal dengan internasionalnya, tapi kenapa sekarang untuk game facebook hanya ke save di proxy untuk 1 hari saja misalkan hari ini saya buka game facebook dan langsung hit ke proxy tapi untuk besoknya saya mau buka game facebooknya lagi dia langsung ngambil ke internet tidak ke proxy, apakah ada yang salah dengan setingan squidnya, saya menggunakan settingan squid yang high configuration, terima kasih

     
    • tamam_papua

      March 14, 2012 at 8:54 am

      hehehe… racik an squid nya perlu di update lagi ..

       
    • ar1cyber

      March 29, 2012 at 1:23 pm

      Mas borte Dikirimin donk scrip untuk pisah BW local dengan INtlnya hehe, Ane blm Berhasil Soalnya

       
      • tamam_papua

        March 30, 2012 at 12:02 pm

        hehehhee…

         
  2. ippankgnu

    April 2, 2012 at 12:44 pm

    metode diatas, bisa diterapkan tidak pada lingkungan hotspot only, yang harus di sesuaikan yang mana..?? makasih seblumnya mas tamam… :)

     
    • tamam_papua

      April 4, 2012 at 9:01 pm

      silakan anda coba script berikut :

      /ip firewall nat
      add action=dst-nat chain=dstnat comment=”HOTSPOT TO PROXY BOZZ” disabled=yes \
      dst-address-list=!proxynet dst-port=80,8080,3128 in-interface=hotspot \
      protocol=tcp src-address=192.168.1.0/24 src-address-list=localnet \
      to-addresses=192.168.11.11 to-ports=3128

      interface=hotspot –> sesuaikan dengan interface yang dipake untuk hotspot
      src-address=ip ether untuk hotspot –> sesuaikan dengan ip network hotspot

      setelah setting selesai, drag and drop posisi settingan di atas pada baris PALING ATAS, di atas NAT PROXY Lan anda… sekali lagi letakkan settingan di atas di baris PALING ATAS di konfigurasi NAT anda. Selamat Mencoba….

       
      • ommatillah

        June 12, 2012 at 1:10 pm

        Saya pake out 2 interface : local (192.168.2.0/24) dan hotspot (192.168.3.0/24)
        dengan scrip diatas kok yang bisa di cache cuma local aja mohon petunjuknya
        topologi

        inet (192.168.1.1)
        |
        |
        (192.168.1.100)
        Mikrotik — LAN (192.168.2.254)—–Client LAN (192.168.2.0/24)
        — Hotspot (192.168.3.254) —– Client Hotspot (192.168.3.0/24)
        — Proxy (192.168.11.1)

        Mohon kiranya petunjuknya agar hotspot bisa tercache di proxy ubuntu
        Catatan : sementara ini Proxy berjalan hanya untuk Local aja

         
      • tamam_papua

        June 12, 2012 at 2:00 pm

        nat proxy di taruh di bawah hotspot masquerade

         
  3. Iwan Supriyanto

    April 2, 2012 at 9:19 pm

    FATAL: Bungled squid.conf line 48: cache_dir aufs /squid/cache cache 200000 54 256
    Squid Cache (Version 2.7.STABLE9): Terminated abnormally

    tulisan itu keluar mas setelah direstart squidnya

     
    • tamam_papua

      April 4, 2012 at 8:51 pm

      partisi cache pada saat install ubuntu harus = penulisan cache dir yang anda maksud.. silakan di cek..

       

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 534 other followers