Mikrotik U

/system ntp client set enabled=yes mode=unicast primary-ntp=152.118.24.
8 /interface set 0 name=spidol1 set 1 name=spidol2 set 4 name=LAN set 3 name=proxy /ip address add address=192.168.4.3/24 network=192.168.4.0 =spidol1 comment="" disabled=no add address=192.168.2.3/24 network=192.168.2.0 =spidol2 comment="" disabled=no add address=192.168.1.2/24 network=192.168.1.0 =LAN comment="" disabled=no add address=192.168.3.3/24 network=192.168.3.0 =proxy comment="" disabled=no ======================== load balance cara 1 /interface pppoe-client add name="dialspeed1" max-mtu=1480 max-mru=1480 interface=spidol1 mrru=disabled user="14113100859@telkom.net" password="dtyory40kg" profile=default service-name ="099" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow =pap,chap,mschap1,mschap2 disabled=no add name="dialspeed2" max-mtu=1480 max-mru=1480 interface=spidol2 mrru=disabled user="14113100859@telkom.net" password="dtyory40kg" profile=default service-name ="099" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow =pap,chap,mschap1,mschap2 disabled=no ------------------------------------------set nat ------/ip firewall nat add chain=srcnat action=masquerade out-interface=PPPoE-1 comment="" disabled=no add chain=srcnat action=masquerade out-interface=PPPoE-2 comment="" disabled=no /ip firewall nat add chain=dstnat action=dst-nat to-address=192.168.3.35 to-ports=3128 dst-addres s-list=192.168.3.35 protocol=tcp dst-port=80 in-interface=LAN add chain=dstnat action=dst-nat to-address=192.168.3.35 to-ports=3128 dst-addres s-list=192.168.3.35 protocol=tcp dst-port=8080 in-interface=LAN add chain=dstnat action=dst-nat to-address=192.168.3.35 to-ports=3128 dst-addres s-list=192.168.3.35 protocol=tcp dst-port=3128 in-interface=LAN set manggel ----------/ip firewall mangle add action=mark-connection chain=prerouting comment="Load Mangel" connection-sta te=new disabled=no in-interface=LAN nth=2,1 new-connection-mark=ADSL-1 passthrou gh=yes add action=mark-connection chain=prerouting comment="" connection-state=new disa bled=no in-interface=LAN nth=2,2 new-connection-mark=ADSL-2 passthrough=yes add action=mark-routing chain=prerouting comment="Mark Paket" in-interface=LAN c onnection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no add action=mark-routing chain=prerouting comment="" in-interface=LAN connectionmark=ADSL-2 disabled=no new-routing-mark=speedy-2-conn passthrough=no broadcast=192.168.4.255 interface broadcast=192.168.2.255 interface broadcast=192.168.1.255 interface broadcast=192.168.3.255 interface
set Proxy ---------add action=mark-connection chain=prerouting comment="proxy" in-interface=proxy c onnection-state=new nth=2,1 disabled=no new-connection-mark=ADSL-1 passthrough=y es add action=mark-connection chain=prerouting comment="" in-interface=proxy connec tion-state=new nth=2,2 disabled=no new-connection-mark=ADSL-2 passthrough=yes add action=mark-routing chain=prerouting comment="Proxy mark" in-interface=proxy connection-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=n o add action=mark-routing chain=prerouting comment="" in-interface=proxy connectio n-mark=ADSL-1 disabled=no new-routing-mark=speedy-1-conn passthrough=no IP Route -------/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=dialspeed1 , scope=30 target-scope=10 routing-mark=modem1 add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=180.246.178.114 gateway -interface=Pdialspeed1 scope=30 target-scope=10 routing-mark=modem2 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway-interface=PPPoE-1, PPPo E-2 scope=30 target-scope=10 add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=118.96.151.230 gatewayinterface=dialspeed1 scope=30 target-scope=10 routing-mark=modem1 ============================================================== load balance cara 2 /ip route add gateway=192.168.2.2 add gateway=192.168.4.2 /ip firewall nat add chain=srcnat out-interface=spidol1 action=masquerade disabled=no add chain=srcnat out-interface=spidol2 action=masquerade disabled=no /ip add add add add firewall address-list address=192.168.2.0/24 address=192.168.4.0/24 address=192.168.3.0/24 address=192.168.1.0/24 list=lokal list=lokal list=lokal list=lokal
/ip firewall mangle add action=accept chain=prerouting dst-address-list=lokal in-interface=LAN comme nt="traffic_local" add action=accept chain=output dst-address-list=lokal add action=mark-connection chain=prerouting in-interface=LAN dst-address-list=ni ce new-connection-mark=conn-iix passthrough=yes add action=mark-packet chain=prerouting connection-mark=conn-iix new-packet-mark =packet-iix passthrough=no add action=mark-packet chain=prerouting new-packet-mark=packet-intl passthrough= no add action=mark-connection chain=prerouting in-interface=LAN connection-state=ne w nth=2,1 new-connection-mark=speedy1 passthrough=yes add action=mark-routing chain=prerouting in-interface=LAN connection-mark=speedy 1 new-routing-mark=speedy1 passthrough=no add action=mark-connection chain=prerouting in-interface=LAN connection-state=ne
w nth=2,2 new-connection-mark=speedy2 passthrough=yes add action=mark-routing chain=prerouting in-interface=LAN connection-mark=speedy 2 new-routing-mark=speedy2 passthrough=no add action=mark-connection chain=prerouting connection-mark=no-mark in-interface =spidol1 new-connection-mark=con-from-spidol1 passthrough=yes comment="Traffic_s pidol1" add action=mark-connection chain=prerouting connection-mark=no-mark in-interface =spidol2 new-connection-mark=con-from-spidol2 passthrough=yes comment="Traffic_s pidol2" add action=mark-connection chain=output comment=dns dst-address=203.130.196.5 ds t-port=53 new-connection-mark=dns passthrough=yes protocol=tcp add action=mark-connection chain=output dst-address=203.130.196.5 dst-port=53 ne w-connection-mark=dns passthrough=yes protocol=udp add action=mark-routing chain=output connection-mark=dns new-routing-mark=routeto-spidol1 passthrough=no /ip route add check-gateway=ping dst-address=0.0.0.0/0 ute-to-spidol1 distance=1 disabled=no add check-gateway=ping dst-address=0.0.0.0/0 ute-to-spidol1 distance=1 disabled=no add check-gateway=ping dst-address=0.0.0.0/0 ute-to-spidol2 distance=1 disabled=no add check-gateway=ping dst-address=0.0.0.0/0 ute-to-spidol2 distance=1 disabled=no gateway=192.168.2.2 routing-mark=ro gateway=192.168.4.2 routing-mark=ro gateway=192.168.4.2 routing-mark=ro gateway=192.168.2.2 routing-mark=ro
======================================================================= proxy /ip firewall nat add action=masquerade chain=srcnat comment="squid-masquerade" d isabled=no out-interface=spidol1 src-address=192.168.3.35/24 /ip firewall nat add action=masquerade chain=srcnat comment="squid-masquerade" d isabled=no out-interface=spidol2 src-address=192.168.3.35/24 /ip firewall nat add action=dst-nat chain=dstnat comment=squid disabled=no dst-p ort=80,8080,3128 in-interface=LAN protocol=tcp to-addresses=192.168.3.35 to-port s=3128 /ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LO CAL" disabled=no dst-port=53 in-interface=local protocol=udp to-ports=53 /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-inte rface=LAN protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL" /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-inte rface=proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY" /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-inte rface=proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY" /ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HI T" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no /ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSIN G SQUID" disabled=no dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthr ough=yes protocol=tcp /ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" c onnection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthr
ough=no /ip firewall address-list add address=192.168.3.0/24 comment="" disabled=no list=proxyNET ################################################## # Port ################################################## http_port 3128 transparent icp_port 3130 prefer_direct off ################################################## # Cache & Object ################################################## cache_mem 8 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ################################################## # cache_dir cache_dir aufs /home/proxy1 9000 32 128 cache_dir aufs /home/proxy2 9000 32 128 cache_dir aufs /home/proxy3 9000 32 128 cache_dir aufs /home/proxy4 9000 32 128 cache_dir aufs /home/proxy5 9000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes ################################################## # Rules: Safe Port ################################################## acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl acl acl acl acl acl acl acl to_localhost dst 127.0.0.0/8q lan src 192.168.1.0/27 modem1 src 192.168.2.0/24 modem2 src 192.168.4.0/24 proxy src 192.168.3.0/24 SSL_ports port 443 563 873 # https snews rsync Safe_ports port 80 # http Safe_ports port 20 21 # ftp ############### ###############
############### ###############
###############
############### ###############
acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 631 # cups acl Safe_ports port 10000 # webmin acl Safe_ports port 901 # SWAT acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access allow lan http_access allow modem2 http_access allow modem2 http_access allow proxy http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports ################################################## ############### # Refresh Pattern ################################################## ############### refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif png jpg jpeg ico)$ 10080 90% 43200 override-expire ign ore-no-cache ignore-private refresh_pattern -i \.(iso avi wav mp3 mp4 mpeg mpg swf flv x-flv)$ 43200 90% 432 000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb rpm exe ram bin pdf ppt doc tiff)$ 10080 90% 43200 ove rride-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip gz arj lha lzh tar tgz cab rar)$ 10080 95% 43200 overr ide-expire ignore-no-cache ignore-private refresh_pattern -i \.(html htm css js php asp aspx cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 ################################################## ############### # HAVP + Clamav ################################################## ############### cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default ################################################## ############### # HIERARCHY (BYPASS CGI) ################################################## ############### #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY ################################################## ############### # SNMP ################################################## ############### snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all ################################################## ###############
# ALLOWED ACCESS ################################################## acl persegi src 192.168.0.0/24 ## Sesuaikan http_access allow persegi http_access allow localhost http_access deny all http_reply_access allow all icp_access allow persegi icp_access allow localhost icp_access deny all always_direct deny all ################################################## # Cache CGI & Administrative ################################################## cache_mgr batamwarnet@batamwarnet.com cachemgr_passwd 123 all visible_hostname proxy.bless.net cache_effective_user proxy cache_effective_group proxy coredump_dir /var/spool/squid shutdown_lifetime 10 seconds logfile_rotate 14 cache_mgr enchone@bless.net ################################################## # Squid ZPH ##################################################
###############
############### ###############
############### ###############
/system sched add comment="update-nice" disabled=no interval=1d name="update-nic e-rsc" on-event=":if ([:len [/file find name=nice.rsc]] > 0) do={/file remove ni ce.rsc}; /tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc mode =http;/import nice.rsc" start-date=jan/01/1970 start-time=06:00:00
======================================= /ip firewall mangle add action=mark-connection chain=postrouting disabled=no dsc p=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KONEKSI" /ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connecti on-mark="GAME KONEKSI" passthrough=yes protocol=tcp /ip firewall mangle add action=mark-packet chain=postrouting connection-mark="IC MP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICM P PAKET" /ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIP AKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET " connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-p acket-mark="BROWSING PAKET" passthrough=no protocol=tcp /ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANG E DSCP" disabled=no new-dscp=1 protocol=icmp /ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-por
t=53 new-dscp=1 protocol=udp /ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-por t=53 new-dscp=1 protocol=tcp /ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no in-interface=LAN new-connection-mark="EXTENTION KONEKSI" pa ssthrough=yes /ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" connection-mark="EXTENTION KONEKSI" disabled=no new-packet-mark="YOUTUBE" passth rough=no /ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" conn ection-mark="EXTENTION KONEKSI" disabled=no new-packet-mark="WMV" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" conn ection-mark="EXTENTION KONEKSI" disabled=no new-packet-mark="EXE" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="ZIP" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="RAR" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="MPG" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" con nection-mark="EXTENTION KONEKSI" new-packet-mark="MPEG" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="MP3" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="MOV" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disa bled=no connection-mark="EXTENTION KONEKSI" new-packet-mark="ISO" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="MKV" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="FLV" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="AVI" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="CAB" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="ASF" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="WAV" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" conne ction-mark="EXTENTION KONEKSI" new-packet-mark="RM" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="RAM" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" con nection-mark="EXTENTION KONEKSI" new-packet-mark="RMVB" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="DAT" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="DAA" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="NRG" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="BIN" passthrough=no /ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" conn ection-mark="EXTENTION KONEKSI" new-packet-mark="VCD" passthrough=no

Mikrotik U

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Mikrotik U

Transféré par

Droits d'auteur :

Formats disponibles

/system ntp client set enabled=yes mode=unicast primary-ntp=152.118.24.

Vous aimerez peut-être aussi