Minggu, 22 September 2013

Load Balancing 2 LINE ISP+ PROXY EKSTERNAL

Load Balancing 2 LINE ISP+ PROXY EKSTERNAL



Berikut adalah contoh setting Routerboard/Mikrotik menggunakan 2 koneksi ISP TelkomSpeedy plus Proxy Server Exkternal. Penerapan mohon disesuaikan dengan kondisi jaringan, IP Address, dan Proxy Server anda.


IP ADDRESS IN MODEM ADSL MODE BRIDGE :

    Modem1 : 192.168.3.1
    Modem2 : 192.168.4.1


IP ADDRESS IN CPU PROXY SERVER :

    192.168.27.27


IP ADDRESS IN MIKROTIK:

    Modem1 : 192.168.3.2/24
    Modem2 : 192.168.4.2/24
    LAN : 192.168.1.1/24
    Proxy : 192.168.27.1/24


INTERFACE NAME :

    ether1 : Modem1
    ether2 : Modem2
    ether3 : LAN
    ether4 : Proxy


INTERFACE LIST :

    /interface
    add name="Modem1" type="ether" mtu=1500 l2mtu=1524
    add name="Modem2" type="ether" mtu=1500 l2mtu=1524
    add name="LAN" type="ether" mtu=1500 l2mtu=1524
    add name="Proxy" type="ether" mtu=1500 l2mtu=1524


IP ADDRESS LIST :

    /ip addr
    add address=192.168.3.2/24 network=192.168.3.0 interface=Modem1 actual-interface=Modem1
    add address=192.168.4.2/24 network=192.168.4.0 interface=Modem2 actual-interface=Modem2
    add address=192.168.1.1/24 network=192.168.1.0 interface=LAN actual-interface=LAN
    add address=192.168.27.1/24 network=192.168.27.0 interface=Proxy actual-interface=Proxy


PPP-PPPoE CLIENT :

    /interface pppoe-client
    add name="pppoe-speedy1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem1 user="*******@telkom.net" \
    password="******" profile=default service-name="anjelanet1" ac-name="" add-default-route=no dial-on-demand=no \
    use-peer-dns=no allow=pap,chap,mschap1,mschap2

    add name="pppoe-speedy2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem2 user="********@telkom.net" \
    password="********" profile=default service-name="anjelanet2" ac-name="" add-default-route=no dial-on-demand=no \
    use-peer-dns=no allow=pap,chap,mschap1,mschap2


 ********* = ISI DGN USERNAME & PASSWORD SPEEDY ANDA

IP DNS :

    IP--->>DNS--->>SETTING
    Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok melalui akun openDNS) : 208.67.222.222 208.67.220.220
    Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145
    Gunakan IP DNS ISP anda (IP DNS terbaik adalah IP DNS dengan loop terpendek yaitu IP DNS ISP di wilayah anda)


IP DHCP SERVER :

    DHCP-->DHCP Setup-->DHCP Server Interface=LAN-->NEXT..............FINISH
    Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
    Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145


IP FIRWALL NAT :

    /ip firewall nat
    add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=3128 protocol=tcp dst-address-list=!Local+Proxy \
    in-interface=LAN dst-port=80,81,8080,3128 comment="TRANSPARENT PROXY"

    add chain=srcnat action=masquerade out-interface=pppoe-speedy1 comment="MASQUERADE"
    add chain=srcnat action=masquerade out-interface=pppoe-speedy2
    add chain=srcnat action=masquerade out-interface=Modem1
    add chain=srcnat action=masquerade out-interface=Modem2

     add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=LAN dst-port=53 comment="TRANSPARENT DNS"
    add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=LAN dst-port=53
    add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Proxy dst-port=53
    add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Proxy dst-port=53
    add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=22 protocol=tcp dst-address="IP PUBLIK" \
    dst-port=2221 comment="SSH PROXY OUT REMOTE TO WINsCP"

"IP PUBLIK" : Isi dengan IP Publik Internet Speedy anda
IP FIREWALL ADDRESS-LIST

    /ip firewall address-list
    add list=LAN-NeT address=192.168.1.0/24
    add list=Proxy-NeT address=192.168.27.0/24
    add list=Local+Proxy address=192.168.1.0/24
    add list=Local+Proxy address=192.168.27.0/24


IP FIREWALL MANGLE :

    /ip firewall mangle
    add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp \
    dst-address=203.89.146.0/23 dst-port=49100 comment="Router POINTBLANK"
    add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=udp \
    dst-address=203.89.146.0/23 dst-port=40000-40010
    add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp \
    dst-address=203.89.146.0/23 dst-port=39190


PPPoE CONN :

    add chain=input action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=new \
    in-interface=pppoe-speedy1 comment="PPPoE CONN"
    add chain=input action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=new \
    in-interface=pppoe-speedy2
    add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=established \
    in-interface=pppoe-speedy1
    add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=established \
    in-interface=pppoe-speedy2
    add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=related \
    in-interface=pppoe-speedy1
    add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=related \
    in-interface=pppoe-speedy2

    add chain=output action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=no connection-mark=pppoe1-conn
    add chain=output action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=no connection-mark=pppoe2-conn


HTTP CONN :

    add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp \
    src-address-type="" dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
    per-connection-classifier=both-addresses-and-ports:2/0 comment="HTTP CONN"
    add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
    per-connection-classifier=both-addresses-and-ports:2/1
    add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/0
    add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/1


MARK-HTTP ROUTE :

    add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=Proxy \
    connection-mark=http-pppoe1 comment="MARK-HTTP ROUTE"
    add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=Proxy \
    connection-mark=http-pppoe2


NON-HTTP CONN :

    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/0 comment="NON-HTTP CONN"
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/1
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/0
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 \
    per-connection-classifier=both-addresses-and-ports:2/1
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
    per-connection-classifier=both-addresses-and-ports:2/0
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp \
    dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy \
    per-connection-classifier=both-addresses-and-ports:2/1
    add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp \
    dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 \
    add hain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp \
    dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1


MARK NON HTTP ROUTE :

    add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=LAN \
    connection-mark=non-http-pppoe1 comment="MARK NON HTTP ROUTE"
    add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=LAN \
    connection-mark=non-http-pppoe2

CRITICAL CONN :

    add chain=postrouting action=change-dscp new-dscp=1 protocol=tcp dst-port=53 comment="CRITICAL CONN"
    add chain=postrouting action=change-dscp new-dscp=1 protocol=icmp
    add chain=postrouting action=change-dscp new-dscp=1 protocol=udp dst-port=53
    add chain=postrouting action=mark-connection new-connection-mark=critical-conn passthrough=yes dscp=1
    add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passthrough=no connection-mark=critical-conn


PROXY-HIT :

    add chain=prerouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no protocol=tcp \
    in-interface=Proxy dscp=12 comment="PROXY-HIT"
    add chain=postrouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no out-interface=LAN dscp=12


IP ROUTE :

    /ip route
     add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 gateway-status=pppoe-speedy1 reachable check-gateway=ping distance=1 \
    scope=30 target-scope=10 comment="Default-Route-speedy1-Distance-1"
    add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 gateway-status=pppoe-speedy2 reachable check-gateway=ping distance=2 \
    scope=30 target-scope=10 routing-mark=PointBlank comment="Default-Route-speedy2-Distance-2"
    add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 gateway-status=pppoe-speedy1 reachable check-gateway=ping distance=1 \
    scope=30 target-scope=10 routing-mark=pppoe-speedy1
    add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 gateway-status=pppoe-speedy2 reachable check-gateway=ping distance=1 \
    scope=30 target-scope=10 routing-mark=pppoe-speedy2


Semoga membantu :D
Diposting oleh Admin Pati
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)