Slide # 1

Slide # 1

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts Read More

12345

Jumat, 23 Mei 2014

Analisis Perancangan Jaringan Komputer

10.33     No comments

Setting Microtik + Squid


Mikrotik box :
Cel 333
HD 10 Gb
RAM 192 MB
IP Address : 192.168.10.1 (Local), 192.168.20.1(Proxy), 10.100.0.4(Public)
Proxy Box :
OS Ubuntu 7.04 (Feisty Fawn)
HD 80 Gb SATA
RAM 1 Gb
IP Address : 192.168.20.2
Pertama-tama install mikrotik default .
Pada Mikrotik box tambahkan LAN Card ketiga yang akan digunakan untuk koneksi ke proxy. Setting IP Address, misalnya 192.168.20.1/30. Jadi di dalam mikrotik box gunakan perintah :
/ip address add address=192.168.20.1/30 interface=Proxy
Setting proxy di mikrotik box
/ip proxy set enabled=yes ports=3128 paren-proxy=192.168.20.2:3128
Firewall nat
/ip firewall nat add chain=srcnat out-interface=Public action=masquerade
/ip firewall nat add chain=dstnat in-interface=Local src-address192.168.10.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128
Hasilnya :

[admin@STIK Yos Sudarso] > /ip firewall nat print
Flags: X – disabled, I – invalid, D – dynamic
0 chain=srcnat out-interface=Public action=masquerade


1 chain=dstnat in-interface=Local src-address=192.168.10.0/24 protocol=tcp
dst-port=80 action=redirect to-ports=3128


/ ip firewall mangle
add chain=prerouting src-address=192.168.n.n/27 action=mark-packet \
new-packet-mark=test-up passthrough=no comment=”UP TRAFFIC” disabled=no
add chain=forward src-address=192.168.14.n.n/27 action=mark-connection \
new-connection-mark=test-conn passthrough=yes comment=”CONN-MARK” \
disabled=no
add chain=forward in-interface=Public connection-mark=test-conn \
action=mark-packet new-packet-mark=test-down passthrough=no comment=” \
DOWN-DIRECT CONNECTION” disabled=no
add chain=output out-interface=Local dst-address=192.168.n.n/27 \
action=mark-packet new-packet-mark=test-down passthrough=no \
comment=”DOWN-VIA PROXY” disabled=no

Hasilnya :

[admin@STIK Yos Sudarso] > /ip firewall mangle print
Flags: X – disabled, I – invalid, D – dynamic
0 ;;; UP TRAFFIC
chain=prerouting src-address=192.168.10.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no


1 ;;; CONN-MARK
chain=forward src-address=192.168.10.0/24 action=mark-connection
new-connection-mark=test-con passthrough=yes


2 ;;; DOWN-DIRECT CONNECTION
chain=forward in-interface=Public connection-mark=test-con
action=mark-packet new-packet-mark=test-down passthrough=no


3 ;;; DOWN-VIA PROXY
chain=output out-interface=Local dst-address=192.168.10.0/24
action=mark-packet new-packet-mark=test-down passthrough=no


/ queue type
add name=”pcq-download” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000

Hasilnya :

[admin@STIK Yos Sudarso] > /queue type print
0 name=”default” kind=pfifo pfifo-limit=50

1 name=”ethernet-default” kind=pfifo pfifo-limit=50
2 name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514

3 name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000

4 name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514

5 name=”pcq-download” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000


6 name=”pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000


/ queue tree
add name=”downstream” parent=Local packet-mark=test-down limit-at=0 \
queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”upstream” parent=global-in packet-mark=test-up limit-at=0 \
queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no

Hasilnya :

[admin@STIK Yos Sudarso] > /queue tree print
Flags: X – disabled, I – invalid
0 name=”downstream” parent=Local packet-mark=test-down limit-at=0
queue=pcq-download priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s


1 name=”upstream” parent=global-in packet-mark=test-up limit-at=0
queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

Proxy Box
Install squid
Dengan menggunakan Synaptic Package Manager install squid apabila belum terinstall.
edit squid.conf
# sudo gedit /etc/squid/squid.conf
tambahkan baris berikut :

acl jaringan src 192.168.10.0/24
http_access allow jaringan


acl jaringan1 src 192.168.20.0/30
http_access allow jaringan1

restart squid :
#/etc/init.d/squid restart
#echo 1 > proc/sys/net/ipv4/ip forward
#iptables -A PREROUTING -t nat -p tcp –dport 80 -j REDIRECT –to-port 3128
Referensi :
http://tajidyakub.net/index.php/2007/03/12/mikrotik-external-squid-simple-queue/
http://harrychanputra.wordpress.com
dll.


0 komentar :

Posting Komentar