Pages

Senin, 06 Agustus 2012

MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY


                                 
                                      modem
                                            |
                                       switch
            |----(port1) ---------| |-----------to pfsense wan
        MIKROTIK RB750                                  |
            |----(port3) --Kabel UTP CROSS------|
            |----(port2) --to switch to clients


======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCA

proxy : 192.168.12.15/24
lan   : 192.168.10.15/24   
modem : 192.168.3.1/24 (DHCP)

ip clients : 192.168.10.xxx dst

======================
setting interface
Code:

/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy

======================
setting ip address
code:

/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no

=======================
setting route:
Code:

/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no

=======================
setting dns:
Code:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)

/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d

========================
setting nat:
Code:

/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)

/ip firewall nat print

 0   chain=srcnat action=masquerade out-interface=public

 1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
     dst-port=80

 2   chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
     src-address=192.168.10.0/24 in-interface=lan dst-port=80

 3   chain=srcnat action=masquerade out-interface=proxy

========================
setting manggle:
Code:

/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no

/ip firewall mangle print

 0   chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT

 1   chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con

 2   chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
     connection-mark=!squid_con

 3   chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
     connection-mark=all_con

 4   chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
     connection-mark=all_con

 5   chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
     connection-mark=all_con

 6   chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con

=======================
setting queue :

/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no

/queue simple print

 0    name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=squid_pkt direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

 1    name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
      burst-time=0s/0s total-queue=default-small

 2    name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
      parent=none packet-marks=top_pkt direction=both priority=1
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

 3    name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=icmp_pkt direction=both priority=2
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

Label:
Langganan: Postingan (Atom)