keunggulan dari dns unbound adalah simple dan bisa dituning lebih
tinggi. jadi belum dikasih squid saja udah cepet sekali koneknya heuheuhue.
OK kangsung saja ini panduannya yang benar wkwkwkkwkw di internet ga ada yang benar.
cari referensi sulit yaa langsung ke web alsina aja wess website unbound ambil dengan wget di putty
sebelumnya uninstall dulu bind9 dengan tasksel
# tasksel
hilangkan tanda bintang pada dns-server dengan tombol space
[ * ] Server DNS
jadi
[ ] Server DNS
install DNS UNBOUND
# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# chown unbound:root unbound_*
# chmod 440 unbound_*
saya menganjurkan backup unbound.conf dulu sebelum diobok-obok
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.asli
hapus semua isi tulisan file /etc/unbound/unbound.conf dan isikan ini
server:
verbosity: 1
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no
interface: 192.168.2.2 # saya revisi harus ada lan / eth1
interface: 127.0.0.1 # penggunaan cpu, nilai 1 = no threading, nilai 2 = go threading
num-threads: 2
# nilai 2 kali dari num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
# gunakan 1/10 dari memory misal memory 512 mb
# msg-cache size = 512 / 10 = 51,2 ato 50 m
# untuk rrset-cache-size = msg-cache-size X 2
rrset-cache-size: 100m
msg-cache-size: 50m
# rumus untuk single core pentium 4 adalah memory : 2
# sedangkan untuk dual core dan lainya rumusnya 1024/cores - 50
outgoing-range: 256
# Larger socket buffer. OS may need config.
so-rcvbuf: 4m
num-queries-per-thread: 1024
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
key-cache-size: 4m
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control:192.168.2.0/24 allow # saya revisi juga harus ada lan / eth1
access-control: 127.0.0.0/8 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address:192.168.2.0/24 # saya revisi harus ada lan / eth1
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone cjmedia.net, samakan dengan dhcp
local-zone: "cjmedia.net." staticlocal-data: "cjmedia.net. 86400 IN NS ns1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN SOA cjmedia.net. hostmaster.cjmedia.net. 3 3600 1200 604800 86400"
local-data: "cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "www.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "ns1.cjmedia.net. 86400 IN A 192.168.2.2" # sama didhcp server
# layanan mail
local-data: "mail1.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "cjmedia.net. 86400 IN MX 10 mail1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN TXT v=spf1 a mx ~all"
# dns bind hanya diremove systemnya bukan file nya dengan tasksel
local-zone: "168.192.in-addr.arpa." staticlocal-data: "168.192.in-addr.arpa. 10800 IN NS cjmedia.net."
local-data: "168.192.in-addr.arpa. 10800 IN SOA cjmedia.net. hostmaster.cjmedia.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR cjmedia.net."
forward-zone:
name: "."
forward-addr:192.168.2.2 # ini saya revisi forward dns local harus ada
forward-addr: 180.131.144.144forward-addr: 180.131.145.145
# anda bisa menambah lebih banyak lagi dns spidol
remote-control:
control-enable: yes
control-interface:192.168.2.2 # saya revisi lan / eth1 harus ada
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
save dan tutup kemudian check konfigurasi unbound diputty
# unbound-checkconf /etc/unbound/unbound.conf
jika komeng keluarnya gini
unbound-checkconf: no errors in /etc/unbound/unbound.conf
berarti konfigurasi sudah betul.
tambahkan dns option pada file /etc/network/interfaces agar modem bisa mengarah ke localhost 127.0.0.1
buka file /etc/network/interfaces. tambahakan baris berikut setelah gateway modem dan sebelum auto eth1
lihat tulisan merah
auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255
save dan restart networking
# services networking restart
restart unbound
# /etc/init.d/unbound restart
kemudian check dns lookup dengan cara
# nslookup
> 192.168.2.2
> 127.0.0.1
> localhost
> cjmedia.net
> www.cjmedia.net
> mail1.cjmedia.net
> google.com
> yahoo.com
> gmail.com
> exit
jika tidak ada masalah maka sudah benar dan reboot kompie anda
# reboot
lihat prosesnya di kompi ubuntu server jika lihat prosesnya berarti sudah ok
recursive DNS server unbound [ OK ]
Pdnsd adalah DNS cache proxy...Proses meminta terjemahan nama domain ke
IP address ini dari komputer kita ke DNS server ISP tidak lama,
rata-rata memakan waktu 500 milidetik, alias setengah detik. namun
bayangkan jika DNS server ISP itu bisa kita pindahkan ke dalam jaringan
lokal di rumah, maka proses penerjemahan nama domain tadi bisa disingkat
sampai cuma tinggal 1 milidetik. jika seharian kita melakukan ratusan
permintaan penerjemahan nama domain, banyak waktu yang bisa dihemat jika
DNS server-nya ada di jaringan lokal.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
langkah - langkah :
# sudo apt-get update
# sudo apt-get install pdnsd
edit usr/share/pdnsd/pdnsd-resolvconf.conf
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit lagi di /etc/default/pdnsd :
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
edit lagi di /etc/pdnsd.conf :
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit /etc/resolv.conf
name-server nameserver 127.0.0.1
edit /etc/dhcp/dhclient.conf :
#prepend domain-name-servers 127.0.0.1; hilangkan tanda #
tambahkan pada rc.local :
/etc/init.d/pdnsd restart
langsung di test :
sudo /etc/init.d/pdnsd restart
semua langkah pengeditan harus di simpan setelah di edit/ditambahkan...
192.168.2.2 IP server... di sesuaikan IP server anda...
Selamat Mencoba ^_^
Pada
jaringan yang dilimit, ketika batas bandwidth suatu client telah
maksimal digunakan, maka ping akan membesar nilai reply-nya, hal ini
dikarenakan pengantrian koneksi dari client itu sendiri. Sehingga
seolah-olah koneksi yang kita pakai memiliki kualitas jelek karena ping
yang besar.
Bagaimana caranya agar ping tetap stabil walau
koneksi telah full digunakan oleh client itu sendiri, begitu juga
halnya dengan DNS (port 53) agar lebih cepat dalam pengalokasian
address, pada tulisan ini kita akan membuat jalur sendiri icmp dan dns,
dan diharapkan tanpa adanya gangguan dari koneksi, sehingga koneksi
penyampaian ping dan dns bisa lebih cepat.
/ ip firewall mangle
add chain=prerouting protocol=icmp src-address=192.168.10.0/24 action=mark-connection new-connection-mark=icmp-c comment="--> ping" disabled=no
add chain=prerouting connection-mark=icmp-c action=mark-packet new-packet-mark=icmp-p comment="" disabled=no
add chain=prerouting packet-mark=icmp-p action=change-tos new-tos=min-delay comment="" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="--> dns" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="" disabled=no
add chain=prerouting connection-mark=dns-c action=mark-packet new-packet-mark=dns-p comment="" disabled=no
add chain=prerouting packet-mark=dns-p action=change-tos new-tos=min-delay comment="" disabled=no
Jika
pada mangle terdapat mark packet nya koneksi (IIX / INT) letakkan di
bagian bawah mangle tersebut, dan jangan diletakkan di bagian atas.
Selanjutnya pada queue type:
/ queue typePada queue tree:
add name="64" kind=pfifo pfifo-limit=64
/ queue tree
add name="64" parent=global-in packet-mark="" limit-at=0 queue=64 priority=5 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ping" parent=64 packet-mark=icmp-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="dns" parent=64 packet-mark=dns-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ip firewall layer7-protocol
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53
Menggunakan Internal Proxy nya mikrotik versi crack(2.9)
ternyata masih bisa. dari pada pakai komputer lagi mending pakai
Internal Proxy nya saja. cuman hasilnya memang belum seoptimal kalo
pakai external proxy(terutama di bagain bandwith manjemennya) tetapi
masih memuaskan. (sudah ditest cuman kadang terasa kurang memuaskan,
tetapi bisa membantu meningkatkan perfoma)
Seting IP untuk Internal Proxy pada mikrotik
1. IP Modem:
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
3. IP Client: 192.168.1.0/24
Seting Rule Internal Proxy di Winbox :
/ ip address
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
/ ip dns
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
/ ip firewall nat
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
/ queue simple
add name=”proxy-HIT” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
Beberapa tool tambahan yang mungkin perlu anda periksa/instal:
# vi /etc/network/interfaces
# sudo ufw disable
# apt-get install nmap
Lakukan instalasi dependensi yang di butuhkan: # sudo apt-get update # sudo apt-get install squid # sudo apt-get install squid squidclient squid-cgi # sudo apt-get install gcc # sudo apt-get install build-essential # sudo apt-get install sharutils # sudo apt-get install ccze # sudo apt-get install libzip-dev # sudo apt-get install automake1.9 # sudo apt-get install multitail
# sudo apt-get install unzip
# sudo apt-get install acpid
Download LUSCA_HEAD-r14809:
# cd /tmp# tar -xvjf LUSCA_HEAD-r14809-patch.tar.bz2# cd LUSCA_HEAD-r14809
Compile, configure dan install Lusca Squid dengan perintah berikut:
# make clean./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \# make# sudo make install
Konfigurasi dan Tunnelling Lusca Squid :
# cd /etc/squid# mv squid.conf squid.conf.original# unzip squid.conf.ubuntu.zip# mv squid.conf.ubuntu squid.conf# tar -xvzf storeurl.pl.tar.gz# chown proxy:proxy /cache1# chown proxy:proxy /cache2# chmod 777 /cache1# chmod 777 /cache2# chown proxy:proxy /etc/squid/storeurl.pl# chmod 777 /etc/squid/storeurl.pl
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah:
# squid -f /etc/squid/squid.conf -z
Periksa konfigurasi squid
squid -NDd1 &
Jika tidak terdapat error jalankan squid:
# sudo /etc/init.d/squid restart
Reboot/restart CPU Ubuntu anda
# shutdown -r now sumber : indoit.web.id
|
Ada yang bilang proxy bukan untuk hemat bendwith tetapi makan icmp (ping), mungkin ini solusinya :
1. Pertama, aktifkan dulu ip firewall di bridgenya, commandnya seperti ini …
lihat bridge setting, apakah ip firewall sdh aktif apa belum …
[wiwid@funny-mikrotik] /interface bridge settings> pr
use-ip-firewall: no
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
ternyata use-ip-firewall masih belum aktif.
ktifkan use-ip-firewallnya ,
[wiwid@funny-mikrotik] /interface bridge settings> set use-ip-firewall=yes
oK sekarang kita lihat hasil printnya …
[wiwid@funny-mikrotik] /interface bridge settings> pr
Bisa dilihat, use-ip-firewall sdh diaktifkan.
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
2. Buat Mangle :
[wiwid@funny-mikrotik] /ip firewall mangle>add
chain=prerouting action=mark-connection new-connection-mark=icmp-conn
passthrough=yes protocol=icmp
[wiwid@SGH-JCO Salam] /ip firewall mangle>add
chain=prerouting action=mark-packet new-packet-mark=tcp-conn
passthrough=no protocol=icmp connection-mark=icmp-conn
3. Buat Queue Tree
[wiwid@funny-mikrotik] /queue tree> add name=”ICMP”
parent=global-total packet-mark=tcp-conn limit-at=48k queue=default
priority=8 max-limit=96k burst-limit=96k burst-threshold=64k
burst-time=5s
Test : ping 192.168.1.2 -l 1472 -t
Selamat Mencoba.......
Hidupkan PC Calon Proxy Server
Masukkan ‘CD Ubuntu Server’ Ke CDROM
Booting dari CDROM
Pilih language English, Enter
Pilih Install Ubuntu Server, Enter
Tekan enter pada ‘Choose Language’ English
Pilih United States
‘Detect Keyboard Layout Pilih ‘No’
Pada Ubuntu ‘Installer Main Menu’ pilih USA
Pada ‘Keyboard Layout’ Pilih USA
Pilih ‘Continue’ pada ‘Configure The Network’
Pilih ‘Configure Network Manually’
Isi IP Address dengan 192.168.2.1 pilih ‘Continue’, lalu tekan Enter
Netmask 255.255.255.0 pilih ‘Continue’, lalu Enter
Pada Gateway sudah terdapat angka ‘192.168.2.2’, biarkan saja terus Tab
Pilih ‘Continue’
Pada Name Server Addresses sudah terdapat angka ‘192.168.2.1’ abaikan dan
Tab pilih ‘Continue’, lalu enter
Hotsname diisi dengan : anjelanet (terserah anda) terus pilih continue
enter
Domain Name: kosongkan saja, pilih ‘Continue’ dan tekan enter
Pada pilihan ‘Configure The Clock’ pilih ‘Select From Worldwide List’ terus
cari Jakarta, lalu tekan Enter
Pada menu ‘Partition Disk’ pilih ‘Manually’
(Penulis menggunakan 2 Harddisk 250 GB & 500 GB 7200 RPM, RAM 2 GB
PC6400, HDD 500 GB dipersiapkan untuk men-cache Video Streaming & MP3. Jika
HDD & RAM anda berbeda sesuaikan dengan kebutuhan, Pola Partition Nomor 1
& 3 tutorial ini mohon tidak di ubah, cukup penyesuaian pada option RAM
saja)
Selanjutnya Jika menggunakan Harddisk bekas pakai, Langkahnya kita hapus
partisi yang ada terlebih dahulu. Pilih Directory Partition yang akan dihapus,
tekan enter dan pilih Delete The Partition (ULANGI PERINTAH INI UNTUK SEMUA
PARTISI YG TERSISA).
Jika telah selesai pilih ‘Guided Partitioning’, kemudian pilih ‘Manually’
arahkan pada FREE SPACE. (UNTUK HARDDISK KOSONG LANGSUNG KE LANGKAH INI).
1. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition I adalah 256 MB, Jadikan sebesar itu. Pilih Continue,
Enter (Usahakan untuk tidak merubah besaran Partisi Harddisk ini)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Mount point = /boot
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Bootable flag = on
- Pilih ‘Done Setting Up The Partition’
2. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition II adalah 30 GB (Sesuaikan kapasitas HDD anda, minimal 10
GB)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Mount point = /
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Pilih ‘Done Setting Up The Partition’
3. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besaran Partisi III adalah 4 GB (RAM 2 GB)
(Untuk RAM 1 GB Isikan Partisi III sebesar 2 GB. Rumus = RAM x 2 = Besar
Partisi SWAP AREA)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Swap Area
- Pilih ‘Done Setting Up The Partition’
4. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition IV adalah keseluruhan sisa HDD 1 yang masih FREE SPACE
(dalam hal ini Free Space HDD 1 saya 215,8 GB)
- Pilih Primary, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache1’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail & Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard,, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
(PERHATIAN : JIKA MENGGUNAKAN 1 HARDDISK, ABAIKAN LANGKAH 5 & 6 BERIKUT
INI)
5. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 300 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache2’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
6. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 200 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache3’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
Pilih Finish Partitioning And Write Changes To Disk, tekan Enter
Pada pilihan Write The Changes To Disk pilih Yes, tekan Enter
Pada Full Name For The New User isi dg anjelanet, pilih continue &
tekan Enter
Pada Username For Your Account isi dg anjelanet, terus continue & tekan
Enter
Pada a password For The New User isi dg anjelanet, terus continue &
tekan Enter
Pada Re-Enter Password To Verify isi dg anjelanet, terus continue &
tekan Enter
Jika muncul pilihan Use Weak Password pilih Yes, tekan Enter
Pada pilihan Encrypt Your Home Directory pilih ‘No’, tekan Enter
Pada pilihan HTTP Proxy Information dikosongkan saja, pilih Continues,
tekan Enter
Pada saat ‘Configuration apt’ mencapai 23% tekan enter, juga pada 72% tekan
Enter
Pada saat pilihan updating pilih ‘No Automatic Update’
Pada Choose Software To Install pilih ‘OpenSSH Server’ dengan menekan
tombol ‘SPACE’ pada keyboard, selanjutnya pilih Continues, tekan Enter
Pada Pilihan ‘Install GRUB Loader’ pilih Yes
Pada saat ‘Ejecting CD Ubuntu Server Installer’ ambil CD-nya tutup kembali
CDROM dan pilih pilih Continues
‘FINISH THE INSTALLATION & CPU ON PROCEED REBOOT, DON’T TOUCH ANYTHING’
‘NOW WAKE UP… PROXY SERVER UBUNTU IS READY FOR NEXT STAGE’
Login pada Ubuntu Server (Isikan sesuai User & Password anda)
- Login as : anjelanet
- Password : anjelanet
Untuk proses agar bisa Login di @root :
- Ketikan perintah : sudo su – dan tekan enter
- Isikan Password : anjelanet
- Ketikan perintah : passwd dan tekan enter
- Isikan Password Baru : anjelanet
- Isikan kembali Password Baru : anjelanet
- Reboot PC dengan mengetikan perintah = reboot –h now
Mikrotik routerboard memiliki built-in
proxy didalamnya, namun memiliki kendala yakni keterbatasan kapasitas
penyimpanan. Oleh karena itu, kebanyakan administrator jaringan yang
menggunakan mikrotik akan menggunakan proxy eksternal untuk mengatasi
kendala ini.
Program atau
daemon yang paling banyak digunakan untuk proxy eksternal adalah squid
atau turunannya (lusca). Ada beberapa keuntungan dalam penggunaan squid
proxy eksternal antara lain :
- Mudah untuk di sesuaikan konfigurasinya sesuai dengan kebutuhan.
- Penggunaan access control lists (ACL) yang dapat digunakan untuk keperluan tertentu.
- Squid (khususnya versi 2.7) dapat “dipersenjatai” dengan url redirector. Pada suatu kondisi, redirector dapat digunakan untuk menangani akses konten dinamik (seperti video Youtube).
- Kapasitas penyimpanan yang lebih besar karena pada umumnya komputer menggunakan harddisk sebagai media penyimpanan.
Dalam posting ini, saya akan sedikit
menjabarkan integrasi proxy eksternal dengan mikrotik menggunakan
pengaturan NAT atau mangle dengan diagram jaringan seperti gambar
berikut ini :
Keterangan :
- IP address mikrotik menuju proxy : 192.168.90.1
- IP address proxy menuju mikrotik : 192.168.90.2
- IP address klien-klien : 192.168.1.0/24
Skenario pertama : menggunakan NAT.
Kita dapat menggunakan NAT untuk
“membelokkan” akses browsing klien (port 80/HTTP) menuju IP dan port
proxy eksternal. Monggo di copas script berikut ini :
/ip firewall address-list
add address=192.168.90.0/24 list=ip-proxy
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
Keterangan :add address=192.168.90.0/24 list=ip-proxy
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
Terlebih dahulu kita mendeskripsikan kelas IP address yang digunakan untuk komunikasi antara mikrotik – proxy.
/ip firewall address-list
add address=192.168.90.0/24 list=ip-proxy
add address=192.168.90.0/24 list=ip-proxy
Kemudian, akses browsing klien (HTTP port 80) kita belokkan menuju proxy eksternal port 3128
/ip firewall nat
add action=dst-nat chain=dstnat comment=”transparent proxy” dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
add action=dst-nat chain=dstnat comment=”transparent proxy” dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
Skenario kedua : menggunakan mangle.
Saya secara pribadi menyukai penggunaan skenario kedua ini. Berikut script nya :
/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
/ip firewall mangle
add action=mark-routing chain=prerouting comment="mark routing to proxy" dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
Keterangan :
route add default gateway 192.168.90.1
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.90.2 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.90.2 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
/ip firewall mangle
add action=mark-routing chain=prerouting comment="mark routing to proxy" dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
Keterangan :
Sebelumnya, tambahkan route menuju proxy eksternal untuk routing yang akan kita tandai di mangle.
/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
Setelah itu, akses browsing klien kita
tandai dengan routing mark pada mangle, sehingga semua akses browsing
akan “bermuara” langsung ke proxy eksternal sebagaimana telah kita
tentukan sebelumnya pada route.
/ip firewall mangle
add action=mark-routing chain=prerouting comment=”mark routing to proxy” dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
add action=mark-routing chain=prerouting comment=”mark routing to proxy” dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
Catatan :
Jangan lupa menambahkan pengaturan pada
proxy eksternal agar akses klien dapat berjalan dengan baik antara lain
menentukan default gateway proxy dan mengizinkan akses port 3128 pada
iptables. Simpan baris-baris berikut ini kedalam file /etc/rc.local :route add default gateway 192.168.90.1
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.90.2 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.90.2 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
sumber : http://fazar.web.id/2012/04/pengaturan-proxy-eksternal-dengan-mikrotik/
Ketika sedang mau update muncul seperti ini :
E: Could not get lock /var/lib/apt/lists/lock – open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/
Cara Menanggulanginya sebagai berikut :
1. Masuk pada terminal ubuntu atau bisa menggunakan putty
2. ketik : sudo rm /var/lib/apt/lists/lock
3. Selesai. Update Ulang dengan : sudo apt-get update
~ Selamat Mencoba ~
Cara install webmin di Ubuntu 12.04, buka terminal tambahkan repository :
1- Edit /etc/apt/sources.list file
sudo vi /etc/apt/sources.list
2- Tambahkan barisan ini di bawahnya :
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
3- Import GPG key Webmin
wget http://www.webmin.com/jcameron-key.asc sudo apt-key add jcameron-key.asc
4- Update source list
sudo apt-get update
5- Sekarang install webmin
sudo apt-get install webmin
Sekarang bisa akses webmin buka browser anda dan masukkan : http://serveripanda:10000/
Terima Kasih,