Pdnsd adalah DNS cache proxy...Proses meminta terjemahan nama domain ke
IP address ini dari komputer kita ke DNS server ISP tidak lama,
rata-rata memakan waktu 500 milidetik, alias setengah detik. namun
bayangkan jika DNS server ISP itu bisa kita pindahkan ke dalam jaringan
lokal di rumah, maka proses penerjemahan nama domain tadi bisa disingkat
sampai cuma tinggal 1 milidetik. jika seharian kita melakukan ratusan
permintaan penerjemahan nama domain, banyak waktu yang bisa dihemat jika
DNS server-nya ada di jaringan lokal.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
langkah - langkah :
# sudo apt-get update
# sudo apt-get install pdnsd
edit usr/share/pdnsd/pdnsd-resolvconf.conf
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit lagi di /etc/default/pdnsd :
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
edit lagi di /etc/pdnsd.conf :
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit /etc/resolv.conf
name-server nameserver 127.0.0.1
edit /etc/dhcp/dhclient.conf :
#prepend domain-name-servers 127.0.0.1; hilangkan tanda #
tambahkan pada rc.local :
/etc/init.d/pdnsd restart
langsung di test :
sudo /etc/init.d/pdnsd restart
semua langkah pengeditan harus di simpan setelah di edit/ditambahkan...
192.168.2.2 IP server... di sesuaikan IP server anda...
Selamat Mencoba ^_^
Pada
jaringan yang dilimit, ketika batas bandwidth suatu client telah
maksimal digunakan, maka ping akan membesar nilai reply-nya, hal ini
dikarenakan pengantrian koneksi dari client itu sendiri. Sehingga
seolah-olah koneksi yang kita pakai memiliki kualitas jelek karena ping
yang besar.
Bagaimana caranya agar ping tetap stabil walau
koneksi telah full digunakan oleh client itu sendiri, begitu juga
halnya dengan DNS (port 53) agar lebih cepat dalam pengalokasian
address, pada tulisan ini kita akan membuat jalur sendiri icmp dan dns,
dan diharapkan tanpa adanya gangguan dari koneksi, sehingga koneksi
penyampaian ping dan dns bisa lebih cepat.
/ ip firewall mangle
add chain=prerouting protocol=icmp src-address=192.168.10.0/24 action=mark-connection new-connection-mark=icmp-c comment="--> ping" disabled=no
add chain=prerouting connection-mark=icmp-c action=mark-packet new-packet-mark=icmp-p comment="" disabled=no
add chain=prerouting packet-mark=icmp-p action=change-tos new-tos=min-delay comment="" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="--> dns" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="" disabled=no
add chain=prerouting connection-mark=dns-c action=mark-packet new-packet-mark=dns-p comment="" disabled=no
add chain=prerouting packet-mark=dns-p action=change-tos new-tos=min-delay comment="" disabled=no
Jika
pada mangle terdapat mark packet nya koneksi (IIX / INT) letakkan di
bagian bawah mangle tersebut, dan jangan diletakkan di bagian atas.
Selanjutnya pada queue type:
/ queue typePada queue tree:
add name="64" kind=pfifo pfifo-limit=64
/ queue tree
add name="64" parent=global-in packet-mark="" limit-at=0 queue=64 priority=5 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ping" parent=64 packet-mark=icmp-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="dns" parent=64 packet-mark=dns-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ip firewall layer7-protocol
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53
Menggunakan Internal Proxy nya mikrotik versi crack(2.9)
ternyata masih bisa. dari pada pakai komputer lagi mending pakai
Internal Proxy nya saja. cuman hasilnya memang belum seoptimal kalo
pakai external proxy(terutama di bagain bandwith manjemennya) tetapi
masih memuaskan. (sudah ditest cuman kadang terasa kurang memuaskan,
tetapi bisa membantu meningkatkan perfoma)
Seting IP untuk Internal Proxy pada mikrotik
1. IP Modem:
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
3. IP Client: 192.168.1.0/24
Seting Rule Internal Proxy di Winbox :
/ ip address
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
/ ip dns
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
/ ip firewall nat
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
/ queue simple
add name=”proxy-HIT” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
Beberapa tool tambahan yang mungkin perlu anda periksa/instal:
# vi /etc/network/interfaces
# sudo ufw disable
# apt-get install nmap
Lakukan instalasi dependensi yang di butuhkan: # sudo apt-get update # sudo apt-get install squid # sudo apt-get install squid squidclient squid-cgi # sudo apt-get install gcc # sudo apt-get install build-essential # sudo apt-get install sharutils # sudo apt-get install ccze # sudo apt-get install libzip-dev # sudo apt-get install automake1.9 # sudo apt-get install multitail
# sudo apt-get install unzip
# sudo apt-get install acpid
Download LUSCA_HEAD-r14809:
# cd /tmp# tar -xvjf LUSCA_HEAD-r14809-patch.tar.bz2# cd LUSCA_HEAD-r14809
Compile, configure dan install Lusca Squid dengan perintah berikut:
# make clean./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \# make# sudo make install
Konfigurasi dan Tunnelling Lusca Squid :
# cd /etc/squid# mv squid.conf squid.conf.original# unzip squid.conf.ubuntu.zip# mv squid.conf.ubuntu squid.conf# tar -xvzf storeurl.pl.tar.gz# chown proxy:proxy /cache1# chown proxy:proxy /cache2# chmod 777 /cache1# chmod 777 /cache2# chown proxy:proxy /etc/squid/storeurl.pl# chmod 777 /etc/squid/storeurl.pl
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah:
# squid -f /etc/squid/squid.conf -z
Periksa konfigurasi squid
squid -NDd1 &
Jika tidak terdapat error jalankan squid:
# sudo /etc/init.d/squid restart
Reboot/restart CPU Ubuntu anda
# shutdown -r now sumber : indoit.web.id
|
Ada yang bilang proxy bukan untuk hemat bendwith tetapi makan icmp (ping), mungkin ini solusinya :
1. Pertama, aktifkan dulu ip firewall di bridgenya, commandnya seperti ini …
lihat bridge setting, apakah ip firewall sdh aktif apa belum …
[wiwid@funny-mikrotik] /interface bridge settings> pr
use-ip-firewall: no
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
ternyata use-ip-firewall masih belum aktif.
ktifkan use-ip-firewallnya ,
[wiwid@funny-mikrotik] /interface bridge settings> set use-ip-firewall=yes
oK sekarang kita lihat hasil printnya …
[wiwid@funny-mikrotik] /interface bridge settings> pr
Bisa dilihat, use-ip-firewall sdh diaktifkan.
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
2. Buat Mangle :
[wiwid@funny-mikrotik] /ip firewall mangle>add
chain=prerouting action=mark-connection new-connection-mark=icmp-conn
passthrough=yes protocol=icmp
[wiwid@SGH-JCO Salam] /ip firewall mangle>add
chain=prerouting action=mark-packet new-packet-mark=tcp-conn
passthrough=no protocol=icmp connection-mark=icmp-conn
3. Buat Queue Tree
[wiwid@funny-mikrotik] /queue tree> add name=”ICMP”
parent=global-total packet-mark=tcp-conn limit-at=48k queue=default
priority=8 max-limit=96k burst-limit=96k burst-threshold=64k
burst-time=5s
Test : ping 192.168.1.2 -l 1472 -t
Selamat Mencoba.......
