Pages

Subscribe:

Mikrotik dan Squid IP cop

ternyata lumayan juga pake ini, artikel ini sya dapet dari forum dan udah di terapin ama ane

alat2 yang harus disiapkan :
1. Komputer Pentium 3 atau 4 dengan memory minimal 512 (buat proxy IPCOP)
jangan lupa lancardnya 2 biji
2. Mikrotiknya (klo saya pake mikrotik rb750)
3. Kopi + roko.. buat rileks

langsung aja

SETTING MIKROTIK :
1. IP Mikrotik:
- 192.168.10.15 = local
- 192.168.12.15 = proxy
- 192.168.5.181 = public/ke modem speedy

2. IP squid (pakai IPCop)
- 192.168.12.1 = ip green(procy)

/ ip address
add address=192.168.5.181/24 network=192.168.5.0 broadcast=192.168.5.255 \
interface=Public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 \
interface=Proxy comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.5.15 scope=255 target-scope=10 \
comment="" disabled=no

/ ip dns
set primary-dns=192.168.5.182 secondary-dns=192.168.5.205 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
/ ip dns static
add name="192.168.5.3" address=192.168.5.3 ttl=1d

/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=81 action=dst-nat \
to-addresses=192.168.12.1 to-ports=81 comment="Untuk IP Cop" disabled=no
add chain=dstnat protocol=tcp dst-port=445 action=dst-nat \
to-addresses=192.168.12.1 to-ports=445 comment="Untuk HTTPS IPCOP" \
disabled=no
add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=80 \
action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" disabled=no

add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=80 \
action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" disabled=no

add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=443 \
action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" \
disabled=no
add chain=srcnat out-interface=Public action=masquerade comment="" disabled=no

/ ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection \
new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet \
new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection \
new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con \
action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \
disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \
new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \
action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \
disabled=no
add chain=forward connection-mark=all_con action=mark-packet \
new-packet-mark=test_pkt passthrough=no comment="" disabled=no

/ queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=squid_pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=top_pkt direction=both priority=1 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp_pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt \
direction=both priority=8 queue=default-small/default-small \
limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small \
disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 \
interface=all parent=Main_Link packet-marks=test_pkt direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=0/256000 total-queue=default-small disabled=no



SETTING IPCOP
ganti port 800 jadi 878
masukkan masukan ip mikrotik di ipcop network access