Setelah Mikrotik diinstall, pastikan dulu bahwa interface pada mikrotik ada 4biji, interface 1 menuju ke klient, interface 2 menuju ke Speedy 1, interface 3 menuju ke speedy 2 dan interface 4 menuju ke squid web proxy.
untuk setting squid bisa dilihat disini, dan baiklah kita mulai copy paste setting dibawah ini pada terminal Mikrotik :
/in eth set ether1 name="intranet" disabled=no set ether2 name="speedy-1" disabled=no set ether3 name="speedy-2" disabled=no set ether4 name="proxy" disabled=no
/ip add add address=192.168.1.2/24 interface=speedy-1 comment="ke speedy-1" add address=192.168.2.2/24 interface=speedy-2 comment="ke speedy-2" add address=192.168.11.1/27 interface=intranet comment="ke Hub" add address=192.168.10.2/30 interface=proxy comment="ke-proxy"
/ ip dns set primary-dns=202.134.1.10 secondary-dns=202.134.0.155
allow-remote-requests=yes cache-size=4048KiB cache-max-ttl=1w
/ ip firewall mangle add chain=prerouting in-interface=intranet
connection-state=new nth=1,2,0 action=mark-
connection new-connection-mark=satu passthrough=yes comment="" add chain=prerouting in-interface=intranet
connection-mark=satu action=mark-routing new-routing-mark=satu
passthrough=no comment="" add chain=prerouting in-interface=intranet
connection-state=new nth=1,2,1 action=mark-
connection new-connection-mark=dua passthrough=yes comment="" add chain=prerouting in-interface=intranet
connection-mark=dua action=mark-routing
new-routing-mark=dua passthrough=no comment="" disabled=no add chain=prerouting in-interface=proxy
connection-state=new nth=1,2,0 action=mark-connection
new-connection-mark=tiga passthrough=yes comment="" add chain=prerouting in-interface=proxy
connection-mark=tiga action=mark-routing new-routing-mark=tiga
passthrough=no comment="" add chain=prerouting in-interface=proxy
connection-state=new nth=1,2,1 action=mark-connection
new-connection-mark=empat passthrough=yes comment="" add chain=prerouting in-interface=proxy
connection-mark=empat action=mark-routing new-routing-mark=empat
passthrough=no comment="" disabled=no
/ ip firewall nat add chain=srcnat out-interface=speedy-1
connection-mark=satu action=src-nat to-addresses=192.168.1.1
to-ports=0-65535 comment="" disabled=no add chain=srcnat out-interface=speedy-2 connection-mark=dua
action=src-nat
to-addresses=192.168.2.1 to-ports=0-65535 comment="" disabled=no nat add chain=dstnat protocol=tcp dst-port=80
action=redirect to-ports=3128 add chain=dstnat protocol=tcp dst-port=3128
action=redirect to-ports=3128 add chain=dstnat protocol=tcp dst-port=8080
action=redirect to-ports=3128
/ ip firewall connection tracking set enabled=yes tcp-syn-sent-timeout=2s
tcp-syn-received-timeout=2s tcp-established-timeout=1d
tcp-fin-wait-timeout=5s tcp-close-wait-timeout=5s
tcp-last-ack-timeout=5s tcp-time-wait-timeout=5s
tcp-close-timeout=5s udp-timeout=5s
udp-stream-timeout=1m icmp-timeout=5s generic-timeout=5m
tcp-syncookie=no
/ ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255
target-scope=10
routing-mark=satu comment="" disabled=no add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255
target-scope=10
routing-mark=dua comment="" disabled=no add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255
target-scope=10
/ ip proxy set enabled=yes port=3128 parent-proxy=192.168.10.1:3128
maximal-client
Tidak ada komentar:
Posting Komentar