Topic: ipcop sebagai proxy dikombinasikan rooter mikrotik

saya menggunakan mikrotik sebagai rooter saya, saya ingin mengkombinasikan dengan ipcop sebagai proxy server saya, tapi kok setelah semua sudah siap kok tidak bisa konek ya..... padahal semua settingnya udah bener, saya beranggapan ini ada masalah di settingan ipcop saya..

saya masih newbie dalam hal ipcop ini gan...

mohon pencerahanya untuk settingan ipcopnya,...... wink

ini settingan di mikrotik saya tolong sekalian dikoreksi gan apakah sudah benar ato belum..

/ ip address
add address=192.168.5.181/24 network=192.168.5.0 broadcast=192.168.5.255 \
    interface=Public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 \
    interface=Lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 \
    interface=Proxy comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.5.15 scope=255 target-scope=10 \
    comment="" disabled=no
setting dns:

/ ip dns
set primary-dns=192.168.5.182 secondary-dns=192.168.5.205 \
    allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
/ ip dns static
add name="192.168.5.3" address=192.168.5.3 ttl=1d
setting nat:
/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=81 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=81 comment="Untuk IP Cop" disabled=no
add chain=dstnat protocol=tcp dst-port=445 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=445 comment="Untuk HTTPS IPCOP" \
   disabled=no
add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" disabled=no
add chain=dstnat src-address=!192.168.12.0/24 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=878 comment="" \
   disabled=no
add chain=srcnat out-interface=internet action=masquerade comment="" disabled=no


/ ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection \
    new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet \
    new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection \
    new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con \
    action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \
    disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \
    new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \
    action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \
    disabled=no
add chain=forward connection-mark=all_con action=mark-packet \
    new-packet-mark=test_pkt passthrough=no comment="" disabled=no
terus queue :
/ queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=squid_pkt direction=both priority=8 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none \
    direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all \
    parent=none packet-marks=top_pkt direction=both priority=1 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=icmp_pkt direction=both priority=2 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 \
    dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt \
    direction=both priority=8 queue=default-small/default-small \
    limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small \
    disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 \
    interface=all parent=Main_Link packet-marks=test_pkt direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=0/256000 total-queue=default-small disabled=no

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

wkwkwk, saya kenal code di atas. tongue peace

tolong jelaskan juga dong ip address masing masing nya, serta ip address dan port yang di gunakan oleh squid di IPCop nya. nanti ada sedikit yang di rubah mas di NAT nya, api saya pengen liat data2 tersebut dahulu.

HTH

@azilmi

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

hehehe

anda benar gan.....

settingan itu aku ambil dr mbah google...

saya setting persis sepertu gan, kan kebetulan juga sama ip MT sama isp nya

di natnya mana gan yang harus di ubah??

4 (edited by azilmi tulang 28-05-2010 18:38:26)

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

itu karya nya om momod sini lohh.hhe
oh gituh, boleh saya minta list settingan ip address dan port squid nya ga mas?.dan topologi nya seperti ini kan?, ip address ini hanya contoh.

                     192.168.1.2                      192.168.20.1/24
    Modem----------------------- Mikrotik------------------------ HUB --------------- client
192.168.1.1                               |
                                                |
                                                | 192.168.5.1
                                                |
                                                |
                                                |
                                       proxy IPCop
                                        192.168.5.5

@azilmi

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

yups......

kira2 yang salah apanya ya gan??

public 192.168.5.1

root 192.168.10.1

proxy 192.168.12.1

squit e di port 873

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

oia ip interface local nya berapa mas?.

@azilmi

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

192.168.10.1

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

IP Address

/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 \
    interface=Public comment="" disabled=no
add address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 \
    interface=Lan comment="" disabled=no
add address=192.168.12.1/24 network=192.168.12.0 broadcast=192.168.12.255 \
    interface=Proxy comment="" disabled=no

Route  ( disini ip modem 192.168.1.1 )

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
    comment="" disabled=no

DNS - dns disesuaikan dengan daerah tempat tinggal, ini contoh saya

/ ip dns
set primary-dns=222.124.204.34 secondary-dns=203.130.196.5 \
    allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w

/ ip dns static
add name="192.168.5.3" address=192.168.5.3 ttl=1d

setting nat:

/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=81 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=81 comment="Untuk IP Cop" disabled=no
add chain=dstnat protocol=tcp dst-port=445 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=445 comment="Untuk HTTPS IPCOP" \
   disabled=no
add chain=dstnat src-address=192.168.12.0/24 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=873 comment="" disabled=no
add chain=dstnat src-address=192.168.12.0/24 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=873 comment="" \
   disabled=no
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=873 protocol=tcp
src-address=192.168.10.1 in-interface=Lan dst-port=80,873
add chain=srcnat out-interface=internet action=masquerade comment="" disabled=no

mangle dan mark packet

/ ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection \
    new-connection-mark=squid_con passthrough=no comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet \
    new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection \
    new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con \
    action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \
    disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \
    new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \
    action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \
    disabled=no
add chain=forward connection-mark=all_con action=mark-packet \
    new-packet-mark=test_pkt passthrough=no comment="" disabled=no

terus queue :

/ queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=squid_pkt direction=both priority=8 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none \
    direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all \
    parent=none packet-marks=top_pkt direction=both priority=1 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=icmp_pkt direction=both priority=2 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 \
    dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt \
    direction=both priority=8 queue=default-small/default-small \
    limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small \
    disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 \
    interface=all parent=Main_Link packet-marks=test_pkt direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=0/256000 total-queue=default-small disabled=no

jangan lupa di bagian port squid nya di ubah

http_port 873 transparent

semoga membantu

@azilmi

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

oke trima kasih gan...

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

Kalo proxy nya sejajar dengan client bisa gak seh !

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

sejajar gimana mas?.seperti ini?.

Modem------------------- Mikrotik --------------- PROXY --------------- Switch --------------- client

bisa saja sih, cuman kalau seperti ini semua paket data akan masuk proxy dulu dong. kembali lagi apakah akan efektif?

@azilmi

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

maksudnya si proxy sama client itu satu segment karena saya pake rb433 indoor yg cuma 3 port ethernet, 2 port buat LB ke 2modem dan 1 port ke Lan.

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

azilmi tulang wrote:

itu karya nya om momod sini lohh.hhe
oh gituh, boleh saya minta list settingan ip address dan port squid nya ga mas?.dan topologi nya seperti ini kan?, ip address ini hanya contoh.

                     192.168.1.2                      192.168.20.1/24
    Modem----------------------- Mikrotik------------------------ HUB --------------- client
192.168.1.1                               |
                                                |
                                                | 192.168.5.1
                                                |
                                                |
                                                |
                                       proxy IPCop
                                        192.168.5.5

kalo topografinya ky gn, ipcop-nya pk settingan apa mas, GREEN only ato GREEN+RED ?

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

kalo gue sih pake green red. ip red tak kasih ip bebas. trus yg nyolok ke mikrotik alias green tak kasih ip lgi. soalnya yg fungsi kan ip grennya bos.

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

imamdemak wrote:

kalo gue sih pake green red. ip red tak kasih ip bebas. trus yg nyolok ke mikrotik alias green tak kasih ip lgi. soalnya yg fungsi kan ip grennya bos.

maaf om imamdemak. klo ipcop pake gren + red trus ip red dikasih bebas. red fungsinya apa.? bingung nihh... dari kemarin klo lihat topologi yang diatas.  mklum ane newbie klo pemikiran ane red masuk grenn keluar. jadi ipcop di buat jalur terbalik gitu ya? 
mikrotik >>> ipcop pake green..      rednya kemana ?
tuk suhu", newbie mohon pencarahan biar gak salah jalan. itung" anak kecil nemu maenan. ehhh kepentok. di otak-atik tetep aja gak tahu.. tongue
makanya nanya... gitu om.

Re: ipcop sebagai proxy dikombinasikan rooter mikrotik

azilmi tulang wrote:

IP Address

/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 \
    interface=Public comment="" disabled=no
add address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 \
    interface=Lan comment="" disabled=no
add address=192.168.12.1/24 network=192.168.12.0 broadcast=192.168.12.255 \
    interface=Proxy comment="" disabled=no

Route  ( disini ip modem 192.168.1.1 )

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
    comment="" disabled=no

DNS - dns disesuaikan dengan daerah tempat tinggal, ini contoh saya

/ ip dns
set primary-dns=222.124.204.34 secondary-dns=203.130.196.5 \
    allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w

/ ip dns static
add name="192.168.5.3" address=192.168.5.3 ttl=1d

setting nat:

/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=81 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=81 comment="Untuk IP Cop" disabled=no
add chain=dstnat protocol=tcp dst-port=445 action=dst-nat \
   to-addresses=192.168.12.1 to-ports=445 comment="Untuk HTTPS IPCOP" \
   disabled=no
add chain=dstnat src-address=192.168.12.0/24 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=873 comment="" disabled=no
add chain=dstnat src-address=192.168.12.0/24 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=192.168.12.1 to-ports=873 comment="" \
   disabled=no
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=873 protocol=tcp
src-address=192.168.10.1 in-interface=Lan dst-port=80,873
add chain=srcnat out-interface=internet action=masquerade comment="" disabled=no

mangle dan mark packet

/ ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection \
    new-connection-mark=squid_con passthrough=no comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet \
    new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection \
    new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con \
    action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \
    disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \
    new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \
    action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \
    disabled=no
add chain=forward connection-mark=all_con action=mark-packet \
    new-packet-mark=test_pkt passthrough=no comment="" disabled=no

terus queue :

/ queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=squid_pkt direction=both priority=8 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none \
    direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all \
    parent=none packet-marks=top_pkt direction=both priority=1 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \
    packet-marks=icmp_pkt direction=both priority=2 \
    queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
    total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 \
    dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt \
    direction=both priority=8 queue=default-small/default-small \
    limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small \
    disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 \
    interface=all parent=Main_Link packet-marks=test_pkt direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=0/256000 total-queue=default-small disabled=no

jangan lupa di bagian port squid nya di ubah

http_port 873 transparent

semoga membantu

klo untuk pemisahan BW per-IP gmn ya om?
ane cb pke simple queue ko gak berjalan dgn semestinya ya... yikes