1. Ayo Dance : tcp 18901-18909
2. SealOnline : tcp 1818
3. PointBlank : tcp 39100,39110,39220,39190,49100, udp 40000-40010
4. Lineage2 : tcp 7777
5. GhostOnline : tcp 19101
6. RF-Elven : tcp 27780
7. Perfect world : tcp 29000
8. Rohan : tcp 22100
9. Zeus RO : tcp 5121
10. Dotta : tcp 6000-6152
11. IdolStreet : tcp 2001
12. CrazyKart : tcp 9601-9602
13. WOW AMPM : tcp 8085
14. DriftCity : tcp 11011-11041
15. GetAmped : tcp 13413
16. Yullgang : tcp 19000
17. RAN Online : tcp 5105
18. CrossFire : tcp 10009,[b]13008, 16666, 28012, udp 12020-12080,13000 - 13080 tambahan ji177my
19. WarRock : tcp 5340-5352
20. FastBlack : tcp 6000-6001
21. Rose Online : tcp 29200
22. Return Of Warrior : tcp 10402
23. CrazyKart 2 : tcp 9600
25. Luna Online : tcp 15000-15002
26. Runes Of Magic : tcp 16402-16502
27. Fresh Ragnarok PS, www.freshro.org dst address 117.103.56.187 : 5126 (by Master kdebugx86)
28. Tantra Online : tcp 3010 (tambahan bro s4ndy78)
29. Heroes Of Newearth Incatamers chat server -> TCP 11031 game server -> UDP 11100-11125 VOIP -> UDP 11440-11460 (by LOVIAN)
30. Atlantica : tcp 4300 , ip 203.89.147.0/24 link: http://atlantica.gemscool.com/
31. ECO Online --> Port 12011 , 12110 by RB750
32. Cabal Indo --> Port 15001, 15002 by RB750
33. X-SHOT : tcp 7341,7451 , udp 7808,30000
34. 3 Kingdoms
Source : http://www.forummikrotik.com/general-networking/9277-warnet-game-online-masuk-sini.html
Port game online koneksi lokal / IIX
Limit pendownload dengan filter con-bytes
Apabila clien menggunakan software download manager ternyata trafficnya bisa lolos dari PCQ .
Maka dari itu saya buatkan rule baru untuk mengatasi problem itu.
Bikin dulu IP list bypass untuk klien kita contoh :
- IP Klien 192.168.xx.xx
- IP modem
- IP Proxy external yang di pakai
- IP website/homepage kita
- Dll…
lalu filter di firewall untuk deteksi connection-bytes
Src.Address list pilih Patroli
saya tandai new-packet dengan nama Razia
berlanjut pada queue-type untuk PCQ
saya namai con-filter-dn
dan con-filter-up
terakhir bikin simple-queue
sesuaikan packet-mark Razia dan queue-type con-filter-up / con-filter-dn
rule diatas akan melimit IP-ADDRESS yg telah di marking oleh mangle (1 IP = 1 packet-mark)
dan di PCQ classifier yg di tandai hanya dst.address dan src.address maka yang di proses untuk queue HANYA IP-ADDRES saja bukan per-Port connection seperti pada mangle con-bytes
Pertanyaannya mengapa memakai mangle con-bytes bisa lolos?
jawabannya : karena mangle con-bytes itu menandai traffic per connection (src-port) yang di buat oleh
software download manager (pararel connection) jadi yang di tandai itu per-connection bukan per IP. Apabila software download manager telah mebuat pararel connection 10 maka mangle menandai 10 packet connection setelah itu baru di kirim ke PCQ dan PCQ sekedar meng-classifier apa yang telah di kirimkan oleh mangle.
apabila PCQ rate di setting 128k maka 10 packet dari mangle tersebut di beri jatah bw 128k. kenapa koq bisa sampai lolos bw nya,karena system software download manager itu mengacak koneksi untuk mendownload satu file seumpama di set 10 pararel maka dia akan membuat 10 koneksi dalam satu aksi, maka dari itu mangle hanya mengirim ke PCQ kalau masing-masing 10 koneksi itu sudah mencapai batas limit yang telah di setting connection-bytes,setelah semua (10) koneksi itu mencapai batas limit maka traffic akan menjadi 128k sesuai PCQ rate .
nah biasanya software download manager itu mengacak koneksi (mengganti koneksi baru) supaya dia dapat port baru lagi,maka mangle otomatis bekerja dari awal lagi untuk mengirim ke PCQ setelah melampui batas connection-bytes , pasca pergantian itu otomatis traffic baru itu lolos dari queue makanya kesannya mangle con-bytes itu gk ngaruh/jebol oleh software download manager
ps:
mohon maaf apabila dalam penjelasan diatas ada kekurangannya dalam bahasa penyampaiannya
karena saya ini hanyalah belajar dari otodidak yang saya temui di google maupun forum-forum.
m
Installasi Mikrotik 3.30
Menarik bukan.......?
Bagi yang belum punya sofware mikrotik, silahkan bisa langsung download dari situs resmisnya, anda bisa langsung download disini. Ukurannya lumayan kecil kog, sekitar 17 Mb.
Oce, langsung saja masuk ke installasi mikrotik :
1. Download file ISO mikrotik di sini
2. Setelah itu, burn file iso tersebut ke dalam CD. hati-hati burn dalam keadaan image file, kalo salah caranya bisa-bisa anda tidak akan bisa booting dan masuk ke mikrotik.
3. Setting BIOS anda dalam keaadaan first boot dari CD-ROM
4. Restart komputer, pastikan seperti gambar berikut ini
6. Akan muncul konfirmasi "do you want to keep old configuration? [y/n] " jika jawab Y berarti anda akan menggunakan settingan mikrotik sebelumnya.
7. Setelah itu muncul konfirmasi "erase data" jawab saja Y, setelah itu, tunggu proses instalasi selesai.
8. Reboot komputer anda, jangan lupa CD nya di keluarkan..
9. Biasanya, pada tahap akhir ini mikrotik akan melakukan chekking integrity disk, setelah proses cheking selesai proses intalasi anda selesai.
10. Masukkan user "admin" dan password di kosongi saja
Mudah bukan.... Tapi tunggu dulu, kalo kita lihat, mikrotik yang anda install hanya mempunyai masa trial 24 jam saja alias 1 hari. Tapi gak apa2 untuk tahap latihan hal itu bukan masalah, toh kalo lisensi habis kamu bisa format lagi.
Mungkin lain kali, saya akan bahas bagaimana mengcrack mikrotik. Tunggu saja artikelnya...
Selamat mencoba.... :D
Source : http://herymustofa.blogspot.com
STEP BY STEP WINBOX BANDWIDTH MANAGEMEN TERMUDAH UNTUK PEMULA
1. Buat Conn Mark
WINBOX > IP > FIREWALL > MANGLE>
[+] ADD NEW
chain = Prerouting
protocol = TCP(6)
src Port = 21,80 ( umumnya download ambil dari port 80 dan 21 ( http dan ftp ) )
in interface = ETHER 1
(masuk ke TAB advance)
connection bytes = 262146-4294967295 ( artinya batas file ter kecil yang kena filter 256kb)
(masuk TAB action)
Action = mark connection
New Connection Mark = Download
Passtrough = [V] <- centang
2. Buat Packet Mark
[+] ADD NEW
chain = Prerouting
in interface = ETHER 1
Connection Mark = Download
(masuk TAB action)
Action = mark packet
New Packet Mark = Download
3. Buat Queue Type
WINBOX > QUEUES > QUEUE TYPES
[+] ADD NEW
name = shape
kind = pcq
( pindah tab setting )
rate = 256000 <- kita batasi Download hanya di 256kbps...
limit dan total limit biarin tetep..
clasifier = src. Address [v] <-- centang
4.Buat Queue Tree
WINBOX > QUEUES > QUEUE TREE
[+] ADD NEW
name = Download
parent = global in
packet mark = Download
queue type = shape
max limit = 256000
Source : http://www.forummikrotik.com/70947-post1.html
Load Balancing + Proxy Eksternal (Game Poker & Poinblank LANCAR...!!)
bahan :
- RB750 VER 4.9
- 2 Line Speedy Paket Office
- Ubuntu Versi 10.04
SISI MIKROTIK :
/ip adrress
- 172.19.196.1/24 interface proxy
- 192.168.88.1/24 interface lan
- 192.168.1.1/24 interface modem-1
- 192.168.2.1/24 interface modem-2
catatan : - dial lewat mikrotik dgn modem sbg brigde
- ip mesin ubuntu 172.19.196.100
PROXY HIT
/ip firewall mangle
add action=mark-packet chain=prerouting comment=proxy-hit disabled=no dscp=12 \
new-packet-mark=proxy-hit passthrough=yes
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT packet-mark=proxy-hit parent=global-out priority=1 \
queue=default
PCC RULE MARK ALL PPPoE CONN
/ip firewall mangle
add action=mark-connection chain=input comment=\
"PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new disabled=no \
in-interface=pppoe_1 new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_1 new-connection-mark=\
pppoe1_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_2 new-connection-mark=\
pppoe2_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
disabled=no new-routing-mark=pppoe_2 passthrough=no
PCC RULE MARK NON HTTP CONN
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"PCC RULE ---- MARK - NON -HTTP CONN" connection-state=established \
disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=!80 \
in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local in-interface=lan \
new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
PCC RULE MARK HTTP dan NON HTTP ROUTE
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"PCC RULE ---- MARK - HTTP ROUTE" connection-mark=http_pppoe_1 disabled=\
no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment=\
"PCC RULE MARK NON HTTP ROUTE" connection-mark=non.http_pppoe_1 \
disabled=no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
NAT
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
out-interface=pppoe_1
add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
out-interface=pppoe_2
add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
out-interface=proxy
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=\
53 in-interface=lan protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=lan protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no \
dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lan \
protocol=tcp to-addresses=172.19.196.100 to-ports=3128
add action=dst-nat chain=dstnat comment="REMOTE PROXY" disabled=no \
dst-address=125.165.40.xxx dst-port=22 protocol=tcp to-addresses=\
172.19.196.100 to-ports=22
ADDRESS LIST
/ip firewall address-list
add address=192.168.88.0/24 comment="" disabled=no list=lanNET
add address=172.19.196.0/24 comment="" disabled=no list=proxyNET
ROUTE
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no \
distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 target-scope=10
Kita lanjut pada sisi proxy-nya
Partisi HDD
Dari harddisk 160Gb dibagi sebagai berikut:
/boot 1Gb ext4 Boot Flag Boot
/ 3Gb ext4 System
/usr 4Gb ext4 Static Variable
/var 4Gb ext4 Variable
swap 1Gb swap (1 x besaran RAM)
/home/proxy1 10 Gb /ReiserFS
/home/proxy2 10 Gb /ReiserFS
/home/proxy3 10 Gb /ReiserFS
/home/share (sisanya) ext4 Share Documents
Install Paket
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
setelah selesai install paket lakukan edit squid.conf
dgn lokasi : /etc/squid/squid.conf
menjadi :
SQUID.CONF
#-----------------------------------#
# Proxy Server Versi 2.7.Stable6
# by teukurizal@yahoo.com.sg
# update 11 Juni 2010
#-----------------------------------#
#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#
http_port 3128 transparent
icp_port 3130
prefer_direct off
#---------------------------------------------------------------#
# Mengatasi Facebook Blank setelah login
#---------------------------------------------------------------#
server_http11 on
#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#----------------------------------------------------------------#
# cache_dir
#----------------------------------------------------------------#
cache_dir aufs /home/proxy1 7000 16 256
cache_dir aufs /home/proxy2 7000 16 256
cache_dir aufs /home/proxy3 7000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#
# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
# -- refresh pattern for specific sites -- #
refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#
acl proxyku src 172.19.196.0/24
http_access allow proxyku
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow proxyku
icp_access allow localhost
icp_access deny all
always_direct deny all
#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#
cache_mgr teukurizal@yahoo.com.sg
visible_hostname dns.proxyku.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
Langkah berikut nya :
stop squid dgn perintah "squid stop"
Memberikan permission pada folder cache
chown -R proxy.proxy /home/proxy
chown proxy.proxy /var/log/squid/access.log
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan
squid -f /etc/squid/squid.conf -z
Restart squid.
squid restart
Demikian tutorial ini semoga bermanfaat... !!!
Source : http://www.forummikrotik.com/tutorial/12842-load-balancing-proxy-eksternal-game-poker-and-poinblank-lancar.html#post141922
Proxy Eksternal dengan Ubuntu untuk Pemula
Langkah demi langkah
MASUKKAN CD UBUNTU KE CDROM DAN REBOOT KOMPUTERNYA " hehehe.....
‘- Pilih language english (enter)
‘- Pilih instal ubuntu server (enter)
‘ -Tekan enter pada choose langguage english
‘- Pilih united states
‘- Klik no pada detect keyboard layout?
‘- Klik USA pada ubuntu installer main menu
‘- Klik USA pada keyboard layout
‘- Klik continue pada configure the network
‘- Pilih configure network manually isi ip address dg 172.19.196.100 pilih continue enter
‘- Netmask 255.255.255.0 pilih continue enter
‘- Gateway 172.19.196.1 terus klik continue
‘- Name server addresses 172.19.196.1 pilih continue enter
‘- Hotsnama : isi dg proxyku terus pilih continue enter
‘- Domain name: di kosongin saja, pilih continue enter
‘- Pada configure the clok pilih select from worldwide list terus cari jakarta terus enter
‘- Pada menu partition disk pilih manual
‘- Kita hapus partisi lama dulu :
‘-Pilih partisi nya terus enter pilih delete the partion (ulangi perintah ini untuk semua partisi yg tersisa)
‘-Jika telah selesai pilih Guided partitioning, kemudian pilih manual arahkan pada FREE SPACE (enter),
‘- Pilih Create new partition (enter)
New partition size isi 1 GB (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada Mount point pilih /boot (enter), pd mount option pilih[*] noatime (pilih continue dan enter), pada Bootable Flag rubah menjadi on kemudian pilih done setting up the partition
Arahkan pada FREE SPACE (enter), pilih Create new partition (enter ) new partition size isi 4 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada Mount point pilih / (enter), pd mount option pilih[*] noatime (pilih continue dan enter), kemudian Pilih done setting up the partition
Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi 4 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada Mount point pilih /usr (enter), pd mount option pilih[*] noatime (pilih continue dan enter), kemudian Pilih done setting up the partition
Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi 4 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada Mount point pilih /var (enter), pd mount option pilih[*] noatime (pilih continue dan enter), kemudian Pilih done setting up the partition
Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi 1 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada use as pilih swap area (enter), kemudian Pilih done setting up the partition
Arahkan pada FREE SPACE (enter),
pilih Create new partition (enter) new partition size isi 10 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada use as pilih reiserFS (enter), pada Moun point enter manually buat menjadi /home/proxy1, pd mount option pilih[*] noatime dan[*] notail kemudian Pilih continue dan done setting up the partition
Arahkan pada FREE SPACE (enter),
pilih Create new partition (enter) new partition size isi 10 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada use as pilih reiserFS (enter), pada Moun point enter manually buat menjadi /home/proxy2, pd mount option pilih[*] noatime dan[*] notaill kemudian Pilih continue dan done setting up the partition
Arahkan pada FREE SPACE (enter),
pilih Create new partition (enter) new partition size isi 10 GB (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada use as pilih reiserFS (enter), pada Moun point enter manually buat menjadi /home/proxy3, pd mount option pilih[*] noatime dan[*] notail kemudian Pilih continue dan done setting up the partition
Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi sesuai sisanya (pilih continue dan enter), pilih Logikal (enter), pilih Beginning (enter), pada Moun point enter manually buat menjadi /data kemudian Pilih continue dan done setting up the partition
Kemudian pilih finis partitioning and write changes to disk
write the changes to disk pilih yes
pada full name for the new user isi dg proxyku, terus continue & enter
pada Username for your account isi dg proxyku, terus continue & enter
pada a password for the new user isi dg proxyku, terus continue & enter
pada re-enter password to verify isi dg proxyku, terus continue & enter
pada use weak password pilih yes
pada encrypt your home directory pilih no
pada HTTP proxy information KOSONGIN SAJA
pada configurasi apt 43% tekan enter, juga pada 81% tekan enter
pilih no automatic update
pada choose software to install pilih OpenSSH server
pilih continus pd finis the installation
PENTING....!!! setelah restart
login dg proxyku
password proxyku
ketik sudo su -
isi proxyku
ketik passwd
enter new UNIX password isi dg proxyku
retype new UNIX password isi proxyku
Install Paket
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
setelah selesai install paket lakukan edit squid.conf " biar mudah pakai saja software WINSCP & PUTTY
squid.conf
- hapus isi squid.conf kamu dan ganti dg isi squid.conf di bawah ini...
#-----------------------------------#
# Proxy Server Versi 2.7.Stable7
# by teukurizal@yahoo.com
# update 11 Juni 2010
#-----------------------------------#
#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#
http_port 3128 transparent
icp_port 3130
prefer_direct off
#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#----------------------------------------------------------------#
# cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options>
#----------------------------------------------------------------#
cache_dir aufs /home/proxy1 7000 16 256
cache_dir aufs /home/proxy2 7000 16 256
cache_dir aufs /home/proxy3 7000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
#---------------------------------------------------------------#
# SNMP
#---------------------------------------------------------------#
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#
acl proxyku src 172.19.196.0/24
http_access allow proxyku
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow proxyku
icp_access allow localhost
icp_access deny all
always_direct deny all
#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#
cache_mgr teukurizal@yahoo.com.sg
visible_hostname dns.proxyku.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
Langkah selanjutnya
stop squid dengan perintah : /etc/init.d/squid stop (ubuntu 9.10) atau squid stop (ubuntu 10.04)
• Memberikan permission pada folder cache
chown -R proxy.proxy /home/proxy1
chown -R proxy.proxy /home/proxy2
chown -R proxy.proxy /home/proxy3
chown -R proxy.proxy /var/log/squid/access.log
• Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
• Restart squid.
/etc/init.d/squid restart (ubuntu 9.10) atau squid restart (ubuntu 10.04)
• Buat rule iptables agar port HTTP (80) dari client dibelokkan ke port Proxy (3128).
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -I PREROUTING -i eth0 -p udp -m udp --dport 80 -j REDIRECT --to-ports 3128
SEMOGA BERMANFAAT...!!! TERUS MAJU INDONESIA-KOE
Source : http://www.forummikrotik.com/software/12920-membuat-proxy-dengan-ubuntu.html
Mikrotik My References
Connection-byte : membaca byte yg telah tercapai dari suatu connection yg terjadi
Connection-rate : membaca bit / speed yg telah terjadi dari suatu connection
Seumber : Semua situs yang saya jelajahi - special www.forummikrotik.com