Tutorial ini saya buat untuk menjawab byk pertanyaan tentang cara menggabungkan 2 line Speedy dgn Proxy Ekternal sekaligus solusi agar game online terutama Poker dan Poinblank tidak di deteksi sebagai ip ilegal lagi.
BAHAN-BAHAN :
- RB750 VER 4.9
- 2 Line Speedy Paket Office
- Ubuntu Versi 10.10
SISI MIKROTIK :
/ip adrress
- 192.168.1.1/24 interface modem-1
- 192.168.2.1/24 interface modem-2
- 192.168.3.1/24 interface proxy
- 192.168.4.1/24 interface lan
catatan : - Dial lewat mikrotik dgn modem sbg brigde
- IP Mesin Ubuntu 192.168.3.1
URUTAN SETTINGAN DI MIKROTIK :
1. Address List
/ip firewall address-list
add address=192.168.4.0/24 comment="" disabled=no list=lanNET
add address=192.168.3.0/24 comment="" disabled=no list=proxyNET
2. Membuat Proxy Hit
/ip firewall mangle
add action=mark-packet chain=forward comment=proxy-hit disabled=no dscp=12 \
new-packet-mark=Hit passthrough=no
add action=mark-connection chain=forward comment="" disabled=no \
dst-address-list=lanNET new-connection-mark=Hit passthrough=yes protocol=\
tcp src-address-list=proxyNET
add action=mark-packet chain=forward comment="" connection-mark=Hit disabled=\
no new-packet-mark=Hit passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT packet-mark=Hit parent=global-out priority=1 \
queue=default
3. Scaner IP PB & FB
/ip firewall mangle
add action=mark-connection chain=prerouting comment="POKER + POINT BLANK" \
disabled=no dst-address-list="Poker + PB" dst-port=49100 \
new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list="Poker + PB" dst-port=40000-40010 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list="Poker + PB" dst-port=39190 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list="Poker + PB" dst-port=9339 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list="Poker + PB" dst-port=843 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
"Trafik PB + POKER" disabled=no new-packet-mark="PB + Poker" passthrough=\
yes
add action=mark-routing chain=prerouting comment=\
"ROUTING POKER + POINT BLANK" connection-mark="Trafik PB + POKER" \
disabled=no dst-address-list="Poker + PB" in-interface=lan \
new-routing-mark="Poker + PB" passthrough=no src-address=192.168.4.0/24
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment=\
"SCANNER POKER + POINT BLANK" disabled=no dst-port=40000-40010 protocol=\
udp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
39100 protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
39110 protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
39220 protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
39190 protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
49100 protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=843 \
protocol=tcp
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
9339 protocol=tcp
4. Mangle ( Untuk PB & FB tdk di loadbalancing)
/ip firewall mangle
add action=mark-connection chain=input comment=mark_all_ppoe_conn \
connection-state=new disabled=no in-interface=pppoe_1 \
new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_1 new-connection-mark=\
pppoe1_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_2 new-connection-mark=\
pppoe2_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
disabled=no new-routing-mark=pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment=mark_http_conn \
connection-state=new disabled=no dst-address-list="!Poker + PB" \
dst-address-type=!local dst-port=80 in-interface=proxy \
new-connection-mark=http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-list="!Poker + PB" dst-address-type=!local \
dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="Poker + PB" dst-address-type=!local \
dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment=mark_non_http_conn \
connection-state=new disabled=no dst-address-list="!Poker + PB" \
dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-list="!Poker + PB" dst-address-type=!local \
dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-list="!Poker + PB" dst-address-type=!local \
in-interface=lan new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-list="!Poker + PB" dst-address-type=!local \
in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local in-interface=lan new-connection-mark=non.http_pppoe_1 passthrough=\
yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=\
yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local in-interface=lan new-connection-mark=non.http_pppoe_1 passthrough=\
yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=\
yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-routing chain=prerouting comment=mark_http_route \
connection-mark=http_pppoe_1 disabled=no new-routing-mark=pppoe_1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment=mark_non_http_route \
connection-mark=non.http_pppoe_1 disabled=no new-routing-mark=pppoe_1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
5. NAT
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
out-interface=pppoe_1
add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
out-interface=pppoe_2
add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
out-interface=proxy
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=\
53 in-interface=lan protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=lan protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no \
dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lan \
protocol=tcp to-addresses=192.168.3.100 to-ports=3128
add action=dst-nat chain=dstnat comment="REMOTE PROXY" disabled=no \
dst-address=125.165.40.xyz dst-port=22 protocol=tcp to-addresses=\
192.168.3.100 to-ports=22
6. Route
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no \
distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 target-scope=10
SETINGAN DI SISI MESIN UBUNTU:
PROXY DG UBUNTU + LUSCA
Lusca Proxy High performance merupakan pengembangan dari squid oleh developer squid Andrian cadd yg didekasikan terutama utk caching file2 dynamic (kayak youtube, google addssense, banner, iklan dll) file2 itu biasanya membuat penuh cache, tapi karena content dynamic oleh squid pasti akan dianggap miss dan akan mendownload lagi jadi bisa membuat posioning cache. Lusca sanggup mencache file2 tsb dan menjadi hit content.. banyaknya file dinamis ini tentu akan jauh menghemat bandwidth yg kita pakai..
Cara Install Ubuntu dan Tunning lihat di sini : http://pung0-c0de.googlecode.com/files/confiq%20on%20ubuntu.rar
Install Paket yg di butuhkan :
#sudo apt-get update
# sudo apt-get install squid
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
Download Lusca lewat terminal ubuntu :
wget httx://pung0-c0de.googlecode.com/files/LUSCA_FMI.tar.gz
lalu ekstrak dan masuk ke foldernya :
# tar xzvf LUSCA_FMI.tar.gz
# cd LUSCA_FMI/
CATATAN : jika memakai ubuntu 64bit lakukan perintah ini #---------> make distclean
Ok sekarang dimulai tahap compile nya :
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-http-gzip --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536
Selanjutnya, ketik perintah berikut di terminal :
# make
# sudo make install
Edit squid.conf
# Memberikan permission pada folder cache
chown proxy:proxy /cache1
chown proxy:proxy /cache2
chown proxy:proxy /cache3
chown proxy:proxy /videocache
chmod 777 /cache1
chmod 777 /cache2
chmod 777 /cache3
chmod 777 /videocache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
chown proxy:proxy /usr/share/squid/refresh.conf
chmod 777 /usr/share/squid/refresh.conf
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
Reboot CPU nya...
+============ FINISH ==========+