2 Line Speedy PB Dan FB

2 Line speedy PB dan FB + squid Ubuntu
Tutorial ini saya buat untuk menjawab byk pertanyaan tentang cara menggabungkan 2 line
Speedy dgn Proxy Ekternal sekaligus solusi agar game online terutama Poker dan Poinblank
tidak di deteksi sebagai ip ilegal lagi.
BAHAN-BAHAN :
- RB750 VER 4.9
- 2 Line Speedy Paket Office
- Ubuntu Versi 10.04
SISI MIKROTIK :
/ip adrress
- 192.168.1.1/24 interface modem-1

- 192.168.2.1/24 interface modem-2
- 192.168.3.1/24 interface proxy
- 192.168.4.1/24 interface lan

catatan : - Dial lewat mikrotik dgn modem sbg brigde
- IP Mesin Ubuntu 192.168.3.100
URUTAN SETTINGAN DI MIKROTIK :
1. Address List
/ip firewall address-list

add address=192.168.4.0/24 comment="" disabled=no list=lanNET
add address=192.168.3.0/24 comment="" disabled=no list=proxyNET
2. Membuat Proxy Hit
/ip firewall mangle

add action=mark-packet chain=forward comment=proxy-hit disabled=no dscp=12 \
new-packet-mark=Hit passthrough=no
add action=mark-connection chain=forward comment="" disabled=no \
dst-address-list=lanNET new-connection-mark=Hit passthrough=yes protocol=\
tcp src-address-list=proxyNET
add action=mark-packet chain=forward comment="" connection-mark=Hit disabled=\
no new-packet-mark=Hit passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=HIT packet-mark=Hit parent=global-out priority=1 \
queue=default
3. Scaner IP PB & FB
/ip firewall mangle

add action=mark-connection chain=prerouting comment="POKER + POINT BLANK" \
disabled=no dst-address-list="Poker + PB" dst-port=49100 \
new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list="Poker + PB" dst-port=40000-40010 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=udp
dst-address-list="Poker + PB" dst-port=39190 new-connection-mark=\
"Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
"Trafik PB + POKER" disabled=no new-packet-mark="PB + Poker" passthrough=\
yes
add action=mark-routing chain=prerouting comment=\
"ROUTING POKER + POINT BLANK" connection-mark="Trafik PB + POKER" \
disabled=no dst-address-list="Poker + PB" in-interface=lan \
new-routing-mark="Poker + PB" passthrough=no src-address=192.168.4.0/24
add action=add-dst-to-address-list address-list="Poker + PB" \
address-list-timeout=0s chain=forward comment=\
"SCANNER POKER + POINT BLANK" disabled=no dst-port=40000-40010 protocol=\
udp
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=\
39100 protocol=tcp
39110 protocol=tcp
39220 protocol=tcp
39190 protocol=tcp
49100 protocol=tcp
address-list-timeout=0s chain=forward comment="" disabled=no dst-port=843 \
protocol=tcp
9339 protocol=tcp
4. Mangle ( Untuk PB & FB tdk di loadbalancing)
/ip firewall mangle

add action=mark-connection chain=input comment=mark_all_ppoe_conn \
connection-state=new disabled=no in-interface=pppoe_1 \
new-connection-mark=pppoe1_conn passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_1 new-connection-mark=\
pppoe1_conn passthrough=yes
established disabled=no in-interface=pppoe_2 new-connection-mark=\
pppoe2_conn passthrough=yes
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
disabled=no new-routing-mark=pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment=mark_http_conn \
connection-state=new disabled=no dst-address-list="!Poker + PB" \
dst-address-type=!local dst-port=80 in-interface=proxy \
new-connection-mark=http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-list="!Poker + PB" dst-address-type=!local \
dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp
established disabled=no dst-address-list="!Poker + PB" dst-address-type=\
!local dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_1 \
protocol=tcp
protocol=tcp
related disabled=no dst-address-list="Poker + PB" dst-address-type=!local \
dst-port=80 in-interface=proxy new-connection-mark=http_pppoe_1 \
protocol=tcp
related disabled=no dst-address-list="!Poker + PB" dst-address-type=\
protocol=tcp
add action=mark-connection chain=prerouting comment=mark_non_http_conn \
connection-state=new disabled=no dst-address-list="!Poker + PB" \
dst-address-type=!local dst-port=!80 in-interface=lan \
new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_2 \
protocol=tcp
!local dst-port=!80 in-interface=lan new-connection-mark=non.http_pppoe_1 \
protocol=tcp
protocol=tcp
protocol=tcp
protocol=tcp
in-interface=lan new-connection-mark=non.http_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
in-interface=lan new-connection-mark=non.http_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
!local in-interface=lan new-connection-mark=non.http_pppoe_1 passthrough=\
yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-routing chain=prerouting comment=mark_http_route \
connection-mark=http_pppoe_1 disabled=no new-routing-mark=pppoe_1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment=mark_non_http_route \
connection-mark=non.http_pppoe_1 disabled=no new-routing-mark=pppoe_1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
non.http_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
5. NAT
/ip firewall nat

add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
out-interface=pppoe_1
out-interface=pppoe_2
out-interface=proxy
add action=dst-nat chain=dstnat comment=TRANSPARENT-DNS disabled=no dst-port=\
53 in-interface=lan protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=lan protocol=tcp to-ports=53
in-interface=proxy protocol=udp to-ports=53
in-interface=proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=no \
dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=lan \
protocol=tcp to-addresses=192.168.3.100 to-ports=3128
add action=dst-nat chain=dstnat comment="REMOTE PROXY" disabled=no \
dst-address=125.165.40.xyz dst-port=22 protocol=tcp to-addresses=\
192.168.3.100 to-ports=22
6. Route
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe1-Distance-1 disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 target-scope=10
add check-gateway=ping comment=Default-Route-pppoe2-Distance-2 disabled=no \
distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 target-scope=10
SETINGAN DI SISI MESIN UBUNTU :
1. Buat Partisi HDD seperti di bawah ini
Dari harddisk 250 Gb dibagi sebagai berikut:

/boot 1Gb ext4 Boot Flag Boot
/ 3Gb ext4 System
/usr 4Gb ext4 Static Variable
/var 4Gb ext4 Variable
swap 1Gb swap (1 x besaran RAM)
/proxy1 10 Gb /ReiserFS
/home/share (sisanya) ext4 Share Documents
2. Install Paket yang di Butuh kan
- sudo apt-get update

- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
setelah selesai install paket lakukan edit squid.conf
menjadi :
#-----------------------------------#
# Proxy Server Versi 2.7.Stable7
# by [email protected]
# update 30 Juli 2010
#-----------------------------------#
#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#
http_port 3128 transparent

icp_port 3130
prefer_direct off
#---------------------------------------------------------------#
# Mengatasi Facebook Blank setelah login
#---------------------------------------------------------------#
server_http11 on
#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#----------------------------------------------------------------#
# cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options>
#----------------------------------------------------------------#
cache_dir aufs /proxy1 7000 16 256

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#
acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE

acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#
refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache
ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-
expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire
ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-
no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
#---------------------------------------------------------------#
# SNMP
#---------------------------------------------------------------#
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#
acl proxyku src 192.168.3.0/24
http_access allow proxyku
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow proxyku
icp_access allow localhost
icp_access deny all
always_direct deny all
#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#
cache_mgr [email protected]
visible_hostname dns.proxyku.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
3. Langkah Berikut nya
stop squid dgn perintah "squid stop"
Memberikan permission pada folder cache

chown -R proxy.proxy /proxy1
chown proxy.proxy /var/log/squid/access.log
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan

squid -f /etc/squid/squid.conf -z
Restart squid.
squid restart
Tambahkan 3 baris di bawah ini di rc.local
squid start
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -I PREROUTING -i eth0 -p udp -m udp --dport 80 -j REDIRECT --to-ports 3128
kemudia save dan restart komputer nya
SEMOGA BERMANFAAT...!!!
Last edited by teukurizal (31-07-2010 10:58:37)

2 Line Speedy PB Dan FB

Uploaded by

Copyright:

Available Formats

2 Line Speedy PB Dan FB

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 Line Speedy PB Dan FB

Uploaded by

Copyright:

Available Formats

2 Line speedy PB dan FB + squid Ubuntu

- 192.168.1.1/24 interface modem-1

URUTAN SETTINGAN DI MIKROTIK :

/ip firewall address-list

2. Membuat Proxy Hit

/ip firewall mangle

/ip firewall mangle

4. Mangle ( Untuk PB & FB tdk di loadbalancing)

/ip firewall mangle

/ip firewall nat

SETINGAN DI SISI MESIN UBUNTU :

1. Buat Partisi HDD seperti di bawah ini

Dari harddisk 250 Gb dibagi sebagai berikut:

2. Install Paket yang di Butuh kan

- sudo apt-get update

setelah selesai install paket lakukan edit squid.conf

http_port 3128 transparent

cache_dir aufs /proxy1 7000 16 256

acl all src 0.0.0.0/0.0.0.0

acl purge method PURGE

refresh_pattern ^ftp: 1440 20% 10080

3. Langkah Berikut nya

stop squid dgn perintah "squid stop"

Memberikan permission pada folder cache

Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan

Tambahkan 3 baris di bawah ini di rc.local

kemudia save dan restart komputer nya

Last edited by teukurizal (31-07-2010 10:58:37)

You might also like