Mikrotik RB 750 + PFsense as Squid Box

sakuranet

Mohon pencerahan

topology mikrotik menggunakan 3 ethernet :
port 1 = WAN  ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )

topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )

Setelah saya baca
WAN mikrotik ip 192.168.2.2 WAN PFsense 192.168.3.2 tapi kok  NAT nya bisa gini ya..??

setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )

Mohon untuk bisa dilengkapi, saya lg butuh bgt

kambeeng

Coba main2 kesini ada yang sudah mengawinkan pf + mt dan sukses …. silahkan di check
http://www.facebook.com/photo.php?fbid=325718020852060&set=o.393320928141&type=1&relevant_count=1&ref=nf

abnisrea

Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik

MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY

modem
                                          |
                                      switch
            |–--(port1) ---------| |-----------to pfsense wan
        MIKROTIK RB750                                  |
            |----(port3) -----Kabel UTP CROSS---|
            |----(port2) --to switch to clients

======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCA

proxy : 192.168.12.15/24
lan  : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)

ip clients : 192.168.10.xxx dst

======================
setting interface
Code:

/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy

======================
setting ip address
code:

/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no

=======================
setting route:
Code:

/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no

=======================
setting dns:
Code:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)

/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d

========================
setting nat:
Code:

/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)

/ip firewall nat print

0  chain=srcnat action=masquerade out-interface=public

1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
    dst-port=80

2  chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
    src-address=192.168.10.0/24 in-interface=lan dst-port=80

3  chain=srcnat action=masquerade out-interface=proxy

========================
setting manggle:
Code:

/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no

/ip firewall mangle print

0  chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT

1  chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con

2  chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
    connection-mark=!squid_con

3  chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
    connection-mark=all_con

4  chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
    connection-mark=all_con

5  chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
    connection-mark=all_con

6  chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con

=======================
setting queue :

/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no

/queue simple print

0    name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=squid_pkt direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

1    name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
      burst-time=0s/0s total-queue=default-small

2    name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
      parent=none packet-marks=top_pkt direction=both priority=1
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

3    name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=icmp_pkt direction=both priority=2
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

kambeeng

sekalian cantumkan setingan di pfsensenya om ….. , mungkin banyak rekan2 yang ingin tahu

abnisrea

@abnisrea:

Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik

MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY

modem
                                          |
                                      switch
            |–--(port1) ---------| |-----DHCP dr Modem------to pfsense wan
        MIKROTIK RB750                                                          |
            |----(port3) -----Kabel UTP CROSS---------------------|
            |----(port2) --to switch to clients

======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCA

proxy : 192.168.12.15/24
lan  : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)

ip clients : 192.168.10.xxx dst

======================
setting interface
Code:

/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy

======================
setting ip address
code:

/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no

=======================
setting route:
Code:

/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no

=======================
setting dns:
Code:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)

/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d

========================
setting nat:
Code:

/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)

/ip firewall nat print

0  chain=srcnat action=masquerade out-interface=public

1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
    dst-port=80

2  chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
    src-address=192.168.10.0/24 in-interface=lan dst-port=80

3  chain=srcnat action=masquerade out-interface=proxy

========================
setting manggle:
Code:

/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no

/ip firewall mangle print

0  chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT

1  chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con

2  chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
    connection-mark=!squid_con

3  chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
    connection-mark=all_con

4  chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
    connection-mark=all_con

5  chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
    connection-mark=all_con

6  chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con

=======================
setting queue :

/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no

/queue simple print

0    name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=squid_pkt direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

1    name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
      burst-time=0s/0s total-queue=default-small

2    name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
      parent=none packet-marks=top_pkt direction=both priority=1
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

3    name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=icmp_pkt direction=both priority=2
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

Untuk Om Juragan Kambeeng
Settingan Pfsense nya semua standar non DHCP tanpa firewall termasuk luscanya standar port 3128.. semua berjalan dengan normal..

pada wan dhcp dr modem gatway dari modem..

Salam PFI

mxn

sy binun dgn 2 interface pfsense yg dikawinkan dgn mikrot*k, jalan" nemu ini http://forum.pfsense.org/index.php/topic,52481.0.html wew ternyata pakai 1 lan di PF na plus dial PPPoE juga di mkt cmn setingana lom digelar aja hehehe

disini si thread starter memberikan topologi jaringan yg jelas dan peng-alamatan ip yg jelas di setiap interface (interface mkt & Pf) , SANGAT JELAS sekali sehingga yg baru belajar komputer sprti sy tdk kebingungan  ;D

smoga si TS segera menggelar setingan di mkt dan pfsense na

Amiiiin…............  ;D

mxn

@abnisrea:

@abnisrea:

Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik

MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY

modem
                                           |
                                       switch
            |–--(port1) ---------| |-----DHCP dr Modem------to pfsense wan
        MIKROTIK RB750                                                           |
            |----(port3) -----Kabel UTP CROSS---------------------|
            |----(port2) --to switch to clients

======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCA

proxy : 192.168.12.15/24
lan   : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)

ip clients : 192.168.10.xxx dst

======================
setting interface
Code:

/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy

======================
setting ip address
code:

/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no

=======================
setting route:
Code:

/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no

=======================
setting dns:
Code:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)

/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d

========================
setting nat:
Code:

/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)

/ip firewall nat print

0   chain=srcnat action=masquerade out-interface=public

1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
     dst-port=80

2   chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
     src-address=192.168.10.0/24 in-interface=lan dst-port=80

3   chain=srcnat action=masquerade out-interface=proxy

========================
setting manggle:
Code:

/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no

/ip firewall mangle print

0   chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT

1   chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con

2   chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
     connection-mark=!squid_con

3   chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
     connection-mark=all_con

4   chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
     connection-mark=all_con

5   chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
     connection-mark=all_con

6   chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con

=======================
setting queue :

/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no

/queue simple print

0    name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=squid_pkt direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

1    name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
      burst-time=0s/0s total-queue=default-small

2    name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
      parent=none packet-marks=top_pkt direction=both priority=1
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

3    name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
      packet-marks=icmp_pkt direction=both priority=2
      queue=default-small/default-small limit-at=0/0 max-limit=0/0
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

Untuk Om Juragan Kambeeng
Settingan Pfsense nya semua standar non DHCP tanpa firewall termasuk luscanya standar port 3128.. semua berjalan dengan normal..

pada wan dhcp dr modem gatway dari modem..

Salam PFI

Pemahaman sy begini kedua wan dr sisi mikocok dan pfsense mendapat dhcp dr modem, ini klo tdk salah  ;D
mohon dijelaskan om tujuan di bikin kedua wan sejajar seperti diatas

Thx

Salam PFSI

detrackmx

Kawin silang Pfsense + Mikocok sukses….

PF - mesin Virtualbox
Mikocok - Virtualbox

hasilnya jozzz.... gk kecolongan client yg sukanya Upload.
Cache Youtube lancar jaya selalu....... ::)


ardy_2006

@mumtazian:

@ardy_2006:

Sesuai dengan janji ( janji adalah hutang  :) , insya allah hutang segera terlunasi ) amiiin…. !!

Just share settingan saya Mikocok bersanding dengan PFSense.

Clients ------- Mikrotik 3 port -------- Inet

port 3 mikrotik ----- pfsense ------ inernet

modem : 192.168.2.1

topology mikrotik menggunakan 3 ethernet :
port 1 = WAN  ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )

topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )

oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.html

sebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )

setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )

bung ardy bisa lebih di jelaskan topologi di atas, sy masih bingung dgn pfsense 2 ether tersebut terutama di interface WAN (192.168.2.3) ….
itu kan di set static. Kl u/ port 1 (192.168.3.2) nyambung ke port mikrotik ether3 PROXY PFSENSE ( 192.168.3.1 ) nah kl untuk port WAN nya nyambung ke mana?
Trus modem na di set static juga kan ( pppoe di modem )?

terima kasih

Maaf bos baru sekarang kasih penjelasan.
Pada intinya saya menggunakan 2 router yakni mikrotik & PFsense.
kedua Wan baik Mikrotik & PFsense terhubung langsung ke modem. ( clientsnya modem )
Fungsi mikrotik adalah untuk full management bandwidht, sedang PFsense hanya sebagai proxy ( semua firewall di non aktifkan )
jadi pada dasarnya hanya membelokan request clients yg khusus port 80 ke arah router PFsense.
coba baca sekali lagi tipology yang saya gunakan.

salam.

midlle_snack

Salam kenal sebelumnya, tuk temen-temen PFSI aq baru saja bergabung disini walaupun sudah sering kali melihat2 forum dan belajar dari forum ini.

Maaf juga sebelumnya saya mo langsung bertanya mengenai setting pfsense di kombinasi dengan mikritink RB adapun topologi yang saya pake :

internet –-- RB750 ---- Hub ---- Client
                      |
                      |
                      |
                pfsense
(web proxy dengan single interface)

Untuk pfsense sudah dapat di akses dari client dan udah di update tuk squid dan juga lusca.

Yang jadi pertanyaan saya dan masih belum ketemu cari sana sini, gimana setting mikrotiknya agar setiap koneksi masuk dulu keproxy.

Maaf saya benar2 masih newbie baru usaha net kecil2an dengan modal pas2an jadi mo panggil yang expert biaya udah kebanyakan di modal, jadi lagi belajar sana-sini mengenai web proxy.

Terimakasih sebelum dan sesudahnya.

transistor

mohon ijin om Moderator ( kambeeng ), just share….
Untuk settingan L7 om Ardy, MANTEP  ???, sampe kepala jadi puyeng, lebih puyeng lagi klo terjadi eror di bagian proxy nya. Sedikit masukan... untuk games PB, saat loading awal, itu games menggunakan file exe, dat. Jika terjadi eror dibagian proxy, maka loading awalnya sangat lambat. Untuk mengatasinya, file dat, di disable.

semoga bermanfaat,........ salam :)

hyundrax

@ardy_2006:

Before, saya minta ijin sama Om Moderator ( kambeeng ) karena postingan saya tidak membahas PFSense.
Tetapi Routing mikrotik, karena saya uda yakin  PFSense Lusca yg kita semua pakai uda mantap sebagai proxy server untuk dikawinkan sama mikrotik

Dulu saya uda posting Cekek downloader dengan firewall layer7-protocol. Setelah saya amati & monitoring, ternyata firewall layer7-protocol yg saya gunakan terlalu memakan resource RB750G. Akhirnya setelah mencoba & terus mencoba macam macam regexp akhirnya temukan setting yg amat simple & akurat.

just share, jika ada yg kasih masukan monggo, semoga menjadi lebih baik lagi.

Tangkap semua extention file menggunakan L7 protocol (cuma satu file lebih ramping)
/ip firewall layer7-protocol
add name=download regexp="\.(zip|gz(a|i)|rar|raw|ram|7z|bz|bzip|gzip|tar.gz|tgz
   |iso|doc|pdf|cab|bin|xml|vcf|exe|app|vb|scr|avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(
   a|v)|og(x|v|a|g|m)|rm|r(a|p)m|vob|flv|x-flv|3gp|vcd|nrg|amr|klv|wav|DivX|mov
   |wmv|rmvb|aac|dat|amv|ifo|imovieproj|ivr|qt|swf)"

Tandai dulu keluar masuknya paket dengan setting mngle.
/ip firewall mangle
add action=mark-packet chain=prerouting comment=download disabled=no layer7-protocol=download
   new-packet-mark=download passthrough=no protocol=tcp

Sekarang kita set besarnya bandwidht yg kita alokasikan untuk mania download.
Lebih hebatnya lagi kita bisa set sesuai schedule download, disini untuk jam download saya set tengah malam sampai menjelang pagi. full bypass download sepuas puasnya. jam tsb dilarang komplen cause uda pada bobo. heee… heee.... heee....

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both
   disabled=no interface=all limit-at=0/0 max-limit=0/166k name=download
   packet-marks=download parent=none priority=8 queue=
   default-small/default-small time=7h-23h59m,sun,mon,tue,wed,thu,fri,sat
   total-queue=default-small

untuk setting NAT dan lain lain masih seperti postingan awal dulu.

Sementara ini dulu, ntar saya sambung, saat ini lagi mencoba regexp untuk limit youtube tetapi kalau uda masuk cache proxy tidak kelimit.( proxy hit )

semoga bermanfaat

Busyet.. simple trik yg hampir terlewatkan.. ma kasih om Ardy.. hemat resorce bgt nih.. :)