Mikrotik RB 750 + PFsense as Squid Box
-
nothing perfect on this world …
Setujuh banget juragan. selain itu " every system is vulnerable "
-
Mas Ardy Tolong bisa di jelaskan lebih detail untuk settingan NAT-nya ? Saya sdh coba cara seperti di atas tetapi belum berhasil.Atau mungkin ada rekan2 yg sdh berhasil mohon bisa di sharing di sini.Thanks !
-
Om setuju dengan setingan di atas … btw setelah om amati nggak ada exception untuk game online di sini hanya memcekek... applikasi atau port yang hau s bandwidth .....
jika mau untuk game online .. nya lebih wuss ..
perlu ditambah mangle .., dnegan acuan sebagai berikut ... setiap ... source yanng menuju port atau ip game online akan di tangkap .. dan di tandai .., dengan mark connection ... game onlinenya .. seteloah itu baru ditandai paketnya contoh ... PB .. setelah tertangkap paket tersebut di larikan ke que tree ., contoh buat PB .. dengan acuan semua bandwith untuk game online di losss
semoga berhasil
Kambeeng
PFSI -
Kalu gue seh mending pakai pf aja langsung …. tinggal modif dikit okeeeeeee maknyusssssss
-
Before, saya minta ijin sama Om Moderator ( kambeeng ) karena postingan saya tidak membahas PFSense.
Tetapi Routing mikrotik, karena saya uda yakin PFSense Lusca yg kita semua pakai uda mantap sebagai proxy server untuk dikawinkan sama mikrotikDulu saya uda posting Cekek downloader dengan firewall layer7-protocol. Setelah saya amati & monitoring, ternyata firewall layer7-protocol yg saya gunakan terlalu memakan resource RB750G. Akhirnya setelah mencoba & terus mencoba macam macam regexp akhirnya temukan setting yg amat simple & akurat.
just share, jika ada yg kasih masukan monggo, semoga menjadi lebih baik lagi.
Tangkap semua extention file menggunakan L7 protocol (cuma satu file lebih ramping)
/ip firewall layer7-protocol
add name=download regexp="\.(zip|gz(a|i)|rar|raw|ram|7z|bz|bzip|gzip|tar.gz|tgz
|iso|doc|pdf|cab|bin|xml|vcf|exe|app|vb|scr|avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(
a|v)|og(x|v|a|g|m)|rm|r(a|p)m|vob|flv|x-flv|3gp|vcd|nrg|amr|klv|wav|DivX|mov
|wmv|rmvb|aac|dat|amv|ifo|imovieproj|ivr|qt|swf)"Tandai dulu keluar masuknya paket dengan setting mngle.
/ip firewall mangle
add action=mark-packet chain=prerouting comment=download disabled=no layer7-protocol=download
new-packet-mark=download passthrough=no protocol=tcpSekarang kita set besarnya bandwidht yg kita alokasikan untuk mania download.
Lebih hebatnya lagi kita bisa set sesuai schedule download, disini untuk jam download saya set tengah malam sampai menjelang pagi. full bypass download sepuas puasnya. jam tsb dilarang komplen cause uda pada bobo. heee… heee.... heee..../queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both
disabled=no interface=all limit-at=0/0 max-limit=0/166k name=download
packet-marks=download parent=none priority=8 queue=
default-small/default-small time=7h-23h59m,sun,mon,tue,wed,thu,fri,sat
total-queue=default-smalluntuk setting NAT dan lain lain masih seperti postingan awal dulu.
Sementara ini dulu, ntar saya sambung, saat ini lagi mencoba regexp untuk limit youtube tetapi kalau uda masuk cache proxy tidak kelimit.( proxy hit )
semoga bermanfaat
-
Sesuai dengan janji ( janji adalah hutang :) , insya allah hutang segera terlunasi ) amiiin…. !!
Just share settingan saya Mikocok bersanding dengan PFSense.
Clients ------- Mikrotik 3 port -------- Inet
port 3 mikrotik ----- pfsense ------ inernet
modem : 192.168.2.1
topology mikrotik menggunakan 3 ethernet :
port 1 = WAN ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.htmlsebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )bung ardy bisa lebih di jelaskan topologi di atas, sy masih bingung dgn pfsense 2 ether tersebut terutama di interface WAN (192.168.2.3) ….
itu kan di set static. Kl u/ port 1 (192.168.3.2) nyambung ke port mikrotik ether3 PROXY PFSENSE ( 192.168.3.1 ) nah kl untuk port WAN nya nyambung ke mana?
Trus modem na di set static juga kan ( pppoe di modem )?terima kasih
-
sengaja saya "kawinkan" PF dengan mikrotik karna dengan mikrotik lebih detil untuk pantau upload/download setiap client secara real time…
sedangkan PF diposisikan sebagai eksternal Proxy karna pasti lebih kenceng pakai LUSCA.Dengan perkawinan silang PF+Mikrotik beban kerja PF lebih ringan terbukti dari status "Memory Usage" pada dashboard PF.
-
Sesuai dengan janji ( janji adalah hutang :) , insya allah hutang segera terlunasi ) amiiin…. !!
Just share settingan saya Mikocok bersanding dengan PFSense.
Clients ------- Mikrotik 3 port -------- Inet
port 3 mikrotik ----- pfsense ------ inernet
modem : 192.168.2.1
topology mikrotik menggunakan 3 ethernet :
port 1 = WAN ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.htmlsebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )bung ardy bisa lebih di jelaskan topologi di atas, sy masih bingung dgn pfsense 2 ether tersebut terutama di interface WAN (192.168.2.3) ….
itu kan di set static. Kl u/ port 1 (192.168.3.2) nyambung ke port mikrotik ether3 PROXY PFSENSE ( 192.168.3.1 ) nah kl untuk port WAN nya nyambung ke mana?
Trus modem na di set static juga kan ( pppoe di modem )?terima kasih
iya tuh wan-ya nyambung kemana ? koq blm ada jawaban ?
-
adsl ----pcmikrotik----switch--client | | pfsenseom kalau boleh tau proxy hitnya nembus sampai berapa Mega ???
salam buat rekan2 semua…
Disini sy sudah memakai pf 64bit sudah 5 bulanan, top proxy hitnya bs nembus sampe 69Mbps dengan 25 client. tapi nembus segitu jarang sekali, rata2 tiap hari top hit dari 3,5Mb - 5Mb..
topology ane seperti diatas, dengan pf sense 1 lan card tunggal (sbg wan + lan) menuju mikrotiknya, untuk Wan menggunakan vlan, sedang LAN menggunakan real mac addressnya.
Mesin ane pake pentium D 3Gb, RAM 4Gb, HDD 2 unit (80Gb & 160Gb), 1 buat system + coss, 1 lagi buat cache.
Cache ane jarang bgt sampe 50%, malah sekarang turun lagi. apakah itu normal ? mohon masukannya, terima kasih.Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 64G 18G 41G 31% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 3.6M 44K 3.3M 1% /var/run
/dev/ad6s1a 144G 32G 101G 24% /HDD2 -
@sis.net.id:
Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :
Topologi :
ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
| |
PFSense (Squid + Lusca)Saya harap pembaca sudah paham dengan cara kerja Mikocok
Mikocok Conf :
Ether 0 = PPoE Client ke Spedol
Ether 1 = Ke Client IP 192.168.88.2-254
Ether 2 = default
Ether 3 = ke LAN PF Box IP 192.168.200.1
Ether 4 = ke WAN PF Box IP 172.3.3.2Alat yang di butuhkan :
1 unit Mikocok RB 750 / 750G
1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
4 unit kabel LAN
1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke SpeedolLangkah selanjutnya :
Set pada sisi PF-nya
1. Install pfbox (sesuai Manual).
2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
5. Buka menu system --> packeges --> Cari Lusca
6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
*. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
*. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
*. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
*. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
10. Restart PF Box --> setelah restart, PFBox udah Ready to work.Set pada sisi Mik*otik-nya
1. IP --> address
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 10.10.30.6/28 10.10.30.0 10.10.30.15 ether1-gateway
2 192.168.200.100/24 192.168.200.0 192.168.200.255 ether4-local-slave
3 172.3.1.1/24 172.3.1.1 172.3.1.255 ether5-local-slave2. IP --> firewall --> Nat
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Client
chain=srcnat action=masquerade out-interface=ether1-gateway1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
dst-port=802 ;;; Proxy
chain=srcnat action=masquerade out-interface=ether5-local-slave3 ;;; NAT Proxy
chain=srcnat action=masquerade src-address=192.168.200.1
out-interface=ether1-gateway4 ;;; Belok ke-Proxy
chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp in-interface=ether2-local-master dst-port=803. IP --> firewall --> Nat
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.10.30.6 10.10.30.1 1
1 X S 0.0.0.0/0 192.168.200.100 192.168.200.1 1
2 X S 0.0.0.0/0 10.10.30.6 192.168.200.1 2
10.10.30.1
3 ADC 10.10.30.0/28 10.10.30.6 ether1-gateway 0
4 ADC 172.3.1.0/24 172.3.1.1 ether5-local-slave 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-local-ma... 0
6 ADC 192.168.200.0/24 192.168.200.100 ether4-local-slave 0
Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)ditunggu yee Commentnya
Maju terus networking indonesia
buat nubie kayak saya…
postingan mas bernilai 6 huruf :T.O.P.B.G.T
;D -
topologi saya yang dulu
RADIO/AKSES POINT <–------>RB750<-------->PF SENSE<-------->SWITCH<-------->CLIENT
╚>RADIO/AKSES POINT ke client beda gedungga tahu kenapa si RB sering hang, kalau pun ga hang speed internetnya ga garang "lemot"
adakah yang salah???
-
permisi numpang nanya,klo untuk setingan pfsense menggunakan 1 lan aja gmn ya ya,.
topologiADSL(Bridge) (1)–---------- Mikocok -------------- Switch(2) ------------ Client
| (3)
PFSense (Squid + Lusca)Mikocok Conf :
Ether 1 = IP 192.168.101.2/24 (Gateway speedy)
Ether 2 = IP 192.168.4.1/24 (Lokal warnet)
Ether 3 = IP 192.168.2.2/24 (Proxy )yang mau saya tanyakan gmn cara instal Set webconfig pada sisi PF-nya dan Set pada sisi Mik*otik-nya.pfsense sdh sy instal sesuai manual petunjuk instalnya dan sdh bs akses ke webconfignya.
Hardware Technical Data Seperti
MB :ASUS P5G41
PROCESSOR: DUAL CORE 3.0
RAM SIZE:3 Giga
HD SIZE : 250 giga
NETWORK CARD : Tp link
PFSENSE VER. : 2.0.1-RELEASE (i386)built FreeBSD 8.1-RELEASE-p6DIGUNAKAN UNTUK : WARNET
untuk modem sendiri sy seting menjadi bridge jd pppoe dari spidi langsung, kepada smw teman2 pfsense mohon bantuanya sy sudah muter2 di mbah google tp ga ktemu2 untuk setingan seperti diatas.Maklum sy msh Newbie bgt.trimakasih sebelumnya .salam kenal buat smw temen2 pfsense se Nusantara.
-
permisi numpang nanya,klo untuk setingan pfsense menggunakan 1 lan aja gmn ya ya,.
topologiADSL(Bridge) (1)–---------- Mikocok -------------- Switch(2) ------------ Client
| (3)
PFSense (Squid + Lusca)Mikocok Conf :
Ether 1 = IP 192.168.101.2/24 (Gateway speedy)
Ether 2 = IP 192.168.4.1/24 (Lokal warnet)
Ether 3 = IP 192.168.2.2/24 (Proxy )yang mau saya tanyakan gmn cara instal Set webconfig pada sisi PF-nya dan Set pada sisi Mik*otik-nya.pfsense sdh sy instal sesuai manual petunjuk instalnya dan sdh bs akses ke webconfignya.
Hardware Technical Data Seperti
MB :ASUS P5G41
PROCESSOR: DUAL CORE 3.0
RAM SIZE:3 Giga
HD SIZE : 250 giga
NETWORK CARD : Tp link
PFSENSE VER. : 2.0.1-RELEASE (i386)built FreeBSD 8.1-RELEASE-p6DIGUNAKAN UNTUK : WARNET
untuk modem sendiri sy seting menjadi bridge jd pppoe di dial dr mikocok, kepada smw teman2 pfsense mohon bantuanya sy sudah muter2 di mbah google tp ga ktemu2 untuk setingan seperti diatas.Maklum sy msh Newbie bgt.trimakasih sebelumnya .salam kenal buat smw temen2 pfsense se Nusantara.
-
Mohon pencerahan
topology mikrotik menggunakan 3 ethernet :
port 1 = WAN ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )Setelah saya baca
WAN mikrotik ip 192.168.2.2 WAN PFsense 192.168.3.2 tapi kok NAT nya bisa gini ya..??setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )Mohon untuk bisa dilengkapi, saya lg butuh bgt
-
Coba main2 kesini ada yang sudah mengawinkan pf + mt dan sukses …. silahkan di check
http://www.facebook.com/photo.php?fbid=325718020852060&set=o.393320928141&type=1&relevant_count=1&ref=nf -
Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik
MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY
modem
|
switch
|–--(port1) ---------| |-----------to pfsense wan
MIKROTIK RB750 |
|----(port3) -----Kabel UTP CROSS---|
|----(port2) --to switch to clients======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCAproxy : 192.168.12.15/24
lan : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)ip clients : 192.168.10.xxx dst
======================
setting interface
Code:/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy======================
setting ip address
code:/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no=======================
setting route:
Code:/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no
=======================
setting dns:
Code:/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)
/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d
========================
setting nat:
Code:/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)/ip firewall nat print
0 chain=srcnat action=masquerade out-interface=public
1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
dst-port=802 chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
src-address=192.168.10.0/24 in-interface=lan dst-port=803 chain=srcnat action=masquerade out-interface=proxy
========================
setting manggle:
Code:/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no/ip firewall mangle print
0 chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT
1 chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con
2 chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
connection-mark=!squid_con3 chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
connection-mark=all_con4 chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
connection-mark=all_con5 chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
connection-mark=all_con6 chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con
=======================
setting queue :/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no/queue simple print
0 name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=squid_pkt direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small1 name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default-small2 name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=top_pkt direction=both priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small3 name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=icmp_pkt direction=both priority=2
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small -
sekalian cantumkan setingan di pfsensenya om ….. , mungkin banyak rekan2 yang ingin tahu
-
Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik
MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY
modem
|
switch
|–--(port1) ---------| |-----DHCP dr Modem------to pfsense wan
MIKROTIK RB750 |
|----(port3) -----Kabel UTP CROSS---------------------|
|----(port2) --to switch to clients======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCAproxy : 192.168.12.15/24
lan : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)ip clients : 192.168.10.xxx dst
======================
setting interface
Code:/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy======================
setting ip address
code:/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no=======================
setting route:
Code:/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no
=======================
setting dns:
Code:/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)
/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d
========================
setting nat:
Code:/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)/ip firewall nat print
0 chain=srcnat action=masquerade out-interface=public
1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
dst-port=802 chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
src-address=192.168.10.0/24 in-interface=lan dst-port=803 chain=srcnat action=masquerade out-interface=proxy
========================
setting manggle:
Code:/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no/ip firewall mangle print
0 chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT
1 chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con
2 chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
connection-mark=!squid_con3 chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
connection-mark=all_con4 chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
connection-mark=all_con5 chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
connection-mark=all_con6 chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con
=======================
setting queue :/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no/queue simple print
0 name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=squid_pkt direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small1 name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default-small2 name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=top_pkt direction=both priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small3 name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=icmp_pkt direction=both priority=2
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-smallUntuk Om Juragan Kambeeng
Settingan Pfsense nya semua standar non DHCP tanpa firewall termasuk luscanya standar port 3128.. semua berjalan dengan normal..pada wan dhcp dr modem gatway dari modem..
Salam PFI
-
sy binun dgn 2 interface pfsense yg dikawinkan dgn mikrot*k, jalan" nemu ini http://forum.pfsense.org/index.php/topic,52481.0.html wew ternyata pakai 1 lan di PF na plus dial PPPoE juga di mkt cmn setingana lom digelar aja hehehe
disini si thread starter memberikan topologi jaringan yg jelas dan peng-alamatan ip yg jelas di setiap interface (interface mkt & Pf) , SANGAT JELAS sekali sehingga yg baru belajar komputer sprti sy tdk kebingungan ;D
smoga si TS segera menggelar setingan di mkt dan pfsense na
Amiiiin…............ ;D
-
Ikutan ach.. silahkan dicoba dan dilengkapi semua berjalan dengan baik
MIKROTIK RB750 DENGAN PFSENSE + LUSCA PROXY
modem
|
switch
|–--(port1) ---------| |-----DHCP dr Modem------to pfsense wan
MIKROTIK RB750 |
|----(port3) -----Kabel UTP CROSS---------------------|
|----(port2) --to switch to clients======================
pfsense wan : DHCP dari Modem
pfsense lan : 192.168.12.1/24 port proxy 3128 LUSCAproxy : 192.168.12.15/24
lan : 192.168.10.15/24
modem : 192.168.3.1/24 (DHCP)ip clients : 192.168.10.xxx dst
======================
setting interface
Code:/interface set 0 name=public
/interface set 1 name=lan
/interface set 2 name=proxy======================
setting ip address
code:/ip address
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=public comment="" disabled=no
add address=192.168.10.15/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="" disabled=no
add address=192.168.12.15/24 network=192.168.12.0 broadcast=192.168.12.255 interface=proxy comment="" disabled=no=======================
setting route:
Code:/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 comment="" disabled=no
=======================
setting dns:
Code:/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=10.17.3.245,10.17.3.252 (dns fren)
/ip dns static add name="192.168.3.1" address=192.168.3.1 ttl=1d
========================
setting nat:
Code:/ip firewall nat
add chain=srcnat action=masquerade out-interface=public
add chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (Bila menggunakan web proxy internal)
add chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan dst-port=80 (proxy external)
add chain=srcnat action=masquerade out-interface=proxy (agar bisa buka pfsense/putty/winscp diclient)/ip firewall nat print
0 chain=srcnat action=masquerade out-interface=public
1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.10.0/24 in-interface=lan
dst-port=802 chain=dstnat action=dst-nat to-addresses=192.168.12.1 to-ports=3128 protocol=tcp
src-address=192.168.10.0/24 in-interface=lan dst-port=803 chain=srcnat action=masquerade out-interface=proxy
========================
setting manggle:
Code:/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no comment="" disabled=no/ip firewall mangle print
0 chain=forward action=mark-connection new-connection-mark=squid_con passthrough=yes content=X-Cache: HIT
1 chain=forward action=mark-packet new-packet-mark=squid_pkt passthrough=no connection-mark=squid_con
2 chain=forward action=mark-connection new-connection-mark=all_con passthrough=yes
connection-mark=!squid_con3 chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp src-port=80
connection-mark=all_con4 chain=forward action=mark-packet new-packet-mark=icmp_pkt passthrough=no protocol=icmp
connection-mark=all_con5 chain=forward action=mark-packet new-packet-mark=top_pkt passthrough=no protocol=tcp dst-port=1973
connection-mark=all_con6 chain=forward action=mark-packet new-packet-mark=test_pkt passthrough=no connection-mark=all_con
=======================
setting queue :/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small disabled=no
add name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=top_pkt direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.12.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-small/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small disabled=no
add name="another_port" target-addresses=192.168.10.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small disabled=no/queue simple print
0 name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=squid_pkt direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small1 name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none
direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=35k/256k burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default-small2 name="game_tales_of_pirate" dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=top_pkt direction=both priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small3 name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=icmp_pkt direction=both priority=2
queue=default-small/default-small limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-smallUntuk Om Juragan Kambeeng
Settingan Pfsense nya semua standar non DHCP tanpa firewall termasuk luscanya standar port 3128.. semua berjalan dengan normal..pada wan dhcp dr modem gatway dari modem..
Salam PFI
Pemahaman sy begini kedua wan dr sisi mikocok dan pfsense mendapat dhcp dr modem, ini klo tdk salah ;D
mohon dijelaskan om tujuan di bikin kedua wan sejajar seperti diatasThx
Salam PFSI