Wednesday 6 January 2016

Mikrotik Warnet (Game + Browsing) Line speedy 1 + squid


Skema Jaringan
 Internet -- Modem -- Mikrotik -- Client -- Squid

IP Address
192.168.1.1/24 (ether1-local) (Mikrotik)
192.168.4.254/24 (ether3-Proxy) (Ubuntu)
192.168.2.1/24 (ether5-Out) (Modem)
xx.xx.xx.xx/xx (pppoe client) (Speedy) (Add Default Route)


NAT
Code:
add chain=srcnat action=masquerade out-interface=ether5-Out comment="Masquerade" add chain=srcnat action=masquerade out-interface=Speedy
add chain=dstnat action=redirect to-ports=53 protocol=tcp in-interface=ether1-local dst-port=53 \ comment="Transparent DNS"
add chain=dstnat action=redirect to-ports=53 protocol=udp in-interface=ether1-local dst-port=53
add chain=dstnat action=redirect to-ports=53 protocol=tcp in-interface=ether3-Proxy dst-port=53
add chain=dstnat action=redirect to-ports=53 protocol=udp in-interface=ether3-Proxy dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=3128 protocol=tcp \ src-address-list="Squid Allowed" dst-address-list=!ProxyBypass in-interface=ether1-local dst-port=80 \ comment="Transparent Proxy"
add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=22 protocol=tcp in-interface=Speedy \ dst-port=2222 comment="Redirect"
add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=80 protocol=tcp in-interface=Speedy \ dst-port=81
add chain=dstnat action=dst-nat to-addresses=192.168.2.1 to-ports=80 protocol=tcp in-interface=Speedy \ dst-port=8081

IP Address List
Squid Allowed = 192.168.1.0/24
ProxyBypass = 68.71.46.227 (Rohan XOR)

Layer 7
# NAME REGEXP
0 Video http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
1 Cache HIT http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(x-cache: hit)


MANGLE 
Code: 
add chain=postrouting action=mark-connection new-connection-mark=con-HIT passthrough=yes \
protocol=tcp out-interface=ether1-local src-port=3128 dscp=12 comment="Proxy Loss"
add chain=postrouting action=mark-connection new-connection-mark=con-HIT passthrough=yes \
protocol=tcp layer7-protocol=Cache HIT out-interface=ether1-local src-port=3128 
add chain=prerouting action=mark-packet new-packet-mark=HIT passthrough=no connection-mark=con-HIT 

add chain=prerouting action=mark-connection new-connection-mark=con-bypass passthrough=yes \
protocol=tcp dst-port=445,22,139,4899,554,8291 comment="Bypass"
add chain=prerouting action=mark-connection new-connection-mark=con-bypass passthrough=yes \
protocol=udp dst-port=53,123 
add chain=prerouting action=mark-packet new-packet-mark=bypass passthrough=no connection-mark=con-bypass 

add chain=prerouting action=jump jump-target=Warnet in-interface=ether1-local \
connection-mark=!con-facebook comment="Warnet"
add chain=Warnet action=mark-connection new-connection-mark=con-user passthrough=yes \
protocol=!icmp in-interface=ether1-local connection-mark=!con-streaming 

add chain=postrouting action=mark-connection new-connection-mark=con-streaming passthrough=yes \
layer7-protocol=Video out-interface=ether1-local comment="Streaming"

add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Game"
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=47611,16666,20000,5105,29000,18901-18909,9015 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=udp in-interface=ether1-local src-port=27005,27015 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=udp in-interface=ether1-local dst-port=27005-27020,13055,7800-7900,12060-12070 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=udp in-interface=ether1-local dst-port=8005-8010,9068,1293,1479,9401,9600,30000 
add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
protocol=udp in-interface=ether1-local dst-port=14009-14030,42051-42052,40000-40050,13000-13080 

add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=static.ak.connect.facebook.com comment="Facebook"
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=80,443 connection-mark=!con-fb.game content=.twitter.com 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp dst-address-list=bypass in-interface=ether1-local dst-port=80,443 connection-mark=!con-fb.game content=.facebook.com 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=pixel.facebook.com 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=static.ak.facebook.com 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=.static.ak.fbcdn.net 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=creative.ak.fbcdn.net 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=connect.facebook.net 
add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=.channel.facebook.com 

addchain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local dst-port=9339,843,8890,4000,5050,7020-7030 comment="FacebookGames"
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=apps.facebook.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.ninjasaga.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.castle.zgncdn.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.static.zynga.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.static.zgncdn.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.empire.zynga.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.poker.zynga.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.castle.zynga.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.farmville.com 
add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
protocol=tcp in-interface=ether1-local content=.farmville.zgncdn.com 

add chain=prerouting action=mark-packet new-packet-mark=user passthrough=no packet-mark=!HIT \
connection-mark=con-user comment="Mark Packet"
add chain=prerouting action=mark-packet new-packet-mark=streaming passthrough=no packet-mark=!HIT \
connection-mark=con-streaming 
add chain=prerouting action=mark-packet new-packet-mark=game passthrough=no packet-mark=!HIT \
connection-mark=con-game 
add chain=prerouting action=mark-packet new-packet-mark=facebook passthrough=no packet-mark=!HIT \
connection-mark=con-facebook 
add chain=prerouting action=mark-packet new-packet-mark=fb-game passthrough=no packet-mark=!HIT \
connection-mark=con-fb.game

add chain=forward action=mark-connection new-connection-mark=con-proxy passthrough=yes \
in-interface=ether3-Proxy out-interface=Speedy comment="Proxy Inet Connection"
add chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no connection-mark=con-proxy
Queue - Queue Type Code: 
name="up-htb" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0 
   pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
   pcq-dst-address6-mask=128 

   name="down-htb" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 
   pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
   pcq-dst-address6-mask=128 

   name="up-64k" kind=pcq pcq-rate=64k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0 
   pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
   pcq-dst-address6-mask=128 

   name="down-300k" kind=pcq pcq-rate=300k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 
   pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
   pcq-dst-address6-mask=128
- Queue Tree Code: 
 name="Download" parent=global-out limit-at=0 priority=8 max-limit=2048k burst-limit=0 burst-threshold=0 burst-time=0s 

name="DownUser" parent=Download limit-at=750k priority=2 max-limit=1500k burst-limit=1600k burst-threshold=750k burst-time=10s
name="Facebook" parent=DownUser packet-mark=facebook limit-at=250k queue=down-htb priority=3 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s name="FacebookGames" parent=DownUser packet-mark=fb-game limit-at=250k queue=down-htb priority=4 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s name="User" parent=DownUser packet-mark=user limit-at=750k queue=down-300k priority=5 max-limit=1200k burst-limit=0 burst-threshold=0 burst-time=0s name="Streaming" parent=DownUser packet-mark=streaming limit-at=250k queue=down-htb priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
name="DownGames" parent=Download packet-mark=game limit-at=512k queue=down-htb priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s

name="Upload" parent=Speedy limit-at=0 priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s 

name="UpUser" parent=Upload limit-at=150k priority=2 max-limit=350k burst-limit=0 burst-threshold=0 burst-time=0s
name="UpFacebook" parent=UpUser packet-mark=facebook limit-at=75k queue=up-htb priority=3 max-limit=100k burst-limit=0 burst-threshold=0 burst-time=0s name="UpFacebookGames" parent=UpUser packet-mark=fb-game limit-at=75k queue=up-htb priority=4 max-limit=126k burst-limit=0 burst-threshold=0 burst-time=0s name="UserUp" parent=UpUser packet-mark=user limit-at=150k queue=up-64k priority=5 max-limit=200k burst-limit=0 burst-threshold=0 burst-time=0s
name="UpGames" parent=Upload packet-mark=game limit-at=150k queue=up-htb priority=1 max-limit=350k burst-limit=0 burst-threshold=0 burst-time=0s

name="ProxyHit" parent=global-out packet-mark=HIT limit-at=100M queue=default priority=8 max-limit=100M burst-limit=0 burst-threshold=0 burst-time=0s 

name="ProxyDown" parent=ether3-Proxy packet-mark=proxy limit-at=750k queue=default priority=8 max-limit=1500k burst-limit=1600k burst-threshold=750k burst-time=10s 

name="ProxyUp" parent=Upload packet-mark=proxy limit-at=150k queue=up-htb priority=1 max-limit=250k burst-limit=0 burst-threshold=0 burst-time=0s 

name="Bypass" parent=global-out packet-mark=bypass limit-at=100M queue=default priority=8 max-limit=100M burst-limit=0 burst-threshold=0 burst-time=0s

System Script

- SquidDown
/ip fi na dis num=6

- SquidUp
/ip fi na ena num=6

Tool Netwatch

Host : 192.168.4.254
Interval : 00:00:10
Timeout : 25
Up : SquidUp
Down : SquidDown

Diposkan oleh di
Label: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)