Basic configuration :
/ip address
add address=192.168.1.10/24 broadcast=192.168.1.255 comment="" disabled=no interface=ether1-isp1 network=192.168.1.0
add address=10.10.10.10/24 broadcast=10.10.10.255 comment="" disabled=no interface=ether2-lan network=10.10.10.0
add address=11.11.11.1/24 broadcast=11.11.11.255 comment="" disabled=no interface=ether3-Proxy network=11.11.11.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=ether5-isp2 network=192.168.2.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping comment="Default 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping comment="Default 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
/ip firewall address-list
add address=10.10.10.0/24 comment="" disabled=no list=lokalnet
add address=11.11.11.0/24 comment="" disabled=no list=proxynet
/ip dns
set allow-remote-requests=yes cache-size=2048KiB max-udp-packet-size=4096 servers=8.8.8.8 8.8.4.4
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-isp1 comment="ISP1"
add chain=srcnat action=masquerade out-interface=ether5-isp2 comment="ISP2"
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether2-lan dst-port=53 comment="TRANSPARENT DNS"
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether2-lan dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether3-Proxy dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether3-Proxy dst-port=53
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=11.11.11.2 to-ports=3128 protocol=tcp dst-address-list=!proxynet in-interface=ether2-lan \
dst-port=80,8080 comment="PROXY"
Load Balance :
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no protocol=!icmp dscp=12 comment="hit"
/ip firewall mangle
add chain=input action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=new in-interface=ether1-isp1 comment="isp1_conn"
add chain=input action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=new in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=established \
in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=established \
in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=related in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=related in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=output action=mark-routing new-routing-mark=isp1 passthrough=no connection-mark=isp1_conn comment="isp1"
add chain=output action=mark-routing new-routing-mark=isp2 passthrough=no connection-mark=isp2_conn comment="isp1"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=isp1 passthrough=yes connection-mark=proxy_isp1 comment="mark routing isp1"
add chain=prerouting action=mark-routing new-routing-mark=isp2 passthrough=yes connection-mark=proxy_isp2 comment="mark routing isp2"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=iix passthrough=yes protocol=!icmp dst-address-list=nice comment"iix"
add chain=prerouting action=mark-packet new-packet-mark=iix passthrough=no connection-mark=iix
add chain=prerouting action=mark-connection new-connection-mark=int passthrough=yes protocol=!icmp dst-address-list=!nice comment="int"
add chain=prerouting action=mark-packet new-packet-mark=int passthrough=no connection-mark=int
Done. All traffic from http-proxy interface will be divided evenly in and out of each interface on the gateway. Furthermore, making the download and upload limit.
INFO SERVICE PROXY SETTING AND MIKROTIK 089637490907 / fathayu@gmail.com / fathayu@yahoo.co.id
/ip address
add address=192.168.1.10/24 broadcast=192.168.1.255 comment="" disabled=no interface=ether1-isp1 network=192.168.1.0
add address=10.10.10.10/24 broadcast=10.10.10.255 comment="" disabled=no interface=ether2-lan network=10.10.10.0
add address=11.11.11.1/24 broadcast=11.11.11.255 comment="" disabled=no interface=ether3-Proxy network=11.11.11.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=ether5-isp2 network=192.168.2.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping comment="Default 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping comment="Default 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
/ip firewall address-list
add address=10.10.10.0/24 comment="" disabled=no list=lokalnet
add address=11.11.11.0/24 comment="" disabled=no list=proxynet
/ip dns
set allow-remote-requests=yes cache-size=2048KiB max-udp-packet-size=4096 servers=8.8.8.8 8.8.4.4
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-isp1 comment="ISP1"
add chain=srcnat action=masquerade out-interface=ether5-isp2 comment="ISP2"
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether2-lan dst-port=53 comment="TRANSPARENT DNS"
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether2-lan dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether3-Proxy dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether3-Proxy dst-port=53
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=11.11.11.2 to-ports=3128 protocol=tcp dst-address-list=!proxynet in-interface=ether2-lan \
dst-port=80,8080 comment="PROXY"
Load Balance :
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no protocol=!icmp dscp=12 comment="hit"
/ip firewall mangle
add chain=input action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=new in-interface=ether1-isp1 comment="isp1_conn"
add chain=input action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=new in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=established \
in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=established \
in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=related in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=related in-interface=ether5-isp2 comment="isp2_conn"
/ip firewall mangle
add chain=output action=mark-routing new-routing-mark=isp1 passthrough=no connection-mark=isp1_conn comment="isp1"
add chain=output action=mark-routing new-routing-mark=isp2 passthrough=no connection-mark=isp2_conn comment="isp1"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=isp1 passthrough=yes connection-mark=proxy_isp1 comment="mark routing isp1"
add chain=prerouting action=mark-routing new-routing-mark=isp2 passthrough=yes connection-mark=proxy_isp2 comment="mark routing isp2"
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=iix passthrough=yes protocol=!icmp dst-address-list=nice comment"iix"
add chain=prerouting action=mark-packet new-packet-mark=iix passthrough=no connection-mark=iix
add chain=prerouting action=mark-connection new-connection-mark=int passthrough=yes protocol=!icmp dst-address-list=!nice comment="int"
add chain=prerouting action=mark-packet new-packet-mark=int passthrough=no connection-mark=int
Done. All traffic from http-proxy interface will be divided evenly in and out of each interface on the gateway. Furthermore, making the download and upload limit.
INFO SERVICE PROXY SETTING AND MIKROTIK 089637490907 / fathayu@gmail.com / fathayu@yahoo.co.id
Tidak ada komentar:
Posting Komentar