Membuat transparant PROXY di mikrotik
pertama saya asumsikan ip server 10.10.10.1 di ether11
buat mangle dulu
/ip firewall mangle add chain=prerouting dscp=12 action=mark packet new-packet-mark=ProxyHit
buat nat transparent
utk proxynya
/ip firewall nat
add chain=dstnat protocol=udp dst-port=53 in-interface=ether11-serverku action=dst-nat to-ports=53 comment=TRANSPARENT-DNS-UDP-PROXY
ke arah lokalnya
/ip firewall nat
add chain=dstnat src-address=!10.10.10.1 protocol=tcp dst-port=80 in-interface=ether3 action=dst-nat to-addresses=10.10.10.1 to-ports=3128 comment="PROXY-LOKAL"
add chain=dstnat protocol=udp dst-port=53 in-interface=ether3 action=dst-nat to-ports=53 comment=TRANSPARENT-UDP-LOKAL
add chain=dstnat protocol=tcp dst-port=53 in-interface=ether3 action=dst-nat to-ports=53 comment=TRANSPARENT-TCP-LOKAL
utk queu nya
/queue type add name="PROXY DOWN" kind=pcq
/queue tree add name="2.PROXY HIT LOCAL" parent=ether3 packet-mark=ProxyHit queue="PROXY DOWN" priority=1 max-limit=100M
buat otomatis jika proxy mati masih bisa internetan
buka di tool netwatch
tambah kan isi host 10.10.10.1 interval=00.00.05 timeout=1000
isi up=
/ip firewall nat enable [find comment=TRANSPARENT-UDP-LOKAL]
/ip firewall nat enable [find comment=TRANSPARENT-TCP-LOKAL]
/ip firewall filter enable [find comment=proxy]
/ip firewall nat enable [find comment=PROXY-LOKAL]
isi down
/ip firewall nat disable [find comment=TRANSPARENT-UDP-LOKAL]
/ip firewall nat disable [find comment=TRANSPARENT-TCP-LOKAL]
/ip firewall filter disable [find comment=proxy]
/ip firewall nat disable [find comment=PROXY-LOKAL]
0 Response to "Membuat transparant PROXY di mikrotik"
Post a Comment
Ilmu ibarat sempax, kita harus menggunakannya, tapi tak perlu memamerkannya..".Tolong klik iklan dong..biar blog nya tetep eksis..Thxs "