In Part 2, we will discuss the configuration of Mikrotik and Ubuntu. First you have to install
1.Putty: For Ubuntu remotely with SSH
2. WinSCP: To remotely and edit scripts
3. Winbox: to remotely Mikrotik.
After the remoter 3 software is installed follow the steps as follows:
Remote your Mikrotik and setting:
IP firewall mangle:
0;;; PROXY-HIT
chain = prerouting action = mark-packet new-packet-mark = proxy-hit passthrough = no dscp = 12
1;;; http-conn
chain = prerouting action = mark-connection new-connection-mark = http_conn passthrough = no protocol = tcp src-address = 192.168.1.0/24 in-interface = ether2
2 chain = prerouting action = mark-packet new-packet-mark = http_conn passthrough = no connection-mark = http_conn
3;;; https-conn
chain = prerouting action = mark-connection new-connection-mark = https-conn passthrough = yes connection-state = new
protocol = tcp dst-port = 443
4 chain = prerouting action = mark-routing new-routing-mark = https passthrough = no connection-mark = https-conn
5;;; DNS
chain = prerouting action = mark-connection new-connection-mark = DNS passthrough = yes protocol = udp dst-port = 53
6 chain = prerouting action = mark-connection new-connection-mark = DNS passthrough = yes protocol = udp dst-port = 53
7 chain = prerouting action = change-dscp new-dscp = 12 connection-mark = DNS
8;;; DNS Package
chain = prerouting action = mark-packet new-packet-mark = DNS_PACKET passthrough = no connection-mark = DNS
9 chain = prerouting action = mark-packet new-packet-mark = DNS_PACKET passthrough = yes
10;;; YM-Conn
chain = forward action = mark-connection new-connection-mark = YM passthrough = no protocol = tcp dst-port = 5050,5100,5051
11 chain = prerouting action = mark-connection new-connection-mark = YM passthrough = yes connection-mark = YM
12;;; Winbox
chain = input action = mark-connection new-connection-mark = Winbox passthrough = no protocol = tcp dst-port = 8291
13;;; CHANGE MMS
chain = forward action = change-mss new-mss = 1440 tcp-flags = syn protocol = tcp in-interface = ether1-gateway
tcp-mss = 1441-65535
FIREWALL IP ADDRESS-LIST:
0;;; localnet
Localnet 192.168.1.0/24 -> local network IP customize to your local IP
1;;; PROXY
ProxyNet 192.168.11.0/24 -> Proxy IP network
Queue TYPE:
0 name = "default" kind = pfifo pfifo-limit = 50
1 name = "ethernet-default" kind = pfifo pfifo-limit = 50
2 name = "wireless-default" kind = SFQ SFQ SFQ-perturb = 5-Allot = 1514
3 name = "synchronous-default" kind = red red-limit = 60 red-min-threshold = 10
red-max-threshold = 50 red-burst = 20 red-avg-packet = 1000
4 name = "hotspot-default" kind = SFQ SFQ SFQ-perturb = 5-Allot = 1514
5 name = "pcq-downsteam" kind = pcq pcq-rate = 0 pcq-limit = 50
pcq-classifier = dst-address pcq-total-limit = 20000
6 name = "pcq upstream" kind = pcq pcq-rate = 0 pcq-limit = 50
pcq-classifier = src-address pcq-total-limit = 20000
7 name = "PING" kind = pfifo pfifo-limit = 64
8 name = "game_up" kind = pcq pcq-rate = 0 pcq-limit = 20
pcq-classifier = dst-address, dst-port pcq-total-limit = 500
9 name = "game_dw" kind = pcq pcq-rate = 0 pcq-limit = 20
Queue Tree:
0 name = "TURBO-PROXY" parent = global-out packet-mark = proxy-hit limit-at = 0
queue = pcq downsteam-priority = 5 max-limit = 0 burst-limit = 0
burst-threshold = 0 burst-time = 0s
1 name = "DNS-UP" parent = global-in packet-mark = DNS_PACKET limit-at = 0
queue = pcq upstream-priority = 5 max-limit = 0 burst-limit = 0
burst-threshold = 0 burst-time = 0s
Queue SIMPLE:
0 name = "traffict shapping" dst-address = 0.0.0.0 / 0 interface = all parent = none
packet-marks = packet-intl direction = both priority = 1
queue = upstream-pcq/downsteam-pcq limit-at = 0/0 max-limit = 0/0
burst-limit = 0/0 burst-threshold = 0/0 burst-time = 5s/5s
total-queue = ethernet-default time = 0s-1d, sun, mon, tue, wed, thu, fri, sat
1 name = "BW-MANAGEMENT" target-addresses = YOUR LOCAL IP dst-address = 0.0.0.0 / 0
interface = all parent = packet = traffict shapping DNS_PACKET direction = both
priority = 1 queue = upstream-pcq/downsteam-pcq limit-at = 0/0
max-limit = 5M/5M burst-limit = 5M/5M burst-threshold = 5M/5M
burst-time = 5s/5s total-queue = default
NOTE: After successfully setting your desired allocation of bandwidth per client / per client IP address with a parent BW-MANAGEMENT
FIREWALL NAT IP:
0;;; PROXY HIT
dstnat chain = action = dst-nat to-addresses = 192.168.11.11 to-ports = 3128 protocol = tcp src-address =! 192.168.11.11
src-address-list = localnet dst-address-list =! ProxyNet dst-port = 80,8080,3128
connection-mark = http-conn
1;;; Added by webbox
srcnat chain = action = masquerade out-interface = ether1-gateway
2;;; Proxy Out (Can you disable also)
srcnat chain = action = src-nat to-addresses = YOUR INTERNET IP / IP PUBLIC eg 125 124 123 122
src-address = YOUR LOCAL IP eg 192.168.1.254 (IP NOT NETWORK)
4 chain = dstnat action = dst-nat to-ports = 53 protocol = udp dst-port = 53
5;;; SSH
dstnat chain = action = dst-nat to-addresses = 192.168.11.11 to-ports = 22
protocol = tcp dst-address = IP YOUR INTERNET / PUBLIC IP dst-port = 22.10000
Up here the proxy settings are finished, but the client can not browse, the next step is ubuntu remotely with putty and winscp:
OK, the first part of your suda update modules. The author does not discuss the back, because you've managed mengisntallasi considered. Furthermore, remote Ubuntu with putty, putty open, enter the hostname / ip addressnya 192.168.11.11 (ip ubuntu) or your public ip can log on as root and enter his password, then we compile the Ubuntu kernel. Copy the following srcript way smua script block, then right click on the console Ubuntu, it will automatically run.
you can grab here ; compile kernel
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-http-gzip --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536
you open it and copy and paste it by right clicking on ubuntu and press enter, wait a while compiling process if finished.,
the next step
# make
# sudo make install
then your remote Ubuntu with WinSCP, find the folder / ect / squid
first you download the settings menu download squid in this blog or click download and read carefully studying the placement of files and konfiugrasi squid.conf
Edit squid.conf
Stop first squid
# sudo /etc/init.d/squid stop
copy the configuration file that you downloaded in this blog downlod menu, place it on its directory. Do not misplaced:
drag and drop file squid in /etc/init.d/
drag and drop file sysctl.conf in /etc/
drag and drop file squid.conf, storeurl.pl and squid.conf.pl in /etc/squid
next:
# sudo chmod +x /etc/init.d/squid
# Give permissions to the cache folder
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
• # Creating swap folders / cache in the cache folder specified dg command:
squid -f /etc/squid/squid.conf -z
• Restart squid.
/etc/init.d/squid restart
then you try browsing from the client.
the way the command: # tail -f /var/log/squid/access.log (enter)
# tail -f /var/log/squid/access.log | ccze (enter)
# tail -f /var/log/squid/access.log | grep HIT
if aksess of clients seen in Ubuntu means that the proxy is already well underway.