Anda di halaman 1dari 5

Topologi Proxy (ZPH enabled) + Mikrotik

Teknologi ZPH di squid memang sangat membantu kinerja Proxy, apalagi jika dikawinkan
dengan Mikrotik. Muaantaaappp kalleeee
Hanya saja, semua tergantung topologi internet-nya.

Kalau topologi biasa, yang menggunakan satu ethernet di proxy, kurang mantap. Tapi, dengan
topologi 2 ethernet dan bukan bridge, jadi bikin mantap.
Client memang di limit 128Kbps, tapi brosing-nya, enceeerrrr kek sungai deli waktu lagi
banjir. Delay Pools malah gak ada artinya
Kalau warnet menggunakan RB-750. Dengan 5 Port yang ada, yang terpakai jadinya 4 Port.
Ether1-ISP, Ether2-ProxyIN, Ether3-ProxyOut, Ether4-LAN.
Kalau setting ZPH di Squid-nya, aku gak perlu bahas lagi lah, banyak yang sudah bahas,
nanti dibilang aku tukang copy paste pulak lagi, hahahah
Setting Squid, malah standard. gak perlu banyak bikin refresh segala macam, cukup dengan
mengaktifkan ZPH, lalu transparent proxy, lalu ip yang di allowkan untuk mengakses proxy,
Besar cache_dir, maximum cache size, average cache size, cache_mem. Itu saja.
Untuk penghitungan cache_dir, aku juga gak bahas, dah banyak yang tulis di blog.

Lalu, di mikrotik, aku lebih banyak pakai queue tree. Kalau pake queue simple sih terserah,
mangle untuk cache hit juga seperti yang telah dibahas banyak orang. Lalu per client di
mangle, lalu di queue tree di limit 128kbps dengan satu parent utama. Sedangkan queue tree
untuk proxy, parentnya langsung global-out.
Nah, di Mikrotik seperti yang kuketik di atas tadi, ada 4 Port yang di pakai. Contoh IP
Ether1-ISP=192.168.2.2/24
Ether2-ProxyIN=192.168.14.1/30
Ether3-ProxyOut=192.168.15.1/30
Ether4-LAN=192.168.150.1/28
DNS- mengiktui DNS ISP
Di Squid Proxy:
Ether1 = 192.168.14.2/30
Ether2= 192.168.15.2/30
Gateway=192.168.15.1
DNS- mengikuti DNS ISP.
Lalu yang di-masquerade adalah 192.168.15.0/30.
Pasti ada yang bingung kan.
Kenapa IP LAN range-nya 192.168.150.0/28, sementara IP Proxy 192.168.14.2/30 dan
192.168.15.2/30.
Nah aku pasti jawab, tapi aku mo lihat, seberapa banyak orang yang tertarik membaca blogku ini. Aku sengaja gak jelaskan. Send me a message
Aku hanya tampilkan gambar aja untuk queue tree-nya
(Setelah sekian lama gak ku tulis, ini lah jamunya)
[admin@MikroTik] /ip route rule print
Flags: X disabled, I inactive
0 src-address=192.168.150.0/28 action=lookup table=warnet
[admin@MikroTik] /ip route print detail
Flags: X disabled, A active, D dynamic, C connect, S static, r rip, b bgp, o
ospf, m mme,
B blackhole, U unreachable, P prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.14.2 gateway-status=192.168.14.2 reachable
ether2 distance=1 scope=30 target-scope=10
routing-mark=warnet
1 A S dst-address=0.0.0.0/0 gateway=192.168.2.1 gateway-status=192.168.2.1 reachable
ether1 distance=1 scope=30 target-scope=10
[admin@MikroTik] /ip firewall nat print
Flags: X disabled, I invalid, D dynamic
0 chain=srcnat action=masquerade src-address=192.168.15.0/30
[admin@MikroTik] /ip firewall mangle print
Flags: X disabled, I invalid, D dynamic
0 ;;; Proxy HIT
chain=postrouting action=mark-connection new-connection-mark=capt_proxy
passthrough=yes dscp=12
1 chain=postrouting action=mark-connection new-connection-mark=capt_proxy
passthrough=yes content=X-Cache: HIT

2 chain=postrouting action=mark-packet new-packet-mark=proxy passthrough=no


connection-mark=capt_proxy
3 ;;; Cabal
chain=postrouting action=mark-connection new-connection-mark=capt_cabal
passthrough=yes protocol=tcp dst-address-list=cabal
dst-port=38111-38114,38121-38122,63112
4 chain=postrouting action=mark-packet new-packet-mark=cabal passthrough=no
connection-mark=capt_cabal
5 chain=forward action=mark-packet new-packet-mark=spesial passthrough=no srcaddress=192.168.150.0/24 dst-address-list=spesial
6 ;;; Bilyard
chain=postrouting action=mark-connection new-connection-mark=capt_fbbilyard
passthrough=yes protocol=tcp
dst-address=209.20.80.24 dst-port=2003,2015
7 chain=postrouting action=mark-packet new-packet-mark=bilyard passthrough=no
connection-mark=capt_fbbilyard
8 ;;; Atlantica
chain=postrouting action=mark-connection new-connection-mark=capt_atlantica
passthrough=yes protocol=tcp
dst-address-list=gemscool dst-port=4300
9 chain=postrouting action=mark-packet new-packet-mark=atlantica passthrough=no
connection-mark=capt_atlantica
10 ;;; PointBlank
chain=postrouting action=mark-connection new-connection-mark=capt_pb passthrough=yes
protocol=tcp dst-address-list=gemscool
dst-port=39100,39110,39120,39190,49100
11 chain=postrouting action=mark-connection new-connection-mark=capt_pb
passthrough=yes protocol=udp dst-address-list=gemscool
dst-port=40000-40009
12 chain=postrouting action=mark-packet new-packet-mark=pb passthrough=no connectionmark=capt_pb
13 ;;; Poker
chain=postrouting action=mark-connection new-connection-mark=capt_poker
passthrough=yes protocol=tcp
dst-address=74.114.14.0/24 dst-port=843,9339
14 chain=postrouting action=mark-packet new-packet-mark=poker passthrough=no
connection-mark=capt_poker
15 ;;; FreeStyle
chain=postrouting action=mark-connection new-connection-mark=capt_freestyle
passthrough=yes protocol=tcp
dst-address-list=gemscool dst-port=10010-10012
16 chain=postrouting action=mark-connection new-connection-mark=capt_freestyle
passthrough=yes protocol=udp
dst-address-list=gemscool dst-port=10010-10012
17 chain=postrouting action=mark-packet new-packet-mark=freestyle passthrough=no
connection-mark=capt_freestyle
18 ;;; Warnet
chain=forward action=mark-packet new-packet-mark=dn_warnet passthrough=no dstaddress=192.168.150.0/28

[admin@MikroTik] > queue tree print


Flags: X disabled, I invalid
0 name=warnet parent=service packet-mark=dn_warnet limit-at=0 queue=pcq600k
priority=8 max-limit=400k burst-limit=0 burst-threshold=0 burst-time=0s
1 name=proxy parent=global-out packet-mark=proxy limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
2 name=poker parent=game packet-mark=poker limit-at=0 queue=default priority=1 maxlimit=0 burst-limit=0 burst-threshold=0 burst-time=0s
3 name=service parent=global-out limit-at=0 priority=8 max-limit=2M burst-limit=0 burstthreshold=0 burst-time=0s
4 name=game parent=service limit-at=0 priority=8 max-limit=0 burst-limit=0 burstthreshold=0 burst-time=0s
5 name=pointblank parent=game packet-mark=pb limit-at=0 queue=default priority=1
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
6 name=freestyle parent=game packet-mark=freestyle limit-at=300k queue=default
priority=8 max-limit=500k burst-limit=0 burst-threshold=0 burst-time=0s
7 name=cabal parent=game packet-mark=cabal limit-at=0 queue=default priority=1 maxlimit=0 burst-limit=0 burst-threshold=0 burst-time=0s
8 name=bilyard parent=game packet-mark=bilyard limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
9 name=atlantica parent=game packet-mark=atlantica limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
10 name=winbox parent=global-out limit-at=0 queue=default priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s

Dari gambar di atas terlihat bahwa, untuk traffik selain game yang diberi nama warnet
dibatasi 400kb saja. Dan dibagian queue-types dilimit 400kbps pcq.
Sementara Proxy HIT terpisah dari traffik yang lain karena Cache HIT dibuat tidak dibatasi.
Di Proxy (Debian),
root@cache:~# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp 192.168.150.0/28 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)

target prot opt source destination


MASQUERADE all 192.168.150.0/28 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@cache:~#
di squid.
yang dikerjakan hanya beberapa baris ini
#untuk diterima di mangle mikrotik
zph_mode tos
zph_local 030
zph_parent 0
zph_option 136
#standar proxy
http_port 3128 transparent
acl localnet src 192.168.150.0/28
http_access allow localnet
Topologi ini udah banyak aku bikin di pelanggan warnet kami. Dan sudah menjadi standar
dari ISP kami.
Sudah aku coba pakai ClearOS, tapi karena ZPH gak ada, jadinya gak maksimal. Aku cobacoba upgrade sendiri squid-nya, tapi ilmu linux ku masih kurang :-D. Gatotlah (gagal total)
OS linux yang kupakai Debian 5 atau pun semua distro linux yang squid-nya udah support
ZPH.