8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 1/9

Assalamualaikum Wr.Wb

Setelah sekian lama absen, gw coba bikin tutorial ke 2 gw mudah2 an ga repost ya gan

yg pasti dah dapet izin sama penunggu forum ini gan . Sesuai judul nya, Load balancing PCC + Proxy EXternal + Autmatic By pass Proxy Jika Down. Loadbalancing

Versi gw ini hasil modifikasi dari berbagai sumber. jadi kalau ada kesamaan mangle dannat mohon di maklumi ya. Bagi yg udah paham mohon masukannya bagi yg mau coba

mohon review nya, karena tanpa kalian LB PCC ini ga akan tau kelemahan dan

kelebihannya. OK . Kuliah subuhnya sampe sini sekarang kita mulai acaranya berikutnya

Manifest IP :

Manifest Device :

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 2/9

Berangkattttt

Yang Namanya Loadbalancing kayanya ga mungkin bisa ga ada mangle Rule di sini

sakral.Wajib Hukumnya jadi ga boleh di tinggalkan apalagi di langgar 

Quote:

chain=postrouting action=mark-packet new-packet-mark=HIT passthrough=no

 protocol=tcp dst-port=80,81,8080,3128 dscp=12 comments="Proxy Los"

chain=prerouting action=mark-connection new-connection-mark=PROXY-1 passthrough=yes connection-state=new in-interface=Squid comments="LOAD

BALANCE PROXY PCC"chain=prerouting action=mark-connection new-connection-mark=PROXY-2

 passthrough=yes connection-state=new in-interface=Squid

chain=prerouting action=mark-connection new-connection-mark=PROXY-3 passthrough=yes connection-state=new in-interface=Squid

chain=prerouting action=mark-connection new-connection-mark=PROXY-1

 passthrough=yes in-interface=Squid connection-mark=PROXY-1chain=prerouting action=mark-connection new-connection-mark=PROXY-2

 passthrough=yes in-interface=Squid connection-mark=PROXY-2

chain=prerouting action=mark-connection new-connection-mark=PROXY-3 passthrough=yes in-interface=Squid connection-mark=PROXY-3

chain=prerouting action=mark-connection new-connection-mark=PROXY-1

 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Squid dst-

 port=80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/0chain=prerouting action=mark-connection new-connection-mark=PROXY-2

 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Squid dst-

 port=80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/1

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 3/9

chain=prerouting action=mark-connection new-connection-mark=PROXY-3 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Squid dst-

 port=80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/2

chain=prerouting action=mark-routing new-routing-mark=Route-Proxy-1 passthrough=yes in-interface=Squid connection-mark=PROXY-1

chain=prerouting action=mark-routing new-routing-mark=Route-Proxy-1 passthrough=yes in-interface=Squid connection-mark=PROXY-2chain=prerouting action=mark-routing new-routing-mark=Route-Proxy-2

 passthrough=yes in-interface=Squid connection-mark=PROXY-3

chain=input action=mark-connection new-connection-mark=ADSL-1 passthrough=yesconnection-state=new in-interface=Lokal comments="LOAD BALANCE LOKAL"

chain=input action=mark-connection new-connection-mark=ADSL-2 passthrough=yes

connection-state=new in-interface=Lokalchain=input action=mark-connection new-connection-mark=ADSL-3 passthrough=yes

connection-state=new in-interface=Lokal

chain=prerouting action=mark-connection new-connection-mark=ADSL-1 passthrough=no in-interface=Lokal connection-mark=ADSL-1

chain=prerouting action=mark-connection new-connection-mark=ADSL-2

 passthrough=no in-interface=Lokal connection-mark=ADSL-2chain=prerouting action=mark-connection new-connection-mark=ADSL-3

 passthrough=no in-interface=Lokal connection-mark=ADSL-3

chain=prerouting action=mark-connection new-connection-mark=ADSL-1 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Lokal dst-port=!

80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/0

comments="AUTOMATIC DISABLE IF PROXY DOWN"

chain=prerouting action=mark-connection new-connection-mark=ADSL-2 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Lokal dst-port=!

80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/1chain=prerouting action=mark-connection new-connection-mark=ADSL-3

 passthrough=yes protocol=tcp dst-address-type=!local in-interface=Lokal dst-port=!

80,81,8080,3128 per-connection-classifier=both-addresses-and-ports:3/2

chain=prerouting action=mark-connection new-connection-mark=ADSL-1

 passthrough=yes dst-address-type=!local in-interface=Lokal per-connection-

classifier=both-addresses-and-ports:3/0 comments="AUTOMATIC ENABLE IF PROXYDOWN"

chain=prerouting action=mark-connection new-connection-mark=ADSL-2 passthrough=yes dst-address-type=!local in-interface=Lokal per-connection-classifier=both-addresses-and-ports:3/1

chain=prerouting action=mark-connection new-connection-mark=ADSL-3

 passthrough=yes dst-address-type=!local in-interface=Lokal per-connection-classifier=both-addresses-and-ports:3/2

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 4/9

chain=prerouting action=mark-routing new-routing-mark=jalur-1 passthrough=yes in-interface=Lokal connection-mark=ADSL-1

chain=prerouting action=mark-routing new-routing-mark=jalur-1 passthrough=yes in-

interface=Lokal connection-mark=ADSL-2chain=prerouting action=mark-routing new-routing-mark=jalur-2 passthrough=yes in-

interface=Lokal connection-mark=ADSL-3

chain=prerouting action=mark-connection new-connection-mark=Trafik PB + POKER 

 passthrough=yes protocol=tcp dst-address-list=Poker + PB dst-port=49100

comments="POKER + POINT BLANK"

chain=prerouting action=mark-connection new-connection-mark=Trafik PB + POKER  passthrough=yes protocol=udp dst-address-list=Poker + PB dst-port=40000-40010

chain=prerouting action=mark-connection new-connection-mark=Trafik PB + POKER 

 passthrough=yes protocol=tcp dst-address-list=Poker + PB dst-port=39190chain=prerouting action=mark-packet new-packet-mark=PB + Poker passthrough=yes

connection-mark=Trafik PB + POKER 

chain=prerouting action=mark-routing new-routing-mark=Poker + PB passthrough=no

src-address=192.168.0.2-192.168.0.30 dst-address-list=Poker + PB in-interface=Lokal

connection-mark=Trafik PB + POKER comments="ROUTING POKER + POINTBLANK"

chain=prerouting action=mark-routing new-routing-mark=Poker + PB passthrough=no

src-address=192.168.3.2-192.168.3.16 dst-address-list=Poker + PB in-interface=Lokal

connection-mark=Trafik PB + POKER 

Kalau Khusyu pasti hasilnya juga bener, dapet keq begini

Click this bar to view the small image.

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 5/9

NAT

 NAT atau bahasa ilmiahnya Network Address Translation ini juga sangat penting di

dalam proses Loadbalancing karena Rule ini lah yg mengatur Interface dan IP yg di tuju.

 jadi gw harap jangan sampe lupa NAT

Begini Pasal 8 ayat 5 tahun 2010

Quote:

chain=srcnat action=masquerade out-interface=Telkom comments="NAT LOKAL"

chain=srcnat action=masquerade out-interface=Telkom-1

chain=dstnat action=dst-nat to-addresses=192.168.4.2 to-ports=3128 protocol=tcp src-

address-list=IP Users dst-address-list=!IP Proxy dst-port=80,81,8080,3128

comments=TRANSPARANT SQUID"

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 6/9

chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Lokal dst-port=53

comments="TRANSPARENT DNS"

chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Lokal dst-port=53chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Squid dst-port=53

chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Squid dst-port=53

rule ini khusus bagi yg memakai DNS server di squid

proxy nya.

chain=dstnat action=dst-nat to-addresses=192.168.4.2 to-ports=53 protocol=tcp in-

interface=Squid dst-port=53 comments="TRANSPARENT BIND9"

chain=dstnat action=dst-nat to-addresses=192.168.4.2 to-ports=53 protocol=udp in-interface=Squid dst-port=53

Hasil Foto di tekape

This image has been resized. Click this bar to view the full image. The original image is sized

826x213.

mudah2 an di jalan yg benar ya semua nya

Kalau tahap ini dah lewat berikutnya

ROUTE

 bahasa gampangnya arah tujuan , ya begitulah pokoknya

langsung aja ya

This image has been resized. Click this bar to view the full image. The original image is sized

668x430.

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 7/9

 berikut tambahan buat poker dan point blank karena di mangle sudah ada rule nya jadi

 biar ga tersesat gw tampilin sekalian pelaku nya

keterangan dari pelaku

Quote:

chain=forward action=add-dst-to-address-list protocol=tcp address-list=Poker + PB

address-list-timeout=0s dst-port=843 comments="SCANNER POKER + POINTBLANK"

chain=forward action=add-dst-to-address-list protocol=tcp address-list=Poker + PB

address-list-timeout=0s dst-port=9339

chain=forward action=add-dst-to-address-list protocol=tcp address-list=Poker + PBaddress-list-timeout=0s dst-port=39190

chain=forward action=add-dst-to-address-list protocol=tcp address-list=Poker + PB

address-list-timeout=0s dst-port=49100

chain=forward action=add-dst-to-address-list protocol=udp address-list=Poker + PBaddress-list-timeout=0s dst-port=40000-40010

BAP

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 8/9

lagi nyari scriptnya ya..dah mau kabur aja gw

scrpt ini untuk keadaan di mana proxy external mati/mokat/tewas/wafat yg disebabkan

karena banyak hal*

* kecuali error - contohnya hdd badsector ..pengalaman pribadi

Quote:

;;; MANGLE PROXY

192.168.4.2

add comment="MANGLE PROXY" disabled=no down-script=

\nip fi na en num=3\r\

\nip fi ma en num=22\r\\nip fi ma en num=23\r\

\nip fi ma en num=24\r\

\nip fi ma dis num=19\r\\nip fi ma dis num=20\r\

\nip fi ma dis num=21\r\\nip proxy set enable=yes\r\

\n" host=192.168.4.2 interval=1s timeout=1s up-script="ip fi na en num=2\r\\nip fi na dis num=3\r\

\nip fi ma dis num=22\r\

\nip fi ma dis num=23\r\\nip fi ma dis num=24\r\

\nip fi ma en num=19\r\

\nip fi ma en num=20\r\\nip fi ma en num=21\r\

\nip proxy set enable=no\r\

\n"

UPDATERule ini untuk Yang memakai PCBOX untuk routernya agar bisa automatis ke Proxy internal

 jika proxy down bisa nambahin script ini di NAT

;;; AUTOMATIC ENABLE IF PROXY DOWN ---> Redirect to internal proxy | monitoring bynetwatch

chain=dstnat action=redirect to-ports=3128 protocol=tcp

8/3/2019 Load Balancing+Proxy+Byfass Foker Pb

http://slidepdf.com/reader/full/load-balancingproxybyfass-foker-pb 9/9

routing-mark=!jalur-1 src-address-list=IP Users dst-port=80,81,8080,3128

connection-mark=!ADSL-1

enaknya langsung bener apa gw salahin dulu ya biar bisa ga asal copas akangange mode : on

ok. demikian yg bisa sampaikan pada kesempatan kali ini mudah2 an berguna bagi nusa bangsa dan

mempererat tali persaudaraan demi persatuan dan kesatuan di negara Ketuhanan yang maha esa.