[asosiasi-warnet] Limit Koneksi IIX Via Mikrotik

Tue, 29 Aug 2006 07:22:00 -0700 

Salam,

Saat ini saya menggunakan MT 2.9.29, dengan kondisi
Web Proxy aktif dan koneksi tiap klien di-redirect ke
ip 192.168.1.1 (IP internal Mikrotik) dengan
konfigurasi sbb:
[EMAIL PROTECTED] ip proxy> print
                     enabled: yes
                 src-address: 0.0.0.0
                        port: 3128
                parent-proxy: 0.0.0.0:0
                 cache-drive: system
         cache-administrator: "webmaster"
         max-disk-cache-size: 17273000KiB
          max-ram-cache-size: 35606KiB
          cache-only-on-disk: yes
  maximal-client-connections: 1000
  maximal-server-connections: 1000
             max-object-size: 51200KiB
              max-fresh-time: 3d

Dan setting NAT sbb:
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat out-interface=Luar
src-address=192.168.1.0/24 action=masquerade 

 1   chain=dstnat in-interface=Dalam
dst-address=!192.168.1.1 protocol=tcp dst-port=80
action=redirect 
     to-ports=3128 

Dengan asumsi saya telah me-list seluruh (mudah2an :))
IP IIX (dalam contoh ini 20 list):
[EMAIL PROTECTED] ip firewall address-list> print
Flags: X - disabled, D - dynamic 
 #   LIST       ADDRESS                        
 0   iix        58.65.240.0/23                 
 1   iix        58.65.242.0/23                 
 2   iix        58.65.244.0/23                 
 3   iix        58.65.246.0/23                 
 4   iix        58.145.174.0/24                
 5   iix        58.147.184.0/24                
 6   iix        58.147.185.0/24                
 7   iix        58.147.186.0/24                
 8   iix        61.5.0.0/22                    
 9   iix        61.5.4.0/22                    
10   iix        61.5.8.0/22                    
11   iix        61.5.16.0/22                   
12   iix        61.5.20.0/22                   
13   iix        61.5.24.0/22                   
14   iix        61.5.28.0/22                   
15   iix        61.5.32.0/22                   
16   iix        61.5.36.0/22                   
17   iix        61.5.40.0/22                   
18   iix        61.5.52.0/22                   
19   iix        61.5.56.0/22                   
20   iix        61.5.60.0/22

[EMAIL PROTECTED] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting src-address=192.168.1.3
dst-address-list=iix action=mark-connection 
     new-connection-mark=IIX-KomBack-Con
passthrough=yes 

 1   chain=prerouting connection-mark=IIX-KomBack-Con
action=mark-packet 
     new-packet-mark=IIX-KomBack-Pack passthrough=yes 

Dan dengan setting queue sbb:
[EMAIL PROTECTED] queue tree> print
Flags: X - disabled, I - invalid 
 0   name="IIX-KomBack" parent=Dalam
packet-mark=IIX-KomBack-Pack limit-at=0 queue=default
priority=8 
     max-limit=64000 burst-limit=0 burst-threshold=0
burst-time=0s 

Queue saya berjalan normal bila web proxy dan setting
dst-nat saya dalam kondisi mati (disabled), nah yang
jadi masalah kenapa queue saya di atas jadi tak
berguna bila web proxy dan dst-nat saya hidup?

Mohon pencerahan dari pemerhati masalah Mikrotik...
:))


Terima kasih sebelumnya

Tito

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 





Official Web Site : http://www.awari.or.id
 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/asosiasi-warnet/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Kirim email ke