me-redirect proxy squid eksternal dari Mikrotik tanpa harus mengaktifkan web proxy di mikrotik.
exp:
ip address Mesin Mikrotik / klien : 192.168.1.0/24
ip address Mesin Squid Proxy : 192.168.10.2/24 Port = 3128

maka di buatlah rule nat di Mikrotik untuk meredirect request klien ke internet melalui mesin proxy squid sebagai berikut ;

/ip firewall nat add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 action=dstnat dst-address=192.168.10.2 to-ports=3128

atau bisa juga kalau ip address nya lebih dari satu kelas, maka dikasih tanda ! didepan src-address yang berarti bahwa kecuali ip address yang di tulis di src-address maka dilewatkan ke proxy squid

/ip firewall nat add chain=dstnat src-address=!192.168.10.2 protocol=tcp dst-port=80 action dstnat dst-address=192.168.10.2 to-ports=3128

Load Balance Versi-1
Code:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Balance" connection-state=new disabled=no in-interface=HotSpot new-connection-mark=Line-1 nth=3,1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-1 disabled=no in-interface=HotSpot new-routing-mark=Line-1 passthrough=no

add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=HotSpot new-connection-mark=Line-2 nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-2 disabled=no in-interface=HotSpot new-routing-mark=Line-2 passthrough=no

add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=HotSpot new-connection-mark=Line-3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-3 disabled=no in-interface=HotSpot new-routing-mark=Line-3 passthrough=no

Load Balance Versi-2
Code:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Balance" connection-state=new in-interface=HotSpot new-connection-mark=Line-1 nth=3,1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-1 in-interface=HotSpot new-routing-mark=Line-1 passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=new in-interface=HotSpot new-connection-mark=Line-2 nth=3,2 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-2 in-interface=HotSpot new-routing-mark=Line-2 passthrough=yes

add action=mark-connection chain=prerouting comment="" connection-state=new in-interface=HotSpot new-connection-mark=Line-3 nth=3,3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=Line-3 in-interface=HotSpot new-routing-mark=Line-3 passthrough=yes

Load Balance Untuk Proxy Versi-1
Code:

/ip firewall mangle
add action=mark-connection chain=output comment="Proxy Load Balance " connection-state=new new-connection-mark=koneksi-proxy-1 nth=3,1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=koneksi-proxy-1 new-routing-mark=Line-1 passthrough=no

add action=mark-connection chain=output comment="" connection-state=new disabled=no new-connection-mark=koneksi-proxy-2 nth=2,1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=koneksi-proxy-2 new-routing-mark=Line-2 passthrough=no

add action=mark-connection chain=output comment="" connection-state=new disabled=no new-connection-mark=koneksi-proxy-3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=koneksi-proxy-3 new-routing-mark=Line-3 passthrough=no

Mangle untuk Queue
Code:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mangle for Queue" disabled=no new-connection-mark=koneksi-klien passthrough=yes src-address="IP Lokal"
add action=mark-packet chain=prerouting connection-mark=koneksi-klien in-interface=HotSpot new-packet-mark=paket-upload passthrough=no
add action=mark-packet chain=prerouting connection-mark=koneksi-klien new-packet-mark=paket-download passthrough=no
add action=mark-packet chain=output connection-mark=koneksi-klien dscp=4 new-packet-mark=paket-hit-download out-interface=HotSpot passthrough=no
add action=mark-packet chain=output connection-mark=koneksi-klien disabled=no new-packet-mark=paket-download out-interface=HotSpot passthrough=no

Code:

/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ADSL-1 routing-mark=Line-1
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ADSL-2 routing-mark=Line-2
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ADSL-3 routing-mark=Line-3
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ADSL-1

Setelah sukses route jangan sampai kelupaan, ntar ga bisa jalan internetnya yaitu disini…

Code:

/ip proxy
set always-from-cache=yes cache-administrator=Akangage@ei-ji.net cache-drive=system cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8888 serialize-connections=no \
src-address=0.0.0.0

Konfigurasi NAT + HOTSPOT

Code:

/ip firewall nat add chain=dstnat src-address-list="IP Lokal" protocol=tcp dst-port=80 in-interface=Interface Lokal action=redirect to-ports=8888

–> NAT u/ HotSpot <–
/ip firewall nat add action=redirect chain=dstnat comment="NAT Proxy HotSpot" disabled=no dst-port=80 hotspot=from-client,auth in-interface=HotSpot protocol=tcp src-address-list="IP HotSpot" to-ports=8888

Update!!!
Waspada dan patut diperhatikan, pada saat setting konfigurasi di IP HotSpot user profile, jangan di centang "transparent proxy", klient tetep bisa jalan dan terkena proxy tapi di NAT, rule tidak terkena paket.

Load Balancing nth buat Mikrotik Ver 3.xx dan 2.9xx
Sebelumnya saya minta maaf dulu yach kalo seandainya REPOST

cara load balancing atau pun cara mengabungkan 2 line speedy.
disini saya ingin membagikan contoh load balancing nth yang saya pakai di server saya

berikut contohnya buat mikrotik versi 3.xx  :

Ip Modem 01 : 192.168.1.1 interface=speedy1
IP Modem 02 : 192.168.2.1 interface=speedy2
IP Local : 10.18.92.1 interface=Local

Setting Buat Mangle

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=speedy-1
passthrough=yes connection-state=new in-interface=Local nth=2,1 comment="" disabled=no

add chain=prerouting action=mark-routing new-routing-mark=speedy-1 passthrough=no
in-interface=Local connection-mark=speedy-1 comment="" disabled=no
 
add chain=prerouting action=mark-connection new-connection-mark=speedy-2
passthrough=yes connection-state=new in-interface=Local nth=1,1 comment="" disabled=no

add chain=prerouting action=mark-routing new-routing-mark=speedy-2 passthrough=no
in-interface=Local connection-mark=speedy-2 comment="" disabled=no

Setting NAT

/ip firewall nat
add chain=srcnat action=masquerade out-interface=speedy1
add chain=srcnat action=masquerade out-interface=speedy2
add chain=srcnat action=masquerade src-address="10.18.92.0/24"

Setting Routenya

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
routing-mark=speedy-1 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10
routing-mark=speedy-2 comment="" disabled=no
 
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
comment="primary connection" disabled=no

Berikut scripting Load Balancing dengan konfigurasi 2 Line untuk Mikrotik versi 2.9.27
Sesuaikan IP masing-masing interface menurut network kita.

Note : 10.11.90.1 = IP Local
192.168.1.1 = IP Modem Speedy 1
192.168.2.1 = IP Modem Speedy 2

/ ip address
add address=10.11.90.1/24 network=10.11.90.0 broadcast=10.11.90.255
interface=local comment="" disabled=no

add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255
interface="Internet" comment="" disabled=no

add address=192.168.2.254/24 network=192.168.2.0 broadcast=192.168.2.255
interface="Speedy" comment="" disabled=no

/ ip firewall mangle
add chain=prerouting in-interface=local connection-state=new nth=1,1,0
action=mark-connection new-connection-mark=santaria1 passthrough=yes
comment="Load Balancing Client" disabled=no

add chain=prerouting in-interface=local connection-mark=santaria1
action=mark-routing new-routing-mark=santaria1 passthrough=no comment="" disabled=no

add chain=prerouting in-interface=local connection-state=new nth=1,1,1
action=mark-connection new-connection-mark=santaria2 passthrough=yes comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=santaria2
action=mark-routing new-routing-mark=santaria2 passthrough=no comment="" disabled=no

/ ip firewall nat
add chain=srcnat out-interface="Internet" action=masquerade comment="" disabled=no
add chain=srcnat out-interface="Speedy" action=masquerade comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=santaria1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=santaria2 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment="primary connection" disabled=no

@ www.forummikrotik.com

berikut cara untuk mendapatkan suatu ip yang kemudian dimasukkan ke daftar nice list

:foreach i in=[/ip dns cache find] do={
:if ([:find [/ip dns cache get $i name] "rapidshare"] > 0) do={
:log info ("rapidshare: " . [/ip dns cache get $i name] . " (ip address " . [/ip dns cache get $i address] . ")")
/ip firewall address-list add address=[/ip dns cache get $i address] list=rapidshare disabled=no
}
}

pertama siapkan dulu segelas kopi + udud nya

- ip publik yang diberikan dari isp —> misal 203.x.x.x

- cari port yang kosong di mikrotik misal : 900x  —> x bisa ditambah jika computer client yang diremote lebih dari 1

- computer client yang sudah terinstal dengan Radmin —> misal 192.168.x.x  dengan menggunakan port default radmin

tambah kan code dibawah ini di mikrotik anda:

ip firewall nat add chain=dstnat dst-address=203.x.x.x dst-port=900x protocol=tcp action=netmap to-addresses=192.168.x.x to-ports=4899

sambil sante ngopi dimana saja, anda bisa meremot pc kantor/warnet darimana aja.selamat mencoba semoga sukses.

(thx 4 mbah)

Tags :  remote mikrotik dengan radmin  remote client dengan mikrotik  ip setting firewall mikrotik