Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip...
Transcript of Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip...
![Page 1: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/1.jpg)
by: Pujo Dewobroto Citraweb Nusa Infomedia, Indonesia
www.mikrotik.co.id
Multifunction Proxy
![Page 2: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/2.jpg)
Perkenalan • Pujo Dewobroto • Citraweb Nusa Infomedia
– Mikrotik distributor, training partner (mikrotik.co.id)
– ISP (citra.net.id) – Web developer
(citra.web.id)
• MTCNA, MTCTCE, MTCWE, MTCUME, MTCRE, Certified Trainer
www.mikrotik.co.id
![Page 3: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/3.jpg)
Proxy Server
• Proxy server merupakan sebuah perangkat yang bisa menjadi penghubung antara komunikasi host dengan host / server lain.
www.mikrotik.co.id 3
![Page 4: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/4.jpg)
Cara Kerja
www.mikrotik.co.id 4
Komunikasi Langsung
![Page 5: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/5.jpg)
Cara Kerja
www.mikrotik.co.id 5
Komunikasi via Proxy
![Page 6: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/6.jpg)
Proxy Mikrotik
• Proxy yang tersedia didalam OS Mikrotik – DNS proxy (DNS Cache) – Socks proxy – Webproxy (HTTP Proxy) – IGMP Proxy
www.mikrotik.co.id 6
![Page 7: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/7.jpg)
DNS Proxy
• DNS proxy merupakan metode untuk menerima request DNS dari client yang akan diteruskan ke DNS server lain atau mengambil dari local cachenya sendiri
• Keuntungan : – meminimalisir DNS resolution time – meminimalisir penggunaan Bandwidth – Security
www.mikrotik.co.id 7
![Page 8: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/8.jpg)
Konfigurasi DNS
www.mikrotik.co.id 8
DNS server yang akan digunakan Mikrotik untuk meresolve nama domain
Aktifkan option “allow remote request” untuk mengijinkan request resolve domain dari client
![Page 9: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/9.jpg)
DNS Cache
www.mikrotik.co.id 9
Router akan melookup tabel local cache terlebih dahulu sebelum meresolve ke DNS Server
![Page 10: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/10.jpg)
DNS Static
www.mikrotik.co.id 10
Penambahan static dns akan mengoverwrite cache yang ada
![Page 11: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/11.jpg)
Tips • Gunakan NAT untuk meredirect semua
request DNS client anda • Filter untuk request dari luar network anda
www.mikrotik.co.id 11
![Page 12: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/12.jpg)
Efek NAT+Static DNS
www.mikrotik.co.id 12
![Page 13: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/13.jpg)
Socks Proxy
• Socks merupakan proxy multi fungsi yang menjembatani koneksi TCP antara client dan server.
• Bisa menjadi alternatif pada saat dibutuhkan filtering yang ketat
• Mikrotik Support SOCKSv4 (Server Only)
www.mikrotik.co.id 13
![Page 14: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/14.jpg)
Pengaturan Server
www.mikrotik.co.id 14
![Page 15: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/15.jpg)
Pengaturan Client
www.mikrotik.co.id 15
![Page 16: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/16.jpg)
Socks Connection
www.mikrotik.co.id 16
Tabel ini digunakan untuk memonitoring trafik yang menggunakan socks
![Page 17: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/17.jpg)
Socks Access
www.mikrotik.co.id 17
Pastikan socks proxy kita tidak digunakan oleh “intruder” !!
![Page 18: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/18.jpg)
Implementasi Socks (1)
www.mikrotik.co.id 18
ssh to public
/ip firewall filter add chain=forward protocol=tcp dst-port=22,23,80,443 action=drop
![Page 19: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/19.jpg)
Implementasi Socks (2)
www.mikrotik.co.id 19
ssh over Socks
/ip firewall filter add chain=forward protocol=tcp dst-port=22,23,80,443 action=drop
proxy ssh to public
![Page 20: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/20.jpg)
Webproxy
• Fungsi yang bisa diterapkan di webproxy mikrotik meliputi : – Reguler HTTP Proxy (support FTP, HTTP &
HTTPS Proxy) – Transparent HTTP Proxy – Access list (filtering HTTP based) – Caching – Monitoring / logging – Parent Proxy
www.mikrotik.co.id 20
![Page 21: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/21.jpg)
Konfigurasi
www.mikrotik.co.id 21
![Page 22: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/22.jpg)
Konfigurasi (1)
www.mikrotik.co.id 22
• Src address merupakan IP yang akan digunakan webproxy kita untuk melakukan request ke sebuah server
• Parent Proxy bisa kita gunakan jika ada proxy lain di network kita
![Page 23: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/23.jpg)
Konfigurasi (2)
www.mikrotik.co.id 23
• Pengisian Maximum Cache Size berhubungan erat dengan kapasitas storage + kapasitas RAM
• MaxCacheSize = Unlimited è Storage – 1/7 (atau 50MB) untuk system
• Setiap 1GB cache content, membutuhkan berkisar 10-15MB RAM • Kecuali CCR Series, semua perangkat Mikrotik hanya support Up To
2GB untuk RAM
![Page 24: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/24.jpg)
Konfigurasi (3)
www.mikrotik.co.id 24
Untuk jaringan yang padat, sesuaikan parameter max client + max server connection
![Page 25: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/25.jpg)
Konfigurasi (4)
www.mikrotik.co.id 25
• Secara otomatis untuk content yang berasal dari local cache akan diset di kolom header DSCP sesuai digit pada parameter Cache Hit DSCP • Bisa kita gunakan untuk memisahkan traffik Miss / Hit
dari proxy kita • Cache Drive menunjukkan disk storage yang digunakan
untuk media penyimpanan cache
![Page 26: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/26.jpg)
Reguler (Client)
www.mikrotik.co.id 26
![Page 27: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/27.jpg)
Transparent • Sisi user tidak perlu ada konfigurasi tambahan • Kita “paksa” untuk trafik HTTP nya untuk
melewati proxy kita dengan bantuan NAT
• Filter akses dari luar !!!
www.mikrotik.co.id 27
/ip firewall nat add chain=dstnat in-interface=ether-local protocol=tcp \ dst-port=80,8080,3128,8081 action=redirect to-ports=3128
/ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public connection-state=new \ action=drop
![Page 28: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/28.jpg)
Status
www.mikrotik.co.id 28
![Page 29: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/29.jpg)
Access List
www.mikrotik.co.id 29
• Access list bisa kita gunakan untuk filtering berdasarkan nama domain / path yang akan dibuka client
• Selain diblock (deny), bisa juga kita arahkan ke sebuah halaman web lain (redirect to)
• Default = Allow
![Page 30: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/30.jpg)
Access List (2)
www.mikrotik.co.id 30
dst-host dst-path • Penulisan host/path bisa menggunakan tanda :
* à menggantikan sebuah karakter atau lebih ? à menggantikan sebuah karakter
• Bisa juga menggunakan regex (POSIX base) dan diawali tanda “ : ”
http://www.regular-expressions.info/reference.html
![Page 31: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/31.jpg)
Cache List
www.mikrotik.co.id 31
• Cache list ini bukan untuk filtering • Untuk menentukan apakah content
dari sebuah web akan disimpan dalam local cache atau tidak
• Jika tidak ada rule yang cocok, secara default akan disimpan didalam local cache (allow)
![Page 32: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/32.jpg)
Cache Content
www.mikrotik.co.id 32
Tabel yang berisi informasi object-object yang tersimpan didalam router kita
![Page 33: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/33.jpg)
Media Penyimpanan
• Untuk object cache bisa disimpan media : 1. Memory (RAM) router 2. Primary storage (NAND) 3. Secondary storage* (hdd, usb fd, microsd,
CF) *Syarat dan ketentuan berlaku
• Pengaturan storage ada didalam menu system à store
www.mikrotik.co.id 33
![Page 34: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/34.jpg)
Store List
www.mikrotik.co.id 34
![Page 35: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/35.jpg)
Direct List
www.mikrotik.co.id 35
• Rule ini akan dibaca jika proxy diset parentnya
• Direct list akan menentukan apakah request dari proxy akan dilewatkan ke parent atau langsung ke server (direct)
• Default = deny
![Page 36: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/36.jpg)
Parent Proxy
• Digunakan apabila kita juga mempunyai mesin proxy lain yang berbeda mesin dari router kita
• Bisa menjadi alternatif untuk mengatasi resource hardware router kita
• Dengan mengaktifkan parent proxy, maka semua request webproxy akan dilewatkan ke parent terlebih dahulu (kecuali direct list allow)
www.mikrotik.co.id 36
![Page 37: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/37.jpg)
Parent Proxy (2)
www.mikrotik.co.id 37
webproxy + gateway
super ultimate powerfull proxy engine+hardware IP : 192.168.1.2 Port : 8080
![Page 38: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/38.jpg)
Parent Proxy (3)
www.mikrotik.co.id 38
webproxy + gateway
super ultimate powerfull proxy engine+hardware IP : 192.168.1.2 Port : 8080
client ! proxy proxy ! parent parent ! server
proxy direct allow
![Page 39: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/39.jpg)
Logging
• Apabila client sudah menggunakan webproxy pada router kita, kita bisa memonitoring client kita sedang mengakses website apa dengan mengaktifkan fitur log di router kita
• Log tersebut bisa kita simpan kedalam ram, file, email atau kita stream ke Syslog server
• How to : http://mikrotik.co.id/artikel_lihat.php?id=50
www.mikrotik.co.id 39
![Page 40: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/40.jpg)
Logging (2)
www.mikrotik.co.id 40
![Page 41: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/41.jpg)
Contoh Kompleks
• Di sebuah jaringan memiliki kebijakan : – Group OB di jam kerja tidak boleh akses .go.id – Group Bos di jam kerja tidak boleh akses porntube J – Diluar jam kerja semua web diblock :p
• Di router kita hanya memiliki 1 ip publik, tetapi ada 2 webserver local dengan nama domain berbeda harus bisa diakses dari luar – kedua domain tersebut harus sudah terdaftar dahulu
www.mikrotik.co.id 41
![Page 42: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/42.jpg)
Pertanyaan (1)
www.mikrotik.co.id 42
• Di sebuah jaringan yang memiliki kebijakan : – Group OB di jam kerja tidak boleh akses .go.id – Group Bos di jam kerja tidak boleh akses porntube J – Diluar jam kerja semua web diblock :p
Menggunakan scheduler untuk enable-disable access list sesuai jamnya
atau menggunakan parameter time dan src-address-list
di dalam nat redirect
![Page 43: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/43.jpg)
Pertanyaan (2)
• Di access list src address hanya bisa berdasarkan single IP atau single network.
• Kasus kita ternyata src addressnya berdasarkan grouping IP
www.mikrotik.co.id 43
Webproxy Multi port ☺
![Page 44: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/44.jpg)
Pertanyaan (3)
www.mikrotik.co.id 44
• Di router kita hanya memiliki 1 ip publik, tetapi ada 2 webserver dengan nama domain berbeda harus bisa diakses dari luar
Pakai dst-nat berdasar dst-port tidak bisa berdasarkan domain
Kembali ke webproxy untuk meredirect berdasar domain
![Page 45: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/45.jpg)
Topologi
www.mikrotik.co.id 45
webproxy + gateway PC group OB
PC group BOS
pujo.com 192.168.2.2:80
dewobroto.com 192.168.2.3:80
• pujo.com IP=69.69.69.69 • dewobroto.com IP=69.69.69.69 • 69.69.69.69 è IP publik router • IP OB 192.168.1.2-192.168.1.20 • IP Bos 192.168.1.30-192.168.1.40
![Page 46: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/46.jpg)
Solusi (1)
www.mikrotik.co.id 46
![Page 47: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/47.jpg)
Solusi (2)
www.mikrotik.co.id 47
![Page 48: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/48.jpg)
Solusi (3)
www.mikrotik.co.id 48
![Page 49: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/49.jpg)
Solusi (4)
www.mikrotik.co.id 49
![Page 50: Multifunction Proxy · 2020. 5. 7. · dst-port=80,8080,3128,8081 action=redirect to-ports=3128 /ip firewall filter add chain=input protocol=tcp dst-port=3128 \ in-interface=ether-public](https://reader033.fdocuments.in/reader033/viewer/2022060803/6087c7a5ed66401bf25b096a/html5/thumbnails/50.jpg)
www.mikrotik.co.id 50
Matur Suwun mas dab! Terima Kasih mas bro!
Thank You guys! Paldies!
Diijinkan menggunakan sebagian atau seluruh materi pada modul ini, baik berupa ide, foto, tulisan, konfigurasi dan diagram selama untuk kepentingan pengajaran, dan memberikan kredit kepada penulis serta link ke www.mikrotik.co.id