karena paling praktis dan masuk akal bahwa selain traffic http sangat riskan jika harus berpindah-pindah gateway.
berikut adalah hasil export dari konfigurasi router mikrotik versi 3.10 yang digunakan
IP Address
# jun/13/2008 23:10:46 by RouterOS 3.10
# software id = A90W-3CT
#
/ip address
add address=10.95.130.133/29 broadcast=10.95.130.135 comment="" disabled=no \
interface=WIRELESS network=10.95.130.128
add address=10.168.2.99/24 broadcast=10.168.2.255 comment="" disabled=no \
interface=ADSL network=10.168.2.0
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=LAN network=192.168.1.0
Routing
# jun/13/2008 23:10:02 by RouterOS 3.10
# software id = A90W-3CT
#
/ip route
add comment="SMTP Traffic out" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=10.95.130.129 routing-mark=smtp-out scope=30 target-scope=10
add comment="Default Route to Internet Wireless" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=10.95.130.129 scope=30 target-scope=10
add comment="ECMP route for HTTP" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=10.95.130.129,10.168.2.1,10.168.2.1 routing-mark=\
ecmp-http-route scope=30 target-scope=10
add comment="Default Route to Internet ADSL" disabled=yes distance=1 \
dst-address=0.0.0.0/0 gateway=10.168.2.1 scope=30 target-scope=10
add comment="DNS Wireless" disabled=no distance=1 dst-address=\
202.95.128.60/32 gateway=10.95.130.129 scope=30 target-scope=10
add comment="DNS Speedy" disabled=no distance=1 dst-address=202.134.2.5/32 \
gateway=10.168.2.1 scope=30 target-scope=10
Mangle
# jun/13/2008 23:09:21 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
" Route HTTP traffic to ECMP" disabled=no dst-port=80 new-routing-mark=\
ecmp-http-route passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment="SMTP Traffic" disabled=no \
dst-port=25 new-routing-mark=smtp-out passthrough=yes protocol=tcp
NAT
# jun/13/2008 23:08:44 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24
SCRIPT
# jun/13/2008 23:06:31 by RouterOS 3.10
# software id = A90W-3CT
#
/system script
add name=ecmp-shutdown policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=0 || [/ping 10.168.2.1 count=1]=0) do={:log inf\
o \"Gateway down\" \r\
\n/ip route disable [/ip route find comment=\"ECMP route for HTTP\"] } els\
e {:log info \"ecmp-shutdown check ok\"}"
add name=ecmp-startup policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1 && [/ping 10.168.2.1 count=1]=1 && [/ip route\
get [find comment=\"ECMP route for HTTP\"] disabled]=true ) do={:log info\
\"Both Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"ECMP route for HTTP\"]} else \
{:log info \"ecmp-startup check ok\"}"
add name=wireless-gateway-check policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1) do={:log info \"Wireless Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet Wir\
eless\"]\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet AD\
SL\"]\r\
\n} else {:log info \"Wireless Gateway are down\"\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet Wi\
reless\"]\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet ADS\
L\"]\r\
\n}"
SCHEDULER
# jun/13/2008 23:08:12 by RouterOS 3.10
# software id = A90W-3CT
#
/system scheduler
add comment="" disabled=no interval=25s name=gateway-check1 on-event=\
ecmp-shutdown start-date=jun/13/2008 start-time=16:26:27
add comment="" disabled=no interval=30s name=gateway-check2 on-event=\
ecmp-startup start-date=jun/13/2008 start-time=16:26:27
add comment="" disabled=no interval=20s name=wireless-gateway-check on-event=\
wireless-gateway-check start-date=jun/13/2008 start-time=16:26:27
SUPAYA pengecekkan ke gateway WIRELESS tidak bisa lewat interface ADSL
Karena pengecekkan dilakukan menggunakan mekanisme ping = icmp maka agar pengecekkan gateway WIRELESS tidak bisa lewat interface ADSL diperlukan skrip berikut:
/ip firewall filter
add action=drop chain=output comment=\
"supaya ke gateway wireless tidak bisa lewat interface adsl" disabled=no \
dst-address=10.95.130.129 out-interface=ADSL protocol=icmp
Dengan script ini maka jika wireless down maka IP gateway WIRELESS tidak akan bisa diping melalui link ADSL tujuannya agar tidak terjadi kesalahan pengecekkan karena bisa saja ip gateway WIRELESS masih bisa diping melalui jaringan ADSL sehingga script menjadi tidak efektif.
semoga script-script diatas bisa langsung di import tinggal disesuaikan saja ip-ip nya
kelemahan dari konfigurasi ini adalah ip 10.168.2.1 walaupun ADSL nya down tetap bisa diping karena itu ip dibelakang adsl-router harusnya 10.168.2.1 dibagian script diganti dengan ip statik ADSL , jadi kalau ADSL nya mati mestinya ip tersebut tidak bisa di ping.
Sabtu, 30 Mei 2009
Minggu, 24 Mei 2009
Remote
Ternyata bisa !!!! Penemuan yg cukup menyenangkan …
Ternyata F hanya blocking incoming connection dari port 1-1024 … dan beberapa port di atas 1024.
Ya udah, akhirnya bikin port forwarder aja …
Misal ftp dari port 21 … jadi 2100 …. ;) )
Udah deh bisa skrg … ya biarpun gak bisa make port2 standard … tp ini jauh lebih baik drpd gw musti pake ssh tunnel =))
Semoga info ini bisa bermanfaat …
Ternyata F hanya blocking incoming connection dari port 1-1024 … dan beberapa port di atas 1024.
Ya udah, akhirnya bikin port forwarder aja …
Misal ftp dari port 21 … jadi 2100 …. ;) )
Udah deh bisa skrg … ya biarpun gak bisa make port2 standard … tp ini jauh lebih baik drpd gw musti pake ssh tunnel =))
Semoga info ini bisa bermanfaat …
Jumat, 22 Mei 2009
load balancing 5 speedy pada Mikrotik ver 3
Loadbalancing 5 Speedy dengan PPPoE
Pada Mikrotik V3
----------------------------------------------------------------------------------
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-3 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-4 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-5 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
...
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=ADSL-1
passthrough=yes connection-state=new in-interface=HotSpot nth=5,1
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-1 passthrough=no
in-interface=HotSpot connection-mark=ADSL-1 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-2
passthrough=yes connection-state=new in-interface=HotSpot nth=5,2
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-2 passthrough=no
in-interface=HotSpot connection-mark=ADSL-2 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-3
passthrough=yes connection-state=new in-interface=HotSpot nth=5,3
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-3 passthrough=no
in-interface=HotSpot connection-mark=ADSL-3 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-4
passthrough=yes connection-state=new in-interface=HotSpot nth=5,4
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-4 passthrough=no
in-interface=HotSpot connection-mark=ADSL-4 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-5
passthrough=yes connection-state=new in-interface=HotSpot nth=5,5
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-5 passthrough=no
in-interface=HotSpot connection-mark=ADSL-5 comment="" disabled=no
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-1] to-ports=0-65535
connection-mark=ADSL-1 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-2] to-ports=0-65535
connection-mark=ADSL-2 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-3] to-ports=0-65535
connection-mark=ADSL-3 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-4] to-ports=0-65535
connection-mark=ADSL-4 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-5] to-ports=0-65535
connection-mark=ADSL-5 comment="" disabled=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1
routing-mark=ADSL-1
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-2
routing-mark=ADSL-2
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-3
routing-mark=ADSL-3
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-4
routing-mark=ADSL-4
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-5
routing-mark=ADSL-5
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1
sumber:http://echo.or.id/forum/viewtopic.php?p=103899
Pada Mikrotik V3
----------------------------------------------------------------------------------
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-3 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-4 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=""
dial-on-demand=no disabled=no interface=Speedy-5 max-mru=1480 max-mtu=1480
mrru=disabled name="******@telkom.net" password="***" profile=default
service-name="" use-peer-dns=no user="***"
...
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=ADSL-1
passthrough=yes connection-state=new in-interface=HotSpot nth=5,1
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-1 passthrough=no
in-interface=HotSpot connection-mark=ADSL-1 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-2
passthrough=yes connection-state=new in-interface=HotSpot nth=5,2
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-2 passthrough=no
in-interface=HotSpot connection-mark=ADSL-2 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-3
passthrough=yes connection-state=new in-interface=HotSpot nth=5,3
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-3 passthrough=no
in-interface=HotSpot connection-mark=ADSL-3 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-4
passthrough=yes connection-state=new in-interface=HotSpot nth=5,4
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-4 passthrough=no
in-interface=HotSpot connection-mark=ADSL-4 comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=ADSL-5
passthrough=yes connection-state=new in-interface=HotSpot nth=5,5
comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=ADSL-5 passthrough=no
in-interface=HotSpot connection-mark=ADSL-5 comment="" disabled=no
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-1] to-ports=0-65535
connection-mark=ADSL-1 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-2] to-ports=0-65535
connection-mark=ADSL-2 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-3] to-ports=0-65535
connection-mark=ADSL-3 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-4] to-ports=0-65535
connection-mark=ADSL-4 comment="" disabled=no
add chain=srcnat action=src-nat to-addresses=[IP-Speedy-5] to-ports=0-65535
connection-mark=ADSL-5 comment="" disabled=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1
routing-mark=ADSL-1
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-2
routing-mark=ADSL-2
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-3
routing-mark=ADSL-3
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-4
routing-mark=ADSL-4
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-5
routing-mark=ADSL-5
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1
sumber:http://echo.or.id/forum/viewtopic.php?p=103899
Langganan:
Postingan (Atom)