TAPOLOGI EXTERNAL PROXY PFSENSE DI MIKROTIK 450
ETHER 1=MODEM IP= AA.AA.AA.AA
ETHER 2=PROXY PF IP= BB.BB.BB.BB
ETHER 3=LOKAL IP= CC.CC.CC.CC
ETHER 4= WIFI1 IP= DD.DD.DD.DD
ETHER 5= WIFI2 IP= FF.FF.FF.FF
firewall NAT DI MIKROTIK
/ip firewall nat add chain=srcnat action=masquerade out-interface = MODEM (ethernet yang mengarah ke modem)
/ip firewall nat add chain=srcnat action=masquerade out-interface =PFSENSE (ethernet yang mengarah PFSENSE)
NAT DIREK KE PROXY
/ip firewall nat add chain=dtsnat action=dtsnat src-address=cc.cc.cc.cc/24 dts-address =!BB.BB.BB.BB/24 protocol=tcp dst-port=80 in-interface =LOKAL to-addresses=BB.BB.BB.BB to-ports=3128
/ip firewall nat add chain=dtsnat action=dtsnat src-address=DD.DD.DD.DD/24 dts-address =!BB.BB.BB.BB/24 protocol=tcp dst-port=80 in-interface =WIFI1 to-addresses=BB.BB.BB.BB to-ports=3128
/ip firewall nat add chain=dtsnat action=dtsnat src-address=FF.FF.FF.FF /24 dts-address =!BB.BB.BB.BB/24 protocol=tcp dst-port=80 in-interface =WIFI2 to-addresses=BB.BB.BB.BB to-ports=3128
firewall MANGLE UNTUK MEMBYPAS HIT LOS TOS 12
===PAKET MENANDAI QUEUE TREE==
/ip firewall mangle add action=mark-packet chain=postrouting comment="HIT-LOKAL <<<===" disabled=no dscp=12 new-packet-mark=HIT-LOKAL out-interface=LOKAL passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="HIT-WIFI1 <<<===" disabled=no dscp=12 new-packet-mark=HIT-WIFI1 out-interface=WIFI1 passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="HIT-WIFI2 <<<===" disabled=no dscp=12 new-packet-mark=HIT-WIFI2 out-interface=WIFI2 passthrough=yes protocol=tcp
===PAKET MENANDAI SIMPLE QUEUES====
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=CON_LOKAL passthrough=yes src-address=FF.FF.FF.FF/24
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PKT_LOKAL passthrough=no connection-mark=CON_LOKAL
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=CON_WIFI1 passthrough=yes src-address=DD.DD.DD.DD/24
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PKT_WIFI1 passthrough=no connection-mark=CON_WIFI1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=CON_WIFI2 passthrough=yes src-address=DD.DD.DD.DD/24
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PKT_WIFI2 passthrough=no connection-mark=CON_WIFI2
/queue type
add kind=pfifo name=HOSNET pfifo-limit=300
===MELIMIT HIT LOS SUPAYA MIKROTIK GAKJEBOL KARENA PAKAI RB450===
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=20M max-limit=20M name=1-HIT_L0KAL packet-mark=HIT-LOKAL parent=global-out priority=1 queue=HOSNET
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M max-limit=4M name=2-HIT_WIFI1 packet-mark=HIT-WIFI1 parent=global-out priority=1 queue=HOSNET
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M max-limit=4M name=3-HIT_WIFI2 packet-mark=HIT-WIFI2 parent=global-out priority=1 queue=HOSNET
===MELIMET B/W PER CLIEN DI SIMPLE QUEUES===
name=”Client
target-addresses=CC.CC.CC.CC
dst-address=0.0.0.0/0
interface=all
parent=none
packet-marks=PKT_LOKAL
direction=both
priority=8
queue=default-small/
limit-at=0/0
max-limit=128000/300000
burst-limit=0/0
burst-threshold=0/0
burst-time=0s/0s
total-queue=default-small
DAN UNTUK LIMIT DI SAMPLE QUEUES TERSERAH KEBUTUHAN
DEMIKIAN TERIMAKASIH SEMOGA BERMANFAAT & SUKSESNYA PFSENSE DI INDONESIA
