/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-MLink
add action=masquerade chain=srcnat out-interface=ether2-Indihome
add action=netmap chain=dstnat dst-port=\
21,70,80,81,210,280,488,563,591,631,777,873,901,5004,3128 protocol=tcp \
src-address-list=!squid to-addresses=192.168.11.11 to-ports=2015
add action=masquerade chain=srcnat protocol=tcp src-address=!192.168.11.11
add action=dst-nat chain=dstnat comment=-------------------------------- \
dst-address=!192.168.11.11 dst-port=\
21,70,80,81,210,280,488,563,591,631,777,873,901,5004,3128 in-interface=\
wlan1 protocol=tcp src-address-list=!proxy to-addresses=192.168.11.1 \
to-ports=8080
Untuk penggabungan 2 ISP
#
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"==================================================================" \
dst-port=21,70,80,81,210,280,488,563,591,631,777,873,901,5004,3128 \
new-connection-mark=squid protocol=tcp
add action=mark-packet chain=prerouting connection-mark=squid new-packet-mark=\
squid passthrough=no
add action=mark-connection chain=postrouting comment="dscp matcher" dscp=!12 \
dst-address=192.168.11.11 new-connection-mark=packet-hits protocol=tcp \
src-address-list=!squid
add action=mark-packet chain=prerouting connection-mark=packet-hits \
new-packet-mark=packet-hits passthrough=no
add action=mark-connection chain=input comment=LB-FO in-interface=ether1-MLink \
new-connection-mark=t-mlink
add action=mark-connection chain=input in-interface=ether2-Indihome \
new-connection-mark=t-indihome
add action=mark-routing chain=output connection-mark=t-mlink new-routing-mark=\
to-mlink passthrough=no
add action=mark-routing chain=output connection-mark=t-indihome \
new-routing-mark=to-indihome passthrough=no
add chain=prerouting dst-address=100.10.10.0/30 in-interface=ether1-MLink
add chain=prerouting dst-address=192.168.100.0/24 in-interface=ether2-Indihome
add action=mark-connection chain=prerouting comment=trafic dst-address-type=\
!local in-interface=wlan1 new-connection-mark=t-mlink \
per-connection-classifier=both-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=wlan1 new-connection-mark=t-indihome \
per-connection-classifier=both-ports:2/1
add action=mark-routing chain=prerouting connection-mark=t-mlink in-interface=\
wlan1 new-routing-mark=to-mlink passthrough=no
add action=mark-routing chain=prerouting connection-mark=t-indihome \
in-interface=wlan1 new-routing-mark=to-indihome passthrough=no
No comments:
Post a Comment