Setahun yang lalu, aku merasa koneksi internet di KODOK IJO ku sudah semakin melambat. Ini karena aku menambah jumlah klien internet menjadi 15. Mungin juga karena speedy yang kebanyakan user. hehe.. Akhirnya aku menambah 1 koneksi speedy lagi, mengingat di ponorogo ga ada ISP lain.
Untuk menghemat listrik, aku mulai belajar membuat Load Balancing Mikrotik (LBM) + Web proxy dalam 1 PC Mikrotik ver 2.9.27. Setelah semalaman bergadang di depan PC, akhirnya LBM ku jadi. Aku test tu LBM dan aku amati selama 1 minggu, ternyata ga bisa meload secara balance. Kadang 1 modem terisi penuh, padahal modem yang lain masih kosong. Padahal banyak request yang masuk. Akhirnya aku putuskan untuk menggunakan 2 PC, sehingga ada 2 gateway.
6Bulan yang lalu, ada pencerahan dari beberapa teman untuk menggunakan RB450 dari mikrotik juga. Aku beli, dan aku coba buat LBM lagi. Seperti yang dulu, LBM ga bisa berjalan sempurna, sampai akhirnya kutemukan kata kuncinya, "nth". Inilah yang membuat bibirku kembali tersenyum.
Ini konfigurasiku sekarang :
Ini print Mikrotik load balancing nya :
Dibaca dan dianalisis yaaa.. Jangan dicopy paste, pasti eror, hehe.. Kalo ada yang salah, kasih comment yaa..
####################################################################
####################################################################
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 3.10 (c) 1999-2008 http://www.mikrotik.com/
[admin@MikroTik] > interface print
Flags: X - disabled, R - running, D - dynamic, S - slave
# NAME TYPE MTU
0 R local ether 1500
1 R modem1 ether 1500
2 R modem2 ether 1500
3 ether4 ether 1500
4 ether5 ether 1500
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.4.1/24 192.168.4.0 192.168.4.255 local
1 192.168.2.2/24 192.168.2.0 192.168.2.255 modem2
2 192.168.1.2/24 192.168.1.0 192.168.1.255 modem1
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ngeNAT
chain=srcnat action=masquerade src-address=192.168.4.0/24
1 chain=srcnat action=src-nat to-addresses=192.168.2.2 to-ports=0-65535
connection-mark=odd
2 chain=srcnat action=src-nat to-addresses=192.168.1.2 to-ports=0-65535
connection-mark=even
[admin@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; loadODD
chain=prerouting action=mark-connection new-connection-mark=odd
passthrough=yes connection-state=new in-interface=local nth=2,1
1 chain=prerouting action=mark-routing new-routing-mark=odd passthrough=no
in-interface=local connection-mark=odd
2 ;;; loadEVEN
chain=prerouting action=mark-connection new-connection-mark=even
passthrough=yes connection-state=new in-interface=local nth=2,1
3 chain=prerouting action=mark-routing new-routing-mark=even passthrough=no
in-interface=local connection-mark=even
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE IN..
0 A S 0.0.0.0/0 r 192.168.2.1 1 mo..
1 A S 0.0.0.0/0 r 192.168.1.1 1 mo..
2 A S 0.0.0.0/0 r 192.168.1.1 1 mo..
3 ADC 192.168.1.0/24 192.168.1.2 0 mo..
4 ADC 192.168.2.0/24 192.168.2.2 0 mo..
5 ADC 192.168.4.0/24 192.168.4.1 0 lo..
[admin@MikroTik] > ip dns print
primary-dns: 202.134.1.10
secondary-dns: 202.134.0.155
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 4KiB
[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; menerima paket koneksi yang dibuat
chain=input action=accept connection-state=established
1 ;;; menerima paket koneksi yang behubungan
chain=input action=accept connection-state=related
2 ;;; mematikan paket yang salah
chain=input action=drop connection-state=invalid
3 ;;; mendeteksi & mematikan coneksi port scan
chain=input action=drop psd=21,3s,3,1 protocol=tcp
4 ;;; menumpas serangan DOS
chain=input action=tarpit src-address-list=black_list protocol=tcp
connection-limit=3,32
5 ;;; mendeteksi serangan DOS
chain=input action=add-src-to-address-list address-list=black_list
address-list-timeout=1d protocol=tcp connection-limit=10,32
6 ;;; melompat ke chain icmp
chain=input action=jump jump-target=icmp protocol=icmp
7 ;;; melompat ke chain services
chain=input action=jump jump-target=services
8 ;;; mengijinkan trafik broadcast
chain=input action=accept dst-address-type=broadcast
9 chain=input action=log log-prefix="filter"
10 ;;; mengijinkan akses router dari network yang dikenal
chain=input action=accept src-address=192.168.1.0
11 chain=input action=accept src-address=192.168.2.0
12 chain=input action=accept src-address=192.168.4.0
13 chain=input action=accept src-address=192.168.0.0
14 ;;; port scanner masuk daftar
chain=input action=add-src-to-address-list psd=21,3s,3,1
address-list=port_scanners address-list-timeout=2w protocol=tcp
15 ;;; scan syn/fin
chain=input action=add-src-to-address-list tcp-flags=fin,syn
address-list=port_scanners address-list-timeout=2w protocol=tcp
16 ;;; scan syn/rst
chain=input action=add-src-to-address-list tcp-flags=syn,rst
address-list=port_scanners address-list-timeout=2w protocol=tcp
17 ;;; scan fin/psh/urg
chain=input action=add-src-to-address-list
tcp-flags=fin,psh,urg,!syn,!rst,!ack address-list=port_scanners
address-list-timeout=2w protocol=tcp
18 ;;; scan semua
chain=input action=add-src-to-address-list
tcp-flags=fin,syn,rst,psh,ack,urg address-list=port_scanners
address-list-timeout=2w protocol=tcp
19 ;;; scan null nmap
chain=input action=add-src-to-address-list
tcp-flags=!fin,!syn,!psh,!ack,!urg address-list=port_scanners
address-list-timeout=2w protocol=tcp
20 ;;; mematikan port scanner
chain=input action=drop src-address-list=port_scanners
21 ;;; 0:0 dan limit selama 5pac/s
chain=icmp action=accept icmp-options=0:0-255 protocol=icmp limit=5,5
22 ;;; 3:3 dan limit selama 5pac/s
chain=icmp action=accept icmp-options=3:3 protocol=icmp limit=5,5
23 ;;; 3:4 dan limit selama 5pac/s
chain=icmp action=accept icmp-options=3:4 protocol=icmp limit=5,5
24 ;;; 8:0 dan limit selama 5pac/s
chain=icmp action=accept icmp-options=8:0-255 protocol=icmp limit=5,5
25 ;;; 11:0 dan limit selama 5pac/s
chain=icmp action=accept icmp-options=11:0-255 protocol=icmp limit=5,5
26 ;;; mematikan icmop yang lainnya
chain=icmp action=drop protocol=icmp
27 ;;; menerima localhost
chain=services action=accept dst-address=127.0.0.1
src-address-list=127.0.0.1
28 ;;; mengijinkan MACwinbox
chain=services action=accept dst-port=20561 protocol=udp
29 ;;; MT discovery protocol
chain=services action=accept dst-port=5678 protocol=udp
30 ;;; mengijinkan permintaan DNS
chain=services action=accept dst-port=53 protocol=tcp
31 ;;; mengijinkan permintaan DNS
chain=services action=accept dst-port=53 protocol=udp
32 ;;; mengijinkan web proxy
chain=services action=accept dst-port=8080 protocol=tcp
33 ;;; mengijinkan web proxy
chain=services action=accept dst-port=80 protocol=tcp
34 ;;; mengijinkan web proxy
chain=services action=accept dst-port=23 protocol=tcp
35 chain=services action=return
36 ;;; mengijinkan pembuatan koneksi
chain=forward action=accept connection-state=established
37 ;;; mengijinkan koneksi yang bersangkutan
chain=forward action=accept connection-state=related
38 ;;; drop koneksi yang salah
chain=forward action=drop connection-state=invalid
39 ;;; mematikn worm blaster
chain=virus action=drop dst-port=135-139 protocol=tcp
40 ;;; mematikn worm blaster
chain=virus action=drop dst-port=135-139 protocol=udp
41 ;;; mematikn worm blaster
chain=virus action=drop dst-port=445 protocol=tcp
42 ;;; mematikn worm blaster
chain=virus action=drop dst-port=445 protocol=udp
43 ;;; mematikn worm blaster
chain=virus action=drop dst-port=593 protocol=tcp
44 ;;; mematikn worm blaster
chain=virus action=drop dst-port=1024-1030 protocol=tcp
45 ;;; mematikn my doom
chain=virus action=drop dst-port=1080 protocol=tcp
46 ;;; mematikn my doom
chain=virus action=drop dst-port=1214 protocol=tcp
47 ;;; nmd requester
chain=virus action=drop dst-port=1363 protocol=tcp
48 ;;; nmd server
chain=virus action=drop dst-port=1364 protocol=tcp
49 ;;; screen cast
chain=virus action=drop dst-port=1368 protocol=tcp
50 ;;; hromgrafx
chain=virus action=drop dst-port=1373 protocol=tcp
51 ;;; cichild
chain=virus action=drop dst-port=1377 protocol=tcp
52 ;;; worm
chain=virus action=drop dst-port=1433-1434 protocol=tcp
53 ;;; bagle virus
chain=virus action=drop dst-port=2745 protocol=tcp
54 ;;; damaru y
chain=virus action=drop dst-port=2283 protocol=tcp
55 ;;; drop beagle
chain=virus action=drop dst-port=2535 protocol=tcp
56 ;;; drop beagle-ck
chain=virus action=drop dst-port=2745 protocol=tcp
57 ;;; drop mudoom
chain=virus action=drop dst-port=3127-3128 protocol=tcp
58 ;;; drop backdoor opticpro
chain=virus action=drop dst-port=3410 protocol=tcp
59 ;;; drop worm
chain=virus action=drop dst-port=4444 protocol=tcp
60 ;;; drop worm
chain=virus action=drop dst-port=5554 protocol=tcp
61 ;;; drop worm
chain=virus action=drop dst-port=6881-6889 protocol=tcp
62 ;;; drop beagle b
chain=virus action=drop dst-port=8866 protocol=tcp
63 ;;; drop dabber
chain=virus action=drop dst-port=9898 protocol=tcp
64 ;;; drop damaru
chain=virus action=drop dst-port=10000 protocol=tcp
65 ;;; drop mydoom b
chain=virus action=drop dst-port=10080 protocol=tcp
66 ;;; drop netbus
chain=virus action=drop dst-port=12345 protocol=tcp
67 ;;; drop kuang2
chain=virus action=drop dst-port=17300 protocol=tcp
68 ;;; drop subseven
chain=virus action=drop dst-port=27374 protocol=tcp
69 ;;; drop phatbot,agobot,gaobot
chain=virus action=drop dst-port=65506 protocol=tcp
70 ;;; jump ke chain virus
chain=forward action=jump jump-target=virus
71 ;;; drop ping besar
chain=forward action=drop protocol=icmp packet-size=100-65535
72 chain=output action=drop src-address=192.168.4.0/24 protocol=icmp
packet-size=100-65535
73 ;;; mengijinkan udp
chain=forward action=accept protocol=udp
74 ;;; mengijinkan akses ke internet dari jaringan yang dikenal
chain=forward action=accept src-address=192.168.1.0/24
75 chain=forward action=accept src-address=192.168.2.0/24
76 chain=forward action=accept src-address=192.168.4.0/24
77 chain=forward action=accept src-address=192.168.0.0/24
78 ;;; mematikan yang lainnya
chain=forward action=drop
####################################################################
####################################################################
Untuk filternya, sesuai selera masing-masing orang.
Untuk proxynya, terserah deh mau pilih apa.
Untuk nth, nilai ini yang berjalan baik di LBM ku. Kalo ada yang menemukan nilai lebih bagus, sharing yaa...
Ini hasil downloadku dari indowebster :
Pengalaman yang aku dapat :
1. nilai nth sangat berpengaruh dalam Load Balancing.
2. Mikrotik versi 3.xx lebih baik drpd 2.9.xx
3. Pakai RB450 untuk LB lebih sip, karena : Sempurna, hemat listrik, Mikrotik udah original. hehe..
Wassalam
Langganan:
Posting Komentar (Atom)
mas...paket speedynya yang small office atau warnet?
BalasHapusAmbil paket speedy office..
BalasHapusmas arm mohon bantuannya, saya baru nambah 1 line speedy, tapi saya amati beberapa hari sepertinya gak balance. saya sudah mencoba script diatas..
BalasHapussampean pake mikrotik ver berapa?
BalasHapusada perbedaan antara ver 2.xx dan 3.xx yaitu pada nth. Coba googling masalah nth..
mas tak kopyne yow artikele buat belajar!!!!!!!!!!!!!
BalasHapusmbah lentho
BalasHapusayo ngopi ngokop pipi hehehe bsd = bubrah sekarepe dewe ..... .... mtmt