Author Topic: TIPS mikrotik dengan standalone clearos  (Read 8287 times)

0 Members and 1 Guest are viewing this topic.

Offline wisnusanjaya

TIPS mikrotik dengan standalone clearos
« on: Saturday, 21 July 2012, 00:41:50 »
auto on off proxy
==================
fungsinya saat clearos mati port 80 langsung tanpa proxy, jika clearos nyala port 80 menggunakan proxy


topologi di mikrotik
eth1= 192.168.7.1   (local/lan)
eth2= 192.168.1.2   (public atau dari modem bisa juga di isi ip public atau ppoe dynamic kalau otomatis)
eth3= 192.168.55.2 (to proxy)


topologi di clearos standalone
ipclearos= 192.168.55.1 dan gateway 192.168.55.2

1. redirect port 80 ke proxy dan kasih coment yang gunanya untuk auto on dan off
----------------------------
/ip firewall nat
add action=dst-nat chain=dstnat comment=RedirectToProxy disabled=no \
    dst-address=!ippublic dst-port=80 in-interface=LOCAL protocol=tcp \
    src-address=!192.168.55.0/24 to-addresses=192.168.55.1 to-ports=3128

2. buat script untuk mencari comment
------------------------------------
/system script
add name=ProxyDown policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/ip firewall nat set [find comment=RedirectToProxy] disabled=yes"
add name=ProxyUp policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/ip firewall nat set [find comment=RedirectToProxy] disabled=no"


3. buat netwatch untuk cek clearos nya hidup atau mati
------------------------
/tool netwatch
add disabled=no down-script=ProxyDown host=192.168.55.1 interval=5s timeout=\
    1s up-script=ProxyUp


forward port clearos agar bisa di aksess dari luar mengunakan port lain bukan port standart untuk keamanan

dst-address=ippublic (ippublic isi ip anda jika static) kalau ppoe arahkan interface ke ppoe nanti akses mengunakan dyndns clearos

akses webconfig clearos mengunakan port 1234 dari webluar
=====================================
/ip firewall nat
add action=dst-nat chain=dstnat comment=webconfig+ssh.server disabled=no \
    dst-address=ippublic dst-port=1234 protocol=tcp to-addresses=\
    192.168.55.1 to-ports=81

aksess ssh menggunakan port 2323
=========================
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=ippublic \
    dst-port=2323 protocol=tcp to-addresses=192.168.55.1 to-ports=22

webserver menggunakan standalone clearos ( ingat harus di kasih tanda ! di dst-address ipclearos agar bisa di aksess dari lan juga)
==========================================
/ip firewall nat
add action=dst-nat chain=dstnat comment=RedirectToProxy disabled=no \
    dst-address=!192.168.55.1 dst-port=80 in-interface=LOCAL protocol=tcp \
    src-address=!192.168.55.0/24 to-addresses=192.168.55.1 to-ports=3128
add action=dst-nat chain=dstnat comment=webserver disabled=no dst-address=\
    ippublic dst-port=80 protocol=tcp to-addresses=192.168.55.1 \
    to-ports=80

/ip service
set www disabled=no port=8088

/ip dns static
add address=192.168.55.1 disabled=no name=anu.poweredbyclear.com ttl=1d


torent
======================
/ip firewall nat
add address=192.168.55.1 disabled=no name=wisnusanjaya.com ttl=1d
add action=dst-nat chain=dstnat comment=torent disabled=no dst-address=\
    ippublic dst-port=9898 protocol=tcp to-addresses=192.168.55.1 \
    to-ports=9091

webmin
=================
/ip firewall nat
add action=dst-nat chain=dstnat comment=webmin disabled=no dst-address=\
    ippublic dst-port=1111 protocol=tcp to-addresses=192.168.55.1 \
    to-ports=10000


jika menggunakan standalone firewall buka incoming

« Last Edit: Saturday, 01 September 2012, 00:06:10 by wisnusanjaya »
 
The following users thanked this post: sangpemula

Hello Guest! Replies in this topic have been hidden from view. You are currently missing 12 replies. Please register or login if you want to view the replies.