Berikut ini adalah langkah - langkah setting MikroTik Loadbalance dengan Routing Mark + External Proxy :
1. INTERFACE LIST:
/interface
/interface add name="Modem1" type="ether" mtu=1500 l2mtu=1524
/interface add name="Modem2" type="ether" mtu=1500 l2mtu=1524
/interface add name="LAN" type="ether" mtu=1500 l2mtu=1524
/interface add name="Proxy" type="ether" mtu=1500 l2mtu=1524
2. IP ADDRESS LIST:
/ip address
/ip address add address=192.168.0.2/24 network=192.168.0.0 interface=Modem1
/ip address add address=192.168.2.2/24 network=192.168.2.0 interface=Modem2
/ip address add address=192.168.0.1/24 network=192.168.0.0 interface=LAN
/ip address add address=192.168.254.1/24 network=192.168.254.0 interface=Proxy
3. PPP-PPPoE CLIENT:
/interface pppoe-client
/interface pppoe-client add name="pppoe-speedy1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem1 user="111xxx@telkom.net" password="istana1806" profile=default service-name="mr-ekoapriadi.net1" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
/interface pppoe-client add name="pppoe-speedy2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem2 user="111xxx@telkom.net" password="FEVQYT12SA" profile=default service-name="mr-ekoapriadi.net2" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
4. IP FIREWALL NAT
/ip firewall nat
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.254.27 to-ports=3128 protocol=tcp dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,81,8080,3128 comment="TRANSPARENT PROXY"
/ip firewall nat add chain=srcnat action=masquerade out-interface=pppoe-speedy1 comment="MASQUERADE"
/ip firewall nat add chain=srcnat action=masquerade out-interface=pppoe-speedy2
/ip firewall nat add chain=srcnat action=masquerade out-interface=Modem1
/ip firewall nat add chain=srcnat action=masquerade out-interface=Modem2
/ip firewall nat add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=LAN dst-port=53 comment="TRANSPARENT DNS"
/ip firewall nat add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=LAN dst-port=53
/ip firewall nat add chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Proxy dst-port=53
/ip firewall nat add chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Proxy dst-port=53
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.254.27 to-ports=22 protocol=tcp dst-address="IP-Public" dst-port=2221 comment="SSH PROXY OUT REMOTE TO WINsCP"
5. IP FIREWALL ADDRESS-LIST
/ip firewall address-list
/ip firewall address-list add list=LAN-NeT address=192.168.0.0/24
/ip firewall address-list add list=Proxy-NeT address=192.168.254.0/24
/ip firewall address-list add list=Local+Proxy address=192.168.0.0/24
/ip firewall address-list add list=Local+Proxy address=192.168.254.0/24
6. IP FIREWALL MANGLE
/ip firewall mangle
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=49100 comment="Router POINTBLANK"
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190
7. PPPoe CONN:
/ip firewall mangle add chain=input action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=new in-interface=pppoe-speedy1 comment="PPPoE CONN"
/ip firewall mangle add chain=input action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=new in-interface=pppoe-speedy2
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=established in-interface=pppoe-speedy1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=established in-interface=pppoe-speedy2
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn passthrough=yes connection-state=related in-interface=pppoe-speedy1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=pppoe2-conn passthrough=yes connection-state=related in-interface=pppoe-speedy2
/ip firewall mangle add chain=output action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=no connection-mark=pppoe1-conn
/ip firewall mangle add chain=output action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=no connection-mark=pppoe2-conn
8. HTTP CONN:
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp src-address-type="" dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy per-connection-classifier=both-addresses-and-ports:2/0 comment="HTTP CONN"
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-pppoe2 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=80,3128 per-connection-classifier=both-addresses-and-ports:2/1
9. MARK-HTTP ROUTE:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=Proxy connection-mark=http-pppoe1 comment="MARK-HTTP ROUTE"
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=Proxy connection-mark=http-pppoe2
10. NON-HTTP CONN:
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 per-connection-classifier=both-addresses-and-ports:2/0 comment="NON-HTTP CONN"
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy dst-port=80,3128 per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=tcp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=LAN dst-port=!80,3128 per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp dst-address-type=!local dst-address-list=!Local+Proxy in-interface=Proxy per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1 passthrough=yes protocol=udp dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe2 passthrough=yes protocol=udp dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1
11. MARK NON HTTP ROUTE:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy1 passthrough=yes in-interface=LAN connection-mark=non-http-pppoe1 comment="MARK NON HTTP ROUTE"
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=pppoe-speedy2 passthrough=yes in-interface=LAN connection-mark=non-http-pppoe2
12. CRITICAL CONN:
/ip firewall mangle add chain=postrouting action=change-dscp new-dscp=1 protocol=tcp dst-port=53 comment="CRITICAL CONN"
/ip firewall mangle add chain=postrouting action=change-dscp new-dscp=1 protocol=icmp
/ip firewall mangle add chain=postrouting action=change-dscp new-dscp=1 protocol=udp dst-port=53
/ip firewall mangle add chain=postrouting action=mark-connection new-connection-mark=critical-conn passthrough=yes dscp=1
/ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passthrough=no connection-mark=critical-conn
13. PROXY-HIT:
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no protocol=tcp in-interface=Proxy dscp=12 comment="PROXY-HIT"
/ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=PKT-HIT passthrough=no out-interface=LAN dscp=12
14. IP ROUTE:
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 check-gateway=ping distance=1 scope=30 target-scope=10 comment="Default-Route-speedy1-Distance-1"
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=PointBlank comment="Default-Route-speedy2-Distance-2"
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-speedy1 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=pppoe-speedy1
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-speedy2 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=pppoe-speedy2
Selamat Mencoba
