Friday, May 13, 2016

MikroTik combination with External Proxy


MikroTik combination with External Proxy





Proxy not a stranger in the world of Mikrotik.
 Mikrotik itself has proxy feature that can be quite simple. Many users Mikrotik then add external proxy in order to use features that are more complex than internal features of proxy. The question is, whether they have a significant performance difference? In this article we will try to do test the performance of internal and external proxy. 

Configuring External Proxy with MikroTik

To test this, we will use an external application proxy that is commonly used, namely Squid. Step-by-step installation and configuration of the application of this squid can we get references on the internet. And do not worry a lot of references that have been using the Indonesian language for this application many users even in Indonesia.
After installation and configuration of Squid is complete, then we will do the setting transparent proxy. This works for all traffic accessing the HTTP (TCP Protocol, Port 80) is deflected into the Proxy server. Configuration of the transparent proxy this we will do in the MikroTik Router using NAT Firewall feature. The steps are as follows: 



Go to the menu IP -> Firewall -> Nat -> click the Add [+]. Then specify the parametersChain, Protocol, Dst.Port, in accordance with the above view. In a special parameter.Interface stay we adjust the link that leads to a local network. Furthermore, the Tab Action, Action parameters for use dst-nat and we also specify the parameters To Addresses and Ports To address the Proxy server and the port used. In this example the proxy server using the IP address and the port is 192 168 129 141 3128.

Now, with the above step has been formed transparent proxy. Next we will do test whether the configuration that we have done goes well or not. We will try to access the website we have added to the list 'Blocking' on the Proxy server. 



If the error text is displayed as described above, the configuration we have been successful.

Internal configuration MikroTik Proxy (Web Proxy)

After we tried to use the External Proxy, now we'll try to feature contained in the Proxy MikroTik. As we have seen MikroTik adding a feature that can be used to perform the access management of user / client. Such features are Web Proxy. How the steps to configure this feature can be seen in the discussion of the previous article here . 

On these links already explained how we enable and also setting the web proxy feature is that access a web page can be set here. And on the link it has also been described how to create a transparent proxy to redirect traffic to Web Proxy feature. For transparent proxy is also the same as we have done before, but the difference here is the selection of parameters Action. If we use the Internal Proxy (Web Proxy), the action we have set with the option 'Redirect' because the system proxy server located at localhost (router).Meanwhile, if we use the External Proxy (Squid), the action we have chosen is 'dst-nat'.

Well, if Inetrnal proxy configuration (Web Proxy) we have done, now we will try to access the web that we have entered kedaftar 'Deny' in the Web Proxy. As before, if the configuration we are going well or not.



And if it displays an error on the web browser as above, then the web proxy configuration has been successful.

Performance Test (Pros & Cons)

Once we tried to configure and implement the above two types of proxy servers, we can make the performance of each proxy server. To perform the analysis of the performance of the proxy, there beberpa tool that we can use. Among such Grinder, Gatling, Tsung,Apache JMeter. The tools we can get it for free and also the configuration steps in the application developer's website.

This time we will try the application Tsung to analyze the performance of proxy that we have built before.





With these tools we can see the performance of the proxy server to view a table or graph.There beberpa parameters to be analyzed seeprti Response Times, Network Throughput, Transactions Statistics, Counter Statistics. 

Well, from here we can draw a conclusion as to the performance of each proxy server.Where, for the use of simple, both the proxy server is not too much different, but to side configuration External Proxy (Squid) more custom. 

:: Internal Proxy (Web Proxy) ::

  • Easy installation process.
  • Easy to configure (there are GUI display).
  • If the size of storage on a small router, then it's not recommended to enable proxy caching feature, or at least not only used to cache small files.

:: External Proxy (Squid) ::

  • Easy to install, simply add NAT Mikrotik side.
  • A little tricky to configuration (must use scripting).
  • Suitable for more advanced needs.
  • The storage capacity is relatively large, because the use of a PC so that the proxy cache feature can run optimally

Problem hostage 10 Indonesians, RI asked to go to the option to pay ransom





A day before the deadline for payment of the ransom demanded by the kidnappers, the fate of 10 Indonesian citizens who are victims of kidnappings in the southern Philippines is still unclear.
Although the Indonesian government claimed to continue coordinating with the Philippine government to free the hostages, kidnapping victim's family claimed anxious about their safety.
Some reports said the kidnappers asked for a ransom of 50 million pesos, or about Rp15 billion, with a deadline of Friday, April 8, 2016.
They were kidnapped on 26 March in Tambulian waters, off the coast of tapul Island, Sulu, Philippines, and so far no party claiming to be the culprit.

Image copyright AFP
The Government of Indonesia through the Indonesian Embassy in Manila, Philippines, said the process of negotiations to rescue the crew members held hostage "keep going".
"The process went on, the government continues to pursue various options to rescue 10 citizens who were held hostage, because the first priority is their safety," said Basriana Basrul, the first secretary of the Embassy in Manila, Philippines, the BBC's Indonesia via telephone.
Separately, National Police chief Gen. Badrodin Haiti said the negotiations - which also involve the two companies Brahma 12 tugs and 12 barges Anand - with the kidnappers continued.
"The company also communicates with them (the kidnappers)," said Badrodin Haiti told reporters here on Wednesday.

Prioritizing 'ransom'

Not clear what material the employer communicated with the kidnappers, but researchers from the Indonesian Institute of Sciences (LIPI) as well as observers Philippines also, Adriana Elisabeth suggested that preferred option is ransom money.

Image copyright Getty
"We should not mess with the threat yes, because there is a hostage incident was killed. So, the quickest way to pay the money demanded as ransom," said Adriana told BBC Indonesia, Wednesday afternoon.
According to him, the option of ransom money should be a priority for the Indonesian government has chosen to mengutakaman safety of the hostages.
"It's the most practical way, for negotiation, diplomacy, it takes time," added Adriana.
Meanwhile, one of the kidnapping victim's family claimed 'very concerned' for the safety of their children ahead of the deadline deadline for payment of a ransom.
"Feeling as parents, deeply concerned for his safety, because safety can not be replaced any lives," said Aidil, the father of Wendi Rakhadian, Anand 12 crew members taken hostage kidnappers.

Under conditions of 'healthy'


Image copyright Ocky Anugrah
To Ocky Anugrah Mahesa -wartawan in Padang, Sumatra, Indonesia Barat- Aidil expect governments and employers shipowner in order to release all hostages by any means, including by 'paying ransom'.
Aidil claimed to have contacted the ship's company on Monday (04/04) ago and reported that Wendi is in a "healthy".
Although prefer the option of dialogue, the Indonesian government has set up a rapid reaction force in Tarakan, North Kalimantan. President Jokowi said that various options have been prepared to rescue the hostages.
The Philippine government has rejected the possibility of the involvement of the Indonesian military and the request entrust to the apparatus to complete it.
The Abu Sayyaf, which is known to often carry out kidnappings, beheadings, bombings and extortion, allegedly was behind the hostage citizens of Indonesia in the southern Philippines.
Abu Sayyaf is a network of al-Qaeda in Southeast Asia are the most militant groups in the Philippines Christian-majority country.