martes, 1 de septiembre de 2015

Installation | Manual | HandyCache | Parallel | Mikrotik | (2015)

Publicado por Unknown en 8:17 p. m. ,





.- Download youtube videos in flv or mp4 format (as it was previously) you can pause the video and still discharge (You can also do it by parts).
2. The video will not automatically change if the resolution in 360p to 360p and maximize remain a single file (currently changing multiple resolutions thus worsening caching parts)
3. You can make the video always charge in maximizing remains 240p 240p (for ISPs that offer speeds of less than 1 mega customer, this is excellent)
4. ad blocking and funnels (implementing rules blocking and redirection without making the network becomes slow as with the webproxy of mikrotik)
5. Cache to https certificate installation (installing certificates to each of the customers could do to cache https Youtube, facebook and others)
6. management of extensions written in Lua code greatly increases its ability q
7. White List to places where no one wants to go through handycache or some of their functions
Installation HandyCache:
HandyCache runs on Windows (XP, Vista, 7, 8 and 8.1) either 32 or 64 bits, personally suggest using Windows 8.1 environment.



 HandyCache






Arrangement drawing:


Take the same scheme for Thundercache

This image has been resized. Click on the bar to see it in its original size

Basic Rules used:
The masked very important WAN


/ip firewall nat
add action=masquerade chain=srcnat comment="Conexion a Internet" out-interface=WAN

/ip address
add address=10.0.0.1/24 interface=PROXY

10.0.0.1/24 is the gateway to HandyCache (image)
PROXY is the name of the network interface that goes to HandyCache Mikrotik

Creating list of IPs and Transparent redirection:
* If you ask if it is possible to redirect port 443 (https), so far has not been able to do (or I think you can)
* If they want to use caching https customers will have to manually redirect each of them (the client), adding proxy ip and port to use in their browsers. (And do not need any redirect NAT) ..
continued ...
First we create a list of customers

/ip firewall address-list
add address=192.168.10.0/24 list="Clientes Internet"

* 192.168.10.0 / 24 is the whole range of our clients IPs LAN
* If we have more customers we range just repeat the rule with the ranges we want adicionarles and the redirection will automatically as they are "Internet Clients"

Now we redirection: I will publish two forms (choose according to your need)
The 1st Form - Simple Nat:

/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Handycache" dst-address=!10.0.0.222 dst-port=80,8080,8888,8880,8777,3477,33301 protocol=tcp src-address-list="Clientes Internet" to-addresses=10.0.0.222 to-ports=1010

/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Handycache" dst-address=!10.0.0.0/24 dst-port=80,8080,8888,8880,8777,3477,33301 per-connection-classifier=both-addresses-and-ports:4/0 protocol=tcp src-address-list="Clientes Internet" to-addresses=10.0.0.222 to-ports=1010
add action=dst-nat chain=dstnat comment="Redirect Handycache" dst-address=!10.0.0.0/24 dst-port=80,8080,8888,8880,8777,3477,33301 per-connection-classifier=both-addresses-and-ports:4/1 protocol=tcp src-address-list="Clientes Internet" to-addresses=10.0.0.222 to-ports=2020
add action=dst-nat chain=dstnat comment="Redirect Handycache" dst-address=!10.0.0.0/24 dst-port=80,8080,8888,8880,8777,3477,33301 per-connection-classifier=both-addresses-and-ports:4/2 protocol=tcp src-address-list="Clientes Internet" to-addresses=10.0.0.222 to-ports=3030
add action=dst-nat chain=dstnat comment="Redirect Handycache" dst-address=!10.0.0.0/24 dst-port=80,8080,8888,8880,8777,3477,33301 per-connection-classifier=both-addresses-and-ports:4/3 protocol=tcp src-address-list="Clientes Internet" to-addresses=10.0.0.222 to-ports=4040

* Eye .... This way I do not need to be separated by our users and groups that they be distributed equitably between open handys.
It should be something like


This image has been resized. Click on the bar to see it in its original size


/ip firewall mangle
add action=mark-connection chain=postrouting comment=HandyCache content="Server: HandyCache" new-connection-mark=handy-connection protocol=tcp src-address= 10.0.0.222
add action=mark-packet chain=postrouting connection-mark=handy-connection new-packet-mark=handy-packs


/queue simple
add comment="Servidor Proxy HC" limit-at=5M/5M max-limit=5M/5M name=HandyCache packet-marks=handy-packs priority=6/6 queue=default/default target=""


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=5M name=HandyCache packet-mark=handy-packs parent=global-out priority=4 queue=default


A rule that use
The truth is that for me to leave a general rule for fullcache not really catches my attention so I use a slight variation that makes each one of my clients is 5 megs of fullcache and limit to 10 megabytes maximum overall output of the cache, I leave an image to be guided better:


This image has been resized. Click on the bar to see it in its original size




with this we have to work our program, but what if the server where you have installed HandyCache off?
Netwatch implement this other rule:

/tool netwatch
add comment=Handycache disabled=no down-script="/ip firewall nat set [find comment=\"Redirect Handycache\"] disabled=yes" host= 10.0.0.222 interval=2s timeout=2s up-script="/ip firewall nat set [find comment=\"Redirect Handycache\"] disabled=no"

* They must have enabled your Windows Ping response, if they know how to follow these guidelines Enable "incoming ICMP echo request" to PING on Windows XP, 7 / 8.1

QUIC lock (Quick Internet Connection UDP) of Google Chrome (Keeping http)
by Requium (automatically generated list)

/ip firewall layer7-protocol add name=Google regexp="^.*(google|youtube)\..*"
/ip firewall mangle add action=add-dst-to-address-list address-list=Google chain=postrouting out-interface="WAN" layer7-protocol=Google
/ip firewall filter add action=drop chain=forward comment="Bloqueo udp Chrome" dst-address-list=Google dst-port=!53  protocol=udp

Eye: mikrotik in versions 6.x must put the Layer 7 rule manually: regexp "^ * (Google | youtube) \ .. *." Name and "Google" .... all without quotes .. ..

we must consider increased consumption of processor our Mikrotiks, perhaps using it for a few hours for the ip lists are created and then disable the mangle rule to lower consumption or you have a rb Mikrotik as load balancing for I suggest you put the rules there and duplicate the mangle rule as the number of WANs that use

Back Top