Saturday 19 November 2011

Cara Memisahkan 2 Line Internet dalam 1 Mikrotik Router


Seperti topologi di atas...dengan 2 modem kita pisahkan jalur nya di mikrotik untuk setiap komputer yang kita tentukan dalam 1 network..

Topologi:

Modem

Modem1=192.168.1.1

Modem2=192.168.9.1

Mikrotik

Eth1=192.168.1.2

Eth2=192.168.9.16

Eth3=192.168.3.1

Komputer Client

Client1=192.168.3.2----Di arahkan Ke Modem1

Client2=192.168.3.3----Di arahkan Ke Modem2

Mari kita mulai:

  • Langkah awal adalah memberi nama setiap interface di mikrotik,dengan perintah di “New Terminal”:
/interface set 0 name=public-modem1
/interface set 1 name=public-modem2
/interface set 2 name=local-client

  • Selanjutnya memberi ip untuk ethernet di mikrotik,dengan perintah:
/ip address add address=192.168.1.2 \
netmask=255.255.255.0 \
interface=public-modem1
/ip address add address=192.168.9.16 \
netmask=255.255.255.0 \
interface=public-modem2
/ip address add address=192.168.3.1 \
netmask=255.255.255.0 \
interface=local-client

Hasilnya seperti gambar di bawah ini:

  • Selanjutnya memasukkan DNS,sesuaikan dengan dns anda masing2,dengan perintah:
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes
  • kemudian memasukkan ip route modem1,modem2 beserta routing mark nya:
/ip route add gateway=192.168.1.1
/ip route add gateway=192.168.1.1 routing-mark=MODEM1
/ip route add gateway=192.168.9.1
/ip route add gateway=192.168.9.1 routing-mark=MODEM2

Hasilnya seperti gambar di bawah ini:

  • Selanjutnya masukkan Ip firewall NAT untuk setiap modem dengan action masquerade,printahnya:
/ip firewall nat add chain=srcnat \
out-interface=public-modem1 \
action=masquerade
/ip firewall nat add chain=srcnat \
out-interface=public-modem2 \
action=masquerade

Hasilnya seperti gambar di bawah ini:

  • Selanjutnya memasukkan ip firewall address list untuk clinet ip yang akan di rule di mangle nanti nya...topologi di atas ada 2 ip address yaitu 192.168.3.2 dan 192.168.3.3,perintahnya sebagai berikut:
ip firewall address-list \
add address=192.168.3.2 \
list="IP MENGARAH KE MODEM1"
ip firewall address-list \
add address=192.168.3.3 \
list="IP MENGARAH KE MODEM2”

jika misalkan komputer anda banyak anda tinggal tambahkan ip address nya

hasil dari perintah di atas seperti gambar di bawah ini:

  • Selanjutnya kita buat mangle untuk koneksi dari address list yang telah kita buat beserta mangle routing mark yang akan di tangkap ip route dengan routing mark tadi,dan mark packet untuk di opor ke queue tree,dengan perintah:
+-/ip firewall mangle add chain=prerouting \
action=mark-connection \
new-connection-mark=MODEM1 passthrough=yes \
src-address-list=”IP MENGARAH KE MODEM1” \
in-interface=local-client
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=MODEM1 \
passthrough=no in-interface=local-client \
connection-mark=MODEM1
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”MODEM1 DOWN” \
passthrough=no dst-address=192.168.3.2 \
connection-mark=MODEM1
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”MODEM1 UP” \
passthrough=no src-address=192.168.3.2 \
connection-mark=MODEM1
/ip firewall mangle add chain=prerouting \
action=mark-connection \
new-connection-mark=MODEM2 passthrough=yes \
src-address-list=”IP MENGARAH KE MODEM2” \
in-interface=local-client
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=MODEM2 \
passthrough=no in-interface=local-client \
connection-mark=MODEM2
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”MODEM2 DOWN” \
passthrough=no dst-address=192.168.3.3 \
connection-mark=MODEM2
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”MODEM2 UP” \
passthrough=no src-address=192.168.3.3 \
connection-mark=MODEM2

Hasilnya seperti gambar di bawah ini:

  • Selanjutnya kita buat queue type dengan pcq untuk di tandai di queue tree dengn download dan upload otomatis bagi rata bandwidth nya,perintahnya:
/queue type add name=DOWN \
kind=pcq pcq-classifier=dst-address,dst-port
/queue type add name=UP \
kind=pcq pcq-classifier=src-address,src-port
Selanjutnya kita buat queue tree nya,untuk download dan upload,perintahnya:
/queue tree add name="CLIENT MODEM1 DOWN" \
parent=global-out packet-mark=”MODEM1 DOWN” \
limit-at=0 queue=DOWN priority=1 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CLIENT MODEM2 DOWN" \
parent=global-out packet-mark=”MODEM2 DOWN” \
limit-at=0 queue=DOWN priority=1 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CLIENT MODEM1 UP" \
parent=public-modem1 packet-mark=”MODEM1 UP” \
limit-at=0 queue=UP priority=2 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CLIENT MODEM2 UP" \
parent=public-modem2 packet-mark=”MODEM2 UP” \
limit-at=0 queue=UP priority=2 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s

hasilnya seperti gambar di bawah ini:

  • Selanjutnya test hasil,pertama saya buat ip address di komputer 192.168.3.2 seperti gambar di bawah ini:

  • Kemudian saya test browsing dan hasilnya traffic menuju ke modem1 dan queue nya menuju ke modem1 juga,berarti telah berjalan seperti topologi di atas,seperti gambar di bawah ini:

  • Selanjutnya test hasil,pertama saya buat ip address di komputer 192.168.3.3 seperti gambar di bawah ini:

  • Kemudian saya test browsing dan hasilnya traffic menuju ke modem2 dan queue nya menuju ke modem2 juga,berarti telah berjalan seperti topologi di atas,seperti gambar di bawah ini:

Selesai dan selamat mencoba.......

Tuesday 15 November 2011

Cara Setting Loadbalancing 8 modem Di Mikrotik,8 Modem Khusus Browsing dan 1 Modem Khusus Game dan Redirect ke External Proxy (Bag.2)

Setelah membaca... Cara Setting Loadbalancing 8 modem Di Mikrotik,8 Modem Khusus Browsing dan 1 Modem Khusus Game dan Redirect ke External Proxy (Bag.1)

Sekarang kita lanjutkan......

/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no
  • Selanjutnya ip firewall mangle untuk Game online,perintahnya:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="GAME ONLINE" \
disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=7341-7350,7451,8085,9600,9601-9602,9300
\
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=9376-9377,9400,9700,10001-10011 \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port="10402,11011-\
11041,12011,12110,13008,13413" in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no
dst-port="15000-15002,16402-16502,16666,18901-18909,19000" \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port=19101,22100,27780,28012,29000,29200 \
in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port=39100,39110,39220,39190,40000,49100 in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port="1293,1479,6100-6152,7777-7977,8001" in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port="9401,9600-9602,12020-12080,30000,40000-40010" \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=42051-42052,11100-11125,11440-11460
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME ONLINE" \
disabled=no dst-address=192.168.1.0/24 \
new-packet-mark="GAME ONLINE DOWN" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME ONLINE" \
disabled=no in-interface=local new-packet-mark="GAME ONLINE UP"
passthrough=no src-address=192.168.1.0/24
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="GAME FACEBOOK" \
disabled=no dst-port=9339,843 in-interface=local \
new-connection-mark="GAME FACEBOOK" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME FACEBOOK" \
disabled=no dst-address=192.168.1.0/24 new-packet-mark=\
"GAME FACEBOOK DOWN" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME FACEBOOK" \
disabled=no new-packet-mark="GAME FACEBOOK UP" \
passthrough=no src-address=192.168.1.0/24
Selanjutnya ip firewall mangle untuk browsing download dan upload dan mivo tv
yang nantinya di limit di queue tree ,perintahnya:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=BROWSING disabled=no \
dst-port=80 in-interface=local \
new-connection-mark=BROWSING passthrough=\
yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=BROWSING disabled=no \
dst-address=192.168.1.0/24 \
new-packet-mark="BROWSING DOWN" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=BROWSING disabled=no \
new-packet-mark="BROWSING UP" \
passthrough=no src-address=192.168.1.0/24
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="MIVO TV" disabled=no \
dst-port=1935 in-interface=local new-connection-mark="MIVO TV" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=MIVO disabled=no \
new-packet-mark=MIVO passthrough=no
  • Selanjutnya ip firewall filter untuk keamanan mikrotik kita dari virus port dan anti netcut,perintahnya:
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=drop \
chain=forward connection-state=invalid disabled=no
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=135-139 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1433-1434 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=593 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1024-1030 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1214 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1363 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1364 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1368 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1373 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1377 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2283 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2535 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3127 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3410 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=5554 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=8866 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=9898 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=10080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=12345 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=17300 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=27374 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=65506 protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=virus
/ip firewall filter add action=drop \
chain=input connection-state=invalid disabled=no
/ip firewall filter add action=accept \
chain=input disabled=no protocol=udp
/ip firewall filter add action=accept \
chain=input disabled=no limit=50/5s,2 protocol=icmp
/ip firewall filter add action=drop \
chain=input disabled=no protocol=icmp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=21 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=22 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s
/ip firewall filter chain=input \
disabled=no dst-port=1337 protocol=tcp
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
/ip firewall filter chain=input disabled=no \
dst-port=7331 protocol=tcp src-address-list=knock
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
  • Selanjutnya Queue type,karena kita menggunakan queue tree kita buat queue typenya dahulu dengan pcq,perintahnya:
/queue type add kind=pcq name="PROXY DOWN" \
pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
/queue type add kind=pcq name=DOWN \
pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=2s pcq-classifier=dst-address,dst-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
/queue type add kind=pcq name=UP \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,dst-address,src-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000 \
set default-small kind=pfifo name=default-small pfifo-limit=10
  • Selanjutnya Queue tree.untuk max limit silahkan sesuaikan dengan kapasitas bandwidth anda masing masing dan kebutuhan.
    • Proxy Hit dengan perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A..PROXY HIT" \
packet-mark="SQUID PROXY HIT" parent=\
local priority=1 queue="PROXY DOWN"
    • Game Upload dengan perintah:
/queue tree add add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B.GAME UP" \
parent=public priority=1
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME FACEBOOK." \
packet-mark="GAME FACEBOOK UP" parent=\
"B.GAME UP" priority=3 queue=UP
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME ONLINE." \
packet-mark="GAME ONLINE UP" parent=\
"B.GAME UP" priority=2 queue=UP

    • Browsing Upload
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=128k name=C.UP parent=proxy priority=1
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BROWSING. packet-mark="BROWSING UP" \
parent=C.UP priority=2 queue=UP
    • Download,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=D.DOWN parent=global-out priority=1
      • Download game facebook,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="GAME 1" parent=D.DOWN priority=3
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME FACEBOOK" \
packet-mark="GAME FACEBOOK DOWN" parent=\
"GAME 1" priority=3 queue=DOWN
      • Download game online,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME 2" parent=D.DOWN priority=2
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME ONLINE" \
packet-mark="GAME ONLINE DOWN" parent=\
"GAME 2" priority=2 queue=DOWN
      • Download browsing,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BROWSING parent=D.DOWN priority=4
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="BROWSING... " \
packet-mark="BROWSING DOWN" parent=\
BROWSING priority=4 queue=DOWN
      • Download file seperti exe,zip,rar,youtube streaming dll,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="LIMIT EXTENTION" \
parent=D.DOWN priority=5
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=YOUTUBE \
packet-mark=YOUTUBE parent="LIMIT EXTENTION" \
priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MKV packet-mark=MKV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP3 packet-mark=MP3 \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP4 packet-mark=MP4 \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="ZIP PAKET" packet-mark=ZIP \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=EXE packet-mark=EXE \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=FLV packet-mark=FLV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ISO packet-mark=ISO \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ASF packet-mark=ASF \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=AVI packet-mark=AVI \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BIN packet-mark=BIN \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=CAB packet-mark=CAB \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DAA packet-mark=DAA \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MOV packet-mark=MOV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPEG packet-mark=MPEG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPG packet-mark=MPG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MR packet-mark=MR \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=NRG packet-mark=NRG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAM packet-mark=RAM \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAR packet-mark=RAR \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RMVB packet-mark=RMVB \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=VCD packet-mark=VCD \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s
disabled=no limit-at=0 \
max-limit=0 name=WAV packet-mark=WAV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WMV packet-mark=WMV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3GP packet-mark=3GP \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=7z packet-mark=7z \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add name="MIVO TV" \
parent=LIMIT EXTENTION packet-mark=MIVO \
limit-at=0 queue=DOWN \
priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s
  • Selanjutnya di halaman utama winbox pilih queues kemudian queues tree dan setting max limit dan limit at bandwidthnya,sesuaikan dengan bandwidth anda masing masing,seperti gambar di bawah ini:

 

Selamat mencoba...

Cara Setting Loadbalancing 8 modem Di Mikrotik,8 Modem Khusus Browsing dan 1 Modem Khusus Game dan Redirect ke External Proxy (Bag.1)

Seperti topologi di atas,dengan menggunakan Mikrotik RB 1200 1 U total modem 9,kita loadbalancing 8 modem kemudian 1 modem khusus untuk game (tidak di loadbalancing) supaya game tidak ngelag..dan di bawahnya ada Mikrotik RB450G menangkap koneksi dari RB1200 1U dan Diredirect ke Proxy external dan kita atur bandwidth download dan upload dan limit extentionnya,mari kita mulai:

Topologi:

Mikrotik RB120 1 U

Ethernet1 (PPPoE) ----> Modem1

Ethernet2 (PPPoE) ----> Modem2

Ethernet3 (PPPoE) ----> Modem3

Ethernet4 (PPPoE) ----> Modem4

Ethernet5 (PPPoE) ----> Modem5

Ethernet6 (PPPoE) ----> Modem6

Ethernet7 (PPPoE) ----> Modem7

Ethernet8 (PPPoE) ----> Modem8

Ethernet9 (PPPoE) ----> Modem9

Ethernet10 ----> Local ----> Ip=192.168.253.1

Mikrotik RB450G

Ethernet1 ----> RB1200 1 U (Ethernet10) ----> Ip=192.168.253.2

Ethernet2 ----> HUB ----> Ip=192.168.1.1

Ethernet3 ----> Proxy ----> Ip=192.168.254.1

Squid External Proxy Ubuntu Lusca

Ethernet Onboot ----> Ip=192.168.254.2

  • Langkah awal adalah setiap modem di buat bridge dan mikrotik RB1200 1U kita buat pppoe client nya tutorial cara setting pppoe di mikrotik ada di ((SINI)), untuk interface pppoe yang ke 9 kita buat namanya public-game dan hasilnya seperti gambar di bawah ini:

  • selanjutnya kita buat nat untuk setiap modemnya,dengan perintah:
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public1
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public2
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public3
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public4
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public5
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public6
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public7
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public8
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public-game

seperti gambar di bawah ini:

  • Selanjutnya kita buat route mark untuk setiap modemnya,perintahnya:
/ip route add gateway=public1 distance=1 routing-mark=PUBLIC1
/ip route add gateway=public2 distance=1 routing-mark=PUBLIC2
/ip route add gateway=public3 distance=1 routing-mark=PUBLIC3
/ip route add gateway=public4 distance=1 routing-mark=PUBLIC4
/ip route add gateway=public5 distance=1 routing-mark=PUBLIC5
/ip route add gateway=public6 distance=1 routing-mark=PUBLIC6
/ip route add gateway=public7 distance=1 routing-mark=PUBLIC7
/ip route add gateway=public8 distance=1 routing-mark=PUBLIC8
/ip route add gateway=public-game distance=1 routing-mark="PUBLIC GAME"

  • Selanjutnya kita beri nama interface ethernet10 dengan local dan kita buat DNS,dengan perintah:
/interface set 10 name=local
/ip address add address=192.168.253.1 interface=local
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes

  • Selanjutnya kita buat ip firewall mangle untuk loadbalncing nya..kita gunakan load balancing jenis nth,perintahnya:
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC1 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=8,1 comment=NTH1
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC1 \
passthrough=no in-interface=local \
connection-mark=PUBLIC1 comment=MARK1
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC2 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=7,1 comment=NTH2
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC2 \
passthrough=no in-interface=local \
connection-mark=PUBLIC2 comment=MARK2
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC3 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=6,1 comment=NTH3
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC3 \
passthrough=no in-interface=local \
connection-mark=PUBLIC3 comment=MARK3
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC4 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=5,1 comment=NTH4
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC4 \
passthrough=no in-interface=local \
connection-mark=PUBLIC4 comment=MARK4
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC5 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=4,1 comment=NTH5
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC5 \
passthrough=no in-interface=local \
connection-mark=PUBLIC5 comment=MARK5
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC6 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=3,1 comment=NTH6
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC6 \
passthrough=no in-interface=local \
connection-mark=PUBLIC6 comment= MARK6
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC7 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=2,1 comment=NTH7
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC7 \
passthrough=no in-interface=local \
connection-mark=PUBLIC7 comment=MARK7
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC8 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=1,1 comment=NTH8
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC8 \
passthrough=no in-interface=local \
connection-mark=PUBLIC8 comment=MARK8
  • Dan Ip firewall mangle untuk game,di sini port2 untuk game telah lengkap saya kumpul berserta routing marknya yang kita arahkan juga ke routing mark public-game...
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=1818,2001,3010,4300,5105,5121 comment="GAME ONLINE"
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=5126,5171,5340-5352,6000-6152,7777 comment="GAME ONLINE"
/ip firewall mangle add chain=prerouting \
action=mark-connection
new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp
in-interface=local \
dst-port=7341-7350,7451,8085,9600,9601-9602,9300
/ip firewall mangle add chain=prerouting \
action=mark-connection
new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp
in-interface=local \
dst-port=9376-9377,9400,9700,10001-10011
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=10402,11011-11041,12011,12110,13008,13413
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=15000-15002,16402-16502,16666,18901-18909,19000
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=19101,22100,27780,28012,29000,29200
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=39100,39110,39220,39190,40000,49100
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=1293,1479,6100-6152,7777-7977,8001,9401
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=9600-9602,12020-12080,30000,40000-40010
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local dst-port=9339,843
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=42051-42052,11100-11125,11440-11460
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark="PUBLIC GAME" \
passthrough=no in-interface=local connection-mark="PUBLIC GAME"
  • Selanjutnya ip firewall filter untuk keamanan mikrotik kita dari virus port dan anti netcut,perintahnya:
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=drop \
chain=forward connection-state=invalid disabled=no
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=135-139 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1433-1434 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=593 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1024-1030 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1214 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1363 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1364 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1368 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1373 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1377 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2283 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2535 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3127 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3410 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=5554 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=8866 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=9898 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=10080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=12345 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=17300 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=27374 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=65506 protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=virus
/ip firewall filter add action=drop \
chain=input connection-state=invalid disabled=no
/ip firewall filter add action=accept \
chain=input disabled=no protocol=udp
/ip firewall filter add action=accept \
chain=input disabled=no limit=50/5s,2 protocol=icmp
/ip firewall filter add action=drop \
chain=input disabled=no protocol=icmp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=21 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=22 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
/ip firewall filter chain=input \
disabled=no dst-port=1337 protocol=tcp
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m
/ip firewall filter chain=input disabled=no \
dst-port=7331 protocol=tcp src-address-list=knock
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
  • Selanjutnya untuk test colokkan komputer di ethernet10 RB1200 1 U dan masukkan ip local,gateway,dns dan test browsing atau download,kemudian lihat trafficnya,seperti gambar di bawah ini:

  • Test browsing traffic sudah berjalan semua..selanjutnya traffic game,seperti gambar di bawah ini:

  • Selanjutnya kita set Mikrotik  RB450G....Buat nama interface masing-masing ethernet dengan perintah:
/interface set 0 name=public
/interface set 1 name=local
/interface set 2 name=proxy

  • Selanjutnya buat ip address untuk masing – masing  interface  dengan perintah:
/ip address add address=192.168.253.2 \
netmask=255.255.255.0 \
interface=public
/ip address add address=192.168.1.1 \
netmask=255.255.255.0 \
interface=local
/ip address add address=192.168.254.1 \
netmask=255.255.255.0 \
interface=proxy
  • Selanjutnya Kita buat ip route,dengan route gateway ke RB1200 1 U, dengan perintah:
/ip route add gateway=192.168.253.1
  • Selanjutnya DNS ,untuk DNS sesuaikan dengan jaringan masing masing, dengan perintah:
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes

  • Selanjutnya set NAT dan redirect ke external proxy,dengan perintah:
/ip firewall nat add chain=dstnat \
action=dst-nat to-addresses=192.168.254.2 to-ports=3128 \
protocol=tcp src-address=!192.168.254.0/24 \
in-interface=local dst-port=80 comment="TRANSPARENT PROXY"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.1.0/24 \
out-interface=public comment="LOCAL MASQUERADE"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.254.0/24 \
out-interface=public comment="PROXY MASQUERADE"
  • Selanjutnya Ip firewall layer7 protocols yang nantinya di tandai di mangle dan di limit extentionnya di queue tree,perintahnya:
/ip firewall layer7-protocol
add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9]\
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=CAB regexp="\\.(cab)"
add name=ASF regexp="\\.(asf)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name=RAM regexp="\\.(ram)"
add name=RMVB regexp="\\.(rmvb)"
add name=DAA regexp="\\.(daa)"
add name=NRG regexp="\\.(nrg)"
add name=BIN regexp="\\.(bin)"
add name=VCD regexp="\\.(vcd)"
add name="YOUTUBE STREAMING" regexp=www.youtube.com
  • Selanjutnya Ip frewall mangle untuk squid proxy hit,dengan menggunakan dscp tos 12 ,dengan perintah:
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="SQUID PROXY HIT" passthrough=no
  • Selanjutnya ip frewall mangle untuk ip firewall layer7 protocols,perintahnya:
/ip firewall mangle add action=mark-packet \
chain=forward comment="LIMIT EXTENTION" \
disabled=no layer7-protocol=YOUTUBE \
new-packet-mark=YOUTUBE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=\
"YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MKV \
new-packet-mark=MKV \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ASF \
new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=AVI \
new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=BIN \
new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=CAB \
new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=DAA \
new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=NRG \
new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAM \
new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RMVB \
new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=VCD \
new-packet-mark=VCD passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no

Bersambung......... ((KESINI))