Tuesday 15 November 2011

Cara Setting Loadbalancing 8 modem Di Mikrotik,8 Modem Khusus Browsing dan 1 Modem Khusus Game dan Redirect ke External Proxy (Bag.1)

Seperti topologi di atas,dengan menggunakan Mikrotik RB 1200 1 U total modem 9,kita loadbalancing 8 modem kemudian 1 modem khusus untuk game (tidak di loadbalancing) supaya game tidak ngelag..dan di bawahnya ada Mikrotik RB450G menangkap koneksi dari RB1200 1U dan Diredirect ke Proxy external dan kita atur bandwidth download dan upload dan limit extentionnya,mari kita mulai:

Topologi:

Mikrotik RB120 1 U

Ethernet1 (PPPoE) ----> Modem1

Ethernet2 (PPPoE) ----> Modem2

Ethernet3 (PPPoE) ----> Modem3

Ethernet4 (PPPoE) ----> Modem4

Ethernet5 (PPPoE) ----> Modem5

Ethernet6 (PPPoE) ----> Modem6

Ethernet7 (PPPoE) ----> Modem7

Ethernet8 (PPPoE) ----> Modem8

Ethernet9 (PPPoE) ----> Modem9

Ethernet10 ----> Local ----> Ip=192.168.253.1

Mikrotik RB450G

Ethernet1 ----> RB1200 1 U (Ethernet10) ----> Ip=192.168.253.2

Ethernet2 ----> HUB ----> Ip=192.168.1.1

Ethernet3 ----> Proxy ----> Ip=192.168.254.1

Squid External Proxy Ubuntu Lusca

Ethernet Onboot ----> Ip=192.168.254.2

  • Langkah awal adalah setiap modem di buat bridge dan mikrotik RB1200 1U kita buat pppoe client nya tutorial cara setting pppoe di mikrotik ada di ((SINI)), untuk interface pppoe yang ke 9 kita buat namanya public-game dan hasilnya seperti gambar di bawah ini:

  • selanjutnya kita buat nat untuk setiap modemnya,dengan perintah:
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public1
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public2
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public3
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public4
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public5
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public6
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public7
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public8
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public-game

seperti gambar di bawah ini:

  • Selanjutnya kita buat route mark untuk setiap modemnya,perintahnya:
/ip route add gateway=public1 distance=1 routing-mark=PUBLIC1
/ip route add gateway=public2 distance=1 routing-mark=PUBLIC2
/ip route add gateway=public3 distance=1 routing-mark=PUBLIC3
/ip route add gateway=public4 distance=1 routing-mark=PUBLIC4
/ip route add gateway=public5 distance=1 routing-mark=PUBLIC5
/ip route add gateway=public6 distance=1 routing-mark=PUBLIC6
/ip route add gateway=public7 distance=1 routing-mark=PUBLIC7
/ip route add gateway=public8 distance=1 routing-mark=PUBLIC8
/ip route add gateway=public-game distance=1 routing-mark="PUBLIC GAME"

  • Selanjutnya kita beri nama interface ethernet10 dengan local dan kita buat DNS,dengan perintah:
/interface set 10 name=local
/ip address add address=192.168.253.1 interface=local
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes

  • Selanjutnya kita buat ip firewall mangle untuk loadbalncing nya..kita gunakan load balancing jenis nth,perintahnya:
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC1 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=8,1 comment=NTH1
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC1 \
passthrough=no in-interface=local \
connection-mark=PUBLIC1 comment=MARK1
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC2 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=7,1 comment=NTH2
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC2 \
passthrough=no in-interface=local \
connection-mark=PUBLIC2 comment=MARK2
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC3 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=6,1 comment=NTH3
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC3 \
passthrough=no in-interface=local \
connection-mark=PUBLIC3 comment=MARK3
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC4 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=5,1 comment=NTH4
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC4 \
passthrough=no in-interface=local \
connection-mark=PUBLIC4 comment=MARK4
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC5 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=4,1 comment=NTH5
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC5 \
passthrough=no in-interface=local \
connection-mark=PUBLIC5 comment=MARK5
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC6 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=3,1 comment=NTH6
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC6 \
passthrough=no in-interface=local \
connection-mark=PUBLIC6 comment= MARK6
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC7 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=2,1 comment=NTH7
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC7 \
passthrough=no in-interface=local \
connection-mark=PUBLIC7 comment=MARK7
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC8 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=1,1 comment=NTH8
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC8 \
passthrough=no in-interface=local \
connection-mark=PUBLIC8 comment=MARK8
  • Dan Ip firewall mangle untuk game,di sini port2 untuk game telah lengkap saya kumpul berserta routing marknya yang kita arahkan juga ke routing mark public-game...
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=1818,2001,3010,4300,5105,5121 comment="GAME ONLINE"
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=5126,5171,5340-5352,6000-6152,7777 comment="GAME ONLINE"
/ip firewall mangle add chain=prerouting \
action=mark-connection
new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp
in-interface=local \
dst-port=7341-7350,7451,8085,9600,9601-9602,9300
/ip firewall mangle add chain=prerouting \
action=mark-connection
new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp
in-interface=local \
dst-port=9376-9377,9400,9700,10001-10011
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=10402,11011-11041,12011,12110,13008,13413
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=15000-15002,16402-16502,16666,18901-18909,19000
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=19101,22100,27780,28012,29000,29200
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=39100,39110,39220,39190,40000,49100
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=1293,1479,6100-6152,7777-7977,8001,9401
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=9600-9602,12020-12080,30000,40000-40010
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local dst-port=9339,843
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=42051-42052,11100-11125,11440-11460
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark="PUBLIC GAME" \
passthrough=no in-interface=local connection-mark="PUBLIC GAME"
  • Selanjutnya ip firewall filter untuk keamanan mikrotik kita dari virus port dan anti netcut,perintahnya:
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=drop \
chain=forward connection-state=invalid disabled=no
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=135-139 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1433-1434 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=593 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1024-1030 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1214 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1363 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1364 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1368 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1373 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1377 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2283 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2535 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3127 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3410 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=5554 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=8866 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=9898 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=10080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=12345 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=17300 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=27374 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=65506 protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=virus
/ip firewall filter add action=drop \
chain=input connection-state=invalid disabled=no
/ip firewall filter add action=accept \
chain=input disabled=no protocol=udp
/ip firewall filter add action=accept \
chain=input disabled=no limit=50/5s,2 protocol=icmp
/ip firewall filter add action=drop \
chain=input disabled=no protocol=icmp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=21 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=22 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
/ip firewall filter chain=input \
disabled=no dst-port=1337 protocol=tcp
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m
/ip firewall filter chain=input disabled=no \
dst-port=7331 protocol=tcp src-address-list=knock
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
  • Selanjutnya untuk test colokkan komputer di ethernet10 RB1200 1 U dan masukkan ip local,gateway,dns dan test browsing atau download,kemudian lihat trafficnya,seperti gambar di bawah ini:

  • Test browsing traffic sudah berjalan semua..selanjutnya traffic game,seperti gambar di bawah ini:

  • Selanjutnya kita set Mikrotik  RB450G....Buat nama interface masing-masing ethernet dengan perintah:
/interface set 0 name=public
/interface set 1 name=local
/interface set 2 name=proxy

  • Selanjutnya buat ip address untuk masing – masing  interface  dengan perintah:
/ip address add address=192.168.253.2 \
netmask=255.255.255.0 \
interface=public
/ip address add address=192.168.1.1 \
netmask=255.255.255.0 \
interface=local
/ip address add address=192.168.254.1 \
netmask=255.255.255.0 \
interface=proxy
  • Selanjutnya Kita buat ip route,dengan route gateway ke RB1200 1 U, dengan perintah:
/ip route add gateway=192.168.253.1
  • Selanjutnya DNS ,untuk DNS sesuaikan dengan jaringan masing masing, dengan perintah:
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes

  • Selanjutnya set NAT dan redirect ke external proxy,dengan perintah:
/ip firewall nat add chain=dstnat \
action=dst-nat to-addresses=192.168.254.2 to-ports=3128 \
protocol=tcp src-address=!192.168.254.0/24 \
in-interface=local dst-port=80 comment="TRANSPARENT PROXY"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.1.0/24 \
out-interface=public comment="LOCAL MASQUERADE"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.254.0/24 \
out-interface=public comment="PROXY MASQUERADE"
  • Selanjutnya Ip firewall layer7 protocols yang nantinya di tandai di mangle dan di limit extentionnya di queue tree,perintahnya:
/ip firewall layer7-protocol
add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9]\
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=CAB regexp="\\.(cab)"
add name=ASF regexp="\\.(asf)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name=RAM regexp="\\.(ram)"
add name=RMVB regexp="\\.(rmvb)"
add name=DAA regexp="\\.(daa)"
add name=NRG regexp="\\.(nrg)"
add name=BIN regexp="\\.(bin)"
add name=VCD regexp="\\.(vcd)"
add name="YOUTUBE STREAMING" regexp=www.youtube.com
  • Selanjutnya Ip frewall mangle untuk squid proxy hit,dengan menggunakan dscp tos 12 ,dengan perintah:
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="SQUID PROXY HIT" passthrough=no
  • Selanjutnya ip frewall mangle untuk ip firewall layer7 protocols,perintahnya:
/ip firewall mangle add action=mark-packet \
chain=forward comment="LIMIT EXTENTION" \
disabled=no layer7-protocol=YOUTUBE \
new-packet-mark=YOUTUBE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=\
"YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MKV \
new-packet-mark=MKV \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ASF \
new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=AVI \
new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=BIN \
new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=CAB \
new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=DAA \
new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=NRG \
new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAM \
new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RMVB \
new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=VCD \
new-packet-mark=VCD passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no

Bersambung......... ((KESINI))

No comments:

Post a Comment