My Community

Ajang saling berbagi segala informasi
 
IndeksFAQPencarianPendaftaranLogin

Share | 
 

 Bandwidth Management + SQUIDBOX untuk warnet 1 line

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
zoky



Jumlah posting : 18
Join date : 25.11.10

PostSubyek: Bandwidth Management + SQUIDBOX untuk warnet 1 line   Thu Nov 25, 2010 9:40 am

Simple Setting Mikrotik Bandwidth Management + SQUIDBOX untuk warnet

/interface
set ether1 comment="Public Interface" name=Public
set ether2 comment="Local Interface" name=Local
set ether3 comment="Proxy Interface" name=Proxy

/ip address
add address=192.168.10.10/24 broadcast=192.168.10.255 comment="" disabled=no interface=Local network=192.168.10.0
add address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no interface=Proxy network=192.168.2.0
add address=10.20.20.34/24 broadcast=10.20.20.255 comment="" disabled=no interface=Public network=10.20.20.0

/ip route
add dst-address=0.0.0.0/0 gateway=10.20.20.1 scope=255 target-scope=10 \
comment="" disabled=no

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers="192.168.2.2,116.254.99.254,8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220"

/ip dns static
add name="zoky.net" address=192.168.2.2 ttl=1d

/system ntp client set primary-ntp=203.160.128.6 secondary-ntp=202.169.224.16 mode=unicast enabled=yes

/system clock set time-zone-name=Asia/Jakarta

/system identity set name=Q-NET

/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291

/ip firewall address-list
add address=192.168.2.0/24 comment="" disabled=no list=ProxyNET
add address=192.168.10.0/24 comment="" disabled=no list=Q-NET

/ip firewall filter
add chain=forward action=add-dst-to-address-list protocol=tcp \
address-list=Poker address-list-timeout=0s dst-port=843 \
comment="SCANNER POKER"
add chain=forward action=add-dst-to-address-list protocol=tcp \
address-list=Poker address-list-timeout=0s dst-port=9339
add chain=forward action=add-dst-to-address-list protocol=tcp \
address-list=PointBlank address-list-timeout=0s dst-port=39190 \
comment="SCANNER POINTBLANK"
add chain=forward action=add-dst-to-address-list protocol=udp \
address-list=PointBlank address-list-timeout=0s dst-port=40000-40010
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no \
src-address-list="port scanners"
add action=accept chain=input comment="Allow Established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="Allow Related connections" \
connection-state=related disabled=no
add action=accept chain=input comment="Allow ICMP from LOCAL Network" \
disabled=no protocol=icmp src-address-list=Q-NET
add action=accept chain=input comment="Allow ICMP from PROXY Network" \
disabled=no protocol=icmp src-address-list=ProxyNET
add action=accept chain=input comment="Allow Input from LOCAL Network" \
disabled=no src-address-list=Q-NET
add action=accept chain=input comment="Allow Input from PROXY Network" \
disabled=no src-address-list=ProxyNET
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=jump chain=forward comment="Bad packets filtering" disabled=no \
jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=accept chain=forward comment="Allow Established connections" \
connection-state=established disabled=no
add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
disabled=no src-address-list=Q-NET
add action=accept chain=forward comment="Allow Forward from PROXY Network" \
disabled=no src-address-list=ProxyNET
add action=drop chain=forward comment="Drop everything else" disabled=no

/ip firewall nat
add action=masquerade chain=srcnat comment="MASQUERADE MIKROTIK" disabled=no \
out-interface=Public
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
dst-port=53 in-interface=Local protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="DNS UNBOUND" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.2.2 \
to-ports=53
add action=dst-nat chain=dstnat comment="DNS UNBOUND" disabled=no \
dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.2.2 \
to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
protocol=tcp to-addresses=192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=yes dst-address=192.168.10.10 dst-port=22,81,10000 in-interface=Local protocol=tcp \
to-addresses=192.168.2.2
add chain=dstnat in-interface=Local protocol=icmp action=redirect disabled=yes \
comment=”Manipulasi PING”


Penjelasan :
- Transparent DNS agar client tidak bisa menggunakan DNS selain yang terpasang di mikrotik
- Masquerade pada router agar router dapat diakses dari client*
- Mengarahkan rikwes dari client tujuan port 80,8080,3128 ke squid external (TSL)
- Services yang digunakan pada TSL yaitu http (port 81), SSH (port 22) dan webmin (port 10000)



/ip firewall layer7-protocol
add comment="" name=Streaming regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"

/ip firewall mangle
add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=change-dscp chain=postrouting comment=”CRITICAL” disabled=no \
new-dscp=1 protocol=icmp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=udp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dscp=1 \
new-connection-mark=critical_conn passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=\
critical_conn disabled=no new-packet-mark=critical_pkt passthrough=no
add action=mark-connection chain=prerouting comment=”MARK-ALL-CONN” disabled=no \
dst-address-list=!Q-NET in-interface=Local new-connection-mark=\
all.pre_conn passthrough=yes
add action=mark-connection chain=forward comment="" disabled=no \
new-connection-mark=all.post_conn out-interface=Local passthrough=yes \
src-address-list=!Q-NET
add action=mark-packet chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \
disabled=no new-packet-mark=all.post_pkt passthrough=yes
add action=mark-connection chain=prerouting comment="POINTBLANK" \
connection-mark=all.pre_conn disabled=no dst-port=39100,39110,39220,39190,49100 \
new-connection-mark=games_conn passthrough=yes protocol=tcp \
dst-address-list=PointBlank
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=40000-40010 new-connection-mark=\
games_conn passthrough=yes protocol=udp dst-address-list=PointBlank
add action=mark-connection chain=prerouting comment="CROSS FIRE" \
connection-mark=all.pre_conn disabled=no dst-port=10009 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=12000-12080 new-connection-mark=\
games_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=13000-13100 new-connection-mark=\
games_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="X-SHOT" connection-mark=all.pre_conn disabled=no dst-port=7341,7451 new-connection-mark=games_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-mark=all.pre_conn disabled=no dst-port=7808,30000 \
new-connection-mark=games_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="LUNA ONLINE" connection-mark=all.pre_conn disabled=no dst-port=15000-15002 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="DOTA" connection-mark=all.pre_conn disabled=no dst-port=6000-6152 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="AYO DANCE" connection-mark=all.pre_conn disabled=no dst-port=18901-18909 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="IDOLSTREET" connection-mark=all.pre_conn disabled=no dst-port=2001 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="PERFECT WORLD" connection-mark=all.pre_conn disabled=no dst-port=29000 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="GHOST ONLINE" connection-mark=all.pre_conn disabled=no dst-port=19101 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="SEAL ONLINE" connection-mark=all.pre_conn disabled=no dst-port=1818 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="RF-ELVEN" connection-mark=all.pre_conn disabled=no dst-port=27780 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ROHAN" connection-mark=all.pre_conn disabled=no dst-port=22100 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LINEAGE 2" connection-mark=all.pre_conn disabled=no dst-port=7777 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="GETAMPED" connection-mark=all.pre_conn disabled=no dst-port=13413 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ATLANTICA" connection-mark=all.pre_conn disabled=no dst-port=4300 dst-address=203.89.147.0/24 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="CRAZYKART 2" connection-mark=all.pre_conn disabled=no dst-port=9600 \
new-connection-mark=games_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”POKER” connection-mark=\
all.pre_conn disabled=no dst-port=843,9339 new-connection-mark=games_conn \
passthrough=yes protocol=tcp dst-address-list=Poker
add action=mark-packet chain=forward comment="FORWARD ALL GAME" \
connection-mark=games_conn disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=prerouting comment=”HTTP-CLIENT” \
connection-mark=all.pre_conn disabled=no new-connection-mark=\
browsing_conn packet-size=0-64 passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=80,443 new-connection-mark=\
browsing_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-262146 \
connection-mark=browsing_conn disabled=no new-packet-mark=browsing_pkt \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=”HTTP-PROXY” disabled=no \
dst-address-list=!Q-NET dst-port=80,443 new-connection-mark=proxy_conn \
passthrough=yes protocol=tcp src-address-list=ProxyNET
add action=mark-packet chain=forward comment="" connection-mark=proxy_conn \
disabled=no new-packet-mark=proxy_pkt passthrough=no
add action=mark-connection chain=prerouting comment=”REALTIME” connection-mark=\
all.pre_conn disabled=no dst-port=22,179,110,161,8291 \
new-connection-mark=realtime_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-mark=\
all.pre_conn disabled=no dst-port=123 new-connection-mark=realtime_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" connection-mark=realtime_conn \
disabled=no new-packet-mark=realtime_pkt passthrough=no
add action=mark-connection chain=prerouting comment=”FILE TRANSFER” \
connection-mark=all.pre_conn disabled=no dst-port=20,21,23 \
new-connection-mark=communication_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=\
communication_conn disabled=no new-packet-mark=communication_pkt passthrough=no
add action=mark-connection chain=prerouting comment=”NORMAL” connection-mark=\
all.pre_conn disabled=no dst-address-list=!ProxyNET new-connection-mark=\
normal_conn passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=normal_conn \
disabled=no new-packet-mark=normal_pkt passthrough=no
add action=mark-packet chain=forward comment=”STREAMING” layer7-protocol=\
Streaming packet-mark=!proxy-hit connection-mark=all.post_conn disabled=no \
dst-address=!192.168.10.1 new-packet-mark=streaming_pkt passthrough=no \
connection-bytes=262146-4294967295
add action=mark-packet chain=forward comment=”DOWNLOAD SERVER” connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.1 new-packet-mark=SERVER.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=”DOWNLOAD CLIENT” connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.2 new-packet-mark=Q-NET1.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.3 new-packet-mark=Q-NET2.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.4 new-packet-mark=Q-NET3.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.5 new-packet-mark=Q-NET4.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=\
262146-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
192.168.10.6 new-packet-mark=Q-NET5.d_pkt passthrough=no protocol=tcp


………………..dst sampe jumlah client terpenuhi semua

/queue type
add kind=pcq name=http pcq-classifier=dst-address pcq-limit=50 pcq-rate=\
0 pcq-total-limit=2000
add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=50 pcq-rate=0 \
pcq-total-limit=2000
add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\
136k pcq-total-limit=2000
add kind=pfifo name=pfifo-critical pfifo-limit=10
add kind=pcq name=pcq_critical.up pcq-classifier=src-address,src-port \
pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq_critical.down pcq-classifier=dst-address,dst-port \
pcq-limit=50 pcq-rate=0 pcq-total-limit=2000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=".:PROXY HIT:." packet-mark=proxy-hit parent=Local \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CRITICAL" packet-mark=critical_pkt parent=Public \
priority=1 queue=pfifo-critical
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="INBOUND" packet-mark=all.post_pkt parent=global-out \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="OUTBOUND" packet-mark=all.pre_pkt parent=Public \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAMES" packet-mark=games_pkt parent="INBOUND" \
priority=2 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="HTTP" packet-mark=browsing_pkt parent="INBOUND" \
priority=3 queue=http
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name="REALTIME" packet-mark=realtime_pkt parent=\
"INBOUND" priority=4 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="FILETRANS" packet-mark=communication_pkt parent=\
"INBOUND" priority=5 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="NORMAL" packet-mark=normal_pkt parent=\
"INBOUND" priority=6 queue=pcq_down
add burst-limit=128k burst-threshold=80k burst-time=10s disabled=no limit-at=0 \
max-limit=88k name="STREAMING" packet-mark=streaming_pkt \
parent="INBOUND" priority=8 queue=pcq_down
add burst-limit=136k burst-threshold=112k burst-time=5s disabled=no limit-at=0 \
max-limit=128k name="DOWN CLIENT" parent="INBOUND" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="DOWN SERVER" parent="INBOUND" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Q-NET1-D packet-mark=Q-NET1.d_pkt parent=\
"DOWN CLIENT" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Q-NET2-D packet-mark=Q-NET2.d_pkt parent=\
"DOWN CLIENT" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Q-NET3-D packet-mark=Q-NET3.d_pkt parent=\
"DOWN CLIENT" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Q-NET4-D packet-mark=Q-NET4.d_pkt parent=\
"DOWN CLIENT" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Q-NET5-D packet-mark=Q-NET5.d_pkt parent=\
"DOWN CLIENT" priority=8 queue=pcq_down


…………………..dst sampe semua paket ke masing2 client terpenuhi

Batasan download sebesar 1M untuk semua client dan maksimum 135k per client

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=SERVER-D packet-mark=SERVER.d_pkt parent=\
"DOWN SERVER" priority=8 queue=http

Tanpa batasan download untuk IP 192.168.10.1 ( SERVER )
Setelah itu bikin limit untuk uploadnya


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAMES UP" packet-mark=games_pkt parent="OUTBOUND" \
priority=2 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="HTTP UP" packet-mark=proxy_pkt parent=\
"OUTBOUND" priority=3 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="REALTIME UP" packet-mark=realtime_pkt parent=\
"OUTBOUND" priority=4 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="FILETRANS UP" packet-mark=communication_pkt \
parent="OUTBOUND" priority=5 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name="NORMAL UP" packet-mark=normal_pkt parent=\
"OUTBOUND" priority=6 queue=pcq_up


Diurutkan berdasarkan prioritas paket keluar, mulai dari games, http request, realtime connection, filetransfer dan normal request

Agar client tidak terganggu ketika mesin proxy ada masalah / down



/tool netwatch
add host=192.168.2.2 interval=10s timeout=1000ms

diisi dengan :

up :

/ip firewall nat disable [/ip firewall nat find comment=”TRANSPARENT DNS”]
/ip firewall nat enable [/ip firewall nat find comment=”DNS UNBOUND”]
/ip firewall nat enable [/ip firewall nat find comment=”TRANSPARENT PROXY”]

Down :

/ip firewall nat enable [/ip firewall nat find comment=”TRANSPARENT DNS”]
/ip firewall nat disable [/ip firewall nat find comment=”DNS UNBOUND”]
/ip firewall nat disable [/ip firewall nat find comment=”TRANSPARENT PROXY”]

NB : IP address harap disesuaikan dengan network anda

schedule agar klo router direstart atau mati lampu ip Poker / PointBlank yg telah didapat gak ilang :

:foreach i in [/ip fi add find dynamic=yes list="Poker"] do={/ip fi address-list add copy-from=$i}

:foreach i in [/ip fi add find dynamic=yes list="PointBlank"] do={/ip fi address-list add copy-from=$i}

untuk versi lainnya bs didownload di : http://untuk-kita-semua.googlecode.com/files/MIKROTIK%20BOX%20%2B%20SQUID%20EXSTERNAL%201%20LINE%20di%20RB%20750.zip

Credit to APISTECH
Kembali Ke Atas Go down
koinlimaratusan



Jumlah posting : 1
Join date : 02.12.11

PostSubyek: Re: Bandwidth Management + SQUIDBOX untuk warnet 1 line   Fri Dec 02, 2011 12:13 pm

mohon izin copas agan zoky...
masih nubi nih masih belajar,..
makasih ya buat share nya,
tak copy dulu yo... suwun mas
Kembali Ke Atas Go down
 
Bandwidth Management + SQUIDBOX untuk warnet 1 line
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» MOTUL 300V 4T FACTORY LINE 10W40
» Update Status Facebook via Blueberry, Telepon Umum, Wartel, Kantor Pos, HP Pinjaman, Warnet, Hati
» Tips - tips untuk menghindari kecelakaan
» ::::(ASK) Ban Yang Cocok Untuk Ninin::::
» [WTS] Knalpot Yoshimura R-77 Carbon Full System untuk ZX-10R, Salah beli gan..

Permissions in this forum:Anda tidak dapat menjawab topik
My Community :: Computer :: Mikrotik-
Navigasi: