menggunakan Mikrotik RB 1200 1 U total modem 9,kita loadbalancing 8 modem kemudian 1 modem khusus untuk game (tidak di loadbalancing) supaya game tidak ngelag..dan di bawahnya ada Mikrotik RB450G menangkap koneksi dari RB1200 1U dan Diredirect ke Proxy external dan kita atur bandwidth download dan upload dan limit extentionnya,mari kita mulai:
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=7341-7350,7451,8085,9600,9601-9602,9300
Topologi:
Mikrotik RB120 1 U
Ethernet1 (PPPoE) ----> Modem1
Ethernet2 (PPPoE) ----> Modem2
Ethernet3 (PPPoE) ----> Modem3
Ethernet4 (PPPoE) ----> Modem4
Ethernet5 (PPPoE) ----> Modem5
Ethernet6 (PPPoE) ----> Modem6
Ethernet7 (PPPoE) ----> Modem7
Ethernet8 (PPPoE) ----> Modem8
Ethernet9 (PPPoE) ----> Modem9
Ethernet10 ----> Local ----> Ip=192.168.253.1
Mikrotik RB450G
Ethernet1 ----> RB1200 1 U (Ethernet10) ----> Ip=192.168.253.2
Ethernet2 ----> HUB ----> Ip=192.168.1.1
Ethernet3 ----> Proxy ----> Ip=192.168.254.1
Squid External Proxy Ubuntu Lusca
Ethernet Onboot ----> Ip=192.168.254.2
Langkah awal adalah setiap modem di buat bridge dan mikrotik RB1200 1U kita buat pppoe client nya tutorial cara setting pppoe di mikrotik , untuk interface pppoe yang ke 9 kita buat namanya public-game dan hasilnya seperti gambar di bawah ini:
selanjutnya kita buat nat untuk setiap modemnya,dengan perintah:
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public1
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public2
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public3
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public4
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public5
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public6
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public7
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public8
/ip firewall nat add chain=srcnat \
action=masquerade out-interface=public-game
seperti gambar di bawah ini:
Selanjutnya kita buat route mark untuk setiap modemnya,perintahnya:
/ip route add gateway=public1 distance=1 routing-mark=PUBLIC1
/ip route add gateway=public2 distance=1 routing-mark=PUBLIC2
/ip route add gateway=public3 distance=1 routing-mark=PUBLIC3
/ip route add gateway=public4 distance=1 routing-mark=PUBLIC4
/ip route add gateway=public5 distance=1 routing-mark=PUBLIC5
/ip route add gateway=public6 distance=1 routing-mark=PUBLIC6
/ip route add gateway=public7 distance=1 routing-mark=PUBLIC7
/ip route add gateway=public8 distance=1 routing-mark=PUBLIC8
/ip route add gateway=public-game distance=1 routing-mark="PUBLIC GAME"
Selanjutnya kita beri nama interface ethernet10 dengan local dan kita buat DNS,dengan perintah:
/interface set 10 name=local
/ip address add address=192.168.253.1 interface=local
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes
Selanjutnya kita buat ip firewall mangle untuk loadbalncing nya..kita gunakan load balancing jenis nth,perintahnya:
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC1 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=8,1 comment=NTH1
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC1 \
passthrough=no in-interface=local \
connection-mark=PUBLIC1 comment=MARK1
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC2 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=7,1 comment=NTH2
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC2 \
passthrough=no in-interface=local \
connection-mark=PUBLIC2 comment=MARK2
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC3 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=6,1 comment=NTH3
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC3 \
passthrough=no in-interface=local \
connection-mark=PUBLIC3 comment=MARK3
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC4 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=5,1 comment=NTH4
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC4 \
passthrough=no in-interface=local \
connection-mark=PUBLIC4 comment=MARK4
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC5 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=4,1 comment=NTH5
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC5 \
passthrough=no in-interface=local \
connection-mark=PUBLIC5 comment=MARK5
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC6 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=3,1 comment=NTH6
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC6 \
passthrough=no in-interface=local \
connection-mark=PUBLIC6 comment= MARK6
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC7 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=2,1 comment=NTH7
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC7 \
passthrough=no in-interface=local \
connection-mark=PUBLIC7 comment=MARK7
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark=PUBLIC8 \
passthrough=yes connection-state=new \
protocol=tcp in-interface=local \
dst-port=80 nth=1,1 comment=NTH8
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark=PUBLIC8 \
passthrough=no in-interface=local \
connection-mark=PUBLIC8 comment=MARK8
Dan Ip firewall mangle untuk game,di sini port2 untuk game telah lengkap saya kumpul berserta routing marknya yang kita arahkan juga ke routing mark public-game...
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=1818,2001,3010,4300,5105,5121 comment="GAME ONLINE"
/ip firewall mangle add chain=prerouting \
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=5126,5171,5340-5352,6000-6152,7777 comment="GAME ONLINE"
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=7341-7350,7451,8085,9600,9601-9602,9300
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=9376-9377,9400,9700,10001-10011
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=9376-9377,9400,9700,10001-10011
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=10402,11011-11041,12011,12110,13008,13413
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=15000-15002,16402-16502,16666,18901-18909,19000
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=19101,22100,27780,28012,29000,29200
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local \
dst-port=39100,39110,39220,39190,40000,49100
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=1293,1479,6100-6152,7777-7977,8001,9401
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=9600-9602,12020-12080,30000,40000-40010
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=tcp in-interface=local dst-port=9339,843
/ip firewall mangle add chain=prerouting \
action=mark-connection new-connection-mark="PUBLIC GAME" \
passthrough=yes protocol=udp in-interface=local \
dst-port=42051-42052,11100-11125,11440-11460
/ip firewall mangle add chain=prerouting \
action=mark-routing new-routing-mark="PUBLIC GAME" \
passthrough=no in-interface=local connection-mark="PUBLIC GAME"
Selanjutnya ip firewall filter untuk keamanan mikrotik kita dari virus port dan anti netcut,perintahnya:
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=drop \
chain=forward connection-state=invalid disabled=no
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=135-139 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1433-1434 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=593 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1024-1030 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1214 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1363 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1364 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1368 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1373 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1377 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2283 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2535 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3127 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3410 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=5554 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=8866 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=9898 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=10080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=12345 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=17300 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=27374 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=65506 protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=virus
/ip firewall filter add action=drop \
chain=input connection-state=invalid disabled=no
/ip firewall filter add action=accept \
chain=input disabled=no protocol=udp
/ip firewall filter add action=accept \
chain=input disabled=no limit=50/5s,2 protocol=icmp
/ip firewall filter add action=drop \
chain=input disabled=no protocol=icmp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=21 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=22 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
/ip firewall filter chain=input \
disabled=no dst-port=1337 protocol=tcp
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m
/ip firewall filter chain=input disabled=no \
dst-port=7331 protocol=tcp src-address-list=knock
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
Selanjutnya untuk test colokkan komputer di ethernet10 RB1200 1 U dan masukkan ip local,gateway,dns dan test browsing atau download,kemudian lihat trafficnya,
Test browsing traffic sudah berjalan semua..selanjutnya traffic game,
Selanjutnya kita set Mikrotik RB450G....
Buat nama interface masing-masing ethernet dengan perintah:
/interface set 0 name=public
/interface set 1 name=local
/interface set 2 name=proxy
Selanjutnya buat ip address untuk masing – masing interface dengan perintah:
/ip address add address=192.168.253.2 \
netmask=255.255.255.0 \
interface=public
/ip address add address=192.168.1.1 \
netmask=255.255.255.0 \
interface=local
/ip address add address=192.168.254.1 \
netmask=255.255.255.0 \
interface=proxy
Selanjutnya Kita buat ip route,dengan route gateway ke RB1200 1 U, dengan perintah:
/ip route add gateway=192.168.253.1
Selanjutnya DNS ,untuk DNS sesuaikan dengan jaringan masing masing, dengan perintah:
/ip dns set servers=203.130.193.74,203.130.206.250 \
allow-remote-requests=yes
Selanjutnya set NAT dan redirect ke external proxy,dengan perintah:
/ip firewall nat add chain=dstnat \
action=dst-nat to-addresses=192.168.254.2 to-ports=3128 \
protocol=tcp src-address=!192.168.254.0/24 \
in-interface=local dst-port=80 comment="TRANSPARENT PROXY"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.1.0/24 \
out-interface=public comment="LOCAL MASQUERADE"
/ip firewall nat add chain=srcnat \
action=masquerade src-address=192.168.254.0/24 \
out-interface=public comment="PROXY MASQUERADE"
Selanjutnya Ip firewall layer7 protocols yang nantinya di tandai di mangle dan di limit extentionnya di queue tree,perintahnya:
/ip firewall layer7-protocol
add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9]\
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=CAB regexp="\\.(cab)"
add name=ASF regexp="\\.(asf)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name=RAM regexp="\\.(ram)"
add name=RMVB regexp="\\.(rmvb)"
add name=DAA regexp="\\.(daa)"
add name=NRG regexp="\\.(nrg)"
add name=BIN regexp="\\.(bin)"
add name=VCD regexp="\\.(vcd)"
add name="YOUTUBE STREAMING" regexp=www.youtube.com
Selanjutnya Ip frewall mangle untuk squid proxy hit,dengan menggunakan dscp tos 12 ,dengan perintah:
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="SQUID PROXY HIT" passthrough=no
Selanjutnya ip frewall mangle untuk ip firewall layer7 protocols,perintahnya:
/ip firewall mangle add action=mark-packet \
chain=forward comment="LIMIT EXTENTION" \
disabled=no layer7-protocol=YOUTUBE \
new-packet-mark=YOUTUBE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=\
"YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MKV \
new-packet-mark=MKV \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ASF \
new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=AVI \
new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=BIN \
new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=CAB \
new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=DAA \
new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=NRG \
new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAM \
new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=RMVB \
new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=VCD \
new-packet-mark=VCD passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
Setelah membaca...
Cara Setting Loadbalancing 8 modem Di Mikrotik,8 Modem Khusus Browsing dan 1 Modem Khusus Game dan Redirect ke External Proxy (Bag.1)
Sekarang kita lanjutkan......
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no
Selanjutnya ip firewall mangle untuk Game online,perintahnya:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="GAME ONLINE" \
disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=7341-7350,7451,8085,9600,9601-9602,9300 \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=9376-9377,9400,9700,10001-10011 \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port="10402,11011-\
11041,12011,12110,13008,13413" in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port="15000-15002,16402-16502,16666,18901-18909,19000" \
in-interface=local new-connection-mark="GAME ONLINE" \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port=19101,22100,27780,28012,29000,29200 \
in-interface=local \
dst-port=19101,22100,27780,28012,29000,29200 \
in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port=39100,39110,39220,39190,40000,49100 in-interface=local \
dst-port=39100,39110,39220,39190,40000,49100 in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port="1293,1479,6100-6152,7777-7977,8001" in-interface=local \
dst-port="1293,1479,6100-6152,7777-7977,8001" in-interface=local \
new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no \
dst-port="9401,9600-9602,12020-12080,30000,40000-40010" \
in-interface=local new-connection-mark="GAME ONLINE" \
dst-port="9401,9600-9602,12020-12080,30000,40000-40010" \
in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting disabled=no dst-port=42051-42052,11100-11125,11440-11460 in-interface=local new-connection-mark="GAME ONLINE" \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME ONLINE" \
disabled=no dst-address=192.168.1.0/24 \
new-packet-mark="GAME ONLINE DOWN" \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME ONLINE" \
disabled=no in-interface=local new-packet-mark="GAME ONLINE UP" passthrough=no src-address=192.168.1.0/24
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="GAME FACEBOOK" \
disabled=no dst-port=9339,843 in-interface=local \
new-connection-mark="GAME FACEBOOK" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME FACEBOOK" \
disabled=no dst-address=192.168.1.0/24 new-packet-mark=\
"GAME FACEBOOK DOWN" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward connection-mark="GAME FACEBOOK" \
disabled=no new-packet-mark="GAME FACEBOOK UP" \
passthrough=no src-address=192.168.1.0/24
Selanjutnya ip firewall mangle untuk browsing download dan upload dan mivo tv yang nantinya di limit di queue tree ,perintahnya:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=BROWSING disabled=no \
dst-port=80 in-interface=local \
new-connection-mark=BROWSING passthrough=\
yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=BROWSING disabled=no \
dst-address=192.168.1.0/24 \
new-packet-mark="BROWSING DOWN" passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=BROWSING disabled=no \
new-packet-mark="BROWSING UP" \
passthrough=no src-address=192.168.1.0/24
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="MIVO TV" disabled=no \
dst-port=1935 in-interface=local new-connection-mark="MIVO TV" \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=prerouting connection-mark=MIVO disabled=no \
new-packet-mark=MIVO passthrough=no
Selanjutnya ip firewall filter untuk keamanan mikrotik kita dari virus port dan anti netcut,perintahnya:
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=drop \
chain=forward connection-state=invalid disabled=no
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=135-139 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1433-1434 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=445 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=593 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1024-1030 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1214 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1363 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1364 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1368 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1373 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=1377 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2283 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2535 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=2745 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3127 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=3410 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=4444 protocol=udp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=5554 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=8866 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=9898 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=10080 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=12345 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=17300 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=27374 protocol=tcp
/ip firewall filter add action=drop \
chain=virus disabled=no dst-port=65506 protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=virus
/ip firewall filter add action=drop \
chain=input connection-state=invalid disabled=no
/ip firewall filter add action=accept \
chain=input disabled=no protocol=udp
/ip firewall filter add action=accept \
chain=input disabled=no limit=50/5s,2 protocol=icmp
/ip firewall filter add action=drop \
chain=input disabled=no protocol=icmp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=21 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=22 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=8291 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=23 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=80 protocol=tcp
/ip firewall filter add action=accept \
chain=input disabled=no dst-port=1723 protocol=tcp
/ip firewall filter add action=log \
chain=input disabled=yes log-prefix="DROP INPUT"
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s
/ip firewall filter chain=input \
disabled=no dst-port=1337 protocol=tcp
/ip firewall filter add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
/ip firewall filter chain=input disabled=no \
dst-port=7331 protocol=tcp src-address-list=knock
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
Selanjutnya Queue type,karena kita menggunakan queue tree kita buat queue typenya dahulu dengan pcq,perintahnya:
/queue type add kind=pcq name="PROXY DOWN" \
pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
/queue type add kind=pcq name=DOWN \
pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=2s pcq-classifier=dst-address,dst-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
/queue type add kind=pcq name=UP \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,dst-address,src-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 \
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000 \
set default-small kind=pfifo name=default-small pfifo-limit=10
Selanjutnya Queue tree.untuk max limit silahkan sesuaikan dengan kapasitas bandwidth anda masing masing dan kebutuhan.
A.Proxy Hit dengan perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A..PROXY HIT" \
packet-mark="SQUID PROXY HIT" parent=\
local priority=1 queue="PROXY DOWN"
B.Game Upload dengan perintah:
/queue tree add add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B.GAME UP" \
parent=public priority=1
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME FACEBOOK." \
packet-mark="GAME FACEBOOK UP" parent=\
"B.GAME UP" priority=3 queue=UP
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME ONLINE." \
packet-mark="GAME ONLINE UP" parent=\
"B.GAME UP" priority=2 queue=UP
C.Browsing Upload
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=128k name=C.UP parent=proxy priority=1
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BROWSING. packet-mark="BROWSING UP" \
parent=C.UP priority=2 queue=UP
D.Download,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=D.DOWN parent=global-out priority=1
D.1.Download game facebook,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="GAME 1" parent=D.DOWN priority=3
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME FACEBOOK" \
packet-mark="GAME FACEBOOK DOWN" parent=\
"GAME 1" priority=3 queue=DOWN
D.2.Download game online,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME 2" parent=D.DOWN priority=2
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="GAME ONLINE" \
packet-mark="GAME ONLINE DOWN" parent=\
"GAME 2" priority=2 queue=DOWN
D.3.Download browsing,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BROWSING parent=D.DOWN priority=4
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="BROWSING... " \
packet-mark="BROWSING DOWN" parent=\
BROWSING priority=4 queue=DOWN
D.4.Download file seperti exe,zip,rar,youtube streaming dll,perintahnya:
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="LIMIT EXTENTION" \
parent=D.DOWN priority=5
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=YOUTUBE \
packet-mark=YOUTUBE parent="LIMIT EXTENTION" \
priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MKV packet-mark=MKV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP3 packet-mark=MP3 \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP4 packet-mark=MP4 \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="ZIP PAKET" packet-mark=ZIP \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=EXE packet-mark=EXE \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=FLV packet-mark=FLV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ISO packet-mark=ISO \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ASF packet-mark=ASF \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=AVI packet-mark=AVI \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=BIN packet-mark=BIN \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=CAB packet-mark=CAB \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DAA packet-mark=DAA \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MOV packet-mark=MOV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPEG packet-mark=MPEG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPG packet-mark=MPG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MR packet-mark=MR \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=NRG packet-mark=NRG \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAM packet-mark=RAM \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAR packet-mark=RAR \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RMVB packet-mark=RMVB \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=VCD packet-mark=VCD \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WAV packet-mark=WAV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WMV packet-mark=WMV \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3GP packet-mark=3GP \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=7z packet-mark=7z \
parent="LIMIT EXTENTION" priority=5 queue=DOWN
/queue tree add name="MIVO TV" \
parent=LIMIT EXTENTION packet-mark=MIVO \
limit-at=0 queue=DOWN \
priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s
Selanjutnya di halaman utama winbox pilih queues kemudian queues tree dan setting max limit dan limit at bandwidthnya,sesuaikan dengan bandwidth anda masing masing,seperti gambar di bawah ini:
Selamat mencoba...
0 komentar: