ether1=119.67.xx.xx (IP Public)
ether2=192.168.123.254/24 (IP Lan)
ether3=192.168.10.5/24 (IP ke proxy external)
Asumsi router sudah jalan,baik remote dns maupun masquerade nya
Kedua bikin BW management menggunakan queue tree supaya pembagian bw merata tidak saling rebutan jika salah satu klien sedang rakus membuka tab browser,tentu masih ada jaminan bw buat semua klien untuk bermain game.
A. Bikin mangle terlebih dahulu untuk menandai packet-packet yang akan di manage
menandai packet ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP disabled=no new-connection-mark=ICMP-CM \ passthrough=yes protocol=icmp add action=mark-connection chain=forward comment="" disabled=no new-connection-mark=ICMP-CM passthrough=\ yes protocol=icmp add action=change-dscp chain=prerouting comment="" connection-mark=ICMP-CM disabled=no new-dscp=5 \ protocol=icmp add action=change-dscp chain=forward comment="" connection-mark=ICMP-CM disabled=no new-dscp=5 protocol=\ icmp add action=mark-packet chain=prerouting comment="" connection-mark=ICMP-CM disabled=no new-packet-mark=\ PRE-ICMP-PM passthrough=no protocol=icmp add action=mark-packet chain=forward comment="" connection-mark=ICMP-CM disabled=no new-packet-mark=\ POST-ICMP-PM passthrough=no protocol=icmp
menandai Call All Connection dan bypass ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment=C.ALL-CN disabled=no new-connection-mark=ALL-CN-PRE \ passthrough=yes protocol=!icmp src-address=192.168.123.0/24 add action=mark-connection chain=forward comment="" disabled=no dst-address=192.168.123.0/24 \ new-connection-mark=ALL-CN-POST passthrough=yes protocol=!icmp add action=mark-packet chain=prerouting comment=C.ALL-P connection-mark=ALL-CN-PRE disabled=no \ new-packet-mark=C.ALL-PRE passthrough=yes src-address=192.168.123.0/24 add action=mark-packet chain=forward comment="" connection-mark=ALL-CN-POST disabled=no dst-address=\ 192.168.123.0/24 new-packet-mark=C.ALL-POST passthrough=yes
setelah packet All Connection (ALL-CN) tertandai seharusnya MikroTik sudah mengcounter traffic
lihat pada gambar :
B. Selanjutnya tinggal bikin mangle per klien ini saya buat sampel 2 IP saja
selanjutnya tinggal menyesuaikan dan mengurutkan ke masing-masing network anda
menandai klien IP 192.168.123.245
/ip firewall mangle add action=mark-packet chain=prerouting comment=WS245 connection-mark=ALL-CN-PRE disabled=no \ new-packet-mark=WS245-PRE passthrough=no src-address=192.168.123.245 add action=mark-packet chain=forward comment="" connection-mark=ALL-CN-POST disabled=no dst-address=\ 192.168.123.245 new-packet-mark=WS245-POST passthrough=no
menandai klien IP 192.168.123.246
/ip firewall mangle add action=mark-packet chain=prerouting comment=WS246 connection-mark=ALL-CN-PRE disabled=no \ new-packet-mark=WS246-PRE passthrough=no src-address=192.168.123.246 add action=mark-packet chain=forward comment="" connection-mark=ALL-CN-POST disabled=no dst-address=\ 192.168.123.246 new-packet-mark=WS246-POST passthrough=no
selesai sudah kita bikin manglenya
C. Ok di lanjutgan dengan membuat queue tree ,value disini jangan di jadikan petokan
silahkan rubah valuenya sesuai bw yang tersedia di network anda.
ini saya ambil contoh dengan bw dari isp 3M di bagi rata ke klien max masing-masing mendapat 384k download 256k upload dengan jaminan bw 128k untuk menjaga biar yang main game tidak terganggu
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3M name=ALL-DN \ packet-mark=C.ALL-POST parent=global-out priority=8 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1M name=ALL-UP \ packet-mark=C.ALL-PRE parent=global-in priority=8 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=384k name=WS245-DN \ packet-mark=WS245-POST parent=ALL-DN priority=8 queue=default add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=384k name=WS246-DN \ packet-mark=WS246-POST parent=ALL-DN priority=8 queue=default add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=256k name=WS245-UP \ packet-mark=WS245-PRE parent=ALL-UP priority=8 queue=default add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=256k name=WS246-UP \ packet-mark=WS246-PRE parent=ALL-UP priority=8 queue=default
hasilnya screenshootnya :
Sudah selesai silahkan anda test di salah satu klien
jika traffic lagi sepi klien bisa mendapat bw lebih dari 384k dengan begitu pelanggan akan merasa puas karena browsing lebih lancar
sampai ketemu lagi di firewall filter untuk menyaring packet downloader dan redirect to proxy external.
0 komentar: