06 March 2012

Cara Setting Bypass Hit Squid,Mangle Game,Queue Tree,Browsing Terbaru di Mikrotik (Update-2012-02-12)

Cara Setting Bypass Hit Squid,Mangle Game,Queue Tree,Browsing Terbaru di Mikrotik (Update-2012-02-12)



Berikut setting mikrotik lengkap
di gabung dengan proxy external terbaru saya dengan bandwidth contoh 2 MB.

Tujuan=
1.Squid  (Saya Limit 80 MB) supaya lancard proxy tidak rusak.
2.Bandwidth otomatis bagi rata (brapa dapat dari internet otomatis di bagi rata ke client)
3.Limit Extention(download zip,rar,exe,youtube,dll) di limit..tapi jika udah pernah di download otomatis tidak akan terlimit,langsung menuju limit Squid Hit yaitu 80 MB.
4.ICMP (Internet Control Messege Protocol),ini untuk mengamankan ping yang besar..prioritas utama.
5.Port seluruh game yang ada di mangle dan di lemparkan ke tree untuk di prioritaskan yang teratas (ada dua pembagian game yaitu game facebook dan game online).
6.Blok Virus,Anti Netcut.





Ok langsung saja scripts nya...di Mainkan di “New Terminal” winbox=

1.Set jam supaya tidak berubah ubah (NTP client)

/system ntp client \
set enabled=yes mode=unicast \
primary-ntp=152.118.24.8 \
secondary-ntp=202.169.224.16

Kemudian di halaman utama winbox buka system kemudian clock dan sesuaikan waktu tanggal sekarang.

2.System Note

Ini scripts gunanya nanti jika buka “New Terminal” akan nongol Note nya=

/system note \
set note=www.wirelessrouterproxy.blogspot.com.setup.by.HUSNI \
show-at-login=yes

3.NAT Transparent Proxy dan Local Masquerade

Sebelum lanjut ke scripts di bawah dan scripts seterusnya ganti nama interface anda yang mengarah ke modem yaitu=public dan yang mengarah ke client yaitu=local dan yang mengarah ke proxy yaitu=proxy supaya sinkron dengan sripts di bawah dan scripts seterusnya,sebelum copas scripts di bawah pastikan ip nya sesuaikan dengan ip interface yang mengarah ke proxy=

/ip firewall nat add action=dst-nat \
chain=dstnat comment="TRANSPARENT PROXY" \
disabled=no dst-port=80 in-interface=local \
protocol=tcp src-address=!192.168.254.0/24 \
to-addresses=192.168.254.2 to-ports=3128

/ip firewall nat add action=masquerade chain=srcnat \
comment=MASQUERADE disabled=no \
out-interface=public

4.Ip Firewall L7 Untuk limit extention terbaru=

/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
    ][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie
/

5.Ip Firewall Filter Drop Virus,Anti Netcut=

/ip firewall filter
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward \
connection-state=invalid disabled=no
add action=drop chain=virus disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1433-1434 protocol=tcp
add action=drop chain=virus \
disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=445 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=65506 protocol=tcp
add action=jump chain=forward \
disabled=no jump-target=virus
add action=drop chain=input \
connection-state=invalid disabled=no
add action=accept chain=input \
disabled=no protocol=udp
add action=accept chain=input \
disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input \
disabled=no protocol=icmp
add action=accept chain=input \
disabled=no dst-port=21 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=22 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no \
dst-port=1723 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 \
protocol=tcp src-address-list=knock
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=61.213.183.1-61.213.183.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=67.195.134.1-67.195.134.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=68.142.233.1-68.142.233.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=68.180.217.1-68.180.217.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=203.84.204.1-203.84.204.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=69.63.176.1-69.63.176.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=69.63.181.1-69.63.181.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=63.245.209.1-63.245.209.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=63.245.213.1-63.245.213.254
/

6.Ip Firewall Mangle

A.Ini Scripts Mangle Squid Hit,DSCP=12 untuk me Loss kan proxy dari limit client,Di queue tree saya buat 80 MB Posisi di mangle paling di letakkan paling atas=

/ip firewall mangle \
add action=mark-packet chain=postrouting \
comment="SQUID PROXY HIT" disabled=no dscp=12 \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com sphp" passthrough=no

B.Ini Scripts mangle untuk menstabilkan ping jika koneksi padat dan DNS=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=ICMP \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
passthrough=yes protocol=icmp

/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
new-packet-mark="www.wirelessrouterp\
roxy.blogspot.com ip" passthrough=yes

/ip firewall mangle \
add action=change-dscp chain=prerouting \
new-dscp=1 packet-mark="www.wirelessrou\
terproxy.blogspot.com ip"

/ip firewall mangle \
add action=mark-connection chain=prerouting \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
comment=DNS dst-port=53 \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port=53 \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc"  \
passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  passthrough=yes

/ip firewall mangle \
add action=change-dscp chain=prerouting \
disabled=no new-dscp=1 packet-mark="www.wi\
relessrouterproxy.blogspot.com dp"

C.Ini Di bawah Scripts mangle Untuk pembagian otomatis bandwidth browsing Upload dan Download,Sesuaikan network yang kolom bewarna merah dengan network local client anda=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP  dst-port=80 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpd" passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpu" \
passthrough=no src-address=192.168.25.0/24

D.Ini Di bawah Scripts untuk Game Online dan Game facebook Upload dan download nya,Sesuaikan network yang kolom bewarna merah dengan network local client anda=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,53\
40-5352,6000-6001,6000-6152,7777" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11\
041,10402,11031,12011,12110,13413,15000-15\
002,15001,15002" \
new-connection-mark="www\
.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-1890\
9,19000,19101,22100,27780,29000,29200,3910\
0,39110,39220,39190,49100" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="ww\
w.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,940\
1,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="w\
ww.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterproxy.blog\
spot.com gopd" passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gopu" \
passthrough=no src-address=192.168.25.0/24

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="www.wirelessro\
uterproxy.blogspot.com gfc" passthrough=yes \
protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" disabled=no \
dst-address=192.168.25.0/24 new-packet-mark="w\
ww.wirelessrouterproxy.blogspot.com gfpd" \
passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gfpu"\
passthrough=no src-address=192.168.25.0/24

E.Ini di bawah scripts mangle untuk limit Mivo TV=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="MIVO TV" dst-port=1935 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com mtc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blogsp\
ot.com mtc" disabled=no \
new-packet-mark="MIVO TV" passthrough=no

F.Ini Di bawah Scripts mangle untuk Limit extention (yang download rar,zip,exe,dll ) akan di limit dan jika udah pernah di download tidak akan masuk limit mangle ini,otomatis ke Ip Firewall Mangle Squid Hit,DSCP=12 =

/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no
/

7.Queue Type

/queue type \
add kind=pcq name="PROXY DOWN" \
pcq-classifier=dst-address

/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port

/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port

/queue type \
add kind=pfifo name=PING pfifo-limit=64

8.Queue Tree

A.Ini Di bawah Scripts Queue tree untuk Squid Hit limit 80 MB=

/queue tree \
add max-limit=80000000 name="1.PROXY HIT" \
packet-mark="www.wirelessrouterproxy.blogspot.c\
om sphp" parent=local priority=2 \
queue="PROXY DOWN"

B.Di bawah ini Scripts Queue tree untuk GAME DOWN,yang nantinya child child adalah GAME ONLINE DOWN dan GAME FACEBOOK DOWN=

/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2

C. Di bawah ini Scripts Queue tree untuk GAME UPLOAD ,yang nantinya child child adalah GAME ONLINE UPLOAD dan GAME FACEBOOK UPLOAD =

/queue tree \
add max-limit=2000000 \
name="3.GAME UPLOAD" \
parent=public priority=2

D.Di bawah ini adalah Scripts BROWSING UPLOAD,perhatikan tulisan yang berwarna merah,itu adalah max limit uploadnya,silahkan isi 60% dari bandwidth upload anda,bandwidth upload saya adalah 512000 (512KB) dan di max limit tersebut saya isi 300000 (300KB) karna sisanya untuk game=

/queue tree \
add max-limit=300000 \
name="4.BROWSING UPLOAD" \
packet-mark="www.wirelessrouterpr\
oxy.blogspot.com hpu" parent=proxy \
priority=4 queue=UP

E.Di bawah ini adalah Scripts ALL HTTP DOWN,yang nantinya child child nya adalah BROWSING DOWN,LIMIT EXTENTION , perhatikan tulisan yang berwarna merah,itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8 MB)  karna sisanya untuk game dan ping,silahkan sesuaikan isinya dengan kapasitas download bandwidth anda=

/queue tree \
add max-limit=1800000 \
name="5.ALL HTTP DOWN" \
parent=global-out priority=2

F.Di bawah ini adalah Scripts PING untuk download ,untuk melosskan ping dari koneksi yang penuh priority=1,tidak ada perubahan untuk max limit ini=

/queue tree
add limit-at=8000 max-limit=30000 \
name=6.PING1 packet-mark="www.wirelessrouterpr\
oxy.blogspot.com ip" parent=global-out priority=1 \
queue=PING

G. Di bawah ini adalah Scripts PING untuk upload ,untuk melosskan ping dari koneksi yang penuh priority=1,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=7.PING2 packet-mark="www.wirelessrouter\
proxy.blogspot.com ip" parent=public priority=1 \
queue=PING

H.Di bawah ini adalah Scripts DNS down , priority=1 ,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=8.DNS1 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  parent=global-out priority=1 \
queue=PING

I.Di bawah ini adalah Scripts DNS up , priority=1 ,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=9.DNS2 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  parent=public \
priority=1 queue=PING


J.Di bawah ini adalah scripts GAME ONLINE DOWN yang parentnya adalah GAME DOWN,limit terendah saya isi 512000(512KB) dan limit tertinggi adalah 2000000 (2MB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN

K.Di bawah ini adalah scripts GAME FACEBOOK DOWN yang parentnya adalah GAME DOWN, limit tertinggi adalah 512000 (512KB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add max-limit=512000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN

L.Di bawah ini adalah scripts GAME ONLINE UPLOAD yang parentnya adalah GAME UPLOAD,limit terendah saya isi 512000 (512KB) dan limit tertinggi adalah 2000000 (2MB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopu" \
parent="3.GAME UPLOAD" priority=2 queue=UP

M.Di bawah ini adalah Scripts GAME FACEBOOK UPLOAD yang parentnya adalah GAME UPLOAD,limit tertinggi adalah 256000 (256KB),perhatikan tulisan yang bewarna merah di bawah,sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=0 max-limit=256000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP


N.Di bawah ini adalah Scripts BROWSING DOWN yang parentnya adalah HTT DOWN, perhatikan tulisan yang berwarna merah,itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8 MB)  karna sisanya untuk game dan ping,silahkan sesuaikan isinya dengan kapasitas download bandwidth anda=

/queue tree \
add max-limit=1800000 \
name="1.BROWSING DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com hpd" \
parent="5.ALL HTTP DOWN" \
priority=3 queue=DOWN

O.Di bawah ini adalah scripts LIMIT EXTENTION yang parentnya adalah HTTP DOWN yang nantinya child child nya adalah file extention yaitu zip,rar,exe,youtube,porn dll,di bandwidth 2 MB perhatikan tulisan yang warna merah di bawah saya isi max limtinya 1000000 (1MB) bagi rata seluruh file extention tersebut,silahkan sesuaikan dengan bandwidth anda,recomendasi saya 50% dari total download bandwidth=

/queue tree \
add max-limit=1000000 \
name="4.LIMIT EXTENTION" \
parent="5.ALL HTTP DOWN" priority=5

P.Di bawah ini adalah LIMIT EXTENTION zip,rar,exe,youtube,porn dll,parentnya dalah LIMIT EXTENTION ternasuk di dalamnya Mivo TV=

/queue tree
add name=YOUTUBE \
parent="4.LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="4.LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="4.LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
/

Setelah Di setting jangan lupa Mikrotiknya di Restart..
Sekarang percobaan …..saya coba youtube
Buka youtube.com..dan cari video kesukaan anda..yang belum pernah di putar..dan belum pernah di cache squid external proxy anda,seperti gambar di bawah ini:
Video terlimit….Limit Extention nya merah …kemudian Static youtube nya ..penuh sampai 1 MB Avg rate nya
Biasanya mozilla firefox juga mempunya cache…untuk memastikan cache tersebut telah tersimpan di squid external proxy …maka hapus cache mozilla firefox,seperti gambar di bawah ini:
Sekarang tutup mozilla firefox anda….dan buka kembali youtube.com..selanjutnya cari video yang tadi…dan putar…terlihat bahwa video tersebut telah tercache di squid proxy…loading streamingnya jauh mendahului play video tersebut…seperti tanda panah gambar di bawah ini:
Kemudian secara bersamaan video itu terputar…buka winbox…dan lihat queue tree untuk limit extention…di bawah ini bias dilihat…bahwa video youtube tersebut tidak terlimit…karena sudah ada tersimpan di cache squid external proxy anda…gimana pendapat anda?apakah ini yang anda cari?.....


Langkah Instal Proxy sebagai cache log

Langkah Instal Proxy sebagai cache log

Download source squid steable yang terbaru di www.squid-cache.org
Jika anda setuju Simpan file anda di direktori /usr/local/src, dan jika tidak itu berarti terserah anda,
Mari kita mulai ekstrak dan kompile squid
[nanang@oprex src]# tar xvfz squid-2.5.STABLE14.tar.gz
[nanang@oprex src]# cd squid-2.5.STABLE14
[nanang@oprex squid-2.5.STABLE14]# ./configure –enable-delay-pools –enable-ipf-transparent –enable-storeio=diskd,ufs –enable-storeio=diskd,ufs –disable-ident-lookups –enable-snmp –enable-removal-policies
[nanang@oprex squid-2.5.STABLE14]# make all
[nanang@oprex squid-2.5.STABLE14]# make install
add group dan user untuk squid
[nanang@oprex squid-2.5.STABLE14]# groupadd squid
[nanang@oprex squid-2.5.STABLE14]# useradd squid -g squid -d /dev/null -s /nonexistent
Bikin direktori untuk access.log dan cache.log
[nanang@oprex squid -2.5.STABLE14]# mkdir /var/log/squid
[nanang@oprex squid -2.5.STABLE14]# cd /var/log/squid
[nanang@oprex squid]# touch access.log
[nanang@oprex squid]# touch cache.log
[nanang@oprex squid]# cd /
[nanang@oprex /]# chown squid:squid cache
[nanang@oprex ]# chown squid:squid *
[nanang@oprex squid]# ll
total 0
-rw-r–r– 1 squid squid 0 Des 1 22:46 access.log
-rw-r–r– 1 squid squid 0 Des 1 22:46 cache.log
Set squid.conf di direktori /usr/local/squid/etc/squid.conf
Source squid.conf bisa anda kopi hasil editan saya
#tambahkan menjadi “http_port 3128 transparent” untuk transparent proxy
#kalau anda tidak suka port 3128 sebagai port default proxy silahkan ganti
http_port 3128
icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 128 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 10240 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
ipcache_size 2048
ipcache_low 94
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
# gunakan max 70 % Dari size partisi cache  jika partisi cache anda 10 Gb maka gunkan 7 gb saja , maka dengan demikian squid akan mengisi log hanya sampai 7 Gb ( aotomatis remove)
cache_dir diskd /cache 7000 16 256 Q1=64 Q2=72
cache_access_log /squid/access.log
cache_log /squid/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
ftp_user support@Gellora.com
wais_relay_port 0
request_header_max_size 20 KB
request_body_max_size 10 MB
refresh_pattern ^ftp:          1440    20%     10080
refresh_pattern ^gopher:       1440    0%      1440
refresh_pattern .              0       20%     4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
# sebelumnya simpan dulu situs2 bokep di /usr/local/squid/etc/bokep & situs no bokep di usr/local/squid/etc/nobokep
acl porn url_regex “/usr/local/squid/etc/bokep”
acl noporn url_regex “/usr/local/squid/etc/nobokep”
acl XYZZY url_regex .yahoo.com
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ip kita src 200.80.250.0/24
acl IIX src 202.0.0.0/255.0.0.0
acl SSL_ports port 443 563 6667 7000
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777 110
acl Safe_ports port 10001
acl CONNECT method CONNECT
no_cache deny XYZZY
http_access deny porn !noporn
http_access allow manager localhost
http_access allow ipkita
http_access allow IIX
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow all
connect_timeout 5 minutes
peer_connect_timeout 120 seconds
read_timeout 20 minutes
request_timeout 120 seconds
client_lifetime 5 day
half_closed_clients on
server_persistent_connections off
client_persistent_connections off
pconn_timeout 240 seconds
shutdown_lifetime 30 seconds
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
visible_hostname Gellora
logfile_rotate 10
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 15
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
offline_mode off
client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp on
test_reachability off
nonhierarchical_direct off
prefer_direct off
ignore_unknown_nameservers on
high_memory_warning 0
store_dir_select_algorithm round-robin
ie_refresh on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#####DELAY POOLS
acl magic_words1 url_regex -i 200.80.250.
acl magic_words2 url_regex -i ftp .torrent .3gp .dat .exe .vqf .rpm .zip .rar .t                 ar.gz .tar.bz2 .iso .mpeg .mp3 .mpe .mpg .qt .ram .rm .raw .wav .wmv .mov .avi
delay_pools 3
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2
delay_parameters 2 100000/500000 100000/500000
delay_access 2 allow magic_words2
Note: previllage direktori untuk cache harus kepunyaan squid
Membuat direktori swap, gunakan perintah :
[nanang@oprex /]# /usr/local/squid/sbin/squid –z
Apabila tidak ada error, jalankan squid menggunakan perintah :
[nanang@oprex /]# /usr/local/squid/sbin/squid –D
Lihat service squid yg sedang running
[nanang@oprex /]# ps ax|grep squid
10952 ? S 0:00 /usr/local/squid/sbin/squid -D
10954 ? S 0:00 (squid) -D
10961 pts/0 S 0:00 grep squid
Selamat Anda sudah sukses menginstall Proxy Server
Selamat Mencoba, Semoga Berhasil