27 September 2012

Cara pasang Iklan di dalam Postingan

Cara pasang Iklan di dalam Postingan

Langkah memasang Script Iklan di (Kiri, kanan, atas, dan bawah) dalam postingan blog :

    Sebelumnya sobat siapkan terlebih dahulu Script Iklan yang hendak di pasang di blog.
    Setelah Script iklan sudah siap, Sobat kunjungi http://si-owner.blogspot.com/2012/05/parse-kode-html  yang berfungsi untuk memparse Script Iklan sobat.
    Setelah sobat klik parse, kode iklan akan berubah kemudian sobat copy / biarkan dulu script iklan tersebut yang nantinya akan digunakan.
    Kemudian sobat langsung masuk ke Blogger dengan akun sobat
    Masuk pada Rancangan >> Klik edit html >> exspand template widget
    Sobat Cari kode <data:posts.body/> , jika terdapat dua kode, sobat pilih yang kedua.
    Selanjutnya letakkan kode script di bawah ini sebelum kode <data:posts.body/>



*). Kode script untuk iklan di sisi kiri postingan :
<b:if cond='data:blog.pageType == &quot;item&quot;'>
<div style='float:left;width:300px;height:250px;padding:0 0px 0px 0;'>
<--Simpan Kode Iklan Disini--&gt;</div></b:if>




*). Kode script untuk iklan di sisi kanan postingan :


<b:if cond='data:blog.pageType == &quot;item&quot;'>
<div style='float:right;width:300px;height:250px;padding:0 0px 0px 0;'>


<--Simpan Kode Iklan Disini--></div></b:if>



Keterangan :


Pada kode width:300px;height:250px ini, sobat bisa mengganti dengan ukuran yang lain.
Pada kode <--Simpan Kode Iklan Disini--> Sobat bisa ganti dengan kode script iklan yang sudah diparse tadi.


*). Untuk iklan di atas postingan letakkan script iklan yang sudah diparse tadi di atas kode <data:posts.body/>


*). Untuk iklan di bawah postingan letakkan script iklan yang sudah diparse tadi di bawah kode <data:posts.body/>




Jadinya seperti ini :


<div class='post-body entry-content'>
<data:post.body/>


<b:if cond='data:blog.pageType == "item"'>
<p> Kode iklan, banner, pesan atau apapun di pasang disini! </p>
</b:if>
<div style='clear: both;'/> <!-- clear for photos floats -->
</div>

Itulah sobat Tutorial untuk memasang Script Iklan di (Kiri, kanan, atas, dan bawah) dalam postingan blog. Semoga bermanfaat bagi sobat, dan jika sobat berkenan untuk memberikan kesan dan juga pesannya, bisa menulis di bawah ini

Cara membuat efek membesar pada gambar


OK...., bila anda berminat, silahkan anda ikuti langkah - langkah berikut :
1. Login ke blogger dengan ID anda.
2. Klik Rancangan.
3. Dan KLik tab Edit HTML.







4. Cari kode di bawah ini atau yang mirip dengan kode ini :

</head>

5. Copy kode di bawah ini dan taruh sebelum kode </head> :

<style type="text/css">
#zoomimage div {
height:100px;
width:100px;
-webkit-transition: all 2s ease-in-out;
-moz-transition: all 2s ease-in-out;}

#zoomimage div:hover {
padding-top:0;
padding-left:0;
padding-top:0;
padding-right:0;

-webkit-transform:scale(3,3);
-moz-transform:scale(3,3);}

#zoomimage img {
border: 3px solid #D8D8D8;
border-style:double;
}
</style>
Catatan :
  • Anda bisa mengatur posisi gambar pada saat membesar, baik kearah kekiri, kekanan, dan kebawah. Anda tinggal mengganti nilai "0" pada kode - kode :
padding-top:0;
padding-left:0;
padding-top:0;
padding-right:0;

6. Simpan Template.

7. Langkah selanjutnya, anda tinggal copy kode dibawah ini dan anda bisa taruh kode gambar ini pada gadget atau akan dipasang pada artikel post anda untuk menampilkan gambar dengan efek membesar, silahkan ... itu terserah anda.

<center>
<div id="zoomimage">
<div class="hover"><a href="http://si-owner.blogspot.com" target="_blank"><img src="https://lh3.googleusercontent.com/-gjMAmm0g4qA/T9NKc8KgqtI/AAAAAAAAAA4/TfYen1Zi1FQ/s512/ROHMAN.jpg" width="100" height="100"/></a>
</div></div></center>
catatan :
- Ganti ULR blog dan ULR image dengan ULR milik anda.

Nah....Mudah kan...?
Silahkan anda coba dan diotak atik sendiri sesuka selera anda.
Semoga bermanfaat....
Load Balancing 5 WAN dengan Failover

Load Balancing 5 WAN dengan Failover

Menggunakan router board mikrotik RB493 dengan 5 interface WAN untuk koneksi ke internet menggunakan speedy. Semua modem speedy diset router. Pemodelan koneksi adalah sbb:
  • Load Balancing menggunakan NTH untuk trafik browsing (tcp port 80) dan PCC untuk trafik non browsing.
  • Koneksi ke speedy dianggap tidak stabil dan perlu dibuat fail over sehingga jika salah satu speedy putus maka Load Balancing PCC dan NTH masih berjalan.
  • Koneksi internet user (clients) ke tcp port 80 (browsing) akan dilewatkan server proxy.
  • Koneksi internet server proxy akan melalui Load Balancing NTH.
  • Koneksi internet user (clients) selain browsing di atas akan melalui Load Balancing PCC.
Topologi RB493 + 5 WAN + 1 Proxy
Topologi Load Balancing 5 WAN Speedy

/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment=eth1 disabled=no full-duplex=\
    yes l2mtu=1526 mac-address=00:XX:XX:XX:XX:8F mtu=1500 name=lan speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth2 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:90 \
    master-port=none mtu=1500 name=proxy speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth3 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:91 \
    master-port=none mtu=1500 name=wan1 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth4 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:92 \
    master-port=none mtu=1500 name=wan2 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth5 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:93 \
    master-port=none mtu=1500 name=wan3 speed=100Mbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth6 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:94 \
    master-port=none mtu=1500 name=wan4 speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth7 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:95 \
    master-port=none mtu=1500 name=wan5 speed=100Mbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth8 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:95 \
    master-port=none mtu=1500 name=ether8 speed=100Mbps
set 8 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    eth9 disabled=no full-duplex=yes l2mtu=1522 mac-address=00:XX:XX:XX:XX:97 \
    master-port=none mtu=1500 name=ether9 speed=100Mbps

/ip adress
add address=192.168.0.254/24 broadcast=192.168.0.255 comment="" disabled=no \
    interface=lan network=192.168.0.0
add address=192.168.100.2/24 broadcast=192.168.100.255 comment="" disabled=no \
    interface=proxy network=192.168.100.0
add address=192.168.1.3/24 broadcast=192.168.1.255 comment="" disabled=no \
    interface=wan1 network=192.168.1.0
add address=192.168.2.3/24 broadcast=192.168.2.255 comment="" disabled=no \
    interface=wan2 network=192.168.2.0
add address=192.168.3.3/24 broadcast=192.168.3.255 comment="" disabled=no \
    interface=wan3 network=192.168.3.0
add address=192.168.4.3/24 broadcast=192.168.4.255 comment="" disabled=no \
    interface=wan4 network=192.168.4.0
add address=192.168.5.3/24 broadcast=192.168.5.255 comment="" disabled=no \
    interface=wan5 network=192.168.5.0

/ip adress
add address=192.168.0.254/24 broadcast=192.168.0.255 comment="" disabled=no \
    interface=lan network=192.168.0.0
add address=192.168.100.2/24 broadcast=192.168.100.255 comment="" disabled=no \
    interface=proxy network=192.168.100.0
add address=192.168.1.3/24 broadcast=192.168.1.255 comment="" disabled=no \
    interface=wan1 network=192.168.1.0
add address=192.168.2.3/24 broadcast=192.168.2.255 comment="" disabled=no \
    interface=wan2 network=192.168.2.0
add address=192.168.3.3/24 broadcast=192.168.3.255 comment="" disabled=no \
    interface=wan3 network=192.168.3.0
add address=192.168.4.3/24 broadcast=192.168.4.255 comment="" disabled=no \
    interface=wan4 network=192.168.4.0
add address=192.168.5.3/24 broadcast=192.168.5.255 comment="" disabled=no \
    interface=wan5 network=192.168.5.0

/ip route
add comment=wan1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 routing-mark=wan1 scope=255 target-scope=10
add comment=wan2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 routing-mark=wan2 scope=255 target-scope=10
add comment=wan3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.3.1 routing-mark=wan3 scope=255 target-scope=10
add comment=wan4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.4.1 routing-mark=wan4 scope=255 target-scope=10
add comment=wan5 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.5.1 routing-mark=wan5 scope=255 target-scope=10
add comment=nssby.telkom.net.id disabled=no distance=1 dst-address=\
    202.134.1.10/32 gateway=192.168.1.1 scope=30 target-scope=10
add comment=ns1.indosat.net.id disabled=no distance=1 dst-address=\
    202.155.0.20/32 gateway=192.168.2.1 scope=30 target-scope=10
add comment=PE-JR-HUAWEI.telkom.net.id disabled=no distance=1 dst-address=\
    125.160.0.97/32 gateway=192.168.3.1 scope=30 target-scope=10
add comment=ns1.rad.net.id disabled=no distance=1 dst-address=202.154.1.2/32 \
    gateway=192.168.4.1 scope=30 target-scope=10
add comment=ns1.indosat.net.id disabled=no distance=1 dst-address=\
    202.155.0.15/32 gateway=192.168.5.1 scope=30 target-scope=10
add check-gateway=ping comment="LB Router" disabled=no distance=1 \
    dst-address=0.0.0.0/0 \
    gateway=192.168.5.1,192.168.4.1,192.168.3.1,192.168.2.1,192.168.1.1
    scope=255 target-scope=10

Penjelasan:
  1. Baris routing yang berwarna hijau ditulis secara otomatis oleh script.
  2. Koneksi dari router keluar (internet) akan melalui semua gateway yang hidup (dalam contoh di atas ada 5 gateway).
  3. Untuk deteksi koneksi internet masing-masing wan dilakukan dengan cara ping ke ip tertentu di mana routing ke ip tersebut sudah dibuat statik per wan.
    • Untuk cek koneksi wan1 dilakukan dengan ping ke ip 202.134.1.10
    • Untuk cek koneksi wan2 dilakukan dengan ping ke ip 202.155.0.20
    • Untuk cek koneksi wan3 dilakukan dengan ping ke ip 125.160.0.97
    • Untuk cek koneksi wan4 dilakukan dengan ping ke ip 202.154.1.2
    • Untuk cek koneksi wan5 dilakukan dengan ping ke ip 202.154.0.15

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=3072KiB \
    max-udp-packet-size=512 primary-dns=202.134.0.155 secondary-dns=\
    203.130.196.155

/ip dns static
add address=192.168.0.254 disabled=no name=cache-ns.domainku.org ttl=1d

/system clock
set time-zone-name=Asia/Jakarta

/system ntp client
set enabled=yes mode=unicast primary-ntp=202.162.32.12 secondary-ntp=203.160.128.3

/system ntp server
set broadcast=no enabled=yes manycast=yes multicast=no

/ip firewall filter
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=wan1 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=wan2 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=wan3 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=wan4 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=wan5 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no in-interface=proxy protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no \
    src-address-list="port scanners"
add action=accept chain=input comment="Allow Established connections" \
    connection-state=established disabled=no
add action=accept chain=input comment="Allow UDP" disabled=no protocol=udp
add action=accept chain=input comment="Allow limited pings" disabled=no \
    limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=no protocol=\
    icmp
add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
    dst-port=22 in-interface=!proxy protocol=tcp src-address-list=\
    ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input comment="" connection-state=new \
    disabled=no dst-port=22 in-interface=!proxy protocol=tcp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 in-interface=!proxy protocol=tcp \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 in-interface=!proxy protocol=tcp \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 in-interface=!proxy protocol=tcp
add action=accept chain=input comment="SSH for secure shell" disabled=no \
    dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
    protocol=tcp
add action=accept chain=input comment="Allow input from clients" disabled=no \
    src-address-list=clients
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid disabled=no protocol=tcp
add action=accept chain=forward comment=\
    "allow already established connections" connection-state=established \
    disabled=no
add action=accept chain=forward comment="allow related connections" \
    connection-state=related disabled=no
add action=accept chain=forward comment="Enable to exceptions" disabled=no \
    dst-address-list=exceptions in-interface=lan src-address-list=clients
add action=drop chain=forward comment="" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=224.0.0.0/3
add action=drop chain=forward comment="" disabled=no dst-address=224.0.0.0/3
add action=drop chain=forward comment="Drop to private networks" disabled=no \
    dst-address-list=private-networks in-interface=lan
add action=jump chain=forward comment="" disabled=no jump-target=tcp \
    protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
    protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment="Port scanners to list " disabled=no \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=forward comment="NMAP FIN Stealth scan" disabled=no \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="SYN/FIN scan" disabled=no protocol=tcp \
    tcp-flags=fin,syn
add action=drop chain=forward comment="SYN/RST scan" disabled=no protocol=tcp \
    tcp-flags=syn,rst
add action=drop chain=forward comment="FIN/PSH/URG scan" disabled=no \
    protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=drop chain=forward comment="ALL/ALL scan" disabled=no protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=drop chain=forward comment="NMAP NULL scan" disabled=no protocol=\
    tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="dropping port scanners" disabled=no \
    src-address-list="port scanners"
add action=accept chain=forward comment="Menghindari Spam SMTP Dari Virus" \
    disabled=no dst-port=25 protocol=tcp src-address-list=smtp-email
add action=add-src-to-address-list address-list=smtp-email \
    address-list-timeout=5m chain=forward comment="" disabled=no dst-port=25 \
    protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="Drop tcp syn from client > 20" \
    connection-limit=30,32 disabled=no in-interface=lan protocol=tcp \
    tcp-flags=syn
add action=accept chain=forward comment="Allow forward from clients" \
    disabled=no in-interface=lan src-address-list=clients
add action=accept chain=forward comment="Allow from proxy" disabled=no \
    src-address-list=proxy
add action=drop chain=forward comment="Drop connection from lan" disabled=no \
    in-interface=lan
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
    111 protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
    12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
    protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
    3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Blaster Worm" disabled=no dst-port=\
    135-139 protocol=tcp
add action=drop chain=tcp comment="Drop Messenger Worm" disabled=no dst-port=\
    135-139 protocol=udp
add action=drop chain=tcp comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=tcp
add action=drop chain=tcp comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
add action=drop chain=tcp comment=________ disabled=no dst-port=593 protocol=\
    tcp
add action=drop chain=tcp comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
add action=drop chain=tcp comment="Drop MyDoom" disabled=no dst-port=1080 \
    protocol=tcp
add action=drop chain=tcp comment=________ disabled=no dst-port=1214 \
    protocol=tcp
add action=drop chain=tcp comment="ndm requester" disabled=no dst-port=1363 \
    protocol=tcp
add action=drop chain=tcp comment="ndm server" disabled=no dst-port=1364 \
    protocol=tcp
add action=drop chain=tcp comment="screen cast" disabled=no dst-port=1368 \
    protocol=tcp
add action=drop chain=tcp comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
add action=drop chain=tcp comment=cichlid disabled=no dst-port=1377 protocol=\
    tcp
add action=drop chain=tcp comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp
add action=drop chain=tcp comment="Bagle Virus" disabled=no dst-port=2745 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Beagle.C-K" disabled=no dst-port=2745 \
    protocol=tcp
add action=drop chain=tcp comment="Drop MyDoom" disabled=no dst-port=\
    3127-3128 protocol=tcp
add action=drop chain=tcp comment="Drop Backdoor OptixPro" disabled=no \
    dst-port=3410 protocol=tcp
add action=drop chain=tcp comment=Worm disabled=no dst-port=4444 protocol=tcp
add action=drop chain=tcp comment=Worm disabled=no dst-port=4444 protocol=udp
add action=drop chain=tcp comment="Drop Sasser" disabled=no dst-port=5554 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Beagle.B" disabled=no dst-port=8866 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Dabber.A-B" disabled=no dst-port=9898 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Dumaru.Y" disabled=no dst-port=10000 \
    protocol=tcp
add action=drop chain=tcp comment="Drop MyDoom.B" disabled=no dst-port=10080 \
    protocol=tcp
add action=drop chain=tcp comment="Drop Kuang2" disabled=no dst-port=17300 \
    protocol=tcp
add action=drop chain=tcp comment="Drop SubSeven" disabled=no dst-port=27374 \
    protocol=tcp
add action=drop chain=tcp comment="Drop PhatBot, Agobot, Gaobot" disabled=no \
    dst-port=65506 protocol=tcp
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
    protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
    3133 protocol=udp
add action=accept chain=icmp comment="drop invalid connections" disabled=no \
    icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="allow established connections" \
    disabled=no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="allow already established connections" \
    disabled=no icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="allow source quench" disabled=no \
    icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" disabled=no \
    icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" disabled=no \
    icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" disabled=no \
    icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=no

/ip firewall address-list
add address=192.168.0.254 comment="ip router mikrotik" disabled=no list=router
add address=10.0.0.0/8 comment="" disabled=no list=private-networks
add address=172.16.0.0/12 comment="" disabled=no list=private-networks
add address=192.168.0.0/16 comment="" disabled=no list=private-networks
add address=192.168.1.1 comment="Modem spidi wan1" disabled=no list=exceptions
add address=192.168.2.1 comment="Modem spidi wan2" disabled=no list=exceptions
add address=192.168.3.1 comment="Modem spidi wan3" disabled=no list=exceptions
add address=192.168.4.1 comment="Modem spidi wan4" disabled=no list=exceptions
add address=192.168.5.1 comment="Modem spidi wan5" disabled=no list=exceptions
add address=192.168.100.1 comment="proxy server" disabled=no list=exceptions
add address=192.168.0.0/24 comment="" disabled=no list=local
add address=192.168.1.1 comment="" disabled=no list=local
add address=192.168.2.1 comment="" disabled=no list=local
add address=192.168.3.1 comment="" disabled=no list=local
add address=192.168.4.1 comment="" disabled=no list=local
add address=192.168.5.1 comment="" disabled=no list=local
add address=192.168.100.1 comment="" disabled=no list=local
add address=192.168.0.0/24 comment="" disabled=no list=clients
add address=192.168.100.1 comment="" disabled=no list=proxy
add address=192.168.1.1 comment=wan1 disabled=no list=bypasswww
add address=192.168.2.1 comment=wan2 disabled=no list=bypasswww
add address=192.168.3.1 comment=wan3 disabled=no list=bypasswww
add address=192.168.4.1 comment=wan4 disabled=no list=bypasswww
add address=192.168.5.1 comment=wan5 disabled=no list=bypasswww
add address=192.168.100.1 comment=proxy disabled=no list=bypasswww

/ip firewall nat
add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
    dst-port=53 in-interface=lan protocol=udp src-address-list=clients \
    to-ports=53
add action=redirect chain=dstnat comment="DNS REDIRECT to router" disabled=no \
    dst-port=53 in-interface=lan protocol=tcp src-address-list=clients \
    to-ports=53
add action=dst-nat chain=dstnat comment=proxy_external disabled=no \
    dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
    protocol=tcp src-address-list=clients to-addresses=192.168.100.1 \
    to-ports=8080
add action=masquerade chain=srcnat comment=wan1 disabled=no out-interface=\
    wan1 src-address-list=clients
add action=masquerade chain=srcnat comment=wan2 disabled=no out-interface=\
    wan2 src-address-list=clients
add action=masquerade chain=srcnat comment=wan3 disabled=no out-interface=\
    wan3 src-address-list=clients
add action=masquerade chain=srcnat comment=wan4 disabled=no out-interface=\
    wan4 src-address-list=clients
add action=masquerade chain=srcnat comment=wan5 disabled=no out-interface=\
    wan5 src-address-list=clients
add action=masquerade chain=srcnat comment=wan1 disabled=no out-interface=\
    wan1 src-address-list=proxy
add action=masquerade chain=srcnat comment=wan2 disabled=no out-interface=\
    wan2 src-address-list=proxy
add action=masquerade chain=srcnat comment=wan3 disabled=no out-interface=\
    wan3 src-address-list=proxy
add action=masquerade chain=srcnat comment=wan4 disabled=no out-interface=\
    wan4 src-address-list=proxy
add action=masquerade chain=srcnat comment=wan5 disabled=no out-interface=\
    wan5 src-address-list=proxy

/ip firewall mangle
add action=mark-packet chain=prerouting comment=\
    "MARK PACKET DIRECT to proxy clients-up" disabled=no dst-address-list=\
    proxy dst-port=3128,8080 in-interface=lan new-packet-mark=clients-up \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="MARK PACKET LOCAL local-up" \
    disabled=no dst-address-list=local in-interface=lan new-packet-mark=\
    clients-local-up passthrough=no src-address-list=clients
add action=mark-packet chain=prerouting comment=\
    "MARK PACKET clients tcp port 80,3128,8080 REDIRECT to proxy" disabled=no \
    dst-address-list=!bypasswww dst-port=80,3128,8080 in-interface=lan \
    new-packet-mark=clients-up-www passthrough=no protocol=tcp \
    src-address-list=clients
add action=mark-packet chain=prerouting comment=\
    "MARK PACKET clients-up" disabled=no in-interface=lan \
    new-packet-mark=clients-up passthrough=yes src-address-list=clients
add action=mark-packet chain=forward comment="MARK Proxy Cache Hits" \
    disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp \
    src-port=8080
add action=mark-packet chain=forward comment=\
    "MARK PACKET clients-down from proxy" disabled=no dst-address-list=\
    clients new-packet-mark=clients-down passthrough=no protocol=tcp \
    src-address-list=proxy src-port=8080
add action=mark-packet chain=forward comment="MARK PACKET LOCAL clients-down" \
    disabled=no dst-address-list=clients new-packet-mark=clients-local-down \
    passthrough=no src-address-list=local
add action=mark-packet chain=forward comment=\
    "MARK PACKET clients-down" disabled=no dst-address-list=clients \
    new-packet-mark=clients-down passthrough=no
add action=mark-connection chain=prerouting comment=LB_PCC connection-state=\
    new disabled=no dst-address-list=!local dst-address-type=!local \
    in-interface=lan new-connection-mark=wan5-con passthrough=yes \
    per-connection-classifier=both-addresses:5/0 src-address-list=clients
add action=mark-routing chain=prerouting comment=LB_PCC connection-mark=\
    wan5-con disabled=no in-interface=lan new-routing-mark=wan5 passthrough=no
add action=mark-connection chain=prerouting comment=LB_NTH connection-state=\
    new disabled=no dst-address-list=!local in-interface=proxy \
    new-connection-mark=wan5-con nth=5,1 passthrough=yes
add action=mark-routing chain=prerouting comment=LB_NTH connection-mark=\
    wan5-con disabled=no in-interface=proxy new-routing-mark=wan5 \
    passthrough=no
add action=mark-connection chain=prerouting comment=LB_PCC connection-state=\
    new disabled=no dst-address-list=!local dst-address-type=!local \
    in-interface=lan new-connection-mark=wan4-con passthrough=yes \
    per-connection-classifier=both-addresses:4/0 src-address-list=clients
add action=mark-routing chain=prerouting comment=LB_PCC connection-mark=\
    wan4-con disabled=no in-interface=lan new-routing-mark=wan4 passthrough=no
add action=mark-connection chain=prerouting comment=LB_NTH connection-state=\
    new disabled=no dst-address-list=!local in-interface=proxy \
    new-connection-mark=wan4-con nth=4,1 passthrough=yes
add action=mark-routing chain=prerouting comment=LB_NTH connection-mark=\
    wan4-con disabled=no in-interface=proxy new-routing-mark=wan4 \
    passthrough=no
add action=mark-connection chain=prerouting comment=LB_PCC connection-state=\
    new disabled=no dst-address-list=!local dst-address-type=!local \
    in-interface=lan new-connection-mark=wan3-con passthrough=yes \
    per-connection-classifier=both-addresses:3/0 src-address-list=clients
add action=mark-routing chain=prerouting comment=LB_PCC connection-mark=\
    wan3-con disabled=no in-interface=lan new-routing-mark=wan3 passthrough=\
    no
add action=mark-connection chain=prerouting comment=LB_NTH connection-state=\
    new disabled=no dst-address-list=!local in-interface=proxy \
    new-connection-mark=wan3-con nth=3,1 passthrough=yes
add action=mark-routing chain=prerouting comment=LB_NTH connection-mark=\
    wan3-con disabled=no in-interface=proxy new-routing-mark=wan3 \
    passthrough=no
add action=mark-connection chain=prerouting comment=LB_PCC connection-state=\
    new disabled=no dst-address-list=!local dst-address-type=!local \
    in-interface=lan new-connection-mark=wan2-con passthrough=yes \
    per-connection-classifier=both-addresses:2/0 src-address-list=clients
add action=mark-routing chain=prerouting comment=LB_PCC connection-mark=\
    wan2-con disabled=no in-interface=lan new-routing-mark=wan2 passthrough=\
    no
add action=mark-connection chain=prerouting comment=LB_NTH connection-state=\
    new disabled=no dst-address-list=!local in-interface=proxy \
    new-connection-mark=wan2-con nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting comment=LB_NTH connection-mark=\
    wan2-con disabled=no in-interface=proxy new-routing-mark=wan2 \
    passthrough=no
add action=mark-connection chain=prerouting comment=LB_PCC connection-state=\
    new disabled=no dst-address-list=!local dst-address-type=!local \
    in-interface=lan new-connection-mark=wan1-con passthrough=yes \
    per-connection-classifier=both-addresses:1/0 src-address-list=clients
add action=mark-routing chain=prerouting comment=LB_PCC connection-mark=\
    wan1-con disabled=no in-interface=lan new-routing-mark=wan1 passthrough=\
    no
add action=mark-connection chain=prerouting comment=LB_NTH connection-state=\
    new disabled=no dst-address-list=!local in-interface=proxy \
    new-connection-mark=wan1-con nth=1,1 passthrough=yes
add action=mark-routing chain=prerouting comment=LB_NTH connection-mark=\
    wan1-con disabled=no in-interface=proxy new-routing-mark=wan1 \
    passthrough=no

Baris-baris rule mangle yang berwarna hijau itu ditulis secara otomatis melalui script yang akan dijelaskan nanti.

param
Saat router reboot script param di bawah ini akan dieksekusi:



#
# script: param
#
# Jumlah koneksi wan
:global nwan 5;
# daftar ip internet yang dirouting secara statik
:global ips "202.134.1.10,202.155.0.20,125.160.0.97,202.154.1.2,202.155.0.15";
# daftar ip wan atau gateway
:global gws "192.168.1.1,192.168.2.1,192.168.3.1,192.168.4.1,192.168.5.1";
# nilai atau score untuk masing-masing wan
:global scrs "2,4,8,16,32";
:global SCORE 0;
 
 
 Variable score scrs untuk menyimpan nilai atau score per wan sedangkan SCORE untuk menyimpan status online semua wan:
  • Nilai SCORE 0 berarti semua WAN tidak online.
  • Jika WAN 1 online maka nilai SCORE menjadi bertambah 2.
  • Jika WAN 2 online maka nilai SCORE menjadi bertambah 4.
  • Jika WAN 3 online maka nilai SCORE menjadi bertambah 8.
  • Jika WAN 4 online maka nilai SCORE menjadi bertambah 16.
  • Jika WAN 5 online maka nilai SCORE menjadi bertambah 32.
  • Jika semua WAN online nilai SCORE adalah 2+4+8+16+32 = 62.

deadgwdetection
Script ini dijalankan via schedule setiap 120 detik atau 2 menit


#
# script: deadgwdetection
#
:global SCORE;
:global nwan;
:global ips;
:global gws;
:global scrs;
:local nth 0;
:local ipArr [:toarray $ips];
:local gwArr [:toarray $gws];
:local scrArr [:toarray $scrs];
:local wanArr {};
:local score 0;
:local lbs "";
:for x from=1 to="$nwan" \
  do={ :if ([ /interface ethernet get "wan$x" running ]) \
      do { :local ip [:pick $ipArr ($x-1)]; :local gw [:pick $gwArr ($x-1)]; :local succ 0;
           :for z from=1 to=3 \
             do={ :if ([/ping "$ip" count=1 size=28]=1) do { :set succ ($succ+1) }; 
                  /interface monitor-traffic "wan$x" once do={ :if ($"rx-bits-per-second" > 4096) do={:set succ ($succ+1) }}};
           :if ($succ>1) \
              do { :set wanArr ($wanArr, $x);:set nth ($nth+1); :set score ($score+[:pick $scrArr ($x-1)])} \
              else { :log warning "Modem spidi wan$x is down." };
           };
     };
:local ptr [ /system logging find topics="info"];
/system logging disable $ptr;
:if ($SCORE!=$score) \
do { /ip firewall mangle remove [ find comment="LB_NTH" ];
     /ip firewall mangle remove [ find comment="LB_PCC" ];
     :for x from=$nth to=1 \
     do={:local y [:pick $wanArr ($x-1)];
         :if ($x>1) do { :set lbs ($lbs . "192.168.$y" . ".1,"); };
         :if ($x=1) do { :set lbs ($lbs . "192.168.$y" . ".1"); };
         /ip firewall mangle add action=mark-connection chain=prerouting comment="LB_PCC" \
         connection-state=new disabled=no dst-address-list=!local dst-address-type=!local \
         in-interface=lan src-address-list=clients new-connection-mark="wan$y-con" \
         per-connection-classifier="both-addresses:$x/0" passthrough=yes;
         /ip firewall mangle add action=mark-routing chain=prerouting comment="LB_PCC" \
         connection-mark="wan$y-con" disabled=no in-interface=lan new-routing-mark="wan$y" passthrough=no;
         /ip firewall mangle add action=mark-connection chain=prerouting comment="LB_NTH" \
         connection-state=new disabled=no dst-address-list=!local \
         in-interface=proxy new-connection-mark="wan$y-con" nth="$x,1" passthrough=yes;
         /ip firewall mangle add action=mark-routing chain=prerouting comment="LB_NTH" \
         connection-mark="wan$y-con" disabled=no in-interface=proxy new-routing-mark="wan$y" passthrough=no; };

/ip route remove [ find comment="LB Router" ];
/ip route add check-gateway=ping comment="LB Router" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway="$lbs" scope=255 target-scope=10;
};
/system logging enable $ptr;
:set SCORE $score;
:put $SCORE; 
 
 
 
 Penjelasan:
  1. Pertama deteksi apakah koneksi fisik ke wan running atau tidak (baris 17).
  2. Kedua apakah melalui wan tersebut bisa ping ke tertentu (baris 20).
  3. Jika tidak bisa diping cek trafik received yang melalui wan tadi apakah melewati threshold atau ambang batas tertentu sehingga bisa dianggap wan ini online (baris 21).
  4. Jika salah satu di atas berhasil, no 2 atau 3, maka naikkan jumlah wan dan tulis link wan yang aktif (baris 23). Jika semua gagal tulis di log bahwa koneksi melalui wan ini down (baris 24).
  5. Agar tidak terlalu banyak output ke log, matikan untuk sementara fungsi ini di baris 28.
  6. Jika ada perubahan jumlah koneksi atau nilai SCORE (baris 29) maka buat baru baris-baris mangle (baris 30-31).
  7. Baris 34-46 menulis ip firewall mangle Load Balancing PCC untuk koneksi non browsing (tcp port 80) dari clients dan Load Balancing NTH untuk koneksi dari proxy.
  8. Baris 48-50 menulis routing default yang baru untuk mikrotik.
  9. Fungsi logging diaktifkan kembali di baris 52.
  10. Nilai SCORE dari jumlah koneksi sekarang disimpan (baris 53-54).

Sekarang aktifkan schedule untuk dua script di atas:
/system scheduler
add comment="" disabled=no interval=0s name=sch-param-startup on-event=param \
    policy=read,write,test start-time=startup
add comment="" disabled=no interval=2m name=sch-deadgwdetction on-event=\
    deadgwdetection policy=read,write,test start-date=jan/01/1970 \
    start-time=00:00:10
 
 
 
Load balancing 7 WAN dengan mikrotik + proxy external

Load balancing 7 WAN dengan mikrotik + proxy external

Untuk deteksi koneksi internet yang putus di salah satu atau beberapa modem speedy digunakan teknik khusus yang saya beri nama dynamic routing and dead gateway detection yang source codenya bisa dilihat di gambar bawah.

Topologi
Topologi RB493 + 7 WAN + 1 Proxy

System resources RB493
system resource
Konfigurasi interface
interface list
Keterangan:
  1. eth1: local area network (lan) terlihat menerima trafik dari mikrotik sebesar 10.4Mbps (Tx).
  2. eth2: mikrotik menerima paket dari source http dan cache hit dari mesin proxy squid sebesar 9.9Mbps (Rx) dan forward trafik ke mesin proxy sebesar 3.8Mbps. Secara kasar cache hit: 9.9Mbps – 3.8Mbps = 6.1Mpbs
  3. eth3: modem adsl speedy wan1.
  4. eth4: modem adsl speedy wan2.
  5. eth5: modem adsl speedy wan3.
  6. eth6: modem adsl speedy wan4.
  7. eth7: modem adsl speedy wan5.
  8. eth8: modem adsl speedy wan6.
  9. eth9: modem adsl speedy wan7.

Routing list
routing list
Keterangan:
  1. Tujuh baris teratas membuat routing mark yang sesuai dengan koneksi ke spidi (wan1 – wan7).
  2. Baris yang ada comment “LB Router” itu metode loadbalancing dengan ECMP (Equal Cost Multi-Path) Routing.
  3. Untuk deteksi koneksi setiap modem speedy dari modem 1 s/d 7 (wan1 s/d wan7) maka dibuatkan routing statik dengan ip tujuan berturut-turut 202.134.1.10, 202.155.0.20, 125.160.0.97, 202.154.1.2, 218.100.27.179, 202.152.1.1, 125.167.72.1 (pada gambar terlihat di kolom destination).

Routing policy (ip route list)
routing policy

Mangle untuk loadbalancing n+th (policy based routing) dan queue management
ip firewall mangle
Keterangan:
  1. Baris 0 menandai paket icmp dari router ke internet.
  2. Baris 1 menandai paket dari client (user) melalui device lan ke router. Gunanya mangle ini agar trafik ini tidak kena bandwidth management.
  3. Baris 2 menandai paket cache hit dari proxy server eksternal ke client. Gunanya agar object cache hit dari proxy tidak dilimit atau dishaping.
  4. Baris 3 menandai paket dari client lan ke proxy non port 8080 protocol tcp.
  5. Baris 4 menandai paket lokal dari proxy ke client non port 8080 protocol tcp.
  6. Baris 5 menandai paket dari proxy ke client port 8080 protocol tcp.
  7. Baris 6 menandai paket dari internet dengan tujuan client.
  8. Baris 7 menandai paket dari client ke port 80 (www) yang dilewatkan secara transparent ke proxy eksternal.
  9. Baris 8 – 9 menandai paket dari client ke port 25 dan 6600-7000 protocol tcp agar selalu dilewatkan ke device wan tertentu.
  10. Baris 10 dan selanjutnya membuat loadbalancing dengan n+th untuk paket yang datang client dan proxy server.

N A T
ip firewall nat
Keterangan:
  1. Baris 0 dan 1 membelokkan trafik request dns dari client ke dns cache mikrotik.
  2. Baris 2 membelokkan trafik ke port 80/tcp dari client ke proxy server external.
  3. Baris 3 – 9 masquerade untuk koneksi client ke internet.
  4. Baris 10 – 16 masquerade untuk koneksi proxy server external ke internet.
  5. Baris 17 masquerade untuk koneksi client ke tujuan non proxy server.
  6. Baris 18 masquerade untuk koneksi proxy server ke tujuan non clients.

Bandwidth managemenet dengan Queue Simple
queue simple

Tool Netwatch
tool netwatch
Alat bantu netwatch akan memonitor koneksi lokal ke masing-masing modem adsl.

Source code dynamic routing & dead gateway detection
dynamic routing & dead gateway detection
Keterangan:
  1. Script di atas dijalankan per 1 menit melalui schedule.
  2. Saat dijalankan yang dilakukan adalah cek status (cek koneksi lokal) modem adsl speedy di tool netwatch.
  3. Selanjutnya adalah cek koneksi internet modem dengan ping ke ip tujuan tertentu yang telah diset routingnya secara statik agar melalui modem tersebut.
  4. Selain metode ping juga dilakukan pengamatan trafik yang lewat interface ke modem.
  5. Hal ini dilakukan berulang-ulang sampai semua modem adsl speedy selesai dimonitor baik koneksi lokal maupun internet.
  6. Jika ada salah satu atau beberapa koneksi internet modem putus maka dilakukan perhitungan kembali loadbalancing n+th dan penentuan kembali statik routing untuk tujuan ke port 25/tcp dan 6600-7000/tcp.
  7. Koneksi internet modem yang terputus akan ditulis di log.

Load Balancing n+th in action
Analisa ini untuk melihat apakah load balancing n+th dijalankan dengan benar. Untuk itu akan dimonitor trafik dari salah satu client, ip 192.168.0.37. Client menjalankan aplikasi Download Accelerator Plus (DAP) dengan membuka sesi download lebih dari 5. Buka Tools > Torch lalu isi seperti di bawah ini:
Interface: lan
Src. Address: 192.168.0.37
Dst. Address: 0.0.0.0/0
Protocol	: tcp
Port		: any
Kotak Src. Address, Dst. Address, Protocol (pilih tcp) dan Port (pilih any) dicentang dahulu.
monitoring trafik dari client 192.168.0.37
Terlihat ip tujuan adalah 174.140.128.13, sekarang stop torch dan isikan parameter seperti di bawah ini untuk monitor trafik yang lewat interface wan1:
Interface: wan1
Src. Address: 174.140.128.13
Dst. Address: 0.0.0.0/0
Lakukan hal yang sama untuk monitor trafik yang lewat interface wan2 – wan7. Maka akan diperoleh gambar-gambar berikut:
wan1-client-37
wan2-client-37
wan3-client-37
wan4-client-37
wan5-client-37
wan6-client-37
wan7-client-37

Trafik monitoring mikrotik di device eth0 (LAN)
mrtg
Keterangan:
  1. Pukul 01:00-02:00, trafik mencapai limit bandwidth root yang diset 5Mbps (gambar tengah).
  2. Pukul 16:00 trafik loss sampai hampir 8Mbps saat bandwidth management dilepas (gambar kanan).

  3. sumber:http://awarmanf.wordpress.com/2010/01/06/lb7wan-rb439-proxy-external/