Queue Tree buat warnet

Tulisan ini hanya sekedar sharing untuk implementasi penggunaan Queue Tree diwarnet, dengan asumsi bahwa koneksi internet 2Mbps stabil (tidak naek turun) kesemua site, jumlah PC adalah 12 unit share maximum 1Mbps/pc (naek dan turun dengan otomatis jika user yang menggunakan bertambah, jika hanya 1 dan 2 user maka bandwith akan mentok di 1Mbps untuk tiap user.
kondisi jaringan ip lan router=192.168.0.14, billing server=192.168.0.13, asumsi billing server juga digunakan operator untuk ngenet

tambahkan ip address pada lan router
Code:

ip address add address=192.168.0.14/28 interface=lan

 kemudian kita lakukan marking connection pada setiap pc-client
Code:

ip firewall mangle add action mark-connection new-connection-mark=pc01 src-address=192.168.0.1 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc02 src-address=192.168.0.2 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc03 src-address=192.168.0.3 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc04 src-address=192.168.0.4 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc05 src-address=192.168.0.5 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc06 src-address=192.168.0.6 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc07 src-address=192.168.0.7 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc08 src-address=192.168.0.8 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc09 src-address=192.168.0.9 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc10 src-address=192.168.0.10 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc11 src-address=192.168.0.11 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=pc12 src-address=192.168.0.12 chain=prerouting
ip firewall mangle add action mark-connection new-connection-mark=op src-address=192.168.0.13 chain=prerouting

setelah itu kita lakukan marking packet dari setiap connection yang terjadi
Code:

ip firewall mangle add action=mark-packet new-packet-mark=pc01 connection-mark=pc01 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc02 connection-mark=pc02 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc02 connection-mark=pc03 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc03 connection-mark=pc03 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc04 connection-mark=pc04 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc05 connection-mark=pc05 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc06 connection-mark=pc06 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc07 connection-mark=pc07 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc08 connection-mark=pc08 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc09 connection-mark=pc09 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc10 connection-mark=pc10 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc11 connection-mark=pc11 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=pc12 connection-mark=pc12 chain=prerouting passtrough=no
ip firewall mangle add action=mark-packet new-packet-mark=op connection-mark=op chain=prerouting passtrough=no

tambahkan queue tree yang digunakan parent pada interface lan agar bandwith bisa terbagi rata
Code:
queue tree add parent=lan max-limit=2M name=Downlink

tambahan penggunaan PCQ agar setting lebih maximal lagi
Code:
queue type add name=PCQ-1Mbps kind=pcq pcq-rate=1024k pcq-classifier=dst-address

tambahkan child pada parent sesuai dengan packet mark
Code:

queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc01 packet-mark=pc01 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc02 packet-mark=pc02 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc03 packet-mark=pc03 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc04 packet-mark=pc04 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc05 packet-mark=pc05 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc06 packet-mark=pc06 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc07 packet-mark=pc07 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc08 packet-mark=pc08 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc09 packet-mark=pc09 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc10 packet-mark=pc10 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc11 packet-mark=pc11 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=pc12 packet-mark=pc12 queue=PCQ-1Mbps
queue tree add parent=Downlink limit-at=128k max-limit=1024k name=op packet-mark=op queue=PCQ-1Mbps

Tangkap Content Extention via L7 (Limit Download dgn[L7] & connbyt + Drop IDM

Setelah Newbie keliling2 mikir2 7 keliling akhiryna dapat rule yg pas dan udah tested untuk drop Koneksi IDM + dapat menangkap Koneksi download buat dibuang ke queue agar terlimit dengan rapih menggunakan jasa Layer7
langsung to the point aja deh silahkan terjemahin sendiri rulenya,dipelajari aja ya maksud dan tujuannya hehe..

Mohon koreksi apa bila ada yg kurang or CMIIW

Ros V4.9
sesuaikan ip dijaringan anda
10.0.0.0/24 = ip_local client
192.168.1.100 = ip proxy Ext <-Kalo Ada
10.0.0.30 = ip router


Regex content Layer7
Code:
/ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)" add comment="" name="Extension \" .rar \"" regexp="\\.(rar)" add comment="" name="Extension \" .zip \"" regexp="\\.(zip)" add comment="" name="Extension \" .7z \"" regexp="\\.(7z)" add comment="" name="Extension \" .cab \"" regexp="\\.(cab)" add comment="" name="Extension \" .asf \"" regexp="\\.(asf)" add comment="" name="Extension \" .mov \"" regexp="\\.(mov)" add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)" add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)" add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)" add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)" add comment="" name="Extension \" .avi \"" regexp="\\.(avi)" add comment="" name="Extension \" .flv \"" regexp="\\.(flv)" add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)" add comment="" name="Extension \" .wav \"" regexp="\\.(wav)" add comment="" name="Extension \" .rm \"" regexp="\\.(rm)" add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)" add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)" add comment="" name="Extension \" .ram \"" regexp="\\.(ram)" add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)" add comment="" name="Extension \" .dat \"" regexp="\\.(dat)" add comment="" name="Extension \" .daa \"" regexp="\\.(daa)" add comment="" name="Extension \" .iso \"" regexp="\\.(iso)" add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)" add comment="" name="Extension \" .bin \"" regexp="\\.(bin)" add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)" add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)" add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)" add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)" add comment="" name="Extension \" .qt \"" regexp="\\.(qt)" add comment="" name="Extension \" .raw \"" regexp="\\.(raw)" add comment="" name="Extension \" .wma \"" regexp="\\.(wma)" add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)" add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"

 atau bisa disingkat menjadi :
Code:
add comment="" name=Extension regexp="\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|m\peg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|da a|iso|nrg|bin|vcd|mp2|3g\ p|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip 2)"

 buat dulu ip di address_list buat pisahin agar tidak ketangkap oleh rule difilter dan mangle
Code:
/ip firewall address-list add address=10.0.0.30 comment="" disabled=no list=bypass add address=192.168.1.100 comment="" disabled=no list=bypass add address=192.168.1.100 comment="" disabled=no list=skip_content_download add address=10.0.0.0/24 comment="" disabled=no list=skip_content_download

 filter buat nangkap ip content L7
Code:
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\ !skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp

 Kita buat manglenya buat nandain keneksi download pake connbyte digabungin dgn ip_content L7 yg kita tangkap tadi + nandain koneksi browsing
 /ip firewall mangle add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\ Bw_Download passthrough=yes protocol=tcp add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\ Bw_Download passthrough=yes protocol=!icmp add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \ passthrough=no add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \ protocol=!icmp add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \ passthrough=no

 setelah itu kita buat queue buat batasin downloadnya terserah mau pake simple or tree, disini sy memakai quetree dan sy mengalokasikan BW untuk Download 256kbps aja, silahkan sesuaikan dngn kondisi BW anda
que_typenya
Code:
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000 add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000

 Que_Treenya
Code:
 /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \ queue=Pcq_Browsing_Down add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \priority=8 queue=pcq-down

 Nah... masalah limit download udah selesai sampai disini, skarang tinggal rule untuk Drop koneksi IDM (tetap nangkapnya memakai content L7)

Langsung Filter aja pake conn_limit trus di Drop (perhatikan in-interfacenya sesuaikan dgn nama interface yg menuju Local client anda

Code:

/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .exe \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .3gp \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .7z \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp

 Silahkan dicoba.. dan post hasilnya..

Tunggu rule ampuh berikutnya

Lupa password Mikrotik

Kejadian yang lumrah, dimana kita terkadang lupa akan sesuatu,  yang menjengkelkan ketika kita lupa akan password winbox mikrotik. Hampir putus asa tidak dapat password yang cocok, akhir nya mikrotik nya kita reset dan kembali setting dari awal lagi.

Untuk kejadian lupa password winbox mikrotik bisa kita temukan kembali, dengan cara merecovery password mikrotik dengan satu syarat kita mempunyai backup setting mikrotik.

Langkah selanjutnya adalah membuka web http://mikrotikpasswordrecovery.com/ pada bagian browse kita arahkan file dimana backup mikrotik kita simpan, kemudian klik show password, tunggu beberapa menit password mikrotik akan anda dapatkan kembali.

Cara yang mudah buat anda yang lupa akan password mikrotik, mudahan bermanfaat.

Setting Walled Garden Hotspot Mikrotik

Sekilas tentang walled garden
Secara umum walled garden mengacu pada sesuatu layanan yang bersifat khusus yang diberikan pada pelanggan. Di dalam hotspot mikrotik, hal ini ditujukan agar user bisa mengakses kontent atau website tertentu tanpa harus melalui proses authentifikasi/login.
Cara setting walled garden
Dalam contoh ini saya melakukan setting walled garden untuk mengizikan shoutmix di akses via hotspot walaupun user belum login. Hal ini dikarenakan banyaknya permintaan design login page yang bisa menampilkan chat box tanpa harus login ke hotspot.

Jika anda ingin mengizinkan situs2 lain nya, silahkan tambahkan di walled garden dengan cara membuat baru seperti diatas.

sumber: http://www.nadasumbang.com/setting-walled-garden-hotspot-mikrotik/

Cara akses cctv via internet melalui mikrotik

Topologi yang saya gunakan masih seperti yang sebelumnya, hanya saja ada 2 skenario yang bisa digunakan yaitu :
1. Dial PPPoE speedy dari Modem
2. Dial PPPoE speedy dari Mikrotik
Dua metode tersebut mempunyai kelebihan dan kekurangan masing-masing. Pemilihan metode tersebut juga tergantung dari kenyamanan anda apakah pilih metode pertama atau metode kedua.

Syarat utama supaya cctv bisa diakses dari internet adalah mempunyai IP Publik. IP publik biasanya diberikan oleh ISP anda jika berlangganan paket corporate. Untuk pelanggan speedy semuanya mendapatkan IP publik, hanya saja hanya pelanggan paket 512 Kbps keatas yang diberi IP publik statik, selain itu akan mendapatkan IP Publik dinamis.
1. Dial PPPoE dari Modem Speedy
Jika anda menggunakan setting default speedy, dimana dial PPPoE dari modem maka harus dibuat double port forwarding. Yang pertama buat port forwarding di sisi modem speedy dengan mengarahkan ke mikrotik. Kemudian setelah sampai di mikrotik maka di forward kembali ke arah CCTV.
Cara membuat port forwarding di modem speedy untuk akses cctv via internet sama saja dengan cara membuat port forwarding untuk akses user manager, hanya saja port nya saja yang dibedakan sesuai dengan port CCTV/DVR yang anda miliki.
Kemudian untuk setting DST-NAT di mikrotiknya, pada TAB action arahkan ke IP dan port DVR.

Selanjutnya lakukan pengetesan dengan mencoba akses CCTV dari internet.
ketikan http:// 126.167.xxx.xxx:888
Jika settingan anda benar, maka akan tampil suatu halaman web base DVR anda yang berisi tampilan cctv yang anda pasang.
Umumnya DVR hanya bisa diakses normal menggunakan browser internet explorer yang sudah terinstal Active-X, silahkan gunakan Internet Explorer (IE) terbaru agar DVR anda bisa diakses dengan baik.
2. Dial PPPoE dari Mikrotik
Jika anda melakukan dial PPPoE speedy langsung pada mikrotik maka yang perlu anda setting hanya DST-NAT. untuk settingan DST-NAT sama dengan settingan ketika anda dial dari modem speedy.
Masing-masing merk DVR mempunyai Ip default dan port yang berbeda, untuk memastikan IP dan port DVR yang digunakan silahkan baca manual book nya.

sumber: http://www.nadasumbang.com/cara-akses-cctv-via-internet-melalui-mikrotik/

Merubah services dan port Mikrotik

Pada kesempatan kali ini saya akan sedikit mengulas bagaimana merubah dan menonaktifkan servis dan port default yang ada di mikrotik. Misalkan kita ingin agar mikrotik hanya bisa diakses menggunakan winbox dengan port 8282 maka langkah pertama adalah kita harus merubah servis dari winbox yang ada di dalam mikrotik yang port awalnya 8291 menjadi 8282.
Caranya sebagai berikut :
Masuk ke menu IP > Services
Klik 2x tulisan winbox, pada kolom Port ganti menjadi 8282 kemudian klik OK

Sehingga nantinya jika kita akan mengakses mikrotik melalui winbox maka harus memasukan port manual disamping IP address dengan dipisah oleh titik dua (:) karena port defaultnya (8291) telah kita rubah menjadi 8282.

Menonaktifkan servis mikrotik
Untuk menonaktifkan servis yang ada di mikrotik caranya cukup gampang hanya dengan memilih servis yang akan dinonaktifkan kemudian klik tanda .
Misal kita akan menonaktifkan servis http dengan tujuan supaya mikrotik tidak bisa diakses via webase/webfig maka caranya klik tulisan http kemudian klik tanda .. Dan untuk mengkatifkan servis yang di nonaktifkan cukup klik tanda
lakukan langkah yang sama jika anda ingin merubah servis port yang lainnya (ssh, telnet, ftp, api dan ssl).

sumber: http://www.nadasumbang.com/merubah-services-dan-port-mikrotik

cara blokir facebook dan youtube di mikrotik

di sini saya mencoba untuk share cara memblokir facebook dan youtube di mikrotik pada hari danwaktu yg di tentuka untuk di blokir facebook dan youtube
     lansung ke tkp
1. buka winbox
2. new terminal dan copypastekan scrip di bawah ini

/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp dst-port=80 content="facebook" action=drop comment="Blokir Akses Facebook" /ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp dst-port=80 content="youtube" action=drop comment="Blokir Akses Youtube" /system script add name="fb-allow" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disabled=yes} /system script add name="yt-allow" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="youtube"] disabled=yes} /system script add name="fb-deny" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disabled=no} /system script add name="yt-deny" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="youtube"]disabled=no} /system script add name="fb-holiday" policy=write,read,policy,test,sniff source={:if ([/system scheduler get [/system scheduler find on-event="fb-deny"] disabled] = true) do [/system scheduler set [/system scheduler find on-event="fb-deny"] disabled=no] else [/system scheduler set [/system scheduler find on-event="fb-deny"] disabled=yes]} /system scheduler add name="fb-08:00" start-date=Oct/08/2011 start-time=08:00:00 interval=1d on-event="fb-deny" /system scheduler add name="fb-18:00" start-date=Oct/08/2011 start-time=18:00:00 interval=1d on-event="fb-allow" /system scheduler add name="yt-08:00" start-date=Oct/08/2011 start-time=18:00:00 interval=1d on-event="yt-deny" /system scheduler add name="yt-18:00" start-date=Oct/08/2011 start-time=18:00:00 interval=1d on-event="yt-allow" /system scheduler add name="fb-sabtu-minggu" start-date=Oct/08/2011 start-time=00:00:00 interval=7d on-event="fb-holiday" /system scheduler add name="fb-senin" start-date=Oct/10/2011 start-time=00:00:00 interval=7d on-event="fb-holiday"

cara menstabil kan ping di mikrotik

Remote mikrotik anda dengan winbox…kemudian copykan scripts di bawah ini dan pastekan di “New Terminal” winbox Mikrotik Router anda:
/ip firewall mangle add chain=prerouting \ protocol=icmp action=mark-connection \ new-connection-mark=ICMP_KONEKSI \ passthrough=yes comment="ICMP_KONEKSI" \ disabled=no
/ip firewall mangle add chain=prerouting \ protocol=icmp connection-mark=ICMP_KONEKSI \ action=mark-packet new-packet-mark=ICMP_PAKET \ passthrough=no comment="ICMP_PAKET" \ disabled=no
/queue tree add name="==KONDISI_PING==" \ parent=global-total packet-mark=ICMP_PAKET \ limit-at=0 queue=default priority=1 max-limit=0 \ burst-limit=0 burst-threshold=0 burst-time=0s

Cara Setting Mikrotik RB Indoor Seperti RB750,RB450,RB1100,RB1000 Di Set Bridge

Biasanya saya postingkan setting RB Indoor seperti RB750,RB450,RB1100,RB1000 settingan nya routing,sekarang kita set Bridge (sebagai penghubung ke Modem) saja,misalnya ip modem 192.168.1.1 dan client tetap dalam satu network yaitu 192.168.1.2 sampai 192.168.1.254 dengan bandwidth tetap bisa di atur di mikrotik indoor tersebut.ok mari kita mulai:
Topologi jaringan saya:
IP Modem = 192.168.1.1
Netmask=255.255.255.0

• Pertama hubungkan LAN dari Mikrotik Ethernet nomor 2  ke PC dan masukkan ip di PC=
• Ip Address=192.168.1.2 (sesuaikan dengan network anda)
• Netmask=255.255.255.0
• Gateway=192.168.1.1 (sesuaikan dengan network anda)
• DNS=192.168.1.1 (sesuaikan dengan network anda)

Seperti gambar di bawah ini:

• Selanjutnya remote Mikrotik anda dengan winbox,download winbox ((DISINI))

Seperti gambar di bawah ini:

• Setelah masuk ke halaman winbox,pastikan winbox bersih dari settingan lama dengan mereset mikrotik tersebut,di halaman utama winbox klik “New Terminal” kemudian ketik system reset dan tekan ENTER di keyboard dan tekan huruf Y seperti gambar di bawah ini:

• Tunggu 2 menit Mikrotik mereset system,dan kembali buka remote mikrotik dengan winbox, di halaman utama winbox klik “Remove Configuration” seperti gambar di bawah ini:

• Selanjutnya di halaman utama winbox klik “Bridge” dan klik + dan klik “OK” seperti gambar di bawah ini:

• Selanjutnya klik bagian TAB yaitu “Port” dan + di bagian interface nya pilih “ether1 dan di bagian Bridge nya pilih “bridge1” dan klik “OK” seperti gambar di bawah ini:

• Klik bagian TAB yaitu “Port” lagi dan + di bagian interface nya pilih “ether2” dan di bagian Bridge nya pilih “bridge1” dan klik “OK” seperti gambar di bawah ini:

• Selanjutnya kembali ke TAB “Bridge”  dan klik “Setting” dan centang “Use Ip Firewall” dan klik “OK” seperti gambar di bawah ini:

• Selanjutnya sambungkan LAN=
• Ethernet1 Mikrotik Ke Modem
• Ethernet2 Mikrotik Ke HUB
• PC Ke HUB

Seperti gambar di bawah ini:

• Selanjtunya test  ping 192.168.1.1 –t dari cmd pc,dan test browsing , seperti gambar di bawah ini:

PC telah terkoneksi ke internet melalui Mikrotik yang di Bridge

sumber: http://www.wirelessrouterproxy.com/2012/01/cara-setting-mikrotik-rb-indoor-seperti.html

Cara mencari Port yang di gunakan client untuk di batasi limitnya di Mikrotik

Ada banyak port port statis yang di gunakan client yang selain port yang kita ketahui seperti port 80 (http) dan port 443 (https),bagaimana mengetahui port port tersebut dan bagaimana cara melimitnya?..berikut Cara mencari Port yang di gunakan client untuk di batasi limitnya  di Mikrotik

• Tutorial ini hanya berlaku pada port yang Static(Port yang tidak berubah ubah)
• Tutorial ini berlaku dengan Mikrotik routing (bukan bridge) karna menggunakan src-address

• Jalankan Browser anda dan buka situs yang menggunakan flash atau anda bisa juga buka game online,dll…dengan catatan tutup browser yang lain atau aplikasi yang terhubung ke internet yang lain

• sambil menjalankan situs yang menggunakan flash atau  game online ,dll… Buka mikrotik anda dengan winbox selanjutnya edit dan pastekan perintah di bawah ini di “New Terminal” Winbox :
• Edit:

src-address=192.168.77.224 diganti menjadi ip address yang anda gunakan untuk menjalankan situs yang menggunakan flash atau  game online ,dll
interface=local di ganti menjadi nama interface mikrotik yang mengarah ke komputer yang anda gunakan untuk menjalankan situs yang menggunakan flash atau  game online ,dll

/tool torch port=any src-address=192.168.77.224 ip-protocol=any interface=local

• DST-PORT=1935 
• TX=2.5 MB
• IP-PROTOCOL=tcp

selanjutnya catat di notepad DST-PORT dan IP-PROTOCOL nya:

• Sekarang port dan protocol udah di ketahui ,tinggal kita limit..di halaman utama winbox buka “Ip” kemudian “Firewall” kemudian “Mangle”

• Selanjutnya klik + dan isi:
• Di tab “General”
• Chain=prerouting
• Protocol=yaitu nama protocol yang anda catat di notepad
• Dst. Port=yaitu port yang anda catat di notepad
• Di tab “Action”
• Action=mark connection
• New Connection Mark=LIMIT PORT
• Passthrough=Di centang
• dan klik OK

• Selanjutnya masih Di “Ip Firewall Mangle” klik + dan isi :
• Di Tab “General”:
• Chain=prerouting
• Connection Mark=LIMIT PORT
• Di Tab “Action”:
• Action=mark packet
• New Packet Mark=LIMIT PORT
• Passthrough=Tidak di centang
• dan klik OK

• Selanjutnya kita limit dengan “Simple Queue”
• Di halaman utama Winbox buka “Queue” kemudian “Simple Queue”  

• Selanjutnya klik + dan isi:
• Di Tab “General”:
• Name=LIMIT PORT
• Max Limit=Silahkan limit sesuai dengan keinginan anda Contoh disini 512Kbps
• Di Tab “Advanced”:
• Packet Mark=LIMIT PORT
• Dan klik OK

• Selanjutnya buka situs yang menggunakan flash atau anda bisa juga buka game online,dll yang port dan protocolnya yang udah di masukkan di “Ip Firewall Mangle Tadi” dan sambil membuka “Simple Queue” yang di Winbox

 Cara mencari Port yang di gunakan client untuk di batasi limitnya di Mikrotik telah berhasil .
selamat mencoba…

Mengatasi virus ARP Spoofing di mikrotik

ketemu lagi dengan org cakep masa kini ^_^..
sekedar refresh aja,spyware atau virus dengan teknik arp poisoning telah ada sejak tahn 2008 dengan hostname virus TONGJI..ARP Spoofing merupakan suatu kegiatan yang memanipulasi paket ARP. Misal paket X dari komputer A ditujukan untuk komputer B, ketika komputer A membroadcast paket ARP di jaringan, maka komputer C sang manipulator dapat "meracuni" (Posioning) paket ARP tsb agar paket X ditujukan ke komputer C terlebih dahulu baru diforward ke komputer B. Poisoning ini mengganti alamat MAC komputer B dengan alamat MAC komputer C di tabel ARP komputer A dan sebaliknya, alamat MAC komputer A diganti menjadi alamat MAC komputer C di tabel ARP komputer B. Jenis-jenis serangan yang bisa dilakukan dnegan ARP Spoofing diantarana adalah sniffing, Man in the Middle, MAC Flooding, DoS (Denial of Service), Hijacking n Cloning..
*..cara kerja arp spoofing : lebih gampang nya begini..
komputer yg ter infeksi virus akan mrng cloning mac addres dari suatu IP di jaringan sehingga akan meredirect IP yg terinject lainnya menjadi sebuah gateway,..
soo jadinnya komputer dibawah gateway akan dibuat double sama virus itu..seolah olah komputer lain menjadi gateway dari IP klient lainnya..jadi lemot kan..??soalnya request browsing terlalu di bikin rumit and lompat lompat..:)~

Tekhnik sederhana mengakali ARP Spoofing di Mikrotik :
oke..sekarang kita lihat IP dan mac addres dari salah satu komputer di mikrotik..

ketik : ip arp print

* disitu akan muncul alamat IP beserta mac addres yg terhubung di sbuah jaringan..

Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 D 192.168.0.2 00:E0:4C:19:19:6D LAN
1 D 192.168.1.1 00:73:07:3D:9A:86 INTERNET
2 192.168.0.9 00:19:66:A8:53:95 LAN

oke..komputer yg saya pake mempunyai IP 192.168.0.9 dng mac addres 00:19:66:A8:53:95

virus yg memakai teknik ARP poisoning akan meg cloning atau membuat double IP agar jaringan menjadi gateway semua..bikin ribet pokoknya..cliebt menjadi gateway,gateway menjadi client..
capee deeeeh...

kita akan membuat static IP kita beserta mac addres agar spyware ditolak mikrotik router unutk meng cloning IP abd nac addres jaringan..

ketik : ip arp add address=192.168.0.9 interface="LAN" mac-address=00:19:66:A8:53:95

Hmm...skrg IP menjadi static..
simple kan..??? :-)

virus tidak akan berjalan kalo mac addres uda di set statis..karena dia kan uda gak bisa kloning IP and mac addres..hehehe

ingat ini hanya sementara buat komputer yg uda terinject spyware tersebut..karena cara kerja spyware uda di block dulu dari router mikrotik..

setelah itu tetep di scan ulang pake antivirus and update terbaru donk..

sekian dulu curhat dari aku..buat sekedar sharing and nambah penglaman buat semua yg blum pernah ngalamin..

ilmu adalah ibadah,ibadah adalah wajib,kewajiban menjalankan iba dah adalah sebuah kenikmatan..semangat ^_^

Block Site, Stop Download, & Pengaturan Jam Akses dengan Mikrotik™ Via Winbox

Ok..selamat datang di blog saya. Terima kasih telah meluangkan waktu di blog kusut dan tak terawat ini. Perkenankan saya menyampaikan sedikit ilmu yang saya pelajari.
Disini saya akan menjelaskan tentang bagaimana melakukan block website, kemudian menghentikan user yang download. Dan terakhir tentang pengaturan Jam akses untuk web tertentu semisal facebook di jam kerja. Anda tinggal menyesuaikan saja nantinya dengan kondisi network Anda.
Mas…Mas..Mas yang di pojok..tolong perhatikan mas..dari tadi saya liat ribut mulu. Kalo ngupil jangan pake obeng mas..kasian obengnya..
Oke lanjut..pertama adalah melakukan block website menggunakan proxy. Untuk cara setting sudah pernah saya bahas di halaman ini . Baca dulu mas..jangan banyak nanya..makanya kalo ada pelajaran perhatiin dong.
Setelah Anda melakukan setting proxy seperti artikel yang saya bahas sebelumnya Anda bisa melakukan block website melalui menu Access.

1. Buka menu IP –> Web Proxy –> Tab Access.
2. Src. Address adalah sumber ip yang akan mengakses. Jika Anda ingin memblok user dengan ip 192.168.1.3 saja misalnya, Anda bisa isi Src. Address tersebut dengan IP 192.168.1.3 .
3. Dst. Address adalah alamat yang dituju.
4. Dst.Host isi dengan host yang dituju, bisa juga dengan menggunakan tanda *, misal *facebook*
5. Dst.Port adalah tujuan port yang akan di akses. Jika Anda ingin memblok email, Anda bisa blok port SMTP di prot 25 misalnya. Atau FTP di port 21.
6. Method adalah metode komunikasi yang dilakukan oleh browser.
7. Action : Aksi yang akan ditempuh, di lewatkan atau di tolak.
8. Redirect To : Membelokkan tujuan ke alamat tertentu, misal www.google.com
9. Nah sekarang, Untuk menghentikan download berdasarkan extensi file tertentu :
10. Path disini bisa ditentukan misal : *.exe , *.zip , *.rar , *.3gp

Heh…kenapa itu bilik 21 gerak-gerak…mas..mbak..pada ngapain disitu..WOOOII..keluar..
WOOH..kalian ini masih pelajar udah kayak gini…mau apa lo kalo udah gede ?? Kalian ini bukanya cari ilmu malah adu ilmu..
Sini Lo…yang cowok..sini…Lu udah bisa cari duit ?? Lo udah bisa ngidupin anak istri ?? JAWAAB ..
Kamu..yang cewek…kalo lu hamil trus cowok lu ga tanggung jawab lu bisa ngapain ..?? CUMAN NANGIS ??.. bunuh diri ?? atau malah bunuh bayi Lo??
Inget iklan di TIPI .. BUAT ANAK KOQ COBA – COBA
Kalo gue punya kuasa, cowok yang ga tanggung jawab udah gue iket di kursi, gue potong anunya, gue colok matanya, trus gue kulitin mukanya.  Terus gue biarin hidup selama mungkin.
Bang..bang tukang parkir…bang jualan bakso..pentungin aja nih anak..yang cewek biar ane amanin.. Ni bang pentungannya…linggis ga ada bang !!  Martil aja deh…
Ehm…maaf mas..tadi ada sedikit gangguan..sampai dimana tadi…Oiya..stop downloading. Sekarang Lanjut ke Tips berikutnya
Block Menggunakan Firewall Berdasarkan IP Address
Nah sekarang bagimana kalo block menggunakan Firewall. Ketika Anda menggunakan Firewall, Anda bisa menggunakan fitur Filter. Masuk ke IP — >Firewall –> Tab Filter. Contoh dibawah ini menge-block website dengan IP 74.125.235.18.

Daftar IP facebook :
69.63.189.16
69.63.181.11
69.63.181.12
69.63.189.11
69.63.176.13
69.63.181.15
69.63.184.142
69.63.187.17
69.63.187.18
69.63.187.19
Block Berdasarkan Content Menggunakan Firewall
Tadi kan berdasarkan IP, lalu bagaimana kalo berdasarkan konten seperti misalnya www.facebook.com ? Tidak masalah, ketika Anda membuat Filter Rule baru, masuk ke Tab Advanced, nah di situ ada opsi Content. Opsi tersebut bisa diisi dengan alamat web.

Langkah diatas adalah bagai mana cara untuk melakukan block menggunakan firewall. Untuk Pengaturan hak akses,  Anda tinggal mengeblock seperti langkah diatas, Namun Anda harus menambahkan parameter time untuk mengatur jam dimana rule tersebut active. Parameter Time bisa Anda tentukan di tab Extra.

Time : adalah waktu dimana rule block tersebut active, contoh diatas mulai dari jam 08:00 sampai jam 15:00. Dibawahnya ada parameter hari.
INGAT : Ketika Anda menggunakan Parameter TIME, Anda harus mensetting NTP Client agar jam di router sesuai dengan jam yang sesungguhnya. Ketika Jam tidak sesuai, tentu paramater time tidak bisa bekerja sempurna. Sorry agak arogan, lagi dapet..loooool  


sumber:  http://kurei.wordpress.com/2011/05/05/block-site-stop-download-pengaturan-jam-akses-dengan-mikrotik%E2%84%A2-via-winbox/

Step by Step Dial Up (PPPoE) Speedy dengan Winbox Mikrotik

Mikrotik punya kelebihan sendiri dalam hal dialup internet. Fasilitas PPPoEnya telah dikemas dengan sangat kompak sehingga proses setting bisa dilakukan dengan cepat. Disamping itu proses dialup nya sendiri juga sangat cepat. Paling tidak jika dibandingkan dengan Dialup dari Windows (paling lambat) bahkan dari modem sendiri.
Pada posting sebelumnya saya menulis tentang cara setting dialup speedy dari router mikrotik melalui command line. Namun bagi yang lebih nyaman dan menyukai mode GUI, kali ini saya sajikan setting dialup melalui Winbox. Mari kita mulai…

PERSIAPAN
Untuk mengantisipasi hal yang tidak diinginkan, saya sarankan Anda melakukan backup setting modem Speedy Anda terlebih dahulu. Hampir tiap modem dilengkapi dengan fasilitas ini. Konfigurasi yang diberikan oleh petugas dapat Anda backup dalam bentuk satu file yang kelak dapat Anda panggil lagi untuk mengembalikan setting modem ADSL ke kondisi semula dengan mudah.
Silakan masuk ke jendela setting Modem dengan memuka browser dan masukkan alamat modem (defaultnya: http://192.168.1.1).
Masuk pada bagian informasi service seperti berikut dan catat semua keterangan tentang LAN dan WAN yang ada.

Jika semua sudah siap,
1. Pertama kali, Anda perlu mempersiapkan modem terlebih dahulu. Set fungsi modem sebagai bridge, bukan sebagai PPPoE Dialer. Saya pernah pake modem Articonet ACN-100R dan TP-Link TD8117 Cara settingnya kurang lebih sama.
Buka browser Anda, masukkan alamat modem (defaultnya adalah http://192.168.1.1)
Untuk Articonet:

• Masukkan username dan password : admin/admin
• Pilih menu “Advanced Setup” > “WAN” , klik tombol “Edit” Masukkan nilai PVC Configuration : (masukkan nilainya sesuai wilayah TELKOM masing-masing daerah). Nilai ini dapat Anda lihat di sini.
  VPI = X (setting saya=8)
  VCI = XX (setting saya=8)
  informasi ini bisa didapatkan dari petugas Telkom atau teknisi yang melakukan instalasi. Jika Anda masih belum yakin dengan setting yang tepat di lokasi Anda, silakan cek konfigurasi dalam tulisan berikut:
  Setting Modem Speedy dari Berbagai Daerah

• Service Category = UBR Without PCR, kemudian klik Next
• Connection type = Bridging
• Encapsulation = LLC, kemudian klik tombol Next
• Tandai check box pilihan “Enable Bridge Service”, Next dan akhiri dengan Save
• Selanjutnya pilih Save/Reboot, tunggu beberapa saat +- 2 menit hingga proses reboot modem selesai.

Untuk Modem TP-Link TD8117 lebih mudah. Setelah login, ikuti saja langkah step-by-step nya dari Menu Start Up > Wizard > Pilih koneksi Bridge > Akhiri dengan klik Finish
2. Selanjutnya setting IP untuk masing-masing LAN Card Anda. Jika Anda menemukan kesulitan setting IP ini, saya punya panduannya di sini, jadi satu dengan setting dialup speedy via command line. Topologi yang saya buat sebagai berikut:
[INTERNET]——[MODEM ADSL]——[ROUTER MIKROTIK]——[SWITCH]———[CLIENT]
xxx.xxx—192.168.1.1/192.168.1.100—192.168.1.103/192.168.30.1—192.168.30.2-192.168.30.254
*UPDATE*
Keterangan:
Masing-masing hardware berikut memiliki 2 IP, satu IP untuk koneksi UP (ke atas) dan satu IP untuk koneksi DOWN (kebawah). Hardware yang saya maksud adalah Modem ADSL dan Router dengan keterangan sebagai berikut:
MODEM:
- Up: 125.164.xxx.xxx –> IP Public dari Speedy, IP ini otomatis akan Anda dapatkan dari server speedy saat Anda melakukan dialup.
- Down: 192.168.1.100 –> Atur IP statis ini di bagian setting LAN modem. IP ini yang digunakan untuk melakukan koneksi dengan Router/jaringan di bawah modem.
ROUTER Mikrotik:
- Up: 192.168.1.103 –> Setting IP ini di Ethernet card pertama yang Anda gunakan untuk menghubungkan Router dengan Modem. Perhatikan, IP dan netmasknya harus dalam satu range dengan IP Modem.
- Down: 192.168.30.1 –> IP untuk Gateway LAN dan pedoman IP client. Atur setting IP ini di Ethernet card kedu. Cara setting IP ini bisa Anda temukan di sini: Cara setting dialup speedy via command line.
3. Buka Winbox, kita akan mulai setting PPPoE-Client mikrotik.

• Login ke Winbox, masukkan ip address Anda, dalam hal ini IP mikrotik dari LAN. Dalam contoh saya memakai 192.168.30.1. Masukkan juga username dan password.
• Dari tampilan utama, pilih menu PPP untuk mengakses halaman berikut
  
• Klik tanda + untuk menambahkan PPPoE Client dari box PPP, kemudian pilih menu PPPoE Client
  
• Maka akan muncul box New Interface, kemudian pada tab General di field Name kita beri nama
• koneksi PPPoE tersebut dalam artikel ini menggunakan nama “pppoe-speedy”. Pilih “interface” yang Anda gunakan. Interface ini adalah Ethernet yang tersambung ke modem ADSL. Dalam contoh kasus di sini, saya pilih ethernet dengen IP 192.168.1.103.
  
• Tetap dalam New Interface, pilih tab Dial Out. Masukkan username dan password account speedy. Biarkan setting lainnya dalam keadaan default. Pastikan Anda mencontreng pilihan Add Default Route di bawah ini.
  
• Klik OK untuk mengaktifkan setting yang baru kita buat.

Selanjutnya diamkan sejenak dan tunggu Mikrotik tugasnya melakukan untuk dial ke speedy. Jika setting kita sudah benar makan muncul hasil setup kita sebelumnya. Jika kita perhatikan, kolom uptime akan berjalan dan menghitung durasi koneksi speedy.
Untuk melakukan cek, silakan pilih Tools > Ping, masukkan alamat yang akan diping. Di sini saya masukkan alamat web ini, www.guntingbatukertas.com. Hasilnya tampak seperti berikut.

setting ip address network setting di windows

4. Anda tinggal mengarahkan IP Gateway komputer klien ke router mikrotik ini.
Akhirnya ping dari sisi klien untuk memastikan koneksi berjalan lancar.
Bagaimana, mudah bukan?

Baca selengkapnya di: http://guntingbatukertas.com/hardware/jaringan/step-by-step-dial-up-pppoe-speedy-dengan-winbox-mikrotik/#ixzz1rTIvXHNN

Limit Speed IDM di Mikrotik

ini merupakan teknik limit(blok) IDM yang menurut saya ampuh dipasang di mikrotik,

Cekimprot…..!!
192.168.2.1         == ether2-lan (IP Router untuk Client)
192.168.2.0/24 == ether2-lan(IP Client)
//Jika ada Proxy
10.10.10.0/24   = ether5-proxy
10.10.10.1 ==ether5-proxy
REGEX  (Regular Expression) “teknik yang digunakan untuk mencocokan string teks, seperti karakter tertentu, kata-kata, atau pola karakter”  

1.Regex content Layer7

/ip firewall layer7-protocol
add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"

----------------------------

2. buat address list untuk memisahkan agar tidak kena rule mangle

/ip firewall address-list

add address=192.168.2.1 comment="" disabled=no list=bypass
add address=192.168.2.0/24 comment="" disabled=no list=skip_content_download
add address=10.10.10.1 comment=”" disabled=no list=bypass
add address=10.10.10.0/24 comment=”" disabled=no list=skip_content_download

KLIK OPSI(LINK) UNTUK DOWNLOAD SCRIPT

——————————————

3. filter buat nangkap ip content L7

/ip firewall filter  <-----Download Script bila code dibawah terpotong
/

/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp

4. Membuat rule manglenya

/ip firewall mangle

/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing passthrough=no

5. setelah itu kita buat queue buat batasin downloadnya terserah mau pake simple or tree, disini sy memakai quetree dan sy mengalokasikan BW untuk Download 256kbps aja, silahkan sesuaikan dngn kondisi BW anda, bila anda ingin mengganti alokasi bandwith misal menambah dari 256 ke 512 silahkan atur pada queue typenya dulu

/queue type
/queue tree

/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=ether2-lan priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down

6. Nah… masalah limit download udah selesai sampai disini, skarang tinggal rule untuk Drop koneksi IDM (tetap nangkapnya memakai content L7)

Langsung Filter aja pake conn_limit trus di Drop (perhatikan in-interfacenya sesuaikan dgn nama interface yg menuju Local client anda

/ip firewall filter 


/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .zip \”" protocol=tcp

———————————————————

 

cara lain untuk limit di mikrotik

 

1. Masukkan ekstensi file di Layer 7 agar tertangkap oleh router ketika melewatinya

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

/ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)" add comment="" name="Extension \" .rar \"" regexp="\\.(rar)" add comment="" name="Extension \" .zip \"" regexp="\\.(zip)" add comment="" name="Extension \" .7z \"" regexp="\\.(7z)" add comment="" name="Extension \" .cab \"" regexp="\\.(cab)" add comment="" name="Extension \" .asf \"" regexp="\\.(asf)" add comment="" name="Extension \" .mov \"" regexp="\\.(mov)" add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)" add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)" add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)" add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)" add comment="" name="Extension \" .avi \"" regexp="\\.(avi)" add comment="" name="Extension \" .flv \"" regexp="\\.(flv)" add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)" add comment="" name="Extension \" .wav \"" regexp="\\.(wav)" add comment="" name="Extension \" .rm \"" regexp="\\.(rm)" add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)" add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)" add comment="" name="Extension \" .ram \"" regexp="\\.(ram)" add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)" add comment="" name="Extension \" .dat \"" regexp="\\.(dat)" add comment="" name="Extension \" .daa \"" regexp="\\.(daa)" add comment="" name="Extension \" .iso \"" regexp="\\.(iso)" add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)" add comment="" name="Extension \" .bin \"" regexp="\\.(bin)" add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)" add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)" add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)" add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)" add comment="" name="Extension \" .qt \"" regexp="\\.(qt)" add comment="" name="Extension \" .raw \"" regexp="\\.(raw)" add comment="" name="Extension \" .wma \"" regexp="\\.(wma)" add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)" add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"

2. Set IP jaringan di Address List pada Firewall

?

1 2 3 4 5

/ip firewall address-list add address=1.1.1.1 comment="" disabled=no list=bypass add address=2.2.2.2 comment="" disabled=no list=bypass add address=2.2.2.2 comment="" disabled=no list=skip_content_download add address=3.3.0.0/24 comment="" disabled=no list=skip_content_download

1.1.1.1 = ip public
2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass ”
3.3.0.0/24 = range ip jaringan lokal
Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass ”
3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\     !skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp

4. Set Mangle di Mikrotik

?

1 2 3 4 5 6 7 8 9 10 11

/ip firewall mangle add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\     Bw_Download passthrough=yes protocol=tcp add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\     Bw_Download passthrough=yes protocol=!icmp add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \     passthrough=no add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \     protocol=!icmp add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \     passthrough=no

5. Set PCQ dan Queue

?

1 2 3

/queue type add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000 add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li

?

1 2 3 4 5 6

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \     queue=Pcq_Browsing_Down add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \     priority=8 queue=pcq-down

Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.
Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.
Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .exe \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .3gp \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .7z \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp

Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.