All post

08 April 2012

Limit Speed IDM di Mikrotik

Limit Speed IDM di Mikrotik

Leave a Reply
ini merupakan teknik limit(blok) IDM yang menurut saya ampuh dipasang di mikrotik,

Cekimprot…..!!
192.168.2.1         == ether2-lan (IP Router untuk Client)
192.168.2.0/24 == ether2-lan(IP Client)
//Jika ada Proxy
10.10.10.0/24   = ether5-proxy
10.10.10.1 ==ether5-proxy
REGEX  (Regular Expression) “teknik yang digunakan untuk mencocokan string teks, seperti karakter tertentu, kata-kata, atau pola karakter”  


1.Regex content Layer7

/ip firewall layer7-protocol
add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"

----------------------------

2. buat address list untuk memisahkan agar tidak kena rule mangle 

/ip firewall address-list
add address=192.168.2.1 comment="" disabled=no list=bypass
add address=192.168.2.0/24 comment="" disabled=no list=skip_content_download
add address=10.10.10.1 comment=”" disabled=no list=bypass
add address=10.10.10.0/24 comment=”" disabled=no list=skip_content_download

KLIK OPSI(LINK) UNTUK DOWNLOAD SCRIPT

——————————————

3. filter buat nangkap ip content L7

/ip firewall filter  <-----Download Script bila code dibawah terpotong
/
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp

4. Membuat rule manglenya

/ip firewall mangle
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing passthrough=no

5. setelah itu kita buat queue buat batasin downloadnya terserah mau pake simple or tree, disini sy memakai quetree dan sy mengalokasikan BW untuk Download 256kbps aja, silahkan sesuaikan dngn kondisi BW anda, bila anda ingin mengganti alokasi bandwith misal menambah dari 256 ke 512 silahkan atur pada queue typenya dulu

/queue type
/queue tree
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=ether2-lan priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down

6. Nah… masalah limit download udah selesai sampai disini, skarang tinggal rule untuk Drop koneksi IDM (tetap nangkapnya memakai content L7)

Langsung Filter aja pake conn_limit trus di Drop (perhatikan in-interfacenya sesuaikan dgn nama interface yg menuju Local client anda
/ip firewall filter 

/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=ether2-lan layer7-protocol=”Extension \” .zip \”" protocol=tcp

———————————————————

 

cara lain untuk limit di mikrotik

 

1. Masukkan ekstensi file di Layer 7 agar tertangkap oleh router ketika melewatinya
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/ip firewall layer7-protocol
add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"

2. Set IP jaringan di Address List pada Firewall
?
1
2
3
4
5
/ip firewall address-list
add address=1.1.1.1 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=skip_content_download
add address=3.3.0.0/24 comment="" disabled=no list=skip_content_download
1.1.1.1 = ip public
2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass ”
3.3.0.0/24 = range ip jaringan lokal
Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass ”
3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp
4. Set Mangle di Mikrotik
?
1
2
3
4
5
6
7
8
9
10
11
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
    Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
    Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
    passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
    protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
    passthrough=no
5. Set PCQ dan Queue
?
1
2
3
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li
?
1
2
3
4
5
6
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
    queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
    priority=8 queue=pcq-down
Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.
Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.
Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/ip firewall filter
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp
Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.

 

Auto Enable & Disable Transparent Proxy NAT

Leave a Reply
Tutorial ini khusus bagi pengguna Mikrotik yang menggabungkan proxy external baik Ubuntu Server maupun IPCop yang tidak mau repot melakukan enable atau disable fungsi NAT Transparent Proxy di Mikrotik saat proxy external mengalami masalah seperti crash pada squid, PC proxy server mati dan sebagainya.
Ciri-ciri proxy server mengalami masalah:
- Ping ke IP proxy server "request timed out" (RTO)
- Ping ke DNS reply tetapi pada saat browsing "server not found" atau server tidak ditemukan.
Langkah utama yang harus dilakukan kamu pastilah melakukan disable pada fungsi NAT transparent proxy di mikrotik selama kamu memperbaiki PC proxy server-nya.





Nah, agar mikrotik melakukan auto enable-disable fungsi NAT tersebut, berikut yang harus kamu setting:
1. Masuk ke mikrotik via winbox
2. Klik Tools------>Netwatch
3. Klik tanda plus berwarna merah


4. Isi Host dengan IP address PC proxy server kamu, contoh 192.168.7.2
5. Interval biarkan saja default 00:00:10
6.  Time Out isikan saja 20 ms
7. Pada tab "Down" isikan:
    ip firewall nat disable 17
Maksudnya, pada saat proxy di-ping Down selama 20ms, maka fungsi NAT pada urutan ke 17 akan disable (lihat urutan NAT kamu di ip firewall NAT di mikrotik, kebetulan NAT proxy saya pada urutan ke 17).
8. Klik lagi tanda plus yang berwarna merah dan isi Host dengan IP address PC proxy server kamu, contoh 192.168.7.2 (sama dengan langkah point 4)
9. Time Out isikan saja 300000 ms (sekitar 5,2 menit) atau sesuaikan dengan lamanya PC proxy server kamu melakukan reboot ulang.
10. Pada tab "UP" isikan:
Maksudnya, pada saat proxy di-ping UP selama 300000ms, maka fungsi NAT pada urutan ke 17 akan enable.

                                                     Lihat gambar di bawah ini:


On Down: ip firerwall nat 17 disable
On Up: ip firewall nat 17 enable
Block Video Streaming di Mikrotik

Block Video Streaming di Mikrotik

1 Comment
kali ini di artikel berikut, anda akan menemukan informasi bagaimana memblok video streaming dengan Layer7 Winbox. Langkah-langkahnya:
1. Menambah rule Facebook pada list Layer 7 (L7)
• IP > FIREWALL > Layer7 Protocols
• Klik tanda + (Add), tambahkan seperti pada gambar di bawah. Kemudian klik OK. Isi name: all-video-regex, dengan value

\.(mp4|wmv|avi|mpg|mpeg|flv|mov|3gp|rm|rm1|dat|vob|asf)
Value ini adalah file extension dari video streaming yang akan diblok. Artinya nanti di akhir eksperimen ini, file-file berjenis mp4, wmv, avi, mpg, dst. Tidak akan bisa di-streaming lagi oleh siapapun yang menggunakan sambungan internet anda.

2. Setting Mangle. Mangle berfungsi mengelompokkan akses video streaming untuk nanti dimasukan ke filter rule.
•    IP > FIREWALL > MANGLE
•    Tambahkan mangle yang pertama, klik button + (Add)
•    Pada menu General > Chain, pilih Prerouting. Pada General > Protocol pilih TCP.
•    Pada menu Advanced > Layer7 Protocol, pilih all-video-regex (sesuai yang kita isi di layer7)
•    Pada menu Action, pilih mark packet. Kemudian isi new mark packet dengan: all-video. Seperti gambar di bawah ini:


3. Setting Filter Rule untuk membuat aturan penyaringan paket yang masuk.
• IP > FIREWALL > FILTER RULE
• Silakan tambahkan filter rule, klik tanda + (Add)
• Pada menu General > Chain, pilih forward. General > Packet Mark, pilih all-video (sesuai isi dari new mark packet pada mangle)
• Pada menu Action > Action, pilih drop. Jadinya seperti di gambar di bawah ini:


4. Beri comment/nama untuk filter. Klik comment:

Jika anda adalah administrator jaringan yang hanya ingin menerapkan blok Streaming Video pada jam-jam tertentu saja, maka berikut adalah step-step tambahan yang bisa anda ikuti:
1. Buat script/aturan untuk pembukaan/penutupan akses. Di bawah ini kami beri contoh schedule pengaksesan untuk block akses video
• SYSTEM > SCRIPT. Klik tanda + (Add).
• Berikut script untuk menghidupkan akses video:
nama: video-on
skrip: {/ip firewall filter disable [/ip firewall filter find comment="all-video"]}
Value “all-video” merupakan comment yang diberikan pada saat pengisian Filtering Rule

• Berikut script untuk mematikan akses video:
nama: video-off
skrip: {/ip firewall filter enable [/ip firewall filter find comment="all-video"]}

2. Memberikan jadwal akses/block
• Menjadwalkan block akses video. Misalnya pada gambar berikut, kami menjadwalkan block akses video akan diterapkan mulai pukul 08.00 WIB.

• Menjadwalkan pembukaan akses terhadap file video. Misalnya pada gambar berikut artinya kami menjadwalkan akses video akan dibuka pada pukul 16.00 WIB

Nah, selamat mencoba