Anda di halaman 1dari 10

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh 2 ISP load balance

interface ethernet set ether4 name=LAN interface ethernet set ether3 name=WAN1 interface ethernet set ether2 name=WAN2 interface ethernet set ether1 name=WAN3

/ ip address

add address=10.1.0.1/27 network=10.1.0.0 broadcast=10.1.0.31 interface=LAN comment="LAN IP" disabled=no add address=10.111.0.4/29 network=10.111.0.0 broadcast=10.111.0.7 interface=WAN1 comment="Fastnet A1/17" disabled=no

add address=10.112.0.2/29 network=10.112.0.0 broadcast=10.112.0.7 interface=WAN2 comment="Fastnet A1/1" disabled=no

ip dns set primary-dns=202.73.99.8 allow-remote-request=no ip dns set secondary-dns=61.247.0.8 allow-remote-request=no

/ ip firewall mangle

add chain=prerouting in-interface=LAN connection-state=new nth=2,2 action=mark-connection new-connection-mark=odd passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=2,1 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no

/ ip firewall nat

add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.112.0.6 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=10.111.0.6 to-ports=0-65535 comment="" disabled=no

/ ip route

add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=odd comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 comment="" disabled=no

/ip pool add name=dhcp-pool ranges=192.168.0.31-192.168.0.100 /ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.2 /ip dhcp-server add interface=LAN address-pool=dhcp-pool

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh 3 koneksi load balance

/ ip address

add address=172.15.15.1/25 network=172.15.15.0 broadcast=172.15.15.127 interface=LAN comment="LAN IP" disabled=no

add address=10.111.0.2/29 network=10.111.0.0 broadcast=10.111.0.7 interface=WAN1 comment="WAN1" disabled=no add address=172.16.1.15/24 network=172.16.1.0 broadcast=172.16.1.255 interface=WAN2 comment="Fastnet Dari PERAK" disabled=no add address=172.15.15.2/29 network=172.15.15.0 broadcast=172.15.15.7 interface=WAN3 comment="Fastnet Dari TP" disabled=no

/ ip firewall mangle

add chain=prerouting in-interface=LAN connection-state=new nth=1,2,0 action=mark-connection new-connection-mark=odd passthrough=yes comment="” disabled=no add chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=1,2,1 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=2,3,2 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no

/ ip firewall nat

add chain=srcnat connection-mark=odd action=src-nat to-addresses=172.15.15.1 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=172.16.1.1 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=10.113.0.2 to-ports=0-65535 comment="" disabled=no

/ ip route

add dst-address=0.0.0.0/0 gateway=172.15.15.1 scope=7 target-scope=10 routing-mark=odd comment="" disabled=no add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no

****add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" disabled=no

Mari kita ambil contoh untuk penerapan Nth untuk 4 koneksi. Maka Angka Nth untuk masing2 rule di Mikrotik adalah (counter yg dipakai adalah 4) :

Rule 1 = 3,4,0 Rule 2 = 3,4,1 Rule 3 = 3,4,2 Rule 4 = 3,4,3

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh mengabungkan 5 koneksi speedy

/interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-3 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-4 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-5 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***"

/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=ADSL-1 passthrough=yes connection-state=new in-interface=HotSpot nth=5,1 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-1 passthrough=no in-interface=HotSpot connection-mark=ADSL-1 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-2 passthrough=yes connection-state=new in-interface=HotSpot nth=5,2 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-2 passthrough=no in-interface=HotSpot connection-mark=ADSL-2 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-3 passthrough=yes connection-state=new in-interface=HotSpot nth=5,3 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-3 passthrough=no in-interface=HotSpot connection-mark=ADSL-3 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-4 passthrough=yes connection-state=new in-interface=HotSpot nth=5,4 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-4 passthrough=no in-interface=HotSpot connection-mark=ADSL-4 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-5 passthrough=yes connection-state=new in-interface=HotSpot nth=5,5 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-5 passthrough=no in-interface=HotSpot connection-mark=ADSL-5 comment="" disabled=no

/ip firewall nat add chain=srcnat action=src-nat to-addresses=[IP-Speedy-1] to-ports=0-65535 connection-mark=ADSL-1 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-2] to-ports=0-65535 connection-mark=ADSL-2 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-3] to-ports=0-65535 connection-mark=ADSL-3 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-4] to-ports=0-65535 connection-mark=ADSL-4 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-5] to-ports=0-65535 connection-mark=ADSL-5 comment="" disabled=no

/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1 routing-mark=ADSL-1 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-2 routing-mark=ADSL-2 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-3 routing-mark=ADSL-3 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-4 routing-mark=ADSL-4 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-5 routing-mark=ADSL-5 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Setup Filtering Virus

/ip firewall filter add chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections” add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”

/ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro” add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2” add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

Another Port Filtering

/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

Setup Web proxy

/ ip web-proxy

set enabled=yes set src-address=0.0.0.0 set port=8080 set hostname=”proxy.xps” set transparent-proxy=yes set parent-proxy=0.0.0.0:0 set cache-administrator=”progtel2004@yahoo.com” set max-object-size=4096KiB set cache-drive=system set max-cache-size=unlimited set max-ram-cache-size=unlimited

add nat for redirect port for squid to make transparant

/ ip firewall nat

add chain=srcnat out-interface=WAN1 action=masquerade comment="" disabled=no add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 action=redirect to-ports=8080 comment="" disabled=no add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Setup Pemisahan IIX dan IX

# Script untuk menambahkan IP Address BGP yang terdaftar di Router INDO(OIXP) # ke RouterOS dalam ADDRESS-LIST dengan nama "indo"

/sys note set show-at-login=yes note="XP Solution Surabaya "

/ip firewall address-list add list=indo address="1.2.3.4" rem [find list=indo] add list=indo address="167.205.0.0/16" add list=indo address="222.124.0.0/16" add list=indo address="61.94.0.0/16" add list=indo address="125.162.0.0/16" add list=indo address="125.163.0.0/16" add list=indo address="125.160.0.0/16" add list=indo address="125.161.0.0/16" add list=indo address="125.164.0.0/16"

/ ip firewall mangle

add chain=forward src-address-list=indo action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes comment=”mark all indonesia source connection traffic” disabled=no add chain=forward dst-address-list=indo action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes comment=”mark all indonesia destination connection traffic” disabled=no add chain=forward src-address-list=!indo action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes comment=”mark all overseas source connection traffic” disabled=no add chain=forward dst-address-list=!indo action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes comment=”mark all overseas destination connection traffic” disabled=no add chain=prerouting connection-mark=mark-con-indonesia action=mark-packet new-packet-mark=indonesia passthrough=yes comment=”mark all Indonesia traffic” disabled=no add chain=prerouting connection-mark=mark-con-overseas action=mark-packet new-packet-mark=overseas passthrough=yes comment=”mark all overseas traffic” disabled=no

Queing

/ queue simple

add name=”RTRW Net” target-addresses=10.111.0.2/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=indonesia direction=both priority=8 queue=default/default limit-at=0/0 max- limit=256000/256000 total-queue=default disabled=no add name=”Laptop Acer Intl” target-addresses=192.168.2.0/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=overseas direction=both priority=8 queue=default/default limit-at=0/0 max-limit=128000/128000 total-queue=default disabled=no

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Script untuk melakukan Reset Mikrotik

system script add name=destroy source={system reset} system scheduler add name=ancur on-event=destroy start-date=masukkin_tanggalnya start-time=masukiin_jamnya

Backup, Restore, Export dan Import Setting

Backup berlaku untuk semua setting yang ada saat itu. >system backup save name=backup_setting

Restore berlaku untuk semua setting yang ada saat itu. >system backup load name=backup_setting

Export berlaku untuk semua setting pada directory aktif saat itu. Contoh : bila aktif pada directory simple queue, maka hanya directory tersebut yang disimpan ke file. Sehingga, bila aktif pada directory root “/” maka semua setting akan diexport. >queue simple export file=simple_queue

Import hanya berjalan dari root “/” dan hanya berlaku untuk file dengan ext .rsc. >import simple_queue.rsc

Perbedaan export dan backup terletak pada file hasil, dimana file hasil dari backup berupa file binary dan file dari proses export berupa text file, dan hal itu merupakan suatu kelebihan, misal bisa dicetak untuk dokumentasi dsb.

Script dan Schedule

Setting schedule auto shutdown. Pertama buat script shutdown dalam contoh ini diberi nama “autodown”. >system script add name=”autodown” source=”system shutdown”

Kemudian buat schedule untuk shutdown. >system scheduler add name=”mikrotikdown” on-event=autodown start-date=nov/19/2007 start-time=18:10:00 interval=1d

Untuk memudahkan backup, selain disimpan pada server mikrotik sendiri, perlu juga di simpan pada komputer, lain, salah satu alternatif pengiriman file otomatis adalah menggunakan email, selain itu, bisa juga dilakukan dengan menggunakan ftp. >system script add name=”autobackup” source”/ export file=backup_setting\n/ tool e-mail send to=progtel2004@yahoo.co subject=”backup setting mikrotik” from=007@yahoo.com body=”file backup setting mikrotik” server=192.168.1.103 file=”backup_setting.rsc”

Kemudian buat schedule untuk backup mingguan. >system scheduler add name=”mikrotikbackup” on-event=autobackup start-date=dec/10/2007 start-time=08:30:00 interval=1w

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Simple Queue VS Que Tree :

/queue simple

add name=”XPS” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max- limit=1000000/1000000 total-queue=default-small disabled=no

add name=”USER” target-addresses=192.168.0.2/32,192.168.0.3/32,192.168.0.4/32,192.168.0.5/32,192.168.0.6/32,192.168.0.7/32 192.168.0.8/32,192.168.0.9/32,192.168.0.10/32 dst-address=0.0.0.0/0 interface=all parent=XPS direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=384000/384000 total-queue=default-small disabled=no

add name=”Client-1target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lan parent=USER direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 max- limit=32000/64000 total-queue=default-small disabled=no

Contoh configurasi Queue Tree:

Mangle

Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle.

/ip firewall mangle

add chain=forward src-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=”" disabled=no add chain=forward dst-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=”" disabled=no add chain=forward protocol=icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-icmp passthrough=no comment=”" disabled=no add chain=forward src-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-1 passthrough=no comment=”" disabled=no add chain=forward dst-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-1 passthrough=no comment=”" disabled=no add chain=forward src-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-2 passthrough=no comment=”" disabled=no add chain=forward dst-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-2 passthrough=no comment=”" disabled=no

Queue-tree:

/queue tree add name=”upload” parent=ether1 packet-mark=”" limit-at=0 queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”icmd-upload” parent=upload packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”lokal-1-upload” parent=upload packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”lokal-2-upload” parent=upload packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”download” parent=global-out packet-mark=”" limit-at=0 queue=default priority=1 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”icmp-download” parent=download packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”lokal-1-download” parent=download packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=”lokal-2-download” parent=download packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Another simple queue

Konfigurasi Simple queues dan Que tree mudah mudahan bisa menjadi referensi untuk anda yang akan menggunakan limiter bandwith with mikrotik.

Configurasi Simple Queue:

Anda bisa membuat kelompok (parent) untuk client-kusus dengan bandwith 256kbps yang didalamnya terdiri dari 3 user sehingga bandwith 256 tadi akan di share untuk 3 user tesebut, dan parent2 yang lainpun bisa anda buat sesuai keinginan anda.

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

/queue simple add name=”CLIENT” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max- limit=1000000/1000000 total-queue=default-small

add name=”Client-kusus” target-addresses=192.168.0.1/32,192.168.0.2/32,192.168.0.3/32,dst-address=0.0.0.0/0 interface=all parent=CUSTOMER direction=both priority=8 queue=default- small/default-small limit-at=0/0 max-limit=256000/256000 total-queue=default-small

add name=”mylove” target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 max- limit=32000/56000 total-queue=default-small

add name=”myfriend” target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 max-limit=32000/56000 total-queue=default-small

add name=”maymay” target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/0 max- limit=32000/56000 total-queue=default-small

Contoh configurasi Queue Tree:

Mangle :

Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle.

/ip firewall mangle add chain=forward src-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes add chain=forward dst-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes add chain=forward protocol=icmp connection-mark=local action=mark-packet new-packet-mark=local-icmp passthrough=no add chain=forward src-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no add chain=forward dst-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no add chain=forward src-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no add chain=forward dst-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no

Queue-Tree :

/queue tree add name=”upload” parent=[int-ke-internet] packet-mark=”” priority=1 max-limit=256K add name=”icmp-upload” parent=upload packet-mark=”local-icmp” priority=3 max-limit=32K add name=”local-1-upload” parent=upload packet-mark=”local-1priority=5 max-limit=64K add name=”local-2-upload” parent=upload packet-mark=”local-2priority=5 max-limit=64K add name=”download” parent=[int-ke-local] packet-mark=”” priority=1 max-limit=512K add name=”icmp-download” parent=download packet-mark=”local-icmp” priority=3 max-limit=64K add name=”local-1-download” parent=download packet-mark=”local-1priority=5 max-limit=128K add name=”local-2-download” parent=download packet-mark=”local-2priority=5 max-limit=128

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Memanipulasi ToS ICMP & DNS di MikroTik

Tujuan :

* Memperkecil delay ping dari sisi klien ke arah Internet. * Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

1. Memanipulasi Type of Service untuk ICMP Packet :

/ ip firewall mangle add chain=prerouting src-address=0.0.0.0 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes add chain=prerouting packet-mark=ICMP-PM action=change-dscp new-dscp=0

2. Memanipulasi Type of Service untuk DNS Resolving :

/ ip firewall mangle add chain=prerouting src-address=0.0.0.0 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes add chain=prerouting src-address=0.0.0.0 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes add chain=prerouting packet-mark=DNS-PM action=change-dscp new-dscp=0

3. Menambahkan Queue Type :

/queue type add name="PFIFO-64” kind=pfifo pfifo-limit=64

4. Mengalokasikan Bandwidth untuk ICMP Packet :

/queue tree add name=ICMP parent=WAN packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

5. Mengalokasikan Bandwidth untuk DNS Resolving :

/queue tree add name=DNS parent=WAN packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

New Load Balance

/ip firewall mangle add chain=prerouting src-address=10.1.0.1-10.1.0.6 action=mark-routing new-routing-mark=GroupA comment="IP 10.1.0.2-10.1.0.6" add chain=prerouting src-address=10.1.0.9-10.1.0.14 action=mark-routing new-routing-mark=GroupB comment="IP 10.1.0.9-10.1.0.14" add chain=prerouting src-address=10.1.0.17-10.1.0.22 action=mark-routing new-routing-mark=GroupC comment="IP 10.1.0.17-10.1.0.22" add chain=prerouting src-address=10.1.0.25-10.1.0.30 action=mark-routing new-routing-mark=GroupD comment="IP 10.1.0.25-10.1.0.30"

Layer 7 Protocol Site

http://www.mikrotik.com/download/l7-protos.rsc

Marking Packet IIX & International

/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=”IIX” passthrough=yes dst-address-list=indo in-interface=LAN add chain=prerouting action=mark-packet new-packet-mark=”Packet IIX” passthrough=no connection-mark=IIX add chain=prerouting action=mark-connection new-connection-mark=”INTL” passthrough=yes dst-address-list=!indo in-interface=LAN add chain=prerouting action=mark-packet new-packet-mark=”Packet INTL” passthrough=no connection-mark=INTL