emisahkan antara Browsing Download Upload dan game. untuk setingan chating masanger dan Torent akan saya bahas lain waktu :
========================= setingan game Point Blank ========================= masukan pada Ip>Firewall>Mangle add chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190 comment=�Point Blank add chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010 add chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no connection-mark=Game add chain=prerouting action=jump jump-target=game ==================== setingan Game Poker ==================== masukan di Ip>Firewall>Mangle add chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp dst-address-list=LOAD POKER comment=�fbpoker� add chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp content=statics.poker.static.zynga.com add chain=forward action=mark-packet new-packet-mark=Poker passthrough=no connection-mark=Poker_con ================== setingan Browsing ================== masukan di Ip>Firewall>Mangle add chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment=�browsing� add chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http add chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http ================= setingan Upload ================= masukan di Ip>Firewall>Mangle add chain=prerouting action=mark-packet new-packet-mark=Upload passthrough=no protocol=tcp src-address=192.168.0.0/24 in-interface=Lan packet-mark=!icmp_pkt comment=�upload� ======================== setingan Limit Download ======================== masukan di Ip>Firewall>Mangle add chain=forward action=mark-connection new-connection-mark=Download passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Poker_con connection bytes=262146-4294967295 comment=�limit download� add chain=forward action=mark-packet new-packet-mark=Download_pkt passthrough=no packet-mark=!Game_pk> connection-mark=Download ======================== setingan Queue Tree ======================== masukan di Queue>queue types add name=�Download� kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 add name=�Http� kind=pcq pcq-rate=1M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 add name=�Game� kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000 add name=�Upload� kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 ============================== masukan di queue>simple queue ============================== add name=�Main Browse� parent=Lan limit-at=0 priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s add name=�Browse� parent=Main Browse packet-mark=http_pkt limit-at=0 queue=Http priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s add name=�Game� parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s add name=�Poker� parent=global-out packet-mark=Poker limit-at=0 queue=Game priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s add name=�Download� parent=global-out packet-mark=Download_pkt limit-at=0 queue=Download priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s add name=�Main Upload� parent=global-in limit-at=0 priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s add name=�Upload� parent=Main Upload packet-mark=Upload limit-at=0 queue=Upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s ======================= Proxy Eksternal ======================= ip firewall nat add chain=dstnat src-address=!IP_PROXYNYA dst-port 80,8080,3128 action dst-nat to-address=IP-PROXY to-ports=3128 ############################################# ISP 2 LINE => 1 LINE GAME + 1 LINE BROWSING ############################################# 2 ISP + 2 Gateway dalam satu Router Mikrotik by NitrouZ on JUNE 18, 2010 in MIKROTIK, NETWORKING Beberapa minggu yang lalu, teman saya bertanya topologi yang baik untuk Warnet dan Game Center menggunakan 2 ISP dan 2 Gateway dalam 1 Router. Dalam kasus ini, saya menggunakan Router Board RB750 untuk melakukan pemisahan 2 Gateway. Alasan menggunakan 2 G/w adalah supaya saat user lain melakukan download dan browsing, kegiatan game tidak terganggu dengan adanya pemisahan line browsing dan game :) Topologinya kira-kira seperti ini : ISP GAME (172.21.138.1/30) | (172.21.138.2/30) |------------- RB ---------- CLIENT (192.168.69.0/24) | (172.22.138.2/30) (172.22.138.1/30) ISP BROWSING ISP Game menggunakan eth0 (172.21.138.1/30), ISP Browsing menggunakan eth1(172.22.138.1/30) dan CLIENT (192.168.69.0/24) menggunakan eth3. Dan untuk default gatewaynya, kita tentukan untuk ISP Game. Kenapa ? Karena port untuk game sangat bervariasi dan kemungkinan besar kita akan repot ke depannya kalau harus listing listen port pada game-game yang berbeda, jadi untuk memudahkan, kita buat default gateway ke ISP Game. Sekarang kita setting untuk IP Route terlebih dahulu, kira-kira seperti di bawah ini : /ip route add dst-address=0.0.0.0/0 gateway=172.21.138.2 comment="Default Gateway" add dst-address=0.0.0.0/0 gateway=172.21.138.2 routing-mark="Jalur ISP Game" add dst-address=0.0.0.0/0 gateway=172.22.138.2 routing-mark="Jalur ISP Browsing" Kemudian kita Setting Rule di mangle supaya masing-masing dari koneksi kita bisa di akses dari luar /ip firewall mangle add chain=input connection-state=new in-interface="eth0" dst-address-type="!local" action=mark-connection new-connection-mark="gateway-game-conn" add chain=input connection-state=new in-interface="eth1" dst-address-type="!local" action=mark-connection new-connection-mark="gateway-browsing-conn" add chain=output connection-mark="gateway-game-conn" action=mark-routing routing-mark="jalur-game" add chain=output connection-mark="gateway-browsing-conn" action=mark-routing routing-mark="jalur-browsing" Konfigurasi Forward rules pada bagian NAT /ip firewall nat add chain=dstnat protocol=tcp dst-port=!21,80,443,5050 in-interface=eth0 action=dst-nat to-addresses=192.168.69.0/24 to-ports=!21,80,443,5050 add chain=dstnat protocol=tcp dst-port=21,80,443,5050 in-interface=eth1 action=dst-nat to-addresses=192.168.69.0/24 to-ports=21,80,443,5050 Selesai! :) Silakan di koreksi kalau ada kesalahan di penulisan format di atas :) Terima kasih
gan kenapa script ini tidak bisa jalan ya..
BalasHapus/ip firewall nat
add chain=dstnat protocol=tcp dst-port=!21,80,443,5050 in-interface=eth0 action=dst-nat to-addresses=192.168.69.0/24 to-ports=!21,80,443,5050
tidak ada pilihan ! di to-ports
mungkin untuk port "in-interface=etho0" harusnya disesuaikan dengan nama port input ISP milik agan.
HapusCWMII