Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
  1. #16
    Status
    Offline
    foead69's Avatar
    Baru Gabung
    Join Date
    Mar 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    lanjut lagi bro nanya ny.
    baru ane coba.

    tu cuman buat mark conn aja ya ??
    knp ngga ada mark packet nya ??
    kl ada mark packet nya khan kita gampang ngatur bw nya di queue ??

    ato dengan mangle yang ky gitu (passtrough=no, taruh paling atas) kita ngga perlu konf lagi di queue ??

    ane pake tutorial suhu

    trus buat bedain download yg ke server lokal ane pake trik lanjutannya dari bro

    tapi donlut nya masi tetep kelimit.

    sama ngga dengan punya bro...

    aduh lola nian diriku !!??
    sabar y bro ngajarin nya...

    mohon pencerahan lebih lanjut bro.
    thx sebelumnya...

  2. #17
    Status
    Offline
    iervan's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by foead69 Click here to enlarge
    lanjut lagi bro nanya ny.
    baru ane coba.

    tu cuman buat mark conn aja ya ??
    knp ngga ada mark packet nya ??
    kl ada mark packet nya khan kita gampang ngatur bw nya di queue ??

    ato dengan mangle yang ky gitu (passtrough=no, taruh paling atas) kita ngga perlu konf lagi di queue ??

    ane pake tutorial suhu

    trus buat bedain download yg ke server lokal ane pake trik lanjutannya dari bro

    tapi donlut nya masi tetep kelimit.

    sama ngga dengan punya bro...

    aduh lola nian diriku !!??
    sabar y bro ngajarin nya...

    mohon pencerahan lebih lanjut bro.
    thx sebelumnya...
    ni yg nulis ane, cuman pke akun temen Click here to enlarge Click here to enlarge

  3. #18
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Talking

    mau bikin mark-packet juga gpp
    marking-packet di gunakan buat queue

    gue rasa gk perlu di bikin mark-packet juga gpp juga
    jadi unlimited

    beda nya :
    1. packet gk dapet priority apa2 tetapi juga tetap loss / unlimited
    2. saya rasa ini lebih baik mengingat packet yg dari webserver lokal kan gede dan tidak perlu di limit tetap jangan sampe gk mau ngalah dengan packet yg harus di traffic shapping sehingga traffic yg penting bs delay gara2 traffic ke webserver lokal

    gue sengaja mark-connection aja biar keliatan connection yg terjadi pada firewall > connection dan langsung di passtrough=no


    sebenernya banyak yg harus masuk dalam mangle ini bukan hanya webserver lokal
    misal : webconfig speedy, webconfig mikrotik, webserver lokal, winbox

    dan saya me-mark-connection nya dengan nama "system"
    Last edited by adiputrolds; 27-05-2010 at 19:56.

  4. #19
    Status
    Offline
    iervan's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bro,
    kuq masih kelimit juga y di tempat ane.

    ni penampakannya



    Click here to enlarge

    Click here to enlarge


    tetapi masih kelimit juga disini

    Click here to enlarge


    jadi konf punya ane, buat brosing ane loss, conn-byte 250000-4294967295 ane anggap sebagai aktifitas donlut. ane limit pake PCQ (gb terakhir).

    masi kelimit juga bro. limiter donlut belum bisa misahin antara yg di lokal ma yg di luar.
    gmn y bro ??? Click here to enlarge

  5. #20
    Status
    Offline
    dencow's Avatar
    Forum Guru
    Join Date
    Jan 2008
    Posts
    1,728
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by iervan Click here to enlarge
    jadi konf punya ane, buat brosing ane loss, conn-byte 250000-4294967295 ane anggap sebagai aktifitas donlut. ane limit pake PCQ (gb terakhir).

    masi kelimit juga bro. limiter donlut belum bisa misahin antara yg di lokal ma yg di luar.
    gmn y bro ??? Click here to enlarge

    mana konfignya paste kemari kalo bener konf nya Click here to enlarge

  6. #21
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    owh.......

    pasti ada salah dengan mangle postrouting yg buat ngelimit download itu

    karena itu sesi yg berbeda jd mikrotiknya gk tau jadi ikut kelimit lagi

    sebaiknya pada mangle postrouting yg buat ngelimit download di tambahin connection-mark=no-mark


    Click here to enlarge

  7. The Following User Says Thank You to adiputrolds For This Useful Post:


  8. #22
    Status
    Offline
    iervan's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    mana konfignya paste kemari kalo bener konf nya Click here to enlarge
    silakan di koreksi mas bro Click here to enlarge

    Code:
    [support@HK-Net] > ip fi mangle pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; web server
         chain=prerouting action=mark-connection 
         new-connection-mark=web-server-lokal passthrough=no protocol=tcp 
         dst-address=10.10.10.2 dst-port=81 
    
     1   ;;; MT Connection
         chain=prerouting action=mark-connection new-connection-mark=MT_conn 
         passthrough=yes protocol=tcp dst-port=8291 
    
     2   chain=prerouting action=mark-packet new-packet-mark=MT passthrough=no 
         connection-mark=MT_conn 
    
     3   ;;; Limit download
         chain=postrouting action=mark-connection new-connection-mark=DOWN1 
         passthrough=yes protocol=tcp out-interface=client 
         connection-bytes=250000-4294967295 
    
     4   chain=postrouting action=mark-packet new-packet-mark=DOWN_1 passthrough=no 
         protocol=tcp out-interface=client connection-mark=DOWN1 
    
     5 X ;;; markingan yang lepas dari semua konfig
         chain=forward action=log log-prefix=""
    Code:
    [support@HK-Net] > queue type pr  
     0 name="default" kind=pfifo pfifo-limit=50 
    
     1 name="ethernet-default" kind=pfifo pfifo-limit=50 
    
     2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514 
    
     3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 
       red-max-threshold=50 red-burst=20 red-avg-packet=1000 
    
     4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514 
    
     5 name="Batasi Download" kind=pcq pcq-rate=0 pcq-limit=50 
       pcq-classifier=dst-address pcq-total-limit=2000 
    
     6 name="default-small" kind=pfifo pfifo-limit=10
    Code:
    [support@HK-Net] > queue tree pr
    Flags: X - disabled, I - invalid 
     0   name="Download" parent=global-out packet-mark=DOWN_1 limit-at=0 
         queue=Batasi Download priority=8 max-limit=240k burst-limit=0 
         burst-threshold=0 burst-time=0s

  9. #23
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Lightbulb

    coba perhatikan warna merah


    3 ;;; Limit download
    chain=postrouting action=mark-connection new-connection-mark=DOWN1
    passthrough=yes protocol=tcp out-interface=client
    connection-bytes=250000-4294967295 connection-mark=no-mark

    tanpa itu semua mangle packet yg di buat pada chain prerouting atau pun forward akan tertangkap lagi di chain postrouting

  10. #24
    Status
    Offline
    iervan's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    update:


    penampakan terbaru

    Click here to enlarge


    bw yg ane dapat

    Click here to enlarge


    apakah sampe di sini udah betul bro ??
    knp donlut lokal nya ngga nembus di angka 1 MBps-an ??
    ane cupu aja, jadi mikir nya kl transfer file di lokal speed nya bisa gede.
    hahaha. analisa ny masi payah...
    Last edited by iervan; 28-05-2010 at 16:24.

  11. #25
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    msh belom betul tuh
    msh terlimit.................

    mungkin bs belasan Mbps Click here to enlarge

  12. #26
    Status
    Offline
    iervan's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wuu, halah halah Click here to enlarge Click here to enlarge

    yang perlu di utak-atik apanya lagi tu bro ??

    bentar, ane mo nyari2 dl apa itu postrouting, prerouting, forward, output, ... dll
    Click here to enlarge

  13. #27
    Status
    Offline
    riswan's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    samarinda
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    unlimit lokal server

    perhatikan untuk router lan, karena nat nya saya ambil dari sana

    untuk desain jaringan seperti ini




    untuk ip address

    [hermansyah@LAN] > ip address print
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 10.1.7.1/30 10.1.7.0 10.1.7.3 WAN
    1 10.1.8.1/29 10.1.8.0 10.1.8.7 SERVER-FARM
    2 10.1.10.1/24 10.1.10.0 10.1.10.255 TEKNISI
    3 10.1.9.1/24 10.1.9.0 10.1.9.255 KEPSEK
    4 10.1.11.1/24 10.1.11.0 10.1.11.255 KAJUR
    5 10.1.6.2/30 10.1.6.0 10.1.6.3 PROXY

    untuk konfigurasi seperti ini, rule unlimit to server harus paling atas

    [hermansyah@LAN] > ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 ;;; UNLIMIT TO SERVER
    chain=dstnat action=accept protocol=tcp src-address=10.1.9.0/24 dst-address=10.1.8.0/29 in-interface=KEPSEK dst-port=80

    2 chain=dstnat action=accept protocol=tcp src-address=10.1.10.0/24 dst-address=10.1.8.0/29 in-interface=TEKNISI dst-port=80

    3 chain=dstnat action=accept protocol=tcp src-address=10.1.11.0/24 dst-address=10.1.8.0/29 in-interface=KAJUR dst-port=80

    4 ;;; MASQUERADING
    chain=srcnat action=masquerade src-address=10.1.8.0/29 out-interface=WAN

    5 chain=srcnat action=masquerade src-address=10.1.9.0/24 out-interface=WAN

    6 chain=srcnat action=masquerade src-address=10.1.10.0/24 out-interface=WAN

    7 chain=srcnat action=masquerade src-address=10.1.11.0/24 out-interface=WAN

    8 chain=srcnat action=masquerade src-address=10.1.6.0/30 out-interface=WAN

    9 ;;; REDIRECT TO PROXY
    chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.9.0/24 in-interface=KEPSEK dst-port=80

    10 chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.11.0/24 in-interface=KAJUR dst-port=80

    11 chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.10.0/24 in-interface=TEKNISI dst-port=80

    12 ;;; DNS RESOLVER
    chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53

    13 chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53

    untuk mangle

    [hermansyah@LAN] > ip fi mangle pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; PROXY-HIT
    chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=yes dscp=12


    untuk para master, mohon di koreksiClick here to enlarge
    Last edited by riswan; 29-05-2010 at 11:10.

  14. #28
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by riswan Click here to enlarge
    perhatikan untuk router lan, karena nat nya saya ambil dari sana

    untuk desain jaringan seperti ini




    untuk ip address

    [hermansyah@LAN] > ip address print
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 10.1.7.1/30 10.1.7.0 10.1.7.3 WAN
    1 10.1.8.1/29 10.1.8.0 10.1.8.7 SERVER-FARM
    2 10.1.10.1/24 10.1.10.0 10.1.10.255 TEKNISI
    3 10.1.9.1/24 10.1.9.0 10.1.9.255 KEPSEK
    4 10.1.11.1/24 10.1.11.0 10.1.11.255 KAJUR
    5 10.1.6.2/30 10.1.6.0 10.1.6.3 PROXY

    untuk konfigurasi seperti ini, rule unlimit to server harus paling atas

    [hermansyah@LAN] > ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 ;;; UNLIMIT TO SERVER
    chain=dstnat action=accept protocol=tcp src-address=10.1.9.0/24 dst-address=10.1.8.0/29 in-interface=KEPSEK dst-port=80

    2 chain=dstnat action=accept protocol=tcp src-address=10.1.10.0/24 dst-address=10.1.8.0/29 in-interface=TEKNISI dst-port=80

    3 chain=dstnat action=accept protocol=tcp src-address=10.1.11.0/24 dst-address=10.1.8.0/29 in-interface=KAJUR dst-port=80

    4 ;;; MASQUERADING
    chain=srcnat action=masquerade src-address=10.1.8.0/29 out-interface=WAN

    5 chain=srcnat action=masquerade src-address=10.1.9.0/24 out-interface=WAN

    6 chain=srcnat action=masquerade src-address=10.1.10.0/24 out-interface=WAN

    7 chain=srcnat action=masquerade src-address=10.1.11.0/24 out-interface=WAN

    8 chain=srcnat action=masquerade src-address=10.1.6.0/30 out-interface=WAN

    9 ;;; REDIRECT TO PROXY
    chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.9.0/24 in-interface=KEPSEK dst-port=80

    10 chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.11.0/24 in-interface=KAJUR dst-port=80

    11 chain=dstnat action=dst-nat to-addresses=10.1.6.1 to-ports=3128 protocol=tcp src-address=10.1.10.0/24 in-interface=TEKNISI dst-port=80

    12 ;;; DNS RESOLVER
    chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53

    13 chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53

    untuk mangle

    [hermansyah@LAN] > ip fi mangle pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; PROXY-HIT
    chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=yes dscp=12


    untuk para master, mohon di koreksiClick here to enlarge

    banyak amat router nya Click here to enlarge

  15. #29
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by iervan Click here to enlarge
    wuu, halah halah Click here to enlarge Click here to enlarge

    yang perlu di utak-atik apanya lagi tu bro ??

    bentar, ane mo nyari2 dl apa itu postrouting, prerouting, forward, output, ... dll
    Click here to enlarge
    wah belom ngerti chain ya...
    hihihihiiiiiii..................

    in-interface >>> prerouting >>> input >>> local-process
    local-process >>> output >>> postrouting >>> out-interface
    in-interface >>> prerouting >>> forward >>> postrouting >>> out-interface

    local-process maksudnya jika suatu packet diarahkan kedalam mikrotik itu sendiri contohnya webproxy internal mikrotik atau winbox itu sendiri

    Click here to enlarge

  16. #30
    Status
    Offline
    riswan's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    samarinda
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    banyak amat router nya Click here to enlarge

    he..he.. Click here to enlarge jadi malu Click here to enlarge

    desain pada gambar ini



    untuk WAN ROUTER mengacu pada desain jaringan kampus adalah sebagai CORE ROUTER menggunakan pc router mikrotik dom level 4, load balancing 5 jalur speedy.

    lalu turun pada LAN ROUTER sebagai DISTRIBUTION ROUTER menggunakan juga pc router mikrotik dom level 6, karena manajemen user berada di sini (radius lokal). dan dari sinilah semua distribusi traffic ke proxy server dan server lokal (server farms) yg terdiri dari dns server primer (ns1.smk7) dan dns server sekunder (ns2.smk7) serta web server lokal (psb.smk7) berada.

    lalu turun ke masing-masing USER ACCESS ROUTER pada tiap-tiap gedung sesuai namanya (gedung kajur, kepsek, teknisi dan zyrex) dimana di tiap-tiap router tersebut menggunakan mikrotik rb450g, masuk pada port1, keluaran pada tiap port 2, 3, 4, dan 5, menuju ke tiap akses point, pada channel 1, 5, 9, dan 13...

    jadi ada 16 aksespoint, 4 akses point pada 4 penjuru mata angin, mengarah ke tiap gedung sesuai dengan namanya (gedung kajur, kepsek, teknisi dan zyrex)

    pada semua user access router di set pada mode hotspot, dengan radius terpusat di LAN ROUTER(DISTRIBUTION ROUTER)...

    akses ke webserver lokal unlimited, sesuai dengan rule nat, harus di tempatkan paling atas, baik pada saat user belum atau telah login pada mode hotspot tersebut.

    adapun untuk bw manajemen, saya serahkan sepenuhnya pada delay_poolsnya proxy server, dengan asumsi, unlimited browsing but limited download, dengan file ekstensi tertentu sesuai yang kita inginkan,

    untuk kejelasannya mungkin bisa di coba Click here to enlarge
    Last edited by riswan; 10-08-2010 at 15:21.

 

 
Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 22
    Last Post: 07-07-2013, 10:47
  2. buat domain lokal
    By tjhoens in forum Scripting @ Mikrotik
    Replies: 10
    Last Post: 26-07-2010, 02:37
  3. buat yg butuh BW, lokal Loop & Tunneling
    By phoenix in forum ISP / Network Link
    Replies: 0
    Last Post: 01-12-2009, 11:54
  4. Replies: 3
    Last Post: 23-10-2009, 11:24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •