Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Status
    Offline
    ipang's Avatar
    Baru Gabung
    Join Date
    Jan 2011
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question Proxy seep...BW limit eror

    Mohon para senior analisa rule warnet daku, pake proxy internal bawaan mikro V2.9 untuk proxy dah maksimal puWas w pake nya, cmn pas pembagian bw pk simple queue ko gak kena terus,contoh rule admin d bawah rate tetep 0 suhu....Click here to enlarge

    NAT :

    0 ;;; Nat to Internet
    chain=srcnat out-interface=speedy src-address-list=warnet
    action=masquerade

    1 ;;; Nat to Proxy
    chain=dstnat in-interface=lokal protocol=tcp dst-port=80 action=redirect
    to-ports=8080

    MANGLE :

    0 ;;; Proxy-Hits
    chain=postrouting out-interface=lokal action=mark-packet
    new-packet-mark=Proxy-Hits passthrough=no

    1 ;;; Down_Compressed_File
    chain=postrouting out-interface=lokal content=.rar
    action=mark-connection new-connection-mark=down-content passthrough=yes

    2 chain=postrouting out-interface=lokal content=.zip action=mark-connection
    new-connection-mark=down-content passthrough=yes

    3 chain=postrouting out-interface=lokal content=.flv action=mark-connection
    new-connection-mark=down-content passthrough=yes

    4 chain=postrouting out-interface=lokal content=.mp3 action=mark-connection
    new-connection-mark=down-content passthrough=yes

    5 chain=postrouting out-interface=lokal connection-mark=down-content
    action=mark-packet new-packet-mark=download-paket passthrough=no

    QUEUE SIMPLE :

    0 name="Proxy-Hits" dst-address=0.0.0.0/0 interface=all parent=none
    packet-marks=Proxy-Hits direction=both priority=1
    queue=default-small/default-small limit-at=0/0 max-limit=0/0
    total-queue=default-small

    1 name="Admin" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0
    interface=all parent=none packet-marks=download-paket direction=both
    priority=8 queue=default-small/default-small limit-at=0/0
    max-limit=32000/128000 burst-limit=64000/256000
    burst-threshold=24000/96000 burst-time=8s/8s total-queue=default-small
    Rule d atas ane dpt dr forum kita ini (thanks:shiratc)...Mohon pencerahan nya senior, dah mumet daku Click here to enlargeClick here to enlargeClick here to enlarge

  2. #2
    Status
    Offline
    javasyaksa's Avatar
    Baru Gabung
    Join Date
    May 2011
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile

    coba dlu deh ntar ripiuw nya ya Click here to enlargeClick here to enlarge

  3. #3
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    mangle detected error mending hapus/ganti tuh mangle..

    pernah coba settingan kayak gini.. di queue simple ga jalan.. tapi di queue tree dia tertangkap.. kenapa?
    queue simple menangani paket in dan out secara bersamaan.. jadi bisa tanpa mangle.. ditandai paketnya atau apalah segala macam..
    queue tree.. kita bisa defenisikan paket yang arahnya dari luar(global in) apa menuju ke luar (global out).. apa kedua-duanya (global total)

    sebelumnya saya heran kok redirect ke port 8080? apa di webproxy internal juga pakai port yang sama?? tapi agan bilang proxynya dah maknyuzz.. kita abaikan saja
    karena settingannya warnet.. pakai connection bytes..
    (tested on RB450G and RB1000) sambil membayangkan topologi yang agan pakai..

    1. kalau sekalian untuk game untuk menjaga latency, sisakan 25% dari bw
    misalnya BW 1 Mbps disisakan 256kbps, maka dari itu cache proxy musti dibatasi.. dan pembatasan ini juga masih dibatasi.. biar kalo ada download.. browsing lancar saja.. ping gak drop2 amat,

    tapi kalau untuk browsing saja(bukan untuk game).. pakai semua bwnya..

    jika untuk game..
    Code:
     ip>firewall>mangle
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; PRIORITY LINE
         chain=postrouting action=mark-connection 
         new-connection-mark=prior-down passthrough=yes 
         dst-address-list=warnet protocol=tcp src-port=!80, 21, 8080
    
    1   chain=postrouting action=mark-connection 
         new-connection-mark=prior-down passthrough=yes 
         dst-address-list=warnet protocol=udp
    
    2   chain=postrouting action=mark-connection 
         new-connection-mark=prior-down passthrough=yes 
         dst-address-list=warnet protocol=icmp
    
    3   chain=postrouting action=mark-packet new-packet-mark=prior-down 
         passthrough=no dst-address-list=warnet connection-mark=prior-down 
    
    4   chain=prerouting action=mark-connection 
         new-connection-mark=prior-up passthrough=yes 
         src-address-list=warnet protocol=tcp dst-port=!80, 21, 8080
    
    5   chain=prerouting action=mark-connection 
         new-connection-mark=prior-up passthrough=yes 
         src-address-list=warnet protocol=udp
    
    6   chain=prerouting action=mark-connection 
         new-connection-mark=prior-up passthrough=yes 
         src-address-list=warnet protocol=icmp
    
    7   chain=prerouting action=mark-packet new-packet-mark=prior-up 
         passthrough=no src-address-list=warnet connection-mark=prior-up

    mangle rule diatas akan meng-capture semua port tcp dan udp selain port tcp 80(http), 21(ftp), dan 8080(alt.http)yang biasanya digunakan sebagai jalur download.

    2.khusus untuk cache proxy(port 80), port 21 (ftp juga jalur download loh..), port 8080 kita buatkan mangle lain berdasarkan connection bytes nya..
    disini saya sarankan pembagiannya adalah: (bw 1Mbps down, 256 up)
    download: 0-64k, 64k-256k, 256k-512k, dan diatas 512k
    upload: 0-32k, 32k-64k, 64k-128k, dan diatas 128k
    Code:
    4   ;;; TCP-PROXY LIMITER
         chain=prerouting action=mark-connection new-connection-mark=+512K passthrough=yes  
         protocol=tcp in-interface=speedy connection-bytes=512001-0 
    
     5   chain=prerouting action=mark-packet new-packet-mark=+512K passthrough=no 
         in-interface=speedy connection-mark=+512K <--huruf K besar
    
     6   chain=prerouting action=mark-connection new-connection-mark=512K passthrough=yes protocol=tcp 
         in-interface=speedy connection-bytes=128001-512000 
    
    7   chain=prerouting action=mark-packet new-packet-mark=512K passthrough=no 
         in-interface=speedy connection-mark=512K 
    
     8   chain=prerouting action=mark-connection new-connection-mark=128K passthrough=yes protocol=tcp 
         in-interface=speedy connection-bytes=64001-128000 
    
     9   chain=prerouting action=mark-packet new-packet-mark=128K passthrough=no 
         in-interface=speedy connection-mark=128K 
    
    10   chain=prerouting action=mark-connection new-connection-mark=64K passthrough=yes protocol=tcp 
         in-interface=speedy connection-bytes=1-64000 
    
    
    11   chain=prerouting action=mark-packet new-packet-mark=64K passthrough=no 
         in-interface=speedy connection-mark=64K 
    
    12;;; upload by proxy
    chain=postrouting action=mark-connection new-connection-mark=+128k passthrough=yes protocol=tcp 
         out-interface=speedy connection-bytes=128001-0
     
    13  chain=postrouting action=mark-packet new-packet-mark=+128k passthrough=no out-interface=speedy connection-mark=+128k <--huruf kecil
    
    14  chain=postrouting action=mark-connection new-connection-mark=128k passthrough=yes protocol=tcp 
         out-interface=speedy connection-bytes=64001-128000
     
    15  chain=postrouting action=mark-packet new-packet-mark=128k passthrough=no out-interface=speedy connection-mark=128k
    
    16  chain=postrouting action=mark-connection new-connection-mark=64k passthrough=yes protocol=tcp 
         out-interface=speedy connection-bytes=32001-64000
     
    17  chain=postrouting action=mark-packet new-packet-mark=64k passthrough=no out-interface=speedy connection-mark=64k
    
    18  chain=postrouting action=mark-connection new-connection-mark=32k passthrough=yes protocol=tcp 
         out-interface=speedy connection-bytes=0-32000
     
    19  chain=postrouting action=mark-packet new-packet-mark=32k passthrough=no out-interface=speedy connection-mark=32k
    
    20;;; HIT
       chain=output out-interface=lokal dscp=4 action=mark-packet new-packet-mark=HIT passthrough=no dst-address-list=warnet
    mangle di atas akan meng-capture koneksi dan paket berdasarkan bytes nya.. trus dipisahkan untuk di limit pada queue tree dengan sistem HTB

    IP>Firewall>address list ditambahkan IP lokal mis: 192.168.1.0/24 dengan nama warnet

    3. sekarang di queue tree
    Code:
     queue>Queue tree
    Flags: X - disabled, I - invalid 
     0   name="Proxy Cache limiter" parent=alldown limit-at=520k priority=8 max-limit=750k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    
     1   name="+512K" parent=Proxy Cache limiter packet-mark=+512K limit-at=100k queue=default priority=4
         max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     2   name="64K" parent=Proxy Cache limiter packet-mark=64K limit-at=100k queue=default priority=1 
         max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     3   name="128K" parent=Proxy Cache limiter packet-mark=128K limit-at=100k queue=default priority=2 
         max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     4   name="512K" parent=Proxy Cache limiter packet-mark=512K limit-at=100k queue=default priority=3 
         max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     5   name="Proxy Request limiter" parent=allup limit-at=140k priority=8 max-limit=180k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    
     6   name="64k" parent=Proxy Request limiter packet-mark=64k limit-at=24k queue=default priority=2 
         max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     7   name="32k" parent=Proxy Request limiter packet-mark=32k limit-at=24k queue=default priority=1 
         max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     8   name="128k" parent=Proxy Request limiter packet-mark=128k limit-at=24k queue=default priority=3 
         max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s 
    
     9   name="+128k" parent=Proxy Request limiter packet-mark=+128k limit-at=24k queue=default 
         priority=8 max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s 
    
    10   name="HIT" parent=global-out packet-mark=hit limit-at=0 queue=default priority=8 max-limit=0 
         burst-limit=0 burst-threshold=0 burst-time=0s 
    
    11   name="alldown" parent=global-in limit-at=0 priority=8 max-limit=1024k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    
    12   name="allup" parent=global-out limit-at=0 priority=8 max-limit=320k burst-limit=0 
         burst-threshold=0 burst-time=0s 
    
    16   name="Priority line" parent=alldown packet-mark=prior-down limit-at=520k 
         queue=default priority=1 max-limit=700k burst-limit=0 burst-threshold=0 burst-time=0s 
    
    17   name="ping_tracert" parent=allup packet-mark=prior-up limit-at=140k 
         queue=default priority=8 max-limit=140k burst-limit=0 burst-threshold=0 burst-time=0s
    settingan diatas saya pikir sesuai dengan topologi agan..
    settingan saya sendiri kurang lebih sama tapi jangan samakan queue treenya dengan yang ada di gambar
    topologi kita sungguh jauh berbeda..

    user loss ke proxy.. saya yakin dengan settingan ini.. tidak ada yang bakalan tertindas
    hanya proxy ke internet yang dibatasi

    browsing dan download berbagi kasih.... saling pinjam bandwidth.. queue type default aja.. tapi kalo mau lebih woke.. bisa pake PCQ

    hasilnya
    Click here to enlarge
    keterangan = digunakan 7 user.. 2 orang lagi download.. satunya pakai IDM.. yang lain facebookan

    semoga membantu.. jika bermasalah.. saya tunggu reviewnya..
    dan tak lupa CMIW..Click here to enlarge
    Last edited by Anto.PJ; 08-06-2011 at 20:09.

  4. The Following 3 Users Say Thank You to Anto.PJ For This Useful Post:


  5. #4
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    Code:
    20;;; hit..
    chain=postrouting action=mark-connection new-connection-mark=HIT passthrough=yes protocol=tcp src-port=80 dst-address-list=warnet 
    
    21  chain=postrouting action=mark-packet new-packet-mark=HIT passthrough=no dst-address-list=warnet connection-mark=HIT
    gk salah brur ? Click here to enlargeClick here to enlargeClick here to enlarge

  6. #5
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    gk salah brur ? Click here to enlargeClick here to enlargeClick here to enlarge
    iya.Click here to enlargeClick here to enlarge
    udah saya perbaiki kok.. langsung ambil dari situs mikrotik
    sekalian saya mau tanya
    dscp=4 itu maksudnya apa gan??

  7. #6
    Status
    Offline
    whiely's Avatar
    Member Senior
    Join Date
    Jun 2010
    Location
    :unidentified:
    Posts
    423
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Lightbulb

    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    iya.Click here to enlargeClick here to enlarge
    udah saya perbaiki kok.. langsung ambil dari situs mikrotik
    sekalian saya mau tanya
    dscp=4 itu maksudnya apa gan??
    coba jawab yah..
    dscp singkatan Differentiated Services Code Point.
    dulu namanya TOS (Type Of Service).
    Implementasi DSCP ini salah satunya untuk penandaan paket.
    dan DSCP=4 di mikrotik digunakan untuk menandai paket yg berasal dari webproxy internal mikrotik.
    cmiiw

  8. The Following User Says Thank You to whiely For This Useful Post:


  9. #7
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    iya.Click here to enlargeClick here to enlarge
    udah saya perbaiki kok.. langsung ambil dari situs mikrotik
    sekalian saya mau tanya
    dscp=4 itu maksudnya apa gan??
    itu buat zph lah
    web proxy internal mikrotik menggunakan dscp ( dalam dec )
    web proxy squid menggunakan zph_local ( tos dalam hex)

    agar paket yang hit dapat dikenali oleh mikrotik harus di rubah dari tos ke dscp
    zph_local 0x30 = dscp 12

  10. The Following User Says Thank You to adiputrolds For This Useful Post:


  11. #8
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    mantap nih dscp..

  12. #9
    Status
    Offline
    galange's Avatar
    Baru Gabung
    Join Date
    Dec 2010
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    mantap nih dscp..
    ora mudeng blassss
    Click here to enlargeClick here to enlarge

  13. #10
    Status
    Offline
    disk_blank's Avatar
    Baru Gabung
    Join Date
    Dec 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    oh.. gini to cara ngecek rate proxy

  14. #11
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by galange Click here to enlarge
    ora mudeng blassss
    Click here to enlargeClick here to enlarge
    DSCP mantap loh untuk tandai paket yang udah keluar dari router.. yang tidak bisa dilakukan oleh mark connection/mark packet yang secara hanya berlaku di dalam router saja.. implementasinya mungkin bisa digunakan jika menggunakan 2 atau lebih router..

    betul ga?? CMIW

  15. #12
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge

  16. The Following User Says Thank You to adiputrolds For This Useful Post:


  17. #13
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0

    about dscp

    mengenai dscp ini ane masih blur soal nilainya..
    ada yang bisa kasih penjelasan ga?

    dari yang ane baca-baca, dscp(tos) adalah teknik penandaan paket berdasarkan prioritas..
    tapi ane masih bingung, yang dimasukkan ke mikrotik itu nilai dscp apa tos-nya??
    trus untuk minimal delay harus pakai dscp berapa, trus kalo mau pakai maximal througput dscp-nya berapa, ada yang bisa jelaskan ga?

    trus apakah penerapan dscp/tos ini standar untuk semua router? misalnya setelah di lakukan marking pada router merk A, maka router tujuan dengan merk B juga mengenalinya??

    dan yang terakhir, jika jawabannya ya, apakah setelah dilakukan enkripsi/enkapsulasi paket (seperti pada modem), marking masih dikenali oleh router lain?

    mohon pencerahan dari suhu-suhu..
    Click here to enlarge

  18. #14
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mikrotik menggunakan dscp

    web proxy internal menggunakan dscp
    tetapi squid hanya menggunakan tos
    jadi agar mikrotik bs mengenali packet hit dari proxy ya harus di cari tahu dulu
    nilai tos cache hit proxy yang dalam hex di rubah ke dscp

    penggunaan tos pada priority ya tergantung router nya
    tp di mikrotik kan menggunakan packet-mark
    bs aja suatu packet tertentu di ganti nilai dscp nya
    kemudian suatu packet yg memiliki tos tertentu di namai packet mark nya
    kemudian di urutkan priority nya di queue

    tp apakah malah gk jadi kerjaan ?
    kan lebih enak menggunakan connection-mark kemudian di bentuk packet-mark nya dari con-mark tersebut

    Click here to enlarge

  19. #15
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    maksud saya gini om..
    yang saya ketahui, penandaan dengan menggunakan connection/packet mark hanya berlaku di dalam router mikrotik itu sendiri.. setelah keluar dari interface router.. markingnya ga berguna..

    sedang penandaan dengan tos memungkinkan paket yang telah di mark dikenali oleh router lain,
    sebagai contoh: proxy external, dimana penandaan dilakukan oleh squid dengan tos 0x30.. nah, proxy external dan mikrotik kan beda mesin tuh, tapi paket masih dikenali oleh mikrotik dengan dscp=12

    saya cuma ingin tau, range dscp/tos untuk beberapa jenis qos kan beda-beda, critical, priority, routine, dll apa maksudnya dan pengaplikasiannya untuk apa aja.. gitu loh om.. Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 20-03-2015, 09:52
  2. [Video Tuts] Mensetting cache proxy MT biar tidak kena limit Queue
    By okto_2005 in forum QOS & Traffic Shaping
    Replies: 57
    Last Post: 03-03-2015, 15:58
  3. help- modem apa routernya yg eror nih
    By aaheroe in forum General Networking
    Replies: 7
    Last Post: 25-03-2010, 03:39
  4. web proxy internal + Limit Bandwidth dengan extension
    By scarface_qwerty in forum General Networking
    Replies: 10
    Last Post: 19-03-2010, 04:26
  5. MT gw v2.9.27 webproxynya eror molo help me pls
    By dream in forum Beginner Basics
    Replies: 11
    Last Post: 11-08-2008, 21:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •