Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    tanya buat mangle dan queue tree supaya akses ftp loss

    pagi semua master serta suhu yang terhormat..

    saya ingin bertanya tentang pembuatan mangle dan queue type dan tree nya supaya jika download lwt ftp tidak di batas i.

    karena saat ini saya sudah menggunakan mangle con byte dan queue tree dan berjalan muluss..

    tetapi untuk akses ke ftp kok ikut terlimit sesuai queue tree nya yg untuk download umum yaa??

    mohon pencerahannya para suhu dan master2 mikrotik..

    trimakasih atas perhatiiannya..

    salam..

  2. #2
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    FTP client yang digunakan native atau nggak?

    Kalau nggak native, agak susah, karena port yang digunakan ganti ganti terus.

    Kalau native, tinggal dibuat 1 mangle untuk port ftp tersebut, posisi ditaruh diatas mangle yang lain.

  3. #3
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    untuk port ftp biasanya 21 bos

    cuma client doang kok

    kyk P2p gitu boss

    kasih contohnya bisa/.. manglenya thx

    Click here to enlargeClick here to enlargeClick here to enlarge

  4. #4
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mangling aja port 21, terus dikasih jatah bandwidth gede...

  5. #5
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by antareja Click here to enlarge
    mangling aja port 21, terus dikasih jatah bandwidth gede...
    contoh manglenya gmn bos??

    bisa jelas kan??

    klo begini bener nda???


    chain=forward action=mark-connection new-connection-mark=ftp
    passthrough=yes protocol=tcp in-interface=lan dst-port=21
    connection-bytes=162146-4294967295 <di isi brp ya biar lebih cpt??>


    chain=forward action=mark-packet new-packet-mark=ftp-conn passthrough=no
    connection-mark=ftp


    queue tree
    name="ftp" parent=global-out packet-mark=ftp-conn limit-at=0 queue=defaul>
    priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s


    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  6. #6
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sundulllllllllll

  7. #7
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    jangan membuat mangle ftp secara global buat yg spesifik ke arah private server tersebut....
    mangle ini juga bs di gabungkan dengan port yg lain jika server tersebut memiliki banyak service

    misal :::
    Saya menggunakan ClearOS (dapat saya katakan sebagai Private-Server)
    pada ClearOS tersebut saya menginstal module HTTP server(tcp = 80) , Proxy Server(tcp = 3128), FTP Server(tcp = 21)
    Tetapi ClearOS tersebut dapat di akses dengan telnet(tcp = 23)SSH(tcp = 22) dan Webadministration(tcp = 81,443)

    network Local anda
    192.168.100.0/24

    network Private server
    200.200.200.0/24

    network modem ADSL
    192.168.1.0/24


    Sekarang apa yang anda harus lakukan ??

    Kita akan membuat mangle dengan nama SYSTEM
    SYSTEM disini bukan hanya kearah Private Server, tetapi juga ke arah network modem karena modem itu sendiri memiliki Webadministration port 80 misalnya.
    dan juga Kearah Mikrotik itu sendiri (Local-Process)
    port 21,22,23,80,8291(port service mikrotik)


    /ip firewall address-list
    add address=192.168.100.0/24 list=system comment="Mikrotik"
    add address=200.200.200.0/24 list=system comment="ClearOS"
    add address=192.168.1.0/24 list=system comment="Modem"

    port-port yang mungkin terjadi kearah ketiga network tersebut adalah :
    21 = FTP Mikrotik , ClearOS
    22 = SSH Mikrotik , ClearOS
    23 = telnet Mikrotik , ClearOS
    80 = Local Webserver ClearOS , webadmin Mikrotik , webadmin modem
    81 = Webadmin ClearOS
    443 = Webadmin ClearOS / SSL
    8291 = Winbox Mikrotik


    jadi kita buat mangle untuk menangkap port tersebut yg kearah system tersebut dan letakkan paling atas


    /ip firewall mangle
    add chain=prerouting action=mark-connection new-connection-mark=SYSTEM protocol=tcp dst-port=21,22,23,80,81,443,8291 dst-address-list=system src-address=192.168.100.0/24 passthrough=yes
    add chain=prerouting action=mark-packet new-packet-mark=system connection-mark=SYSTEM passthrough=no


    yang perlu anda ketahui, mungkin disini kesalahan newbie yg belom tau
    walaupun mangle tersebut telah anda passthrough = no pada chain=prerouting.
    Jika anda membuat mangle untuk menangkap traffic secara global pada postrouting mangle tersebut bs di mark ulang oleh mikrotik dan biasanya malah terlimit traffic system tersebut, jadi gk ada gunanya.
    Untuk mengakali hal tersebut gunakan packet-mark=no-mark


    contoh :
    /ip fir mangle
    add chain=postrouting action=mark-connection new-connection-mark=Down-To-Local out-interface=Local passthrough=yes
    add chain=postrouting action=mark-packet new-packet-mark=down-to-local connection-mark=Down-To-Local out-interface=Local passthrough=no


    dengan mangle diatas anda berencana untuk melimit traffic dari internet dan menggunakannya pada queue-tree.
    tetapi yg terjadi adalah semua mangle yg anda buat pada prerouting bs masuk ke mangle tersebut karena di mark-ulang.

    Jadi agar tidak me-mark ulang mangle pada prerouting gunakan option packet-mark=no-mark
    jadi yang benar2 tidak ada packet-marknya lah yang akan di limit.

    /ip fir mangle
    add chain=postrouting action=mark-connection new-connection-mark=Down-To-Local out-interface=Local packet-mark=no-mark passthrough=yes
    add chain=postrouting action=mark-packet new-packet-mark=down-to-local connection-mark=Down-To-Local out-interface=Local passthrough=no


    Click here to enlarge

  8. The Following User Says Thank You to adiputrolds For This Useful Post:


  9. #8
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    untuk masalah buat queue tree nya gmn gan??

    saat ini sy pk begini

    queue tree
    name="ftp" parent=global-out packet-mark=ftp-conn limit-at=0 queue=defaul>
    priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

    mohon di koreksi

    btw itu td pastoringnya mangle di kasih paling atas atau di bawahnya mangle download ???

    trima kasih atas perhatiannya ...


    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  10. #9
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mahaadit Click here to enlarge
    contoh manglenya gmn bos??

    bisa jelas kan??

    klo begini bener nda???


    chain=forward action=mark-connection new-connection-mark=ftp
    passthrough=yes protocol=tcp in-interface=lan dst-port=21
    connection-bytes=162146-4294967295 <di isi brp ya biar lebih cpt??>


    chain=forward action=mark-packet new-packet-mark=ftp-conn passthrough=no
    connection-mark=ftp


    queue tree
    name="ftp" parent=global-out packet-mark=ftp-conn limit-at=0 queue=defaul>
    priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s


    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

    yang merah ilangin aja..

  11. #10
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by antareja Click here to enlarge
    yang merah ilangin aja..
    cuma itu ya bos??

    terus udah bisa ya buat ftp bisa loss kan download nya??

    ada mangle tambahan lg nda mohon pencerahannya

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 01-11-2011, 12:11
  2. nanya queue tree yang dah di buat ????
    By blankcode403 in forum General Networking
    Replies: 1
    Last Post: 18-08-2008, 10:59
  3. [ask] queue tree buat 2 group
    By bigie in forum General Networking
    Replies: 1
    Last Post: 07-08-2008, 23:47
  4. HOTSPOT+mangle+pcq+queue tree
    By sartugiono in forum General Networking
    Replies: 11
    Last Post: 19-03-2008, 09:37
  5. script mangle - queue tree di ISP
    By ponywaterhouse in forum Scripting @ Mikrotik
    Replies: 1
    Last Post: 06-08-2007, 04:58

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •