Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Mohon review (Pisah Download, Upload, Browsing, Game)

    Sebelumnya saya ucapkan terima kasih yang sebesar"nya atas adanya forum ini, karena dengan adanya forum ini saya bisa belajar mikrotik dari 0
    seluruh settingan saya di bawah adalah hasil dari beberapa thread yang ada di forum ini.
    mohon koreksi apakah sudah powerfull atau belum, soalnya saya merasa masih ada yang kurang dengan settingan ini..

    BAHAN :
    Code:
    Speedy 128k/384k
    RB750 OS ver.4.9
    IP LAN = 192.168.1.0/24
    IP Router = 10.0.0.2/30
    IP Modem = 10.0.0.1/30
    Modem di set bridge (PPPoE pada RB)
    TOPOLOGI :
    Code:
    Modem -- RB -- HUB -- PC
    Setting Pada PC Client :
    Code:
    IP Address  : 192.168.1.11
    Subnet Mask : 255.255.255.0
    Gateway     : 192.168.1.1
    DNS         : 192.168.1.1
    INTERFACE :
    Code:
    interface print 
    Flags: D - dynamic, X - disabled, R - running, S - slave 
     #     NAME            TYPE         MTU     L2MTU
     0  R  eth1-WAN        ether        1500    1526 
     1  R  eth2-LAN        ether        1500    1524 
     2     ether3          ether        1500    1524 
     3     ether4          ether        1500    1524 
     4     ether5          ether        1500    1524 
     5  R  PPPoE-Speedy    pppoe-out    1480 
     6  R  bridge-iix      bridge       1500    1526 
     7  R  bridge-lan      bridge       1500    1524 
    
    interface bridge settings print 
                use-ip-firewall: yes
       use-ip-firewall-for-vlan: no
      use-ip-firewall-for-pppoe: no
    
    interface bridge print 
    Flags: X - disabled, R - running 
     0  R name="bridge-iix" mtu=1500 l2mtu=1526 arp=enabled mac-address=XX:XX:XX:XX:XX:XX protocol-mode=rstp 
          priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
          transmit-hold-count=6 ageing-time=5m 
    
     1  R name="bridge-lan" mtu=1500 l2mtu=1524 arp=enabled mac-address=XX:XX:XX:XX:XX:XX protocol-mode=rstp 
          priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
          transmit-hold-count=6 ageing-time=5m 
    
    interface bridge port print 
    Flags: X - disabled, I - inactive, D - dynamic 
     #    INTERFACE    BRIDGE        PRIORITY    PATH-COST    HORIZON   
     0    eth1-WAN     bridge-iix    0x80        10           none      
     1    eth2-LAN     bridge-lan    0x80        10           none  
     
    interface pppoe-client print 
    Flags: X - disabled, R - running 
     0  R name="PPPoE-Speedy" max-mtu=1480 max-mru=1480 mrru=disabled interface=bridge-iix 
          user="xxxxxxxxxxxx@telkom.net" password="xxxxxxxxxx" profile=default service-name="" ac-name="" 
          add-default-route=yes dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
    DNS
    Code:
    ip dns print 
                    servers: 202.134.1.5,202.134.1.10
      allow-remote-requests: yes
        max-udp-packet-size: 512
                 cache-size: 2048KiB
              cache-max-ttl: 1w
                 cache-used: 31KiB
    IP ADDRESS :
    Code:
    ip address print 
    Flags: X - disabled, I - invalid, D - dynamic 
     #   ADDRESS             NETWORK          BROADCAST       INTERFACE                                             
     0   10.0.0.2/30         10.0.0.0         10.0.0.3        bridge-iix                                            
     1   192.168.1.1/24      192.168.1.0      192.168.1.255   bridge-lan                                            
     2 D xxx.xxx.xxx.xxx/xx  xxx.xxx.xxx.xxx  0.0.0.0         PPPoE-Speedy
    NAT :
    Code:
    ip firewall nat print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   chain=srcnat action=masquerade src-address=192.168.1.11 
     1   chain=srcnat action=masquerade src-address=192.168.1.12 
     2   chain=srcnat action=masquerade src-address=192.168.1.13
     3   chain=srcnat action=masquerade src-address=192.168.1.14 
     4   chain=srcnat action=masquerade src-address=192.168.1.15 
     5   chain=srcnat action=masquerade src-address=192.168.1.16 
     6   chain=srcnat action=masquerade src-address=192.168.1.17 
     7   chain=srcnat action=masquerade src-address=192.168.1.18 
     8   chain=srcnat action=masquerade src-address=192.168.1.19 
     9   chain=srcnat action=masquerade src-address=192.168.1.20
    ADDRESS LIST :
    Code:
    ip firewall address-list print 
    Flags: X - disabled, D - dynamic 
     #   LIST         ADDRESS                        
     0   IP_Router    192.168.1.1                    
     1   IP_Local     192.168.1.0/24
    LAYER7-PROTOCOL :
    Code:
    ip firewall layer7-protocol print
     # NAME                   REGEXP
     0 Extension " .exe "     \.(exe)
     1 Extension " .rar "     \.(rar)
     2 Extension " .zip "     \.(zip)
     3 Extension " .7z "      \.(7z)
     4 Extension " .cab "     \.(cab)
     5 Extension " .asf "     \.(asf)
     6 Extension " .mov "     \.(mov)
     7 Extension " .wmv "     \.(wmv)
     8 Extension " .mpg "     \.(mpg)
     9 Extension " .mpeg "    \.(mpeg)
    10 Extension " .mkv "     \.(mkv)
    11 Extension " .avi "     \.(avi)
    12 Extension " .flv "     \.(flv)
    13 Extension " .pdf "     \.(pdf)
    14 Extension " .wav "     \.(wav)
    15 Extension " .rm "      \.(rm)
    16 Extension " .mp3 "     \.(mp3)
    17 Extension " .mp4 "     \.(mp4)
    18 Extension " .ram "     \.(ram)
    19 Extension " .rmvb "    \.(rmvb)
    20 Extension " .dat "     \.(dat)
    21 Extension " .daa "     \.(daa)
    22 Extension " .iso "     \.(iso)
    23 Extension " .nrg "     \.(nrg)
    24 Extension " .bin "     \.(bin)
    25 Extension " .vcd "     \.(vcd)
    26 Extension " .mp2 "     \.(mp2)
    27 Extension " .3gp "     \.(3gp)
    28 Extension " .mpe "     \.(mpe)
    29 Extension " .qt "      \.(qt)
    30 Extension " .raw "     \.(raw)
    31 Extension " .wma "     \.(wma)
    32 Extension " .ogg "     \.(ogg)
    33 Extension " .doc "     \.(doc)
    FILTER :
    Code:
    ip firewall filter print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Drop SSH brute forcers
         chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 
     1   chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 
         address-list=ssh_blacklist address-list-timeout=1w3d dst-port=22 
     2   chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 
         address-list=ssh_stage3 address-list-timeout=1m dst-port=22 
     3   chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 
         address-list=ssh_stage2 address-list-timeout=1m dst-port=22 
     4   chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 
         address-list-timeout=1m dst-port=22 
     5   ;;; FTP
         chain=input action=add-src-to-address-list protocol=tcp src-address-list=!IP_Local 
         address-list=WARN-FTP address-list-timeout=4w2d dst-port=21 
     6   chain=input action=drop src-address-list=WARN-FTP 
     7   chain=input action=accept protocol=tcp src-address-list=IP_Local dst-port=21 
     8   ;;; SSH
         chain=input action=add-src-to-address-list protocol=tcp src-address-list=!IP_Local 
         address-list=WARN-SSH address-list-timeout=4w2d dst-port=22 
     9   chain=input action=drop src-address-list=WARN-SSH 
    10   chain=input action=accept protocol=tcp src-address-list=IP_Local dst-port=22 
    11   ;;; TELNET
         chain=input action=add-src-to-address-list protocol=tcp src-address-list=!IP_Local 
         address-list=WARN-SSH address-list-timeout=4w2d dst-port=22 
    12   chain=input action=drop src-address-list=WARN-TELNET 
    13   chain=input action=accept protocol=tcp src-address-list=IP_Local dst-port=23 
    14   ;;; WEB
         chain=input action=add-src-to-address-list protocol=tcp src-address-list=!IP_Local 
         address-list=WARN-WEB address-list-timeout=4w2d dst-port=80 
    15   chain=input action=drop src-address-list=WARN-WEB 
    16   chain=input action=accept protocol=tcp src-address-list=IP_Local dst-port=80 
    17   ;;; WINBOX
         chain=input action=add-src-to-address-list protocol=tcp src-address-list=!IP_Local 
         address-list=WARN-WINBOX address-list-timeout=4w2d dst-port=8291 
    18   chain=input action=drop src-address-list=WARN-WINBOX 
    19   chain=input action=accept protocol=tcp src-address-list=IP_Local dst-port=8291 
    20   ;;; Content Download
         chain=forward action=add-dst-to-address-list protocol=tcp src-address-list=IP_Local 
         dst-address-list=!IP_Local address-list=L7_Content_Download address-list-timeout=5s 
         layer7-protocol=Extension " .mp3 " connection-limit=0,32 
    21   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .avi " 
    22   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .flv " 
    23   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .iso " 
    24   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .pdf " 
    25   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mpeg " 
    26   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .exe " 
    27   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .rar " 
    28   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .zip " 
    29   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mp4 " 
    30   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mp2 " 
    31   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .3gp " 
    32   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mov " 
    33   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mpe " 
    34   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mpg " 
    35   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .qt " 
    36   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .ram " 
    37   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .rm " 
    38   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .raw " 
    39   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .wav " 
    40   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .wmv " 
    41   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .wma " 
    42   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .ogg " 
    43   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .doc " 
    44   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .7z " 
    45   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .asf " 
    46   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .bin " 
    47   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .cab " 
    48   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .daa " 
    49   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .dat " 
    50   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .mkv " 
    51   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .nrg " 
    52   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .rmvb " 
    53   chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!IP_Local 
         address-list=L7_Content_Download address-list-timeout=5s layer7-protocol=Extension " .vcd "
    MANGLE :
    Code:
    ip firewall mangle print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Point Blank
         chain=prerouting action=mark-connection new-connection-mark=Conn_Game_PB 
         passthrough=yes protocol=tcp dst-port=39100-49100 
     1   chain=prerouting action=mark-connection new-connection-mark=Conn_Game_PB 
         passthrough=yes protocol=udp dst-port=40000-40010 
     2   chain=prerouting action=mark-packet new-packet-mark=Pack_Game_PB passthrough=no 
         connection-mark=Conn_Game_PB 
     3   ;;; DOWNLOAD LAN
         chain=prerouting action=mark-connection new-connection-mark=Conn_L7_Download-LAN 
         passthrough=yes protocol=tcp src-address=192.168.1.0/24 
         dst-address-list=L7_Content_Download 
     4   chain=prerouting action=mark-connection new-connection-mark=Conn_L7_Download-LAN 
         passthrough=yes protocol=!icmp src-address=192.168.1.0/24 
         dst-address-list=!IP_Router connection-bytes=262146-4294967295 
     5   chain=prerouting action=mark-packet new-packet-mark=Pack_L7_Download-LAN 
         passthrough=no dst-address-list=!IP_Router in-interface=PPPoE-Speedy 
         connection-mark=Conn_L7_Download-LAN 
     6   ;;; UPLOAD LAN
         chain=prerouting action=mark-packet new-packet-mark=Pack_Upload-LAN 
         passthrough=no src-address=192.168.1.0/24 in-interface=bridge-lan 
     7   ;;; HTTP / S LAN
         chain=forward action=mark-connection new-connection-mark=Conn_HTTP-LAN 
         passthrough=yes protocol=tcp src-address=192.168.1.0/24 
         connection-bytes=0-128000 
     8   chain=forward action=mark-packet new-packet-mark=Pack_HTTP-LAN passthrough=no 
         protocol=tcp in-interface=PPPoE-Speedy connection-mark=Conn_HTTP-LAN
    QUEUE :
    Code:
    queue type print 
     0 name="default" kind=pfifo pfifo-limit=50 
     1 name="ethernet-default" kind=pfifo pfifo-limit=50 
     2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514 
     3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 
       red-avg-packet=1000 
     4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514 
     5 name="PCQ_L7_Download" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
     6 name="PCQ_HTTP" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
     7 name="PCQ_Upload" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 
     8 name="PCQ_GAME" kind=pcq pcq-rate=384000 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port 
       pcq-total-limit=2000 
     9 name="default-small" kind=pfifo pfifo-limit=10 
    
    queue tree print
    Flags: X - disabled, I - invalid 
     0   name="Downstream" parent=bridge-lan limit-at=0 priority=8 max-limit=384k burst-limit=0 burst-threshold=0 burst-time=0s 
     1   name="Browsing-LAN" parent=Downstream packet-mark=Pack_HTTP-LAN limit-at=64k queue=PCQ_HTTP priority=3 max-limit=128k 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     2   name="L7-Download-LAN" parent=Downstream packet-mark=Pack_L7_Download-LAN limit-at=64k queue=PCQ_L7_Download 
         priority=3 max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s 
     3   name="Upstream" parent=PPPoE-Speedy packet-mark=Pack_Upload-LAN limit-at=0 queue=default priority=8 max-limit=128k 
         burst-limit=0 burst-threshold=0 burst-time=0s 
     4   name="Game-PB" parent=Downstream packet-mark=Pack_Game_PB limit-at=128k queue=PCQ_GAME priority=3 max-limit=384k 
         burst-limit=0 burst-threshold=0 burst-time=0s
    Nilai + :
    - Jalur Download, Upload, Browsing dan Game benar-benar terpisah, sehingga memudahkan untuk melakukan limit bandwidth

    Nilai - :
    - Saya masih merasa belum stabil dengan settingan di atas, beberapa packet download lolos ke browsing, mungkin karena saya menandai browsing dengan connection byte

    Harapan saya Mohon koreksi dari rekan-rekan sekalian, sehingga kita sama-sama dapat menemukan / mempelajari setting mikrotik yang mendekati sempurna

  2. The Following 3 Users Say Thank You to adh1et For This Useful Post:


  3. #2
    Status
    Online
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    Sebelumnya saya ucapkan terima kasih yang sebesar"nya ....
    Newbie mencoba mereview sebagian

    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    BAHAN :
    Code:
    Speedy 128k/384k
    RB750 OS ver.4.9
    IP LAN = 192.168.1.0/24
    IP Router = 10.0.0.2/30
    IP Modem = 10.0.0.1/30
    Modem di set bridge (PPPoE pada RB)
    bukankah speedy yg 384k hanya di beri upload 96k. pertimbangkan juga bagaimana jika quota habis.

    Click here to enlarge Originally Posted by adh1et Click here to enlarge


    TOPOLOGI :
    Code:
    Modem -- RB -- HUB -- PC
    kalau bisa tambahin proxy apalagi untuk game yang membutuhkan patch, kecuali memang mau update manual satu2
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    Setting Pada PC Client :
    Code:
    IP Address  : 192.168.1.11
    Subnet Mask : 255.255.255.0
    Gateway     : 192.168.1.1
    DNS         : 192.168.1.1

    INTERFACE :
    Code:
    interface print 
    Flags: D - dynamic, X - disabled, R - running, S - slave 
     #     NAME            TYPE         MTU     L2MTU
     0  R  eth1-WAN        ether        1500    1526 
     1  R  eth2-LAN        ether        1500    1524 
     2     ether3          ether        1500    1524 
     3     ether4          ether        1500    1524 
     4     ether5          ether        1500    1524 
     5  R  PPPoE-Speedy    pppoe-out    1480 
     6  R  bridge-iix      bridge       1500    1526 
     7  R  bridge-lan      bridge       1500    1524 
    ...
    mengapa harus ada bridge?

    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    DNS
    Code:
    ip dns print 
                    servers: 202.134.1.5,202.134.1.10
      allow-remote-requests: yes
        max-udp-packet-size: 512
                 cache-size: 2048KiB
              cache-max-ttl: 1w
                 cache-used: 31KiB
    sama
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    IP ADDRESS :
    Code:
    ip address print 
    Flags: X - disabled, I - invalid, D - dynamic 
     #   ADDRESS             NETWORK          BROADCAST       INTERFACE                                             
     0   10.0.0.2/30         10.0.0.0         10.0.0.3        bridge-iix                                            
     1   192.168.1.1/24      192.168.1.0      192.168.1.255   bridge-lan                                            
     2 D xxx.xxx.xxx.xxx/xx  xxx.xxx.xxx.xxx  0.0.0.0         PPPoE-Speedy
    NAT :
    Code:
    ip firewall nat print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   chain=srcnat action=masquerade src-address=192.168.1.11 
     1   chain=srcnat action=masquerade src-address=192.168.1.12 
     2   chain=srcnat action=masquerade src-address=192.168.1.13
     3   chain=srcnat action=masquerade src-address=192.168.1.14 
     4   chain=srcnat action=masquerade src-address=192.168.1.15 
     5   chain=srcnat action=masquerade src-address=192.168.1.16 
     6   chain=srcnat action=masquerade src-address=192.168.1.17 
     7   chain=srcnat action=masquerade src-address=192.168.1.18 
     8   chain=srcnat action=masquerade src-address=192.168.1.19 
     9   chain=srcnat action=masquerade src-address=192.168.1.20
    mengapa src-address satu2, mengapa tidak 192.168.1.0/24, seperti masking pada bahan

    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    ADDRESS LIST :
    Code:
    ip firewall address-list print 
    Flags: X - disabled, D - dynamic 
     #   LIST         ADDRESS                        
     0   IP_Router    192.168.1.1                    
     1   IP_Local     192.168.1.0/24
    LAYER7-PROTOCOL :
    Code:
    ip firewall layer7-protocol print
     # NAME                   REGEXP
     0 Extension " .exe "     \.(exe)
    ......
    tidak pakai l7 di RB750, mungkin master yg lain bisa menjelaskan.
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    FILTER :
    Code:
    ip firewall filter print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Drop SSH brute forcers
         chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 
    .....
    saya lebih suka yg sederhana. jika service ftp/http/telnet tidak dibuka, mengapa harus ada firewall ftp/http/telnet. penambahan rule firewall, meningkatkan resource hardware..
    silakan master2 meperjelaskan..
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    MANGLE :
    Code:
    ip firewall mangle print 
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Point Blank
         chain=prerouting action=mark-connection new-connection-mark=Conn_Game_PB 
         passthrough=yes protocol=tcp dst-port=39100-49100 
     1   chain=prerouting action=mark-connection new-connection-mark=Conn_Game_PB 
         passthrough=yes protocol=udp dst-port=40000-40010 
     2   chain=prerouting action=mark-packet new-packet-mark=Pack_Game_PB passthrough=no 
         connection-mark=Conn_Game_PB 
    ...
    yg mangle biar master yg mereview, tiap tempat beda game favorit dan kebutuhan
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    QUEUE :
    Code:
    queue type print 
     0 name="default" kind=pfifo pfifo-limit=50 
    ...
    
    queue tree print
    Flags: X - disabled, I - invalid 
     0   name="Downstream" parent=bridge-lan limit-at=0 priority=8 max-limit=384k burst-limit=0 burst-threshold=0 burst-time=0s 
    ...
    Click here to enlarge Originally Posted by adh1et Click here to enlarge

    Nilai + :
    - Jalur Download, Upload, Browsing dan Game benar-benar terpisah, sehingga memudahkan untuk melakukan limit bandwidth

    Nilai - :
    - Saya masih merasa belum stabil dengan settingan di atas, beberapa packet download lolos ke browsing, mungkin karena saya menandai browsing dengan connection byte

    Harapan saya Mohon koreksi dari rekan-rekan sekalian, sehingga kita sama-sama dapat menemukan / mempelajari setting mikrotik yang mendekati sempurna
    • tidak bisa remote akses tanpa update ddns
    • update game agak susah tanpa cache (proxy)
    • yang jadi pertanyaan untuk 10 kompi kenapa masih pakai speedy 384k?


    untuk game dan warnet 384k saran nubie yang simple adalah dengan proritas seperti ini,

    • service dns prioritas tertingi
    • dilanjutkan dengan ssh prioritas tinggi
    • game online iix dengan pembatasan pada conn-byte/rate
    • browsing iix dan ix di bawah game
    • yg prioritas terendah adalah download/streaming
    • p2p di drop

  4. The Following 3 Users Say Thank You to pos_ronda For This Useful Post:


  5. #3
    Status
    Offline
    agusfazri's Avatar
    Calon Member
    Join Date
    Mar 2010
    Location
    Cijulang, Jawa Barat, Indonesia, Indonesia
    Posts
    88
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    numpang duduk di page one ........Click here to enlarge

  6. The Following User Says Thank You to agusfazri For This Useful Post:


  7. #4
    Status
    Offline
    kannyd's Avatar
    Newbie
    Join Date
    Sep 2007
    Posts
    61
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    trit yg baguus n ane tunggu"..
    menunggu para master paring dawuh Click here to enlarge

  8. The Following User Says Thank You to kannyd For This Useful Post:


  9. #5
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @pos_ronda

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    bukankah speedy yg 384k hanya di beri upload 96k. pertimbangkan juga bagaimana jika quota habis.
    saya pakai speedy familia gan, saya coba tes bandwidth ke b*znet dapet sekitar 400/120 an.

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    kalau bisa tambahin proxy apalagi untuk game yang membutuhkan patch, kecuali memang mau update manual satu2
    untuk proxy, nampaknya harus pakai proxy eksternal, soalnya tidak mungkin di pasang di RB750 karena free space hdd nya kecil, sedangkan untuk proxy eksternal saya belum terlalu paham.

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    mengapa harus ada bridge?
    rencananya akan di tambahkan beberapa AP dan hub yang langsung di colok ke MT, jadi saya mengharapkan nanti tidak akan kerepotan untuk memantau kinerja/traffic masing" AP/hub yang terhubung (mohon koreksi)

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    mengapa src-address satu2, mengapa tidak 192.168.1.0/24, seperti masking pada bahan
    menurut saya kalau memakai 192.168.1.0/24 maka range IP yang mendapatkan koneksi internet jadi 192.168.1.1 - 192.168.1.254.
    mungkin karena fartor pertimbangan keamanan gan jadi saya memakai src-address satu"

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    tidak pakai l7 di RB750, mungkin master yg lain bisa menjelaskan.
    saya kurang mengerti maksud agan.

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    saya lebih suka yg sederhana. jika service ftp/http/telnet tidak dibuka, mengapa harus ada firewall ftp/http/telnet. penambahan rule firewall, meningkatkan resource hardware..
    maksudnya biar semua ip luar yang mencoba untuk masuk akan terdaftar, sehingga dapat memantau dengan mudah, tapi benar juga kata agan tentang resource hardware yang meningkat karena terlalu banyak rule pada firewall

    nb:384 buat 10 komputer > saya nyoba" di rumah gan, beberapa net yang saya setting memiliki bandwidth 1M - 3M an, tapi keluhan yang di dapat adalah beberapa website yang agak berat waktu loading nya maka ada kemungkinan lepas dari pengawasan "mangle", apa mungkin karena saya menangkap koneksi browsing dengan conn-byte dan menangkap download dengan L7 jadi nya yang di luar daftar tersebut akan lolos,
    apa perlu di berikan mangle baru untuk menangkap kelebihan beban?

  10. The Following User Says Thank You to adh1et For This Useful Post:


  11. #6
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    saya pakai speedy familia gan, saya coba tes bandwidth ke b*znet dapet sekitar 400/120 an.
    ngetest BW nya pas bener2 kosong gk tuh ??
    kok paket familia cuman dapet segitu

    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    untuk proxy, nampaknya harus pakai proxy eksternal, soalnya tidak mungkin di pasang di RB750 karena free space hdd nya kecil, sedangkan untuk proxy eksternal saya belum terlalu paham.
    kalo gk ngerti proxy external kenapa beli RB750
    mendingan beli DOM Mikrotik + Proxy Internal

    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    menurut saya kalau memakai 192.168.1.0/24 maka range IP yang mendapatkan koneksi internet jadi 192.168.1.1 - 192.168.1.254.
    mungkin karena fartor pertimbangan keamanan gan jadi saya memakai src-address satu"
    kan bs di masukin ke address-list

    /ip firewall address-list
    add address=192.168.1.11-192.168.1.20 list=Local-Allowed

    /ip firewall nat
    add chain=srcnat action=masquerade src-address-list=Local-Allowed

    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    maksudnya biar semua ip luar yang mencoba untuk masuk akan terdaftar, sehingga dapat memantau dengan mudah, tapi benar juga kata agan tentang resource hardware yang meningkat karena terlalu banyak rule pada firewall
    gunakan filter rule jika memungkinkan saja


    Click here to enlarge Originally Posted by adh1et Click here to enlarge
    nb:384 buat 10 komputer > saya nyoba" di rumah gan, beberapa net yang saya setting memiliki bandwidth 1M - 3M an, tapi keluhan yang di dapat adalah beberapa website yang agak berat waktu loading nya maka ada kemungkinan lepas dari pengawasan "mangle", apa mungkin karena saya menangkap koneksi browsing dengan conn-byte dan menangkap download dengan L7 jadi nya yang di luar daftar tersebut akan lolos,
    apa perlu di berikan mangle baru untuk menangkap kelebihan beban?
    berarti setting anda masih salah

  12. The Following User Says Thank You to adiputrolds For This Useful Post:


  13. #7
    Status
    Offline
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    itu diatas mark packet aja dipisah dengan memberi prioritas dan BW yang dibutuhkan, jalur ya tetep satu pakai spidol Click here to enlarge

  14. The Following User Says Thank You to spymedan For This Useful Post:


  15. #8
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @electrix_85

    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    ngetest BW nya pas bener2 kosong gk tuh ??
    kok paket familia cuman dapet segitu
    pas lagi kosong, di brosur malah 384k aja gan...

    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    kalo gk ngerti proxy external kenapa beli RB750
    mendingan beli DOM Mikrotik + Proxy Internal
    adanya cuman itu Click here to enlarge

    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    kan bs di masukin ke address-list

    /ip firewall address-list
    add address=192.168.1.11-192.168.1.20 list=Local-Allowed

    /ip firewall nat
    add chain=srcnat action=masquerade src-address-list=Local-Allowed
    terimakasih master pencerahanya, baru kepikiran Click here to enlarge

    @all
    apa karena
    Code:
    ;;; HTTP / S LAN
         chain=forward action=mark-connection new-connection-mark=Conn_HTTP-LAN 
         passthrough=yes protocol=tcp src-address=192.168.1.0/24 
         connection-bytes=0-128000
    mangle yang menangkap koneksi browsing menggunakan connection-bytes 128k, sedangkan untuk menangkap koneksi download menggunakan L7 jadi paket browsing yang di atas 128k tidak tertangkap di dalam mangle?
    mohon pencerahan Click here to enlarge

  16. The Following User Says Thank You to adh1et For This Useful Post:


  17. #9
    Status
    Online
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @all
    apa karena
    Code:
    ;;; HTTP / S LAN
         chain=forward action=mark-connection new-connection-mark=Conn_HTTP-LAN 
         passthrough=yes protocol=tcp src-address=192.168.1.0/24 
         connection-bytes=0-128000
    mangle yang menangkap koneksi browsing menggunakan connection-bytes 128k, sedangkan untuk menangkap koneksi download menggunakan L7 jadi paket browsing yang di atas 128k tidak tertangkap di dalam mangle?
    mohon pencerahan Click here to enlarge
    L7 kalau mangle dengan input/prerouting harus di mangle lagi dengan output/postrouting. kalau tidak pola tidak tertangkap.

    saya quote dari wiki mikrotik

    If rule is set in input/prerouting chain then the same rule must be set also in output/postrouting chain, otherwise collected data may not be complete resulting in incorrectly matched pattern.

  18. The Following 2 Users Say Thank You to pos_ronda For This Useful Post:


 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Limiting Bandwidth, Upload+download+Browsing
    By hqki in forum General Networking
    Replies: 11
    Last Post: 05-02-2011, 17:18
  2. [ask] limit upload dan download p2p
    By maxwell in forum Beginner Basics
    Replies: 1
    Last Post: 14-09-2010, 08:24
  3. upload selalu mengganggu browsing/game online
    By aaheroe in forum General Networking
    Replies: 15
    Last Post: 14-12-2009, 14:15
  4. (ask) Download speedy Upload Wireless
    By locantop in forum General Networking
    Replies: 2
    Last Post: 07-11-2007, 03:29

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •