Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 7 of 98 FirstFirst ... 567891757 ... LastLast
Results 91 to 105 of 1467
  1. #91
    Status
    Offline
    irfanulhakim's Avatar
    Baru Gabung
    Join Date
    Feb 2010
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    Silahkan bro..nikmati hidangannya...Click here to enlarge

    Dear Bro Dingo,

    Saya mau tanya nih... Kalau angka ini didapatnya bagaimana caranya yah?
    Bukannya untuk browsing dialokasikan 1M, dan download 256K?
    Kok bisa :
    Browsing: connection-bytes=0-262146
    Limit download: connection-bytes=262146-4294967295

    Maaf newbie, jadi masih bingung, mau aplikasiin ini. Click here to enlarge
    Kalau ISP saya cuma 1 Mbps (Sapidi Paket game), yang tepat dialokasikan brp yah untuk browsing dan download ?

    BROWSING
    chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment="BROWSE"

    LIMIT DOWNLOAD
    chain=forward action=mark-connection new-connection-mark=Download passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Poker_con connection bytes=262146-4294967295 comment="LIMIT DOWNLOAD"

    Thanks,

    Irfan

  2. #92
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by irfanulhakim Click here to enlarge
    Dear Bro Dingo,

    Saya mau tanya nih... Kalau angka ini didapatnya bagaimana caranya yah?
    Bukannya untuk browsing dialokasikan 1M, dan download 256K?
    Kok bisa :
    Browsing: connection-bytes=0-262146
    Limit download: connection-bytes=262146-4294967295

    Maaf newbie, jadi masih bingung, mau aplikasiin ini. Click here to enlarge
    Kalau ISP saya cuma 1 Mbps (Sapidi Paket game), yang tepat dialokasikan brp yah untuk browsing dan download ?

    BROWSING
    chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment="BROWSE"

    LIMIT DOWNLOAD
    chain=forward action=mark-connection new-connection-mark=Download passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Poker_con connection bytes=262146-4294967295 comment="LIMIT DOWNLOAD"

    Thanks,

    Irfan
    1 KBps = 1 x 2^10 byte/second = 1,024 byte/second
    bit mempergunakan satuan desimal oleh sebab itu :
    1 kilobit = 1 x 10^3 bit = 1000 bit
    sedangkan byte mempergunakan satuan biner, oleh sebab itu :
    1 KiloByte = 1 x 2^10 = 1024 Byte.

    265146=256KBps kurang lebih lah...

    CMIIW.
    Untuk paket game sesuaikan aja dengan jumlah kliennya brp.alokasikan sesuai kebutuhan.
    Limit download tersebut berarti 256KBps untuk seluruh klien.
    Last edited by dingo; 14-02-2010 at 19:07.

  3. #93
    Status
    Offline
    juniorbrother's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    Setelah test running dengan pake proxy eksternal IPCOP, jujur aja keren banget nih proxy nya...browsing joss banget....
    Akan tetapi klo untuk game online ternyata banyak kendala yang saya hadapi.
    Ada yang gamau konek sama sekali, ada yang uda main mental lagi...puyeng dah Click here to enlarge
    Udah obrak abrik lemari Oom google belum nemu solusi yang bener bener fix.
    Kesimpulannya:
    SEBELUM ADA SOLUSI YANG FIX SAYA TIDAK MEMBUAT PROXY IPCOP SECARA TRANSPARENT JADI SETTING AJA DI MOZILLA SECARA MANUAL, NOT INCLUDE IE, KARENA KLO IE DI SETTING BERLAKU SECARA KESELURUHAN (JADI MIRIP TRANSPARENT)
    MOHON PARA MASTER ADA YANG SEDIA MEMBANTU MELOLOSKAN SEMUA GAME ONLINE DI FIREWALL NYA IPCOP. SAYA TELAH MENCOBA DENGAN MEMBYPASS MENGGUNAKAN ADDRESS-LIST DI NAT NYA MIKROTIK,DAN SAYA MENCOBA JUGA MENGEDIT DI FILE rc.firewall nya ipcop, MASIH BLM BERHASIL SECARA MEMUASKAN.SEMOGA ADA YANG BERKENAN


    regards,
    sekedar masukan utk yg make proxy di jaringan warnet+game:
    1. klo pake load-balance usahakan yg di LB cuma port 80 aja dari si proxy (apapun itu jenis distronya Click here to enlarge)
    2. di mesin external proxy ga perlu set firewall apapun, karena NAT ada di mikrotik, yg penting squidnya diset transparan, ex: http_port 3128:transparent
    3. sekali lagi jgn lupa redirect port 80 dari klien ke proxy, pake DST-NAT silakan cek threadnya di forum ini (wa yakin ente pasti bisa, man)
    4. yg di LB hanya proxy... ingat, hanya proxy, bukan akses dari LAN/Lokal (jika squid sejajar mikrotik) alasannya, supaya setiap akses yg tidak mengizinkan multiple IP tetap lancar, keuntungannya POker FB ga bakal reconnect.

    Apa yg wa sampe kan ini sudah wa terapkan, hasilnya patching game very very maknyussssss, biar user patching sendiri (ngurangi kerjaan admin) dan itu jadi nilai plus utk warnet+game milik ente sekalian.
    Last edited by juniorbrother; 14-02-2010 at 21:27. Reason: nambahin alasan kenapa hanya proxy yg di-LB

  4. The Following User Says Thank You to juniorbrother For This Useful Post:


  5. #94
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by juniorbrother Click here to enlarge
    sekedar masukan utk yg make proxy di jaringan warnet+game:
    1. klo pake load-balance usahakan yg di LB cuma port 80 aja dari si proxy (apapun itu jenis distronya Click here to enlarge)
    2. di mesin external proxy ga perlu set firewall apapun, karena NAT ada di mikrotik, yg penting squidnya diset transparan, ex: http_port 3128:transparent
    3. sekali lagi jgn lupa redirect port 80 dari klien ke proxy, pake DST-NAT silakan cek threadnya di forum ini (wa yakin ente pasti bisa, man)
    4. yg di LB hanya proxy... ingat, hanya proxy, bukan akses dari LAN/Lokal (jika squid sejajar mikrotik) alasannya, supaya setiap akses yg tidak mengizinkan multiple IP tetap lancar, keuntungannya POker FB ga bakal reconnect.

    Apa yg wa sampe kan ini sudah wa terapkan, hasilnya patching game very very maknyussssss, biar user patching sendiri (ngurangi kerjaan admin) dan itu jadi nilai plus utk warnet+game milik ente sekalian.
    Thanks for infonya bro....
    Kasus saya ga pake LB, pake proxy nya IPCOP, bermasalah hanya di game saja dan ternyata banyak juga yang mengalami masalah yang sama dengan IPCOP ketika saya bongkar bongkar oom google.di IPCOP nya segala macam firewall ga ada yang dipake, redirect hanya untuk port 80 (pastinya).Sudah terapkan juga Open High Port di IPCOP nya dengan sedikit tambahan script di rc firewall.....Belum tuntas juga......Click here to enlarge

  6. #95
    Status
    Offline
    irfanulhakim's Avatar
    Baru Gabung
    Join Date
    Feb 2010
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    1 KBps = 1 x 2^10 byte/second = 1,024 byte/second
    bit mempergunakan satuan desimal oleh sebab itu :
    1 kilobit = 1 x 10^3 bit = 1000 bit
    sedangkan byte mempergunakan satuan biner, oleh sebab itu :
    1 KiloByte = 1 x 2^10 = 1024 Byte.

    265146=256KBps kurang lebih lah...

    CMIIW.
    Untuk paket game sesuaikan aja dengan jumlah kliennya brp.alokasikan sesuai kebutuhan.
    Limit download tersebut berarti 256KBps untuk seluruh klien.
    Dear Bro Dingo,

    Thanks atas penjelasannya... Click here to enlarge
    Saya pake ISP 1 Mbps untuk 5 PC client.
    Jika saya setting untuk browsing = 320K
    download = 196K dan sisanya untuk game, poker dan upload.
    Apakah untuk game, poker dan upload, sesuai settingan mikrotik dari bro dingo itu rebutan bandwidth?
    Kenapa game, poker dan upload di max-limit=0?
    Apakah cukup kalau saya alokasikan bandwidth sebesar +/- 400k (sisa dari browsing dan download)?

    Thanks,

    Irfan

  7. The Following User Says Thank You to irfanulhakim For This Useful Post:


  8. #96
    Status
    Offline
    siber's Avatar
    Member Super Senior
    Join Date
    Oct 2009
    Location
    www.hikmah-teknologi.com
    Posts
    616
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    Thanks for infonya bro....
    Kasus saya ga pake LB, pake proxy nya IPCOP, bermasalah hanya di game saja dan ternyata banyak juga yang mengalami masalah yang sama dengan IPCOP ketika saya bongkar bongkar oom google.di IPCOP nya segala macam firewall ga ada yang dipake, redirect hanya untuk port 80 (pastinya).Sudah terapkan juga Open High Port di IPCOP nya dengan sedikit tambahan script di rc firewall.....Belum tuntas juga......Click here to enlarge
    itu redirect/dstnat,
    kalau dari mikroitk ke proxy external, gunakan dstnat
    seperti di jelaskan om juniorbrother, di ipcop cukup di set ex:http_port 3128:transparent

    filewall(tembok geni)/iptables di ipcop di bunuh ajah, jangan ada redirect di ipcop, cukup dari dstnat mikrotik saja Click here to enlarge

  9. #97
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by siber Click here to enlarge
    itu redirect/dstnat,
    kalau dari mikroitk ke proxy external, gunakan dstnat
    seperti di jelaskan om juniorbrother, di ipcop cukup di set ex:http_port 3128:transparent

    filewall(tembok geni)/iptables di ipcop di bunuh ajah, jangan ada redirect di ipcop, cukup dari dstnat mikrotik saja Click here to enlarge
    Kayaknya ada misscall eh miss comunicate nih. Gw luruskan lagi dah permasalahan gw. SEMUA YANG BERTALIAN DENGAN REDIRECT/DSTNAT SUDAH OK GAN. DISET TRANSPARENT DI IPCOPNYA JUGA UD OK, BROWSING NORMAL DAN JOSS DISELURUH JARINGAN. PERSOALAN ANE CUMA DI GAME GAN, BEGITU COBA MAIN GAME BANYAK YANG GA BISA MASUK. AKHIRNYA TUH SI IPCOP ANE BIKIN GA TRANSPARENT. DISET MANUAL DI KLIEN NYA (MOZILA,FLOCK DLL). TERNYATA DENGAN BEGITU SI GAME LANCAR. TERKESAN SI GAME INI GA KOMPROMI SAMA SI IPCOP....GITU GAN.

    ANYWAY THANKS GAN BUAT MASUKANNYA, INI DALEMANNYA rc.firewall IPCOP yang di bold itu tambahan ane gan.

    #!/bin/sh
    #
    # $Id: rc.firewall,v 1.7.2.24 2007/11/17 08:12:29 owes Exp $
    #

    eval $(/usr/local/bin/readhash /var/ipcop/ppp/settings)
    eval $(/usr/local/bin/readhash /var/ipcop/ethernet/settings)
    if [ -f /var/ipcop/red/iface ]; then
    IFACE=`/bin/cat /var/ipcop/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
    fi
    if [ -f /var/ipcop/red/device ]; then
    DEVICE=`/bin/cat /var/ipcop/red/device 2> /dev/null | /usr/bin/tr -d '\012'`
    fi

    iptables_init() {
    # Flush all rules and delete all custom chains
    /sbin/iptables -F
    /sbin/iptables -t nat -F
    /sbin/iptables -t mangle -F
    /sbin/iptables -X
    /sbin/iptables -t nat -X
    /sbin/iptables -t mangle -X

    # Set up policies
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P FORWARD DROP
    /sbin/iptables -P OUTPUT ACCEPT

    # Empty LOG_DROP and LOG_REJECT chains
    /sbin/iptables -N LOG_DROP
    /sbin/iptables -A LOG_DROP -m limit --limit 10/minute -j LOG
    /sbin/iptables -A LOG_DROP -j DROP
    /sbin/iptables -N LOG_REJECT
    /sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG
    /sbin/iptables -A LOG_REJECT -j REJECT

    # This chain will log, then DROPs packets with certain bad combinations
    # of flags might indicate a port-scan attempt (xmas, null, etc)
    /sbin/iptables -N PSCAN
    /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
    /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
    /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
    /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
    /sbin/iptables -A PSCAN -j DROP

    # New tcp packets without SYN set - could well be an obscure type of port scan
    # that's not covered above, may just be a broken windows machine
    /sbin/iptables -N NEWNOTSYN
    /sbin/iptables -A NEWNOTSYN -m limit --limit 10/minute -j LOG --log-prefix "NEW not SYN? "
    /sbin/iptables -A NEWNOTSYN -j DROP

    # Chain to contain all the rules relating to bad TCP flags
    /sbin/iptables -N BADTCP

    # Disallow packets frequently used by port-scanners
    # nmap xmas
    /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN
    # Null
    /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN
    # FIN
    /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN
    # SYN/RST (also catches xmas variants that set SYN+RST+...)
    /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
    # SYN/FIN (QueSO or nmap OS probe)
    /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
    # NEW TCP without SYN
    /sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN

    /sbin/iptables -A INPUT -j BADTCP
    /sbin/iptables -A FORWARD -j BADTCP

    }

    iptables_red() {
    /sbin/iptables -F REDINPUT
    /sbin/iptables -F REDFORWARD
    /sbin/iptables -t nat -F REDNAT

    # PPPoE / PPTP Device
    if [ "$IFACE" != "" ]; then
    # PPPoE / PPTP
    if [ "$DEVICE" != "" ]; then
    /sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
    fi
    if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
    if [ "$RED_DEV" != "" ]; then
    /sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
    fi
    fi
    fi

    # PPTP over DHCP
    if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
    /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
    /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
    fi

    # Orange pinholes
    if [ "$ORANGE_DEV" != "" ]; then
    # This rule enables a host on ORANGE network to connect to the outside
    # (only if we have a red connection)
    if [ "$IFACE" != "" ]; then
    /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT
    /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT
    fi
    fi

    if [ "$IFACE" != "" -a -f /var/ipcop/red/active ]; then
    # DHCP
    if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
    /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    fi
    if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
    /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    fi

    # Outgoing masquerading
    /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE

    fi
    }

    # See how we were called.
    case "$1" in
    start)
    iptables_init

    # Limit Packets- helps reduce dos/syn attacks
    # original do nothing line
    #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
    # the correct one, but the negative '!' do nothing...
    #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP

    # Fix for braindead ISP's
    /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

    # CUSTOM chains, can be used by the users themselves
    /sbin/iptables -N CUSTOMINPUT
    /sbin/iptables -A INPUT -j CUSTOMINPUT
    /sbin/iptables -N CUSTOMFORWARD
    /sbin/iptables -A FORWARD -j CUSTOMFORWARD
    /sbin/iptables -N CUSTOMOUTPUT
    /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
    /sbin/iptables -t nat -N CUSTOMPREROUTING
    /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
    /sbin/iptables -t nat -N CUSTOMPOSTROUTING
    /sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING

    # filtering from GUI
    /sbin/iptables -N GUIINPUT
    /sbin/iptables -A INPUT -j GUIINPUT

    # Accept everything connected
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    # traffic from ipsecX/tun/tap interfaces, before "-i GREEN_DEV" accept everything
    /sbin/iptables -N IPSECVIRTUAL
    /sbin/iptables -N OPENSSLVIRTUAL
    /sbin/iptables -A INPUT -j IPSECVIRTUAL
    /sbin/iptables -A INPUT -j OPENSSLVIRTUAL
    /sbin/iptables -A FORWARD -j IPSECVIRTUAL
    /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL

    # TAMBAHAN
    /sbin/iptables -A INPUT -p tcp --destination-port 1056:65535 -j ACCEPT
    /sbin/iptables -A INPUT -p udp --destination-port 1056:65535 -j ACCEPT


    # localhost and ethernet.
    /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
    /sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
    /sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
    /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
    /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
    /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
    /sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT

    # If a host on orange tries to initiate a connection to IPCop's red IP and
    # the connection gets DNATed back through a port forward to a server on orange
    # we end up with orange -> orange traffic passing through IPCop
    [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT

    # allow DHCP on BLUE to be turned on/off
    /sbin/iptables -N DHCPBLUEINPUT
    /sbin/iptables -A INPUT -j DHCPBLUEINPUT

    # IPsec
    /sbin/iptables -N IPSECPHYSICAL
    /sbin/iptables -A INPUT -j IPSECPHYSICAL

    # OpenSSL
    /sbin/iptables -N OPENSSLPHYSICAL
    /sbin/iptables -A INPUT -j OPENSSLPHYSICAL

    # WIRELESS chains
    /sbin/iptables -N WIRELESSINPUT
    /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
    /sbin/iptables -N WIRELESSFORWARD
    /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD

    # RED chain, used for the red interface
    /sbin/iptables -N REDINPUT
    /sbin/iptables -A INPUT -j REDINPUT
    /sbin/iptables -N REDFORWARD
    /sbin/iptables -A FORWARD -j REDFORWARD
    /sbin/iptables -t nat -N REDNAT
    /sbin/iptables -t nat -A POSTROUTING -j REDNAT

    iptables_red

    # DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
    # ORANGE to talk to GREEN / BLUE.
    /sbin/iptables -N DMZHOLES
    if [ "$ORANGE_DEV" != "" ]; then
    /sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
    fi

    # XTACCESS chain, used for external access
    /sbin/iptables -N XTACCESS
    /sbin/iptables -A INPUT -m state --state NEW -j XTACCESS

    # PORTFWACCESS chain, used for portforwarding
    /sbin/iptables -N PORTFWACCESS
    /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS

    # Custom prerouting chains (for transparent proxy and port forwarding)
    /sbin/iptables -t nat -N SQUID
    /sbin/iptables -t nat -A PREROUTING -j SQUID
    /sbin/iptables -t nat -N PORTFW
    /sbin/iptables -t nat -A PREROUTING -j PORTFW


    # Custom mangle chain (for port fowarding)
    /sbin/iptables -t mangle -N PORTFWMANGLE
    /sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE

    # Postrouting rules (for port forwarding)
    /sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
    --to-source $GREEN_ADDRESS
    if [ "$BLUE_DEV" != "" ]; then
    /sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
    fi
    if [ "$ORANGE_DEV" != "" ]; then
    /sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
    fi


    # run local firewall configuration, if present
    if [ -x /etc/rc.d/rc.firewall.local ]; then
    /etc/rc.d/rc.firewall.local start
    fi

    # last rule in input and forward chain is for logging.
    /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
    /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
    ;;
    stop)
    iptables_init
    # Accept everyting connected
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # localhost and ethernet.
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT

    if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" -a "$IFACE" != "" ]; then
    /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    fi
    if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" -a "$IFACE" != "" ]; then
    /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
    fi

    # run local firewall configuration, if present
    if [ -x /etc/rc.d/rc.firewall.local ]; then
    /etc/rc.d/rc.firewall.local stop
    fi

    /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
    /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
    ;;
    reload)
    iptables_red

    # run local firewall configuration, if present
    if [ -x /etc/rc.d/rc.firewall.local ]; then
    /etc/rc.d/rc.firewall.local reload
    fi
    ;;
    restart)
    $0 stop
    $0 start
    ;;
    *)
    echo "Usage: $0 {start|stop|reload|restart}"
    exit 1
    ;;
    esac

    exit 0

  10. #98
    Status
    Offline
    juniorbrother's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    agan dingo,
    klo liat konfig IPCOP yg ente punya itu, kayaknya ni, firewall masih aktif. sebaiknya disable semua, ato di-flush fw nya. wa pake ubuntu 9.10 ga ada satu pun firewall yg aktif. semua mt yg atur, dan si proxy ga nge-nat sama sekali. tolong dicek lagi gan Click here to enlarge. kan percuma sudah pake mt tapi masih set manual proxy di client. kurang keren gitchu looohh gan Click here to enlarge

  11. #99
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by juniorbrother Click here to enlarge
    agan dingo,
    klo liat konfig IPCOP yg ente punya itu, kayaknya ni, firewall masih aktif. sebaiknya disable semua, ato di-flush fw nya. wa pake ubuntu 9.10 ga ada satu pun firewall yg aktif. semua mt yg atur, dan si proxy ga nge-nat sama sekali. tolong dicek lagi gan Click here to enlarge. kan percuma sudah pake mt tapi masih set manual proxy di client. kurang keren gitchu looohh gan Click here to enlarge
    Disablenya gmn gan? soalnya di settingannya ga ada disable....

  12. #100
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by irfanulhakim Click here to enlarge
    Dear Bro Dingo,

    Thanks atas penjelasannya... Click here to enlarge
    Saya pake ISP 1 Mbps untuk 5 PC client.
    Jika saya setting untuk browsing = 320K
    download = 196K dan sisanya untuk game, poker dan upload.
    Apakah untuk game, poker dan upload, sesuai settingan mikrotik dari bro dingo itu rebutan bandwidth?
    Kenapa game, poker dan upload di max-limit=0?
    Apakah cukup kalau saya alokasikan bandwidth sebesar +/- 400k (sisa dari browsing dan download)?

    Thanks,

    Irfan
    Sampe kelewat nih saking konsen ke postingan ipcop, sorry bro baru balas.Sekedar saran untuk browse 500k aja biar yang browse enjoy, download 196k uda ok.Poker, game dan Upload limit nya saya kasih 0 artinya seadanya bandwith bro, ga dilimit.Tidak berebut tapi bagi rata.Untuk poker juga sama.yang harus diperhatikan di que tree harus ada parent dan child.

  13. #101
    Status
    Offline
    irfanulhakim's Avatar
    Baru Gabung
    Join Date
    Feb 2010
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    Sampe kelewat nih saking konsen ke postingan ipcop, sorry bro baru balas.Sekedar saran untuk browse 500k aja biar yang browse enjoy, download 196k uda ok.Poker, game dan Upload limit nya saya kasih 0 artinya seadanya bandwith bro, ga dilimit.Tidak berebut tapi bagi rata.Untuk poker juga sama.yang harus diperhatikan di que tree harus ada parent dan child.
    Dear Bro Dingo,

    Thanks atas sarannya....
    Tanya lagi nih, kalau di settingan bro dingo untuk:
    name="Game" parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

    Untuk parent: dengan nama global-total itu artinya apa yah?
    Kalau global-in, apakah sama dengan ethernet (interface) yang ke arah LAN?
    Kalau global-out, apakah sama dengan ethernet (interface) yang ke arah WAN?

    Mohon bantuannya, karena, download saya bisa di cekek, tapi knp kok tidak bisa tercapture di Avg.Rate pada Queue Tree nya?

    Untuk browse, upload dan poker sudah dapat di capture.

    Thanks.

    Irfan.

  14. #102
    Status
    Offline
    juniorbrother's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bro dingo, bisa dicoba ini mudah2an bisa membantu.
    Mengenai game yg tiba2 mental wa sarankan "hanya port 80 dari LAN yg di-DST-NAT ke port IPCOP" dan ada kemungkinan pada waktu terjadi insiden game mental tsb load dari networknya bro dingo di luar kemampuan spidi (alias spidinya lagi batuk2). Kita kan ga bisa garansi bw inter sama iix dari spidi itu yg aslinya brp, paling2 cuma memperkirakan. Nah di sinilah letak kelemahan warnet+game yg semata2 mengandalkan 1 line spidi. minimal 2 line lah, pake LB pola ECMP (sebagaimana yg disarankan master unique_leader kepada wa). Trafik yg berat2 kayak port http & ftp dilewatkan pada jalur alternatif aja. sementara trafik dari port2 lain yg sifatnya konstan koneksinya kayak dns, port2 game dilewatkan pada jalur utama.

  15. #103
    Status
    Offline
    dingo's Avatar
    Member Super Senior
    Join Date
    Jan 2008
    Location
    Puncak Kesejukan
    Posts
    641
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by juniorbrother Click here to enlarge
    bro dingo, bisa dicoba ini mudah2an bisa membantu.
    Mengenai game yg tiba2 mental wa sarankan "hanya port 80 dari LAN yg di-DST-NAT ke port IPCOP" dan ada kemungkinan pada waktu terjadi insiden game mental tsb load dari networknya bro dingo di luar kemampuan spidi (alias spidinya lagi batuk2). Kita kan ga bisa garansi bw inter sama iix dari spidi itu yg aslinya brp, paling2 cuma memperkirakan. Nah di sinilah letak kelemahan warnet+game yg semata2 mengandalkan 1 line spidi. minimal 2 line lah, pake LB pola ECMP (sebagaimana yg disarankan master unique_leader kepada wa). Trafik yg berat2 kayak port http & ftp dilewatkan pada jalur alternatif aja. sementara trafik dari port2 lain yg sifatnya konstan koneksinya kayak dns, port2 game dilewatkan pada jalur utama.
    Can anybody tell me how to disable firewall in my IPCop please?
    Remove IPCOP. Click here to enlarge

    Game mental ketika menggunakan proxy ipcop secara transparent saja bro. Itu berarti di bandwith sapidi ok ok saja.

    Thanks bro ud bantu nyari info....But till now I can't solve this.....
    Mau nyerah penasaran he he he Click here to enlarge

  16. #104
    Status
    Offline
    siber's Avatar
    Member Super Senior
    Join Date
    Oct 2009
    Location
    www.hikmah-teknologi.com
    Posts
    616
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingo Click here to enlarge
    Can anybody tell me how to disable firewall in my IPCop please?
    Remove IPCOP. Click here to enlarge

    Game mental ketika menggunakan proxy ipcop secara transparent saja bro. Itu berarti di bandwith sapidi ok ok saja.

    Thanks bro ud bantu nyari info....But till now I can't solve this.....
    Mau nyerah penasaran he he he Click here to enlarge
    coba buat script :
    rc.flush-tembokgeni

    isinya :

    #!/bin/sh
    #
    # Flush all rules and delete all custom chains
    /sbin/iptables -F
    /sbin/iptables -t nat -F
    /sbin/iptables -t mangle -F
    /sbin/iptables -X
    /sbin/iptables -t nat -X
    /sbin/iptables -t mangle -X

    # Set up policies
    /sbin/iptables -P INPUT ACCEPT
    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables -P OUTPUT ACCEPT
    lalu ubah chmod +x rc.flush-tembokgeni

    jalankan ./rc.flush-tembokgeni (ada titik di depan /)
    atau sh rc.flush-tembokgeni

    kalau mau auto booting taruh script itu di rc.local
    maaf ipcop gak tau model directorynya, udah lama gak megang ipcop

  17. #105
    Status
    Offline
    juniorbrother's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @ atas: Mantap GAN Click here to enlarge
    @bro dingo: Sabar, masih banyak jalan. Ato mo coba distro lain? (membujuk=mode ON) soalnya IPCOP itu mmg terkenal di-firewallnya yg super-strict (bawaan default) klo distro laen yg tergantung pas install mo diaktifin ato ga. Bro dingo sedang ga dalam sponsorship IPCOP kan?

  18. The Following User Says Thank You to juniorbrother For This Useful Post:


 

 
Page 7 of 98 FirstFirst ... 567891757 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 9 users browsing this thread. (0 members and 9 guests)

Similar Threads

  1. manajemen bandwidth pada warnet dan game online
    By wp11b in forum General Networking
    Replies: 7
    Last Post: 09-08-2011, 12:12
  2. [ Need ] isp yang bagus buat warnet & game online
    By thecapt in forum ISP / Network Link
    Replies: 8
    Last Post: 29-08-2009, 06:31
  3. GAME Online Lineage2 Masuk Internasional ????? :th_cry3:
    By limaliang88 in forum General Networking
    Replies: 4
    Last Post: 23-03-2009, 10:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •