trimakasih banyak atas pencerahannya,,,walauupun ane msh sdikit bingung.tp ane g kan nyerah .ane coba dl praktekin tar hasilnya ane minta penilaian dr master,,,,,
---------- Post added at 04:14 ---------- Previous post was at 02:47 ----------
[IMG] Uploaded with [/IMG]# jan/ 7/2011 4:11: 6 by RouterOS 4.9
# software id = X7I2-2B6W
#
Flags: X - disabled, I - invalid, D - dynamic
4294967295> ;;; pointblank
chain=game action=mark-connection new-connection-mark=game.conn
passthrough=yes protocol=udp dst-port=40000-40010
4294967295> chain=game action=mark-connection new-connection-mark=game.conn
passthrough=yes protocol=tcp dst-port=49100
4294967295> chain=game action=mark-connection new-connection-mark=game.conn
passthrough=yes protocol=tcp dst-port=39190
4294967295> chain=game action=mark-packet new-packet-mark=game.packet passthrough=no
connection-mark=game.conn
4294967295> chain=prerouting action=jump jump-target=game
4294967295> ;;; Speedtest
chain=forward action=mark-connection new-connection-mark=Speedtest
passthrough=yes protocol=tcp dst-address-list=speed dst-port=80
4294967295> chain=forward action=mark-packet new-packet-mark=Speedtest passthrough=no
connection-mark=Speedtest
4294967295> ;;; bandwith
chain=prerouting action=mark-connection new-connection-mark=pc01
passthrough=yes src-address=192.168.0.1
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc01 passthrough=no
connection-mark=pc01
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc02
passthrough=yes src-address=192.168.0.2
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc02 passthrough=no
connection-mark=pc02
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc03
passthrough=yes src-address=192.168.0.3
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc03 passthrough=no
connection-mark=pc03
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc04
passthrough=yes src-address=192.168.0.4
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc04 passthrough=no
connection-mark=pc04
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc05
passthrough=yes src-address=192.168.0.5
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc05 passthrough=no
connection-mark=pc05
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc06
passthrough=yes src-address=192.168.0.6
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc06 passthrough=no
connection-mark=pc06
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc07
passthrough=yes src-address=192.168.0.7
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc07 passthrough=no
connection-mark=pc07
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc08
passthrough=yes src-address=192.168.0.8
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc08 passthrough=no
connection-mark=pc08
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc09
passthrough=yes src-address=192.168.0.9
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc09 passthrough=no
connection-mark=pc09
4294967295> chain=prerouting action=mark-connection new-connection-mark=pc10
passthrough=yes src-address=192.168.0.10
4294967295> chain=prerouting action=mark-packet new-packet-mark=pc10 passthrough=no
connection-mark=pc10
4294967295> ;;; Mark-connection Semua Trafik
chain=prerouting action=mark-connection
new-connection-mark=Koneksi Semua Trafik passthrough=yes
src-address=192.168.0.0/27
4294967295> ;;; Mark-connection Koneksi Internasional
chain=prerouting action=mark-connection
new-connection-mark=Koneksi Internasional passthrough=yes
src-address=192.168.0.0/27 dst-address-list=!nice
connection-mark=Koneksi Semua Trafik
4294967295> ;;; Mark-packet koneksi internasional
chain=prerouting action=mark-packet
new-packet-mark=Koneksi Internasional passthrough=no
connection-mark=Koneksi Internasional
4294967295> ;;; Mark-packet Koneksi IIX
chain=prerouting action=mark-packet new-packet-mark=Koneksi IIX
passthrough=no
ane salah dmn y ko gak ada pergerakan....???![]()
pahami dulu penggunaan jump sebelum menggunakan jump
main jump jump aja si agan
saya kurang setuju kalo chain tersebut di sebut chain=gameCode:chain=prerouting action=jump jump-target=game
karena semua traffic yg masuk dari prerouting akan di jump ke chain=game
tp bukan hanya traffic game saja yg lompat kesana
anda menjump traffic yang tidak pernah di kembalikan ke prerouting
itu sama aja kayak menyuruh semua packet masuk ke lobang hitam, semua yg masuk gk tau hilang kemana
itu salah satu alasan kenapa counter byte nya tidak ada pergerakan
gimana nasib traffic lain ya???
jangan me-mark-con pada chain forward
lbh baik di prerouting, karena ada keterhubungan dengan yg lain
apa gk bingung mikrotik
jika anda me-mark-con per client satu2 dan juga ada mark-con IIX dan IX ?
Last edited by adiputrolds; 07-01-2011 at 10:32.
mantap Gan..
dirapihkan dulu marking-nya, karena markingnya masih ngga jelas itu port darimana mau kemana, pake in-interface buat menentukan marking-nya agar ngga bingung tuh RB nge-mark packet-nya
penggunaan jump seperti yang disampaikan oleh bro electrix_85 membuat marking semakin membingungkan, tree-nya juga dirapihkan, tujuan dari tree yang dibuat sebenarnya mau kemana? ngelimit dengan sistem seperti ini malah berantakan tree-nya
masih bingung, kalo pake que tree di atas, pasti webproxy ke client nya juga ikut ke limit.
gmn yah caranya, biar dari client ke modem di limit, tapi ke proxy ke client di loss.
udah pake TOS tetep aja kena limit.![]()
coba dulu ahh kalo berhasil ane kasih es teh hehehhe
ane lagi coba bikin squid gan...
tolong donk untuk nat nya di share kan kalo kita pake mangle yang di kasih agan...
untuk mangle mark paket apa gak perlu di kasih in interface ato out interface
maaf kalo pertanyaannya dasar banget jangan di marahi,,,,ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PROXY-HIT DSCP=12 passtrough=no![]()
numpang share...mohon koreksinya para master...trm ksh....
masih bingung gmn cara menambahkan mangle + queue tree buat game agar mendapat prioritas lbh tinggi....mohon petunjuknya...trm ksh....Code:ip firewall layer7-protocol add comment="" name=Streaming regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)" ip firewall mangle add action=mark-packet new-packet-mark=proxy-hit dscp=12 passthrough=no chain=prerouting comment="PROXY-HIT-DSCP 12" ip firewall mangle add action=mark-connection new-connection-mark=streaming dst-address=!192.168.10.1 chain=prerouting layer7-protocol=Streaming comment="STREAMING-CONN" ip firewall mangle add action=mark-connection new-connection-mark=server-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.1 comment="SERVER-IIX-CONN" ip firewall mangle add action=mark-connection new-connection-mark=pc01-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.2 comment="CLIENT-IIX-CONN" ip firewall mangle add action=mark-connection new-connection-mark=pc02-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.3 ip firewall mangle add action=mark-connection new-connection-mark=pc03-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.4 ip firewall mangle add action=mark-connection new-connection-mark=pc04-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.5 ip firewall mangle add action=mark-connection new-connection-mark=pc05-IIX-conn dst-address-list=nice chain=prerouting src-address=192.168.10.6 ip firewall mangle add action=mark-connection new-connection-mark=server-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.1 comment="SERVER-INT-CONN" ip firewall mangle add action=mark-connection new-connection-mark=pc01-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.2 comment="CLIENT-INT-CONN" ip firewall mangle add action=mark-connection new-connection-mark=pc02-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.3 ip firewall mangle add action=mark-connection new-connection-mark=pc03-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.4 ip firewall mangle add action=mark-connection new-connection-mark=pc04-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.5 ip firewall mangle add action=mark-connection new-connection-mark=pc05-INT-conn dst-address-list=!nice chain=prerouting src-address=192.168.10.6 ip firewall mangle add action=mark-packet new-packet-mark=streaming packet-mark=!proxy-hit connection-mark=streaming chain=prerouting passthrough=no comment="STREAMING-PACKET" ip firewall mangle add action=mark-packet new-packet-mark=server-IIX packet-mark=!proxy-hit connection-mark=server-IIX-conn chain=prerouting passthrough=no comment="SERVER-IIX-PACKET" ip firewall mangle add action=mark-packet new-packet-mark=pc01-IIX packet-mark=!proxy-hit connection-mark=pc01-IIX-conn chain=prerouting passthrough=no comment="CLIENT-IIX-PACKET" ip firewall mangle add action=mark-packet new-packet-mark=pc02-IIX packet-mark=!proxy-hit connection-mark=pc02-IIX-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc03-IIX packet-mark=!proxy-hit connection-mark=pc03-IIX-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc04-IIX packet-mark=!proxy-hit connection-mark=pc04-IIX-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc05-IIX packet-mark=!proxy-hit connection-mark=pc05-IIX-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=server-INT packet-mark=!proxy-hit connection-mark=server-INT-conn chain=prerouting passthrough=no comment="SERVER-INT-PACKET" ip firewall mangle add action=mark-packet new-packet-mark=pc01-INT packet-mark=!proxy-hit connection-mark=pc01-INT-conn chain=prerouting passthrough=no comment="CLIENT-INT-PACKET" ip firewall mangle add action=mark-packet new-packet-mark=pc02-INT packet-mark=!proxy-hit connection-mark=pc02-INT-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc03-INT packet-mark=!proxy-hit connection-mark=pc03-INT-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc04-INT packet-mark=!proxy-hit connection-mark=pc04-INT-conn chain=prerouting passthrough=no ip firewall mangle add action=mark-packet new-packet-mark=pc05-INT packet-mark=!proxy-hit connection-mark=pc05-INT-conn chain=prerouting passthrough=no queue type add name=download-IIX kind=pcq pcq-rate=1M pcq-classifier=dst-address queue type add name=upload-IIX kind=pcq pcq-rate=512k pcq-classifier=src-address queue type add name=download-INT kind=pcq pcq-rate=512k pcq-classifier=dst-address queue type add name=upload-INT kind=pcq pcq-rate=256k pcq-classifier=src-address queue tree add name=".:PROXY HIT:." parent=Local packet-mark=proxy-hit priority=1 queue tree add parent=Local max-limit=0 name=DOWNLOAD priority=8 queue tree add parent=DOWNLOAD max-limit=0 name=DOWNSERVER-IIX priority=4 queue tree add parent=DOWNLOAD max-limit=280k name=DOWNCLIENT-IIX burst-limit=0 burst-threshold=0 burst-time=0s priority=6 queue tree add parent=DOWNLOAD max-limit=0 name=DOWNSERVER-INT priority=4 queue tree add parent=DOWNLOAD max-limit=160k name=DOWNCLIENT-INT burst-limit=0 burst-threshold=0 burst-time=0s priority=6 queue tree add parent=DOWNLOAD limit-at=0 max-limit=80k name=STREAMING packet-mark=streaming queue=download-INT burst-limit=112k burst-threshold=72k burst-time=5s queue tree add parent=DOWNSERVER-IIX limit-at=0 max-limit=0 name=SERVER-IIX packet-mark=server-IIX queue=download-IIX queue tree add parent=DOWNCLIENT-IIX limit-at=128k max-limit=280k name=PC01-IIX packet-mark=pc01-IIX queue=download-IIX queue tree add parent=DOWNCLIENT-IIX limit-at=128k max-limit=280k name=PC02-IIX packet-mark=pc02-IIX queue=download-IIX queue tree add parent=DOWNCLIENT-IIX limit-at=128k max-limit=280k name=PC03-IIX packet-mark=pc03-IIX queue=download-IIX queue tree add parent=DOWNCLIENT-IIX limit-at=128k max-limit=280k name=PC04-IIX packet-mark=pc04-IIX queue=download-IIX queue tree add parent=DOWNCLIENT-IIX limit-at=128k max-limit=280k name=PC05-IIX packet-mark=pc05-IIX queue=download-IIX queue tree add parent=DOWNSERVER-INT limit-at=0 max-limit=0 name=SERVER-INT packet-mark=server queue=download-INT queue tree add parent=DOWNCLIENT-INT limit-at=64k max-limit=160k name=PC01-INT packet-mark=pc01-INT queue=download-INT queue tree add parent=DOWNCLIENT-INT limit-at=64k max-limit=160k name=PC02-INT packet-mark=pc02-INT queue=download-INT queue tree add parent=DOWNCLIENT-INT limit-at=64k max-limit=160k name=PC03-INT packet-mark=pc03-INT queue=download-INT queue tree add parent=DOWNCLIENT-INT limit-at=64k max-limit=160k name=PC04-INT packet-mark=pc04-INT queue=download-INT queue tree add parent=DOWNCLIENT-INT limit-at=64k max-limit=160k name=PC05-INT packet-mark=pc05-INT queue=download-INT queue tree add name=UPLOAD parent=Public max-limit=0 priority=6 queue tree add name=UPLOADSERVER-IIX parent=UPLOAD max-limit=0 priority=4 queue tree add name=UPLOADCLIENT-IIX parent=UPLOAD max-limit=256k burst-limit=300k burst-threshold=200k burst-time=5s priority=6 queue tree add name=UPLOADSERVER-INT parent=UPLOAD max-limit=0 priority=4 queue tree add name=UPLOADCLIENT-INT parent=UPLOAD max-limit=128k burst-limit=256k burst-threshold=112k burst-time=5s priority=6 queue tree add parent=UPLOADSERVER-IIX limit-at=0 max-limit=0 name=SERVER-UP-IIX packet-mark=server-IIX queue=upload-IIX queue tree add parent=UPLOADCLIENT-IIX limit-at=128k max-limit=256k name=PC01-UP-IIX packet-mark=pc01-IIX queue=upload-IIX queue tree add parent=UPLOADCLIENT-IIX limit-at=128k max-limit=256k name=PC02-UP-IIX packet-mark=pc02-IIX queue=upload-IIX queue tree add parent=UPLOADCLIENT-IIX limit-at=128k max-limit=256k name=PC03-UP-IIX packet-mark=pc03-IIX queue=upload-IIX queue tree add parent=UPLOADCLIENT-IIX limit-at=128k max-limit=256k name=PC04-UP-IIX packet-mark=pc04-IIX queue=upload-IIX queue tree add parent=UPLOADCLIENT-IIX limit-at=128k max-limit=256k name=PC05-UP-IIX packet-mark=pc05-IIX queue=upload-IIX queue tree add parent=UPLOADSERVER-INT limit-at=0 max-limit=0 name=SERVER-UP-INT packet-mark=server-INT queue=upload-INT queue tree add parent=UPLOADCLIENT-INT limit-at=64k max-limit=128k name=PC01-UP-INT packet-mark=pc01-INT queue=upload-INT queue tree add parent=UPLOADCLIENT-INT limit-at=64k max-limit=128k name=PC02-UP-INT packet-mark=pc02-INT queue=upload-INT queue tree add parent=UPLOADCLIENT-INT limit-at=64k max-limit=128k name=PC03-UP-INT packet-mark=pc03-INT queue=upload-INT queue tree add parent=UPLOADCLIENT-INT limit-at=64k max-limit=128k name=PC04-UP-INT packet-mark=pc04-INT queue=upload-INT queue tree add parent=UPLOADCLIENT-INT limit-at=64k max-limit=128k name=PC05-UP-INT packet-mark=pc05-INT queue=upload-INT
Last edited by zoky; 24-01-2011 at 12:52.
jadi bingung nih yang mana....
dylavig;188158]hmm harusnya tuh chain utk proxy hit pakai postrouting deh. cmiiw
utk settingan NAT harusnya jg std aja. cmn paling karena pakai proxy jadi perlu bikin redirect port 80 ke port proxy server
Last edited by coenk; 25-01-2011 at 04:54.
^
bagian itu di sesuaikan aja ke mangle rules bro Coenk jg. klu di tmpt ku sih postroutingip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=PROXY-HIT DSCP=12 passtrough=no![]()
pusing yang kayak begini![]()
There are currently 3 users browsing this thread. (0 members and 3 guests)