Archive for 2013
[MIKROTIK] Membangun VPN (Virtual Private Network) dengan Mikrotik
Kamis, 20 Juni 2013
Posted by Unknown
Bagaimana caranya agar rekan-rekan anda yang ada di luar office dapat mengakses PC di kantor (connect dengan internet) seolah rekan-rekan anda bisa bekerja seperti di dalam kantor? Maka VPN solusinya. Nah berikut langkah-langkah membangun VPN pada Mikrotik:
1. Setelah mendapat IP Public dari Internet Provider, selanjutnya kita akan melakukan konfigurasi PPP -> PPTP SERVER. ( Point To Point Tunneling Protocol).
Gambar 1. Setting PPP
2. Buat New Interface PPTP Server. Klik OK.
Gambar 2. Setting Interface PPTP
3. Berikutnya kita membuat IP Pool, atau sekelompok IP Address yang digunakan untuk mengalokasikan sejumlah IP bagi VPN Client per-user yang nantinya akan terkoneksikan ke Mikrotik VPN Server kita. Selain dengan IP Pool, kita juga bisa mendelegasikan IP Address satu per satu per-user. Tapi jika jumlah VPN Client-nya banyak, maka cara ini yang paling tepat untuk dilakukan. Caranya : Klik menu IP –> POOL.
Gambar 3. New IP Pool
4. Kemudian kita buat sebuah Profile dengan nama VPN, pada menu PPP > Profile. Local Address adalah IP Address yang digunakan sebagai VPN Gateway oleh Mikrotik (yaitu IP Address Mikrotik LAN). Remote Address adalah IP Address yang akan diberikan kepada masing-masing VPN Client. IP Address inilah yang dikenali dan berkomunikasi dengan PC yang lain.
Gambar 4. Setting New PPP Profile
5. Selanjutnya kita klik PPTP SERVER. Option inilah yang menentukan apakah Fitur PPTP SERVER berfungsi atau tidak di Mikrotik kita. Aktifkan / centang tanda “ENABLE” lalu pilih Default Profile yang telah kita buat pada langkah keempat.
Gambar 5. Setting PPTP Server
6. Langkah selanjutnya adalah membuat User VPN pada tab SECREET. Setting Username, Password, Service: PPTP dan Profile VPN seperti gambar di bawah
Gambar 6. Setting PPP Secret
7. Selesai. Sedangkan untuk connect ke VPN kantor sendiri caranya:
- Setup a new connection atau network untuk VPN. Klik START > Control Panel > Network and Internet
- Klik Set up a connection or network
- Pilih dan klik Connect to Workplace
- Internet Address: masukkan dengan ip public koneksi kantor, lalu Next
- Masukkan user dan password yang telah kita buat sebelumnya di mikrotik. Connect
Bila sudah terhubung, berarti setting VPN pada Mikrotik anda sudah benar
Selamat Mencoba
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] Membangun VPN (Virtual Private Network) dengan Mikrotik
Pertama-tama pastikan PC yang akan digunakan sebagai PC router minimal memiliki 2 buah Lan Card yang sudah terpasang dengan baik.
Kedua saya asumsikan anda semua telah menginstall Sistem operasi Ubuntu Server pada pc anda.
Setelah PC di install berikutnya adalah konfigurasi IP address pada masing-masing lan Card PC,
asumsi :
- Eth0 ==> 192.168.2.51 ==> terkoneksi dengan internet
- Eth1 ==> 192.168.10.1 ==> terkoneksi dengan jaringan Local
Setting ip dengan perintah :
# nano /etc/network/interfaces
Kemudian edit filenya menjadi sebagai berikut:
auto eth0iface eth0 inet staticaddress 192.168.2.13netmask 255.255.255.0network 192.168.2.0broadcast 192.168.2.255gateway 192.168.2.1
auto eth1iface eth1 inet staticaddress 192.168.10.1netmask 255.255.255.0network 192.168.10.0broadcast 192.168.10.255
Simpan dengan cara tekan esc dan :wq
Setelah itu kita setting DNS, disini kita pakai DNSnya Google dengan cara
# nano /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Simpan dengan cara tekan esc dan :wq
Setelah setting IP dan DNS maka restart networknya dengan cara
# /etc/init.d/networking restart
Lihat hasil konfigurasi
# ifconfig
Jika belum muncul maka kita harus meng-up kan eth yang telah kita setting
# ifup eth0
# ifup eth1
Lihat hasil konfigurasi
# ifconfig
Kemudian aktifkan ip forward dengan cara:
# nano /etc/sysctl.conf
Cari baris berikut
#net.ipv4.ip_forward=1
Setelah itu hilangkan tanda pagar sehingga menjadi
net.ipv4.ip_forward=1
Masukan ipforward dengan perintah
# echo 1 > /proc/sys/net/ipv4/ip_forward
Cek apakah nilai ip_forward jika hasilnya 1 berarti sukses
# nano /proc/sys/net/ipv4/ip_forward
Kemudian masukkan script IPTABLES dengan perintah
# iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE
Catatan eth0 diatas adalah eth yang terkoneksi dengan internet
Simpan IPTABLES dengan perintah
# iptables-save
Maka PC ROUTER anda sudah siap, tapi konfigurasi IPTABLES diatas akan hilang jika kita merestart PC (komputer). Maka untuk mencegah IPTABLES hilang saat komputer di restart kita harus membuat agar script IPTABLES di load otomatis saat komputer dinyalakan (boot).
Lalu bagaimana caranya..???
Caranya adalah sebagai berikut:
# nano /etc/rc.local
Taruh script IPTABLES sebelum exit 0 sehingga seperti berikut :
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE
exit 0
Jangan lupa disimpan esc :wq
Setelah itu silahkan restart/reboot komputer anda
# reboot
Selamat Mencoba
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [TUTORIAL] Membuat Router di Ubuntu Server
Pertama, Masuk ke mikrotik anda menggunakan winbox, kemudian klik menu New Terminal dan selanjutnya ketikan perintah berikut :
/tool user-manager database save name=db_userman.umb
Jika berhasil, file hasil backup tersebut otomatis tersimpan di file list mikrotik anda dengan nama db_userman.umb
Sebaiknya file backup tersebut anda simpan di komputer agar jika sewaktu-waktu bencana menimpa router mikrotik (mati total) maka anda masih mempunyai backupnya di komputer dan tinggal menguploadnya kembali ke router yang baru.
Dan jika benar-benar bencana itu suatu waktu menimpa router mikrotik anda, maka untuk melakukan restore database userman mikrotik anda lakukan perintah berikut :
- Upload terlebih dahulu file backup userman anda ke dalam root directory file list mikrotik
- kemudian buk aNew Terminal dan ketikan perintah berikut :
tool user-manager database load name=db_userman.umb
Selanjutnya coba masuk ke usermanager, jika proses restore database userman berjalan dengan baik maka semua data-data user manager anda akan kembali dengan sempurna
Selamat Mencoba
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] Cara backup database user manager mikrotik
[TUTORIAL] Install DNS Unbound High Performance Squid Lusca FMI di Ubuntu Server
Selasa, 11 Juni 2013
Posted by Unknown
"Salam blogger!!" Setelah sobat menyelesaikan tugas di Cara Install Proxy Lusca FMI di Ubuntu 10.10 64 Bit "wakakak kaya guru ni pake tugas segala" mari Kita melanjutkan artikel yang tertunda yaitu Cara Install DNS Unbound High Performance Squid Lusca FMI di Ubuntu Server
Fungsinya agar Squid Lusca FMI kita lebih optimal menerima request dari user yang masuk ke squid langsung saja ke langkah-langkahnya :
Warning : Install DNS unbound Proxy ini saya lakukan Via PuTTy
Sebelum menginstall DNS Unbound ini sebaiknya di OPTIMALKAN dahulu Squid ubuntu kita dengan Cara :
# lsmod |grep -i btrfs
# nano /etc/fstab
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo “root soft nofile 65536″ >> /etc/security/limits.conf
# echo “root hard nofile 65536″ >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
tambahkan :
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
Fungsinya agar Squid Lusca FMI kita lebih optimal menerima request dari user yang masuk ke squid langsung saja ke langkah-langkahnya :
Warning : Install DNS unbound Proxy ini saya lakukan Via PuTTy
Sebelum menginstall DNS Unbound ini sebaiknya di OPTIMALKAN dahulu Squid ubuntu kita dengan Cara :
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo “root soft nofile 65536″ >> /etc/security/limits.conf
# echo “root hard nofile 65536″ >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
tambahkan :
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
Selanjutnya >>>>>>>>>
1. Install DNS Unbound
Silah copas kode dibawah ini dan pastekan di terminal PuTTY sobat (alangkah baiknya di copy dulu di notepad setelah itu baru di paste di terminal putty)
apt-get install unbound -y && cd /etc/unbound && wget ftp://FTP.INTERNIC.NET/domain/named.cache && unbound-control-setup && chown unbound:root unbound_* && chmod 440 unbound_*
2. Copy file unbound.conf dengan Program WinSCP
Jika sobat belum punya silahkan download dulu disini unbound.conf
jangan lupa di extarct pake winrar terus Sobat pastekan file Unbound.conf yang telah di download ke /etc/unbound/
stelah itu -----------reboot ubuntu---------- sobat. [#reboot]
3. Periksa Status Unbound yang sudah terinstall sobat dengan cara :
---------------------------------
unbound-control status
unbound-control stats
---------------------------------
4. Restart Unbound Service
---------------------------------
/etc/init.d/unbound restart
---------------------------------
jika tulisan sudah [OK] berarti sobat berhasil menngInstall DNS Unbound High Performance di ubuntu dan untuk setting mikrotiknya silahkan download Setting Firewall dan Mangle Mikrotik
Semoga bermanfaat,.. untuk Monitoring Lusca FMI berlanjut ke postingan berikutnya,..! salam sukses.
1. Install DNS Unbound
Silah copas kode dibawah ini dan pastekan di terminal PuTTY sobat (alangkah baiknya di copy dulu di notepad setelah itu baru di paste di terminal putty)
apt-get install unbound -y && cd /etc/unbound && wget ftp://FTP.INTERNIC.NET/domain/named.cache && unbound-control-setup && chown unbound:root unbound_* && chmod 440 unbound_*
2. Copy file unbound.conf dengan Program WinSCP
Jika sobat belum punya silahkan download dulu disini unbound.conf
jangan lupa di extarct pake winrar terus Sobat pastekan file Unbound.conf yang telah di download ke /etc/unbound/
stelah itu -----------reboot ubuntu---------- sobat. [#reboot]
3. Periksa Status Unbound yang sudah terinstall sobat dengan cara :
---------------------------------
unbound-control status
unbound-control stats
---------------------------------
4. Restart Unbound Service
---------------------------------
/etc/init.d/unbound restart
---------------------------------
jika tulisan sudah [OK] berarti sobat berhasil menngInstall DNS Unbound High Performance di ubuntu dan untuk setting mikrotiknya silahkan download Setting Firewall dan Mangle Mikrotik
Semoga bermanfaat,.. untuk Monitoring Lusca FMI berlanjut ke postingan berikutnya,..! salam sukses.
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [TUTORIAL] Install DNS Unbound High Performance Squid Lusca FMI di Ubuntu Server
Berikut ini adalah beberapa perintah yang dapat Anda lakukan untuk melihat performansi squid proxy server anda. Perintah ini dapat anda buat dalam bentuk file berextensi ".sh" dan letakkan di direktori /usr/sbin, sehingga anda tidak perlu menghapalkan syntax2 tersebut. Cukup membantu untuk para network administrator atau teknisi.
1. Perintah pertama
squidclient -h localhost -p 8080 mgr:info
Sesuaikan port 8080 dengan port squid Anda.
Hasilnya:
HTTP/1.0 200 OK
Server: squid/2.7.STABLE7
Date: Fri, 20 Aug 2010 12:29:34 GMT
Content-Type: text/plain
Expires: Fri, 20 Aug 2010 12:29:34 GMT
X-Cache: MISS from proxy1.netsolusindo.com
X-Cache-Lookup: MISS from proxy1.netsolusindo.com:8080
Via: 1.0 proxy1.netsolusindo.com:8080 (squid/2.7.STABLE7)
Connection: close
Squid Object Cache: Version 2.7.STABLE7
Start Time: Wed, 18 Aug 2010 12:00:39 GMT
Current Time: Fri, 20 Aug 2010 12:29:34 GMT
Connection information for squid:
Number of clients accessing cache: 2
Number of HTTP requests received: 1179697
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 405.5
Average ICP messages per minute since start: 0.0
Select loop called: 22503753 times, 7.756 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 35.1%, 60min: 35.9%
Byte Hit Ratios: 5min: 16.9%, 60min: 20.7%
Request Memory Hit Ratios: 5min: 0.2%, 60min: 1.2%
Request Disk Hit Ratios: 5min: 77.8%, 60min: 75.0%
Storage Swap size: 27342220 KB
Storage Mem size: 6136 KB
Mean Object Size: 18.78 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.61549 0.52331
Cache Misses: 1.05672 0.80651
Cache Hits: 0.10857 0.13498
Near Hits: 0.64968 0.52331
Not-Modified Replies: 0.17711 0.05951
DNS Lookups: 0.04854 0.04433
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 174534.204 seconds
CPU Time: 3182.603 seconds
CPU Usage: 1.82%
CPU Usage, 5 minute avg: 5.86%
CPU Usage, 60 minute avg: 3.71%
Process Data Segment Size via sbrk(): 176960 KB
Maximum Resident Size: 693520 KB
Page faults with physical i/o: 920117
Memory usage for squid via mallinfo():
Total space in arena: 176960 KB
Ordinary blocks: 165139 KB 80926 blks
Small blocks: 0 KB 0 blks
Holding blocks: 10020 KB 7 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 11820 KB
Total in use: 175159 KB 94%
Total free: 11820 KB 6%
Total size: 186980 KB
Memory accounted for:
Total accounted: 102900 KB
memPoolAlloc calls: 224927337
memPoolFree calls: 221979688
File descriptor usage for squid:
Maximum number of file descriptors: 1024
Largest file desc currently in use: 638
Number of file desc currently in use: 477
Files queued for open: 0
Available number of file descriptors: 547
Reserved number of file descriptors: 100
Store Disk files open: 1
IO loop method: epoll
Internal Data Structures:
1456421 StoreEntries
520 StoreEntries with MemObjects
449 Hot Object Cache Items
1456302 on-disk objects
2. Perintah kedua
tail -f /var/log/squid/access.log | ccze
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
3. Perintah ketiga
squidclient -h localhost -p 8080 mgr:info | grep Hit
Sama seperti perintah pertama, sesuaikan -p 8080 dengan port squid Anda.
Hasilnya:
Request Hit Ratios: 5min: 32.1%, 60min: 35.4%
Byte Hit Ratios: 5min: 14.9%, 60min: 17.4%
Request Memory Hit Ratios: 5min: 3.0%, 60min: 1.0%
Request Disk Hit Ratios: 5min: 84.6%, 60min: 77.2%
Cache Hits: 0.15888 0.19742
Near Hits: 1.24267 0.72387
SELAMAT MENCOBA . . .
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [TUTORIAL] Perintah monitoring squid proxy
RDP Account Dumped 02-06-2013
208.80.239.233@access;access
69.40.165.1 theresa???
204.16.143.154|cafeuser|cafeuser
71.243.113.158 AdminisTrator www.163.com
80.153.134.237@Administrateur;Administrateur
189.10.233.242@lucas;lucas
189.89.164.238@juliana;123456
201.77.114.57@mariana;mariana
200.140.196.107@camila;camila
201.34.77.242@camila;camila
189.124.19.13@eduardo;eduardo
200.146.85.131@camila;123
200.166.189.150@fernanda;123
200.249.85.137@natalia;123
200.153.103.58@bruna;123
184.74.192.198|canon|canon
65.242.7.132|parts|parts
63.243.19.3|training1|training1
65.43.14.238|shipping|shipping123
63.139.223.131|presentation|presentation
199.47.70.11 khurram 12345
68.96.158.49|temp|temp
216.171.181.188|helpdesk|helpdesk
70.60.207.215|frontdesk|frontdesk
71.40.165.18|frontdesk|frontdesk
189.124.113.2@daniel;123456
69.151.127.232 test1 test1
69.57.62.190 testing testing
24.106.8.138|installer|installer
201.65.242.186@jessica;123
189.20.85.212@thiago;thiago
184.76.32.242|remote|remote
148.233.184.202|test|test
170.2.4.199|John|john
67.76.139.139|sales|sales
66.236.145.68|sales|sales
65.38.212.27|access|access
69.70.82.218|sales|sales
64.222.230.166|sales|sales
149.135.12.140|test|test
69.40.165.1 theresa???
204.16.143.154|cafeuser|cafeuser
71.243.113.158 AdminisTrator www.163.com
80.153.134.237@Administrateur;Administrateur
189.10.233.242@lucas;lucas
189.89.164.238@juliana;123456
201.77.114.57@mariana;mariana
200.140.196.107@camila;camila
201.34.77.242@camila;camila
189.124.19.13@eduardo;eduardo
200.146.85.131@camila;123
200.166.189.150@fernanda;123
200.249.85.137@natalia;123
200.153.103.58@bruna;123
184.74.192.198|canon|canon
65.242.7.132|parts|parts
63.243.19.3|training1|training1
65.43.14.238|shipping|shipping123
63.139.223.131|presentation|presentation
199.47.70.11 khurram 12345
68.96.158.49|temp|temp
216.171.181.188|helpdesk|helpdesk
70.60.207.215|frontdesk|frontdesk
71.40.165.18|frontdesk|frontdesk
189.124.113.2@daniel;123456
69.151.127.232 test1 test1
69.57.62.190 testing testing
24.106.8.138|installer|installer
201.65.242.186@jessica;123
189.20.85.212@thiago;thiago
184.76.32.242|remote|remote
148.233.184.202|test|test
170.2.4.199|John|john
67.76.139.139|sales|sales
66.236.145.68|sales|sales
65.38.212.27|access|access
69.70.82.218|sales|sales
64.222.230.166|sales|sales
149.135.12.140|test|test
© 2013 shad0w-share
Source : Dz ForumRating: 4.5
Reviewer: Unknown
ItemReviewed: RDP Account Dumped 02-06-2013
Gencarnya kejahatan cyber saat ini sudah sangat mengkhawatirkan banyak orang tentunya. Banyak sekali orang yang meraup keuntungan dari melakukan kejahatan di dunia maya atau biasa disebut dengan istilah cyber crime. Misalnya saja seperti mencuri data pribadi penting hanya menggunakan jaringan. Dan ini bisa membuat banyak orang rugi besar hanya karena data pribadinya dicuri dan disalah gunakan. Misalnya saja seperti data pin atm yang dicuri atau pun lain sebagainya. Bisa rugi besar jika memang seseorang yang dicuri pin atm nya tersebut memiliki banyak simpanan uang pada rekening atm nya.
Cara Menonaktifkan Windows Defender Pada Windows 7 Pictures
Nah, maka dari itu ada baiknya kita menggunakan berbagai macam proteksi terhadap jaringan komputer yang kita gunakan. Gunakanlah proteksi yang benar-benar kuat dan sudah terbukti kualitasnya. Sehingga nantinya anda tidak kecolongan data penting pribadi anda oleh para cyber crime. Sebenarnya, secara default pada sistem operasi windows sudah terdapat windows defender yang berfungsi untuk mencegah atau pun memproteksi komputer dari serangan malware dari internet. Namun, ada juga orang yang mungkin berpendapat windows defender kurang bagus dan kurang baik dalam hal memproteksi komputer. Dan tentunya jika sudah berkata demikian, seseorang tersbut memiliki aplikasi anti malware atau spyware yang lebih baik daripada windows defender.
Dan jika anda pernah terpikir untuk menonaktifkan fitur windows defender tersebut, maka anda sudah membaca artikel yang tepat. Karena kali ini congkel akan membahas mengenai cara menonaktifkan windows defender pada windows 7.
Berikut langkah-langkahnya.
Namun jika ingin menonaktifkan agar Windows Defender tidak lagi aktif ketika Windows booting maka lakukan cara berikut.
Cara Menonaktifkan Windows Defender Pada Windows 7 Pictures
Nah, maka dari itu ada baiknya kita menggunakan berbagai macam proteksi terhadap jaringan komputer yang kita gunakan. Gunakanlah proteksi yang benar-benar kuat dan sudah terbukti kualitasnya. Sehingga nantinya anda tidak kecolongan data penting pribadi anda oleh para cyber crime. Sebenarnya, secara default pada sistem operasi windows sudah terdapat windows defender yang berfungsi untuk mencegah atau pun memproteksi komputer dari serangan malware dari internet. Namun, ada juga orang yang mungkin berpendapat windows defender kurang bagus dan kurang baik dalam hal memproteksi komputer. Dan tentunya jika sudah berkata demikian, seseorang tersbut memiliki aplikasi anti malware atau spyware yang lebih baik daripada windows defender.
Dan jika anda pernah terpikir untuk menonaktifkan fitur windows defender tersebut, maka anda sudah membaca artikel yang tepat. Karena kali ini congkel akan membahas mengenai cara menonaktifkan windows defender pada windows 7.
Berikut langkah-langkahnya.
- Pertama-tama, buka aplikasi Windows Defender dengan cara klik tombol Start, dan ketik Windows Defender kemudian tekan enter.
- Klik menu Tools, dan pada bagian Settings klik Options.
- Klik menu Administrator.
- Terakhir, hilangkan tanda centang pada bagian Use this Program.
Namun jika ingin menonaktifkan agar Windows Defender tidak lagi aktif ketika Windows booting maka lakukan cara berikut.
- Klik Start dan ketik services.msc dan tekan Enter.
- Pada jendela Services, Scroll ke bawah dan cari daftar yang bertuliskan Windows Defender kemudian klik dua kali pada windows defender.
- Terakhir, pada bagian Startup type, pilih Disable dan kemudian klik tombol OK.
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [TUTORIAL] Cara Menonaktifkan Windows Defender Pada Windows 7
Bagi yang mempunyai warnet khusunya
Warnet yang bertemakan GAME ONLINE
Berikut ini adalah mangle port game online yang nanti nya anda masukkan ke queue tree atau queue simple yang akan di jadikan prioritas yang tertinggi di mikrotik router,berikut ini mangle mangle port game online :
Di paket kan dulu Semua Game nya:
/ip firewall mangle
add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" \
passthrough=no
Mangle POKER tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="POKER KONEKSI" \
disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle AYODANCE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="AYODANCE KONEKSI" \
disabled=no dst-port=18901,18902,18903,18904,18905,18906,18907,18908,18909 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
Mangle SEAL ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="SEAL ONLINE KONEKSI" \
disabled=no dst-port=1818 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle LINE AGE2 tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="LINE AGE2 KONEKSI" \
disabled=no dst-port=7777 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle POINT BLANK udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="POINT BLANK KONEKSI UDP" \
disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
Mangle POINT BLANK tcp port
/ip firewall mangle
add chain=prerouting action=mark-connection \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=39190 comment="POINT BLANK KONEKSI TCP"
Mangle RF udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="RF KONEKSI UDP" \
disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 \
new-connection-mark="GAME KONEKSI" passthrough=no protocol=udp
Mangle RF-ELVENT tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="RF-ELVENT KONEKSI" \
disabled=no dst-port=27780 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle PERFECT WORLD tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="PERFECT WORLD KONEKSI" \
disabled=no dst-port=29000 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle ROHAN tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ROHAN KONEKSI" \
disabled=no dst-port=22100 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle ROHAN tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ZEUS RO KONEKSI" \
disabled=no dst-port=5121 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle DOTA tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="DOTTA KONEKSI" \
disabled=no dst-port=6000-6152 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle GHOST ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="GHOST ONLINE KONEKSI" \
disabled=no dst-port=19101 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle GHOST ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="WOW AMPM KONEKSI" \
disabled=no dst-port=8085 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle DRIFT CITY tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="DRIFT CITY KONEKSI" \
disabled=no dst-port=11011-11041 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle GET AMPED tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="GET AMPED KONEKSI" \
disabled=no dst-port=13413 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=tcp
Mangle YULLGANG tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="YULLGANG KONEKSI" \
disabled=no dst-port=19000 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle IDOL STREET tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="IDOL STREET KONEKSI" \
disabled=no dst-port=2001 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle CRAZY KART tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CRAZY KART KONEKSI" \
disabled=no dst-port=9601-9602 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle RAN ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="RAN ONLINE KONEKSI" \
disabled=no dst-port=5105 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle CROSS FIRE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CROSS FIRE KONEKSI TCP" \
disabled=no dst-port=10009 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle CROSS FIRE udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CROSS FIRE KONEKSI UDP" \
disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
Mangle RETURN OF WARRIOR tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="RETURN OF WARRIOR" \
disabled=no dst-port=10402 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle CRAZY KART 2 tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CRAZY KART 2" \
disabled=no dst-port=9600 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle LUNA ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="LUNA ONLINE" \
disabled=no dst-port=15002 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle RUNES OF MAGIC tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="RUNES OF MAGIC" \
disabled=no dst-port=16402-16502 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle FRESH RO tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="FRESH RO" \
disabled=no dst-port=5126 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle CABAL INDONESIA tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CABAL INDONESIA" \
disabled=no dst-port=15001,15002 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle WAR ROCK tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="WAR ROCK" \
disabled=no dst-port=5340-5352 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle FASTBLACK tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="FASTBLACK" \
disabled=no dst-port=6000-6001 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle ROSE ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ROSE ONLINE" \
disabled=no dst-port=29200 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle X-SHOT TCP tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="X-SHOT TCP" \
disabled=no dst-port=7341,7451 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle X-SHOT TCP udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="X-SHOT UDP" \
disabled=no dst-port=7808,30000 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
Mangle TANTRA ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="TANTRA ONLINE" \
disabled=no dst-port=3010 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle HEROES OF NEWEARTH INCATAMERS tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="HEROES OF NEWEARTH INCATAMERS TCP" \
disabled=no dst-port=11031 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Mangle HEROES OF NEWEARTH INCATAMERS udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="HEROES OF NEWEARTH INCATAMERS UDP" \
disabled=no dst-port=11100-11125,11440-11460 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
Mangle ATLANTICA tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ATLANTICA" \
disabled=no dst-port=4300 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp dst-address=203.89.147.0/24
Mangle ECO ONLINE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ECO ONLINE" \
disabled=no dst-port=12011,12110 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp
Semoga Bermanfaat
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] Mangle Port Game Online Mikrotik Router
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] NAT MANGLE PROXI HIT
Untuk masa sekarang ini, Mikrotik sangat bermanfaat dalam suatu jaringan anda serta perangkat - perangkat yang sangat membantu anda dalam membangun suatu Jaringan, baik dalam bentuk Pembagi bandwith, antenna, dan lain - lainnya, dan pada mikrotik juga terdapat security yang dapat menjaga mikrotik anda. Dan disini saya akan membagi beberapa script security untuk menjaga keamanan Mikrotik anda semua, berikut script security mikrotik, anda dapat mengcopy script tersebut ke notepad kemudian pastekank ke "New terminal" pada mikrotik anda ;
/ip firewall filter
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=udp
add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward disabled=no jump-target=virus
add action=drop chain=input connection-state=invalid disabled=no
add action=accept chain=input disabled=no protocol=udp
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=accept chain=input disabled=no dst-port=21 protocol=tcp
add action=accept chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix="DROP INPUT"
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix="DROP INPUT"
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] SCRIPT SECURITY
Ada beberapa cara setting jam atau tanggal agar sesuai di system mikrotik osnya dengan NTP Client, defaultnya mah ngaco. Emang ini bwt apaan gan? bwt apa aja boleeh. Yang pertama kita lakuin adalah setting time zone sesuai wilayah anda
Setting Time Zone
- Klik menu System lalu Clock
- Klik dropdown menu Time Zone Name, pilih sesuai daerah anda. Contoh saya di jakarta dan saya pilih Asia/Jakarta.
- Klik Apply
- Anda bisa lihat di kotak GMT Offset berubah jadi +07:00 (jakarta)
Selanjutnya kita tarik sinkronisasi dari NTP server
Setting SNTP Client
- Klik menu System lalu SNTP Client.
- Centang atau klik “Enabled“
- Klik “Mode” drop down dan set pilihan ke “unicast“
- DI winbox masukin alamat NTP Server yang mau dipakai di kotak NTP Server, contoh disini saya pakai 0.id.pool.ntp.org dan 1.id.pool.ntp.org
- Klik Apply dan alamat yang tadi kita masukin berubah jadi IP address.
- Lihat jam dan tanggal router mikrotik anda, harusnya sudah berubah dengan yang sebenarnya.
Kok kagak berubah gan jam dan waktunya gan? Mikrotiknya harus konek ke INTERNET yah.
Kok udah berubah tapi jauh amat jamnya ama jam dirumah ane? Periksa Time Zonenya udah bener belom.
Semoga Membantu :D
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] Cara Setting Jam Mikrotik Sebagai NTP Client
Ros V4.9
Sesuaikan ip dijaringan anda
10.0.0.0/24 = ip_local client
192.168.1.100 = ip proxy Ext <-Kalo Ada
10.0.0.30 = ip router
/ip firewall address-list
add address=10.0.0.30 comment="" disabled=no list=bypass
add address=192.168.1.100 comment="" disabled=no list=bypass
add address=192.168.1.100 comment="" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment="" disabled=no list=skip_content_download
Penjelasan:
Buat dulu ip di address_list buat pisahin agar tidak ketangkap oleh rule difilter dan mangle
/ip firewall layer7-protocol
add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"
Penjelasan:
Regex content Layer7
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=!skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp
Penjelasan:
filter buat nangkap ip content L7
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing passthrough=no
Penjelasan:
Kita buat manglenya buat nandain keneksi download pake connbyte digabungin dgn ip_content L7 yg kita tangkap tadi + nandain koneksi browsing
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=200
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN priority=8 queue=pcq-down
Penjelasan:
Masalah limit download udah selesai sampai disini, skarang tinggal rule untuk Drop koneksi IDM (tetap nangkapnya memakai content L7
/ip firewall filter
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp
Penjelasan:
Langsung Filter aja pake conn_limit trus di Drop (perhatikan in-interfacenya sesuaikan dgn nama interface yg menuju Local client anda
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] LIMITER IDM
/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=ICMP_KONEKSI passthrough=yes comment="ICMP_KONEKSI" disabled=yes
/ip firewall mangle add chain=prerouting protocol=icmp connection-mark=ICMP_KONEKSI action=mark-packet new-packet-mark=ICMP_PAKET passthrough=no comment="ICMP_PAKET" disabled=yes
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] ICMP
Dsni hanya membahas game online IIX maka langkah pertama kita buat address-list yang berisi list IP address IIX. Cara nya, buka New Terminal di winbox dan ketikan perintah bekikut:
/tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc mode=http;
Kemudian di-import dengan perintah:
Import nice.rsc
Setelah address-list nice siap, lanjutkan dengan konfigurasi MANGLE
Untuk warnet dengan 1 ISP, kita hanya perlu membedakan antara traffic game & browsing dari prioritas nya di Queue yang perlu dilakukan antara lain sbb;
Langkah pertama, Tangkap traffic game online berdasarkan port nya masing2 dengan dengan mark-connection :
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Ayo Dance" disabled=no dst-address-list=nice dst-port=18900-18910 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Seal Online" disabled=no dst-address-list=nice dst-port=1818 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Lineage 2" disabled=no dst-address-list=nice dst-port=7777 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=IDS disabled=no dst-address-list=nice dst-port=2001 new-connection-mark=\
game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=PB-UDP disabled=no dst-address-list=nice dst-port=40000-40010 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=PB-TCP disabled=no dst-address-list=nice dst-port=39000-40000 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Ghost Online" disabled=no dst-address-list=nice dst-port=19101 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=RF-Elven disabled=no dst-address-list=nice dst-port=27780 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Perfect World" disabled=no dst-address-list=nice dst-port=29000 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=Rohan disabled=no dst-address-list=nice dst-port=22100 new-connection-mark=\
game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Zeus RO" disabled=no dst-address-list=nice dst-port=5121 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=DOTA disabled=no dst-address-list=nice dst-port=6000-6125 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Crazy Kart" disabled=no dst-address-list=nice dst-port=9600-9602 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="WOW AMPM" disabled=no dst-address-list=nice dst-port=8085 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Drift City" disabled=no dst-address-list=nice dst-port=11011-11041 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=GetAmped disabled=no dst-address-list=nice dst-port=13413 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=Yullgang disabled=no dst-address-list=nice dst-port=19000 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="RAN Online" disabled=no dst-address-list=nice dst-port=5105 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Cross Fire TCP" disabled=no dst-address-list=nice dst-port=\
10009,13008,16666,28012 new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Cross Fire UDP" disabled=no dst-address-list=nice dst-port=\
12020-12080,13000-13080 new-connection-mark=game-online-indonesia passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="War Rock" disabled=no dst-address-list=nice dst-port=5340-5352 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Fast Black" disabled=no dst-address-list=nice dst-port=6000-6001 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Rose Online" disabled=no dst-address-list=nice dst-port=29200 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Crazy Kart 2" disabled=no dst-address-list=nice dst-port=9600 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Return of Warrior" disabled=no dst-address-list=nice dst-port=10402 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Luna Online" disabled=no dst-address-list=nice dst-port=15000-15002 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Runes of Magic" disabled=no dst-address-list=nice dst-port=16400-16502 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Fresh Ragnarok PS" disabled=no dst-address-list=nice dst-port=5171 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Tantra Online" disabled=no dst-address-list=nice dst-port=3010 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=Atlantica disabled=no dst-address-list=nice dst-port=4300 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ECO Online" disabled=no dst-address-list=nice dst-port=12011,12110 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Cabal Indonesia" disabled=no dst-address-list=nice dst-port=15000-15002 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=Avalon disabled=no dst-address-list=nice dst-port=9376-9377 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="X-Shot UDP" disabled=no dst-address-list=nice dst-port=7777-7977,30000 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="3 Kingdoms" disabled=no dst-address-list=nice dst-port=15000-15002 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="Grand Chase TCP" disabled=no dst-address-list=nice dst-port=\
9300,9400,9700 new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Grand Chase UDP" disabled=no dst-address-list=nice dst-port=9401,9600 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=MAKO disabled=no dst-address-list=nice dst-port=21000-21020 \
new-connection-mark=game-online-indonesia passthrough=yes protocol=tcp
Kemudian bikin mark-packet agar dapat ditangkap di Queue berdasarkan mark-connection yang dibuat tadi (dalam contoh disini nama mark-connection nya adalah "game-online-indonesia")
/ip firewall mangle add chain=prerouting connection-mark=game-online-indonesia action=mark-packet new-packet-mark=Game
trus bikin satu lagi mark-packet untuk trafic diluar traffic game yang sudah dibuat tadi:
/ip firewall mangle add chain=prerouting connection-mark=[COLOR="Red"][COLOR="Black"]![/COLOR][/COLOR]game-online-indonesia action=mark-packet new-packet-mark=Browsing
Terakhir, tinggal buat 2 queue berdasarkan 2 packet-mark tadi yaitu Game dan Browsing... berikut contoh untuk warnet yang punya bandwidth 512kbps downstream/upstream...
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 \
interface=all max-limit=512k/512k name=Game packet-marks="Game" parent=none priority=1 \
queue=default-small/default-small total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 \
interface=all max-limit=512k/512k name=Browsing packet-marks="Browsing" parent=none priority=8 \
queue=default-small/default-small total-queue=default-small
Dengan begitu antara traffic game dan yang bukan game udah terpisahkan namun belum ada pembagian bandwidth per client nya... untuk itu kita tinggal membuat queue child dengan parent "Browsing" kemudian masukan target-address sesuai dengan IP address tiap2 PC-client nya tanpa packet-mark...
Contoh:
/queue simple add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 \
interface=all limit-at=32k/64k max-limit=64k/128k name=PC-2 parent=Browsing priority=4 queue=default-small/default-small target-addresses=10.0.0.2/32 total-queue=default-small
Perlu diingat dalam memasukan angka limit-at, akumulasi dari keseluruhan queue child tidak boleh melebihi total max-limit dari queue parent nya...
Berikutnya, untuk warnet yang punya multi backbone, maka akan kita pisahkan dengan Static Routing...
krn dari mangle dengan action mark-connection di atas kita hanya perlu merubah nya menjadi mark-routing...
contoh nya 1 aja yach
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Ayo Dance" disabled=no dst-address-list=nice dst-port=18900-18910 \
new-routing-mark=game-online-indonesia passthrough=yes protocol=tcp
tinggal ulangi semua yang di atas tadi dengan mengganti mark-connection ke mark-routing dan new-connection-mark ganti ke new-routing-mark...
Terakhir, bikin Routing nya:
/ip route add gateway [ip address gateway ISP-A]
/ip route add gateway [ip address gateway ISP-B] routing-mark=game-online-indonesia
Semoga gak ada yang keliru di tutorial ini :D
Rating: 4.5
Reviewer: Unknown
ItemReviewed: [MIKROTIK] GAME ONLINE IIX