iklan

Setting Squid Proxy External, Hit, Queues Tree Serta Mangle Di Mikrotik (2Nd Mode)

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik

Topology Jaringan Saya Seperti Ini


Dalam sebuah jaringan internet menyerupai diwarnet-warnet itu sangat cocok dengan memakai Server proxy apalagi warnet yang khususnya Game online, Server proxy ini sangat mendukung untuk kelancaran jaringan anda, yang mana nantinya didalam server anda akan mendukung squid proxy, Hit, Queues tree dan Mangle pada mikrotik anda, berikut tutornya.

Sebelumnya aku akan menerapkan IP address dari beberapa jaringan aku :
IP Address Ehter1 untuk koneksi dari modem : 192.168.1.2
IP Address Ether2 untuk koneksi Local 192.168.0.1
IP Address Ether3 ke Proxy : 192.168.5.1
dan
IP Address External Proxy : 192.168.5.2 (Green IpCop)
Sebelum memulai tutorialnya jangan lupa untuk menyesuaikan "nama interface" Routerboar mikrotik anda serta menyesuaikan IP address tutorial ini dengan ip address jaringan anda, disini kita akan membahasa duduk kasus hit squid Proxy, pembagian bandwith d0wnl0ad serta upload dan juga perihal Ping untuk Game Online dan Browsing.
Langsung saja kepermasalahan, untuk permulaan ada sanggup mengeset interface lan anda lewat "new terminal" di Mikrotik, berikut nama interface di mikrotik saya,

Set Interface Mikrotik
/interface set 0 name=Public
/interface set 1 name=Local
/interface set 2 name=Proxy
Maka balasannya sanggup anda lihat menyerupai gambar dibawah ini
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Set IP Address pada tiap-tiap interface (ketik di new terminal)
/ip address add address=192.168.1.2 netmask=255.255.255.0 interface=Public
/ip address add address=192.168.0.1 netmask=255.255.255.0 interface=Local
/ip address add address=192.168.5.1 netmask=255.255.255.0 interface=Proxy
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Set range jaringan Local anda
/ip pool add name=pool ranges=192.168.0.2-192.168.0.254
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Set DNS jaringan (Sesuaikan dengan DNS Anda)
/ip dns set servers=203.130.208.18 allow-remote-requested=yes
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)
Setting Gateway sesuai dengan gateway jaringan anda (dari ISP)
/ip route add gateway=192.168.1.1
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting IP Firewall Nat di Mikrotik, disini diterapkan juga Nat untuk Redirect Proxy Squid dengan memakai port 3128,
Bila mana pada Firewall nat ada terdapat IP address dan nama interface, maka sesuaikan dengan IP address dan nama interface mikrotik anda, berikut perintahnya :
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.0.0/24 action=masquerade src-address-list="REGISTRASI IP CLIENT" comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.5.0/24 action=masquerade src-address-list="REGISTRASI IP PROXY" comment="PROXY NAT MASQUERADE"
/ip firewall nat add chain=dstnat src-address=!192.168.5.0/24 protocol=tcp dst-port=80 in-interface=Local src-address-list="REGISTRASI IP PROXY" action=dst-nat to-address=192.168.5.2 to-ports=3128 comment="REDIRECT KE PROXY"
/ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" disabled=no dst-port=53 in-interface=Local protocol=udp to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
Maka balasannya anda sanggup lihat pada gambar dibawah ini
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)
Set Security atau keamanan Mikrotik
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER1" address-list-timeout=2w chain=input comment="PORT SCANNER2 KE ADDRESS LIST " disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER2" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER3" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER4" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER5" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER6" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER7" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input comment="BLOK PORT SCANNER" disabled=no src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input comment="IZINKAN MENDIRIKAN KONEKSI" connection-state=established disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN KONEKSI TERKAIT" connection-state=related disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN PING LOCAL" disabled=no protocol=icmp src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN PING PROXY" disabled=no protocol=icmp src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI LOCAL" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI PROXY" disabled=no src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=jump chain=forward comment="FILTER PAKET YANG JELEK" disabled=no jump-target=tcp protocol=tcp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=udp protocol=udp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp comment="TOLAK SMTP" disabled=no dst-port=25 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK RPC2portmapper" disabled=no dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NBT" disabled=no dst-port=137-139 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK CIFS" disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NFS" disabled=no dst-port=2049 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=20034 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no dst-port=67-68 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no dst-port=69 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no dst-port=137-139 protocol=udp
/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no dst-port=2049 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no src-address-list="REGISTRASI IP PROXY"
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Membuat Address List jaringan Local yang sanggup konek ke internet, (sesuaikan dengan ip address Local anda)
/ip firewall address-list add address=192.168.5.2 comment="SQUID PROXY EXTERNAL" disabled=no list=" REGISTRASI IP PROXY"
/ip firewall address-list add address=192.168.0.2 comment="CLIENT1" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.3 comment="CLIENT2" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.4 comment="CLIENT3" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.5 comment="CLIENT4" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.6 comment="CLIENT5" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.7 comment="CLIENT6" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.8 comment="CLIENT7" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.9 comment="CLIENT8" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.10 comment="CLIENT9" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.11 comment="CLIENT10" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.12 comment="CLIENT11" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.13 comment="CLIENT12" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.14 comment="CLIENT13" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.15 comment="CLIENT14" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.16 comment="CLIENT15" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.17 comment="CLIENT16" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.18 comment="CLIENT17" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.19 comment="CLIENT18" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.20 comment="CLIENT19" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.21 comment="CLIENT20" disabled=no list="REGISTRASI IP CLIENT"
Kemudian setting Upload dan Donwload Youtube serta files ectention di Layar7 Protocols.
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d - ]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp=\\.(vcd)

 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Firewall Mangle
Berikut perintah Firewall Mangle untuk Squid Hit Proxy, Mangle untuk squid koneksi dan Mangle untuk squid paket
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HIT" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING SQUID" disabled=no dst-address-list="!REGISTRASI IP CLIENT" dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthrough=yes protocol=tcp src-address-list="REGISTRASI IP PROXY"
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" connection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthrough=no
SET Mangle untuk semua koneksi masuk dan keluar, Mangle Browsing dari semua koneksi masuk dan Mangle ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no dst-address-list="!REGISTRASI IP CLIENT" in-interface=Local new-connection-mark="SEMUA KONEKSI MASUK" passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark="SEMUA KONEKSI KELUAR" out-interface=Local passthrough=yes src-address-list="!REGISTRASI IP CLIENT" comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark="SEMUA PAKET MASUK" passthrough=yes connection-mark="SEMUA KONEKSI MASUK" comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" comment="SEMUA PAKET KELUAR"
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING CLIENT" connection-mark="SEMUA KONEKSI MASUK" disabled=no new-connection-mark="BROWSING KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting disabled=no dscp=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KOMEKSI"
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Mangle untuk game online menyerupai RF-Online, Pointblank dll,
/ip firewall mangle add action=mark-connection chain=prerouting comment="POINT BLANK" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="RF ONLINE" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing paket
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICMP PAKET"
/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no
/ip firewall mangle add action=mark-connection new-connection-mark="GAME KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI MASUK" comment="GAME CLIENT"
/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Change DSCP ICMP dan port 53
/ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=udp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=tcp

Set Mangle Files Ectention menyerupai iso, rar, mp3, zip, exe, dll.
/ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no out-interface=Local new-connection-mark="EXTENTION KONEKSI" passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" layer7-protocol=YOUTUBE disabled=no new-packet-mark="YOUTUBE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" layer7-protocol=WMV disabled=no new-packet-mark="WMV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" layer7-protocol=EXE disabled=no new-packet-mark="EXE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" layer7-protocol=ZIP new-packet-mark="ZIP" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" layer7-protocol=RAR new-packet-mark="RAR" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" layer7-protocol=MPG new-packet-mark="MPG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" layer7-protocol=MPEG new-packet-mark="MPEG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" layer7-protocol=MP3 new-packet-mark="MP3" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" layer7-protocol=MOV new-packet-mark="MOV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disabled=no layer7-protocol=ISO new-packet-mark="ISO" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" layer7-protocol=MKV new-packet-mark="MKV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" layer7-protocol=FLV new-packet-mark="FLV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" layer7-protocol=AVI new-packet-mark="AVI" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" layer7-protocol=CAB new-packet-mark="CAB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" layer7-protocol=ASF new-packet-mark="ASF" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" layer7-protocol=WAV new-packet-mark="WAV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" layer7-protocol=RM new-packet-mark="RM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" layer7-protocol=RAM new-packet-mark="RAM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" layer7-protocol=RMVB new-packet-mark="RMVB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" layer7-protocol=DAT new-packet-mark="DAT" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" layer7-protocol=DAA new-packet-mark="DAA" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" layer7-protocol=NRG new-packet-mark="NRG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" layer7-protocol=BIN new-packet-mark="BIN" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" VCD new-packet-mark="VCD" passthrough=no
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Mangle Paket pada client, sesuaikan dengan IP Address Client anda
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT1" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.2 new-packet-mark="CLIENT1" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT2" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.3 new-packet-mark="CLIENT2" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT3" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.4 new-packet-mark="CLIENT3" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT4" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.5 new-packet-mark="CLIENT4" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT5" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.6 new-packet-mark="CLIENT5" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT6" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.7 new-packet-mark="CLIENT6" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT7" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.8 new-packet-mark="CLIENT7" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT8" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.9 new-packet-mark="CLIENT8" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT9" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.10 new-packet-mark="CLIENT9" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT10" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.11 new-packet-mark="CLIENT10" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT11" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.12 new-packet-mark="CLIENT11" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT12" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.13 new-packet-mark="CLIENT12" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT13" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.30.14 new-packet-mark="CLIENT13" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT14" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.15 new-packet-mark="CLIENT14" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT15" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.16 new-packet-mark="CLIENT15" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT16" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.17 new-packet-mark="CLIENT16" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT17" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.18 new-packet-mark="CLIENT17" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT18" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.19 new-packet-mark="CLIENT18" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT19" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.20 new-packet-mark="CLIENT19" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT20" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.21 new-packet-mark="CLIENT20" passthrough=no protocol=tcp
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)


Setting Queues Tree, ICMP Priority, Queues Squid Hit Priority, Queues Limit file Ectention Priority, Queues tree semua upload priority, total d0wnl0ad priority, Game d0wnl0ad priority, Browsing paket priority, Queues tree total d0wnl0ad client serta Queues tree client.
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=global-out priority=1 queue="default"
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="SQUID HIT" packet-mark="PROXY HIT" parent=Local priority=2 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="LIMIT FILE EXTENTION" parent=global-out priority=3
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="YOUTUBE" packet-mark="YOUTUBE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP3" packet-mark="MP3" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP4" packet-mark="MP4" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WMV" packet-mark="WMV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL UPLOAD+++" packet-mark="SEMUA PAKET MASUK" parent=Public priority=4 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" parent=global-out priority=5
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="GAME DOWNLOAD" packet-mark="GAME PAKET" parent="+++TOTAL DOWNLOAD+++" priority=6 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="BROWSING PAKET" packet-mark="BROWSING PAKET" parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" parent="+++TOTAL DOWNLOAD+++" priority=8 packet-mark="SEMUA PAKET KELUAR"
Setting Queues Per Client
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT1" packet-mark="CLIENT1" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT2" packet-mark="CLIENT2" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT3" packet-mark="CLIENT3" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT4" packet-mark="CLIENT4" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT5" packet-mark="CLIENT5" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT6" packet-mark="CLIENT6" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT7" packet-mark="CLIENT7" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT8" packet-mark="CLIENT8" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT9" packet-mark="CLIENT9" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT10" packet-mark="CLIENT10" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT11" packet-mark="CLIENT11" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT12" packet-mark="CLIENT12" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT13" packet-mark="CLIENT13" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT14" packet-mark="CLIENT14" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT15" packet-mark="CLIENT15" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT16" packet-mark="CLIENT16" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT17" packet-mark="CLIENT17" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT18" packet-mark="CLIENT18" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT19" packet-mark="CLIENT19" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT20" packet-mark="CLIENT20" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
 Dalam sebuah jaringan internet menyerupai diwarnet Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)
Note:
Sesuaika dengan IP Publik Jaringan anda, sesuaikan dengan IP Local anda dan sesuaikan dengan IP Server Proxy anda
Seting IpCop juga!
Sumber http://warnet-speedy.blogspot.com

Berlangganan update artikel terbaru via email:

0 Response to "Setting Squid Proxy External, Hit, Queues Tree Serta Mangle Di Mikrotik (2Nd Mode)"

Posting Komentar

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel