13/06/13

Setting Mikrotik Untuk Game Online Dan Browsing (1Mb Speedy)

SETTING MIKROTIK UNTUK GAME ONLINE DAN BROWSING (1Mb Speedy)

Pada tutor kali ini saya coba uraikan settingan mikrotik untuk game online dicampur dengan kepentingan browsing agar berjalan serasi dan seimbang.

Lgo Warnet Garashi
Note:
Script di bawah hanya berjalan pada mikrotik versi 3.30 ke atas. Bandwidth yang diimplementasikan 1Mbps/256Kbps (SPEEDY)

SET INTERFACE MIKROTIK
/interface
set 0 name=Public
set 1 name=Local

SET IP  ADDRESS
/ip address
add address=192.168.1.2/24 interface=Public
add address=192.168.0.1/24 interface=Local

SET ROUTE
/ip route
add gateway=192.168.1.1

SET DNS
/ip dns
set primary-dns=222.124.204.34,202.134.0.155
set allow-remote-requests=yes

SET NAT
/ip fi nat
add chain=srcnat action=masquerade out-interface=Public

ROUTING UNTUK GAME ONLINE:
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6001,6000-6152,7777" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,7451,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15002" \
new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49100" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=udp


GAME DIBUAT PREROUTING AGAR TIDAK BERLIKU DI TUBUH ROUTER
/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="zar-goc"  \
new-packet-mark="zar-gopd" passthrough=no

INI ROUTING UNTUK GAME FACEBOOK
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="zar-gfc" passthrough=yes \
protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" disabled=no \
dst-address=192.168.0.0/24 new-packet-mark="zar-gfpd" \
passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" new-packet-mark="zar-gfpu"\
passthrough=no src-address=192.168.0.0/24

PCQ UNTUK SPEED BAGI RATA
/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port
/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port

INI QUEUE UNTUK GAME ONLINE
/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2
/queue tree \
add name="3.GAME UPLOAD" \
parent=Public priority=2
/queue tree \
add name="1.GAME ONLINE DOWN" \
packet-mark="zar-gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN
/queue tree \
add max-limit=256000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="zar-gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN
/queue tree \
add name="1.GAME ONLINE UPLOAD" \
packet-mark="zar-gopd" \
parent="3.GAME UPLOAD" priority=2 queue=UP
/queue tree \
add limit-at=0 max-limit=128000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="zar-gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP


LIMIT FILE EXTENSI, SEPERTI .EXE .RAR .YOUTUBE, DLL
/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1) \
[\\x09-\\x0d ][1-5][0-9][0-9] \
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie

ROUTING UNTUK EXTENSI
/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no

ROUTING UNTUK BROWSING (DOWNLOAD/UPLOAD)
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP  dst-port=21,80 \
new-connection-mark="browsing-con" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
dst-address=192.168.0.0/24 \
new-packet-mark="download" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
new-packet-mark="upload" \
passthrough=no src-address=192.168.0.0/24

INI QUEUE UNTUK KEGIATAN  BROWSING-DOWNLOAD-UPLOAD
/queue tree \
add max-limit=128000 \
name="UPLOAD-BROWSING" \
packet-mark="upload" parent=Public \
priority=4 queue=UP
/queue tree \
add max-limit=750000 \
name="1.2 HTTP-DOWN" \
parent=global-out priority=2
/queue tree \
add max-limit=750000 \
name="1.3 BROWSING DOWN" \
packet-mark="download" \
parent="1.2 HTTP-DOWN" \
priority=4 queue=DOWN
/queue tree \
add max-limit=512000 \
name="1.4 LIMIT EXTENTION" \
parent="1.2 HTTP-DOWN" priority=5
/queue tree
add name=YOUTUBE \
parent="1.4 LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="1.4 LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="1.4 LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
 
Catatan:
  1. Game online dirouting langsung ke alamat port game online dan menggunakan bandwith maksimal (unlimited) karena tidak terlalu memakan bandwith sekalipun game PB hanya butuh koneksi dengan trafic yang mulus.
  2. Browsing dirouting pada port 80 dan 21 dan diberikan bandwith maksimal 750Kbps untuk download dan   128Kbps untuk upload dan tidak boleh melebihi dari itu atau game online akan nge-lag.
  3. Limit Extensi dirouting berdasarkan layer 7 protocol dan diberikan maksimal bandwidth 512Kbps dan tidak boleh lebih dari itu atau browsing dan game online akan terganggu.

PERHATIAN:
Tutorial di atas untuk 10 PC saja dengan Bandwidthnya 1Mbps,. Jika PC lebih dari 10 dan BW tetap 1 MBPS, maka pada queue tree download menjadi 512Kbps dan limit extensi menjadi 256Kbps.
Jika mempunyai BW 2Mbps ke atas, silahkan 2x lipatkan saja pada queue tree-nya atau gunakan logika anda sendiri.



10/06/13

Setting IpCop Sebagai Web Proxy Eksternal Mikrotik

Untuk Setting IpCop Sebagai Web Proxy Eksternal Mikrotik yang perlu diperhatikan adalah :

  1. Mikrotik sudah konek ke internat
  2. IpCop sudah di instal serta pengaturannya [ DISINI ]
  3. Setting HIT SQUID dan Bandwidth management di Mikrotik [ DISINI atau DISINI ]

my_Logo2

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik

Topology Jaringan Saya Seperti Ini


Dalam sebuah jaringan internet seperti diwarnet-warnet itu sangat cocok dengan menggunakan Server proxy apalagi warnet yang khususnya Game online, Server proxy ini sangat mendukung untuk kelancaran jaringan anda, yang mana nantinya didalam server anda akan mendukung squid proxy, Hit, Queues tree dan Mangle pada mikrotik anda, berikut tutornya.

Sebelumnya saya akan menerapkan IP address dari beberapa jaringan saya :
IP Address Ehter1 untuk koneksi dari modem : 192.168.1.2
IP Address Ether2 untuk koneksi Local 192.168.0.1
IP Address Ether3 ke Proxy : 192.168.5.1
dan
IP Address External Proxy : 192.168.5.2 (Green IpCop)
Sebelum memulai tutorialnya jangan lupa untuk menyesuaikan "nama interface" Routerboar mikrotik anda serta menyesuaikan IP address tutorial ini dengan ip address jaringan anda, disini kita akan membahasa masalah hit squid Proxy, pembagian bandwith download serta upload dan juga tentang Ping untuk Game Online dan Browsing.
Langsung saja kepermasalahan, untuk permulaan ada dapat mengeset interface lan anda lewat "new terminal" di Mikrotik, berikut nama interface di mikrotik saya,

Set Interface Mikrotik
/interface set 0 name=Public
/interface set 1 name=Local
/interface set 2 name=Proxy
Maka hasilnya dapat anda lihat seperti gambar dibawah ini
clip_image002

Set IP Address pada tiap-tiap interface (ketik di new terminal)
/ip address add address=192.168.1.2 netmask=255.255.255.0 interface=Public
/ip address add address=192.168.0.1 netmask=255.255.255.0 interface=Local
/ip address add address=192.168.5.1 netmask=255.255.255.0 interface=Proxy
clip_image003

Set range jaringan Local anda
/ip pool add name=pool ranges=192.168.0.2-192.168.0.254
clip_image004

Set DNS jaringan (Sesuaikan dengan DNS Anda)
/ip dns set servers=203.130.208.18 allow-remote-requested=yes
clip_image006
Setting Gateway sesuai dengan gateway jaringan anda (dari ISP)
/ip route add gateway=192.168.1.1
clip_image008

Setting IP Firewall Nat di Mikrotik, disini diterapkan juga Nat untuk Redirect Proxy Squid dengan menggunakan port 3128,
Bila mana pada Firewall nat ada terdapat IP address dan nama interface, maka sesuaikan dengan IP address dan nama interface mikrotik anda, berikut perintahnya :
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.0.0/24 action=masquerade src-address-list="REGISTRASI IP CLIENT" comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.5.0/24 action=masquerade src-address-list="REGISTRASI IP PROXY" comment="PROXY NAT MASQUERADE"
/ip firewall nat add chain=dstnat src-address=!192.168.5.0/24 protocol=tcp dst-port=80 in-interface=Local src-address-list="REGISTRASI IP PROXY" action=dst-nat to-address=192.168.5.2 to-ports=3128 comment="REDIRECT KE PROXY"
/ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" disabled=no dst-port=53 in-interface=Local protocol=udp to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
Maka hasilnya anda dapat lihat pada gambar dibawah ini
clip_image009
Set Security atau keamanan Mikrotik
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER1" address-list-timeout=2w chain=input comment="PORT SCANNER2 KE ADDRESS LIST " disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER2" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER3" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER4" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER5" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER6" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER7" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input comment="BLOK PORT SCANNER" disabled=no src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input comment="IZINKAN MENDIRIKAN KONEKSI" connection-state=established disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN KONEKSI TERKAIT" connection-state=related disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN PING LOCAL" disabled=no protocol=icmp src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN PING PROXY" disabled=no protocol=icmp src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI LOCAL" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI PROXY" disabled=no src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=jump chain=forward comment="FILTER PAKET YANG JELEK" disabled=no jump-target=tcp protocol=tcp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=udp protocol=udp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp comment="TOLAK SMTP" disabled=no dst-port=25 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK RPC2portmapper" disabled=no dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NBT" disabled=no dst-port=137-139 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK CIFS" disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NFS" disabled=no dst-port=2049 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=20034 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no dst-port=67-68 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no dst-port=69 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no dst-port=137-139 protocol=udp
/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no dst-port=2049 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no src-address-list="REGISTRASI IP PROXY"
clip_image010

Membuat Address List jaringan Local yang dapat konek ke internet, (sesuaikan dengan ip address Local anda)
/ip firewall address-list add address=192.168.5.2 comment="SQUID PROXY EXTERNAL" disabled=no list=" REGISTRASI IP PROXY"
/ip firewall address-list add address=192.168.0.2 comment="CLIENT1" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.3 comment="CLIENT2" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.4 comment="CLIENT3" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.5 comment="CLIENT4" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.6 comment="CLIENT5" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.7 comment="CLIENT6" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.8 comment="CLIENT7" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.9 comment="CLIENT8" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.10 comment="CLIENT9" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.11 comment="CLIENT10" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.12 comment="CLIENT11" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.13 comment="CLIENT12" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.14 comment="CLIENT13" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.15 comment="CLIENT14" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.16 comment="CLIENT15" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.17 comment="CLIENT16" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.18 comment="CLIENT17" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.19 comment="CLIENT18" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.20 comment="CLIENT19" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.21 comment="CLIENT20" disabled=no list="REGISTRASI IP CLIENT"
Kemudian setting Upload dan Donwload Youtube serta files ectention di Layar7 Protocols.
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp=\\.(vcd)

clip_image011

Setting Firewall Mangle
Berikut perintah Firewall Mangle untuk Squid Hit Proxy, Mangle untuk squid koneksi dan Mangle untuk squid paket
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HIT" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING SQUID" disabled=no dst-address-list="!REGISTRASI IP CLIENT" dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthrough=yes protocol=tcp src-address-list="REGISTRASI IP PROXY"
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" connection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthrough=no
SET Mangle untuk semua koneksi masuk dan keluar, Mangle Browsing dari semua koneksi masuk dan Mangle ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no dst-address-list="!REGISTRASI IP CLIENT" in-interface=Local new-connection-mark="SEMUA KONEKSI MASUK" passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark="SEMUA KONEKSI KELUAR" out-interface=Local passthrough=yes src-address-list="!REGISTRASI IP CLIENT" comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark="SEMUA PAKET MASUK" passthrough=yes connection-mark="SEMUA KONEKSI MASUK" comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" comment="SEMUA PAKET KELUAR"
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING CLIENT" connection-mark="SEMUA KONEKSI MASUK" disabled=no new-connection-mark="BROWSING KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting disabled=no dscp=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KOMEKSI"
clip_image012

Mangle untuk game online seperti RF-Online, Pointblank dll,
/ip firewall mangle add action=mark-connection chain=prerouting comment="POINT BLANK" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="RF ONLINE" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing paket
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICMP PAKET"
/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no
/ip firewall mangle add action=mark-connection new-connection-mark="GAME KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI MASUK" comment="GAME CLIENT"
/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp
clip_image013

Setting Change DSCP ICMP dan port 53
/ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=udp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=tcp

Set Mangle Files Ectention seperti iso, rar, mp3, zip, exe, dll.
/ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no out-interface=Local new-connection-mark="EXTENTION KONEKSI" passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" layer7-protocol=YOUTUBE disabled=no new-packet-mark="YOUTUBE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" layer7-protocol=WMV disabled=no new-packet-mark="WMV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" layer7-protocol=EXE disabled=no new-packet-mark="EXE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" layer7-protocol=ZIP new-packet-mark="ZIP" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" layer7-protocol=RAR new-packet-mark="RAR" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" layer7-protocol=MPG new-packet-mark="MPG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" layer7-protocol=MPEG new-packet-mark="MPEG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" layer7-protocol=MP3 new-packet-mark="MP3" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" layer7-protocol=MOV new-packet-mark="MOV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disabled=no layer7-protocol=ISO new-packet-mark="ISO" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" layer7-protocol=MKV new-packet-mark="MKV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" layer7-protocol=FLV new-packet-mark="FLV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" layer7-protocol=AVI new-packet-mark="AVI" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" layer7-protocol=CAB new-packet-mark="CAB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" layer7-protocol=ASF new-packet-mark="ASF" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" layer7-protocol=WAV new-packet-mark="WAV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" layer7-protocol=RM new-packet-mark="RM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" layer7-protocol=RAM new-packet-mark="RAM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" layer7-protocol=RMVB new-packet-mark="RMVB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" layer7-protocol=DAT new-packet-mark="DAT" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" layer7-protocol=DAA new-packet-mark="DAA" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" layer7-protocol=NRG new-packet-mark="NRG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" layer7-protocol=BIN new-packet-mark="BIN" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" VCD new-packet-mark="VCD" passthrough=no
clip_image015

Setting Mangle Paket pada client, sesuaikan dengan IP Address Client anda
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT1" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.2 new-packet-mark="CLIENT1" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT2" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.3 new-packet-mark="CLIENT2" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT3" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.4 new-packet-mark="CLIENT3" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT4" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.5 new-packet-mark="CLIENT4" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT5" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.6 new-packet-mark="CLIENT5" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT6" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.7 new-packet-mark="CLIENT6" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT7" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.8 new-packet-mark="CLIENT7" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT8" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.9 new-packet-mark="CLIENT8" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT9" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.10 new-packet-mark="CLIENT9" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT10" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.11 new-packet-mark="CLIENT10" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT11" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.12 new-packet-mark="CLIENT11" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT12" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.13 new-packet-mark="CLIENT12" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT13" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.30.14 new-packet-mark="CLIENT13" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT14" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.15 new-packet-mark="CLIENT14" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT15" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.16 new-packet-mark="CLIENT15" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT16" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.17 new-packet-mark="CLIENT16" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT17" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.18 new-packet-mark="CLIENT17" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT18" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.19 new-packet-mark="CLIENT18" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT19" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.20 new-packet-mark="CLIENT19" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT20" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.21 new-packet-mark="CLIENT20" passthrough=no protocol=tcp
clip_image016


Setting Queues Tree, ICMP Priority, Queues Squid Hit Priority, Queues Limit file Ectention Priority, Queues tree semua upload priority, total download priority, Game download priority, Browsing paket priority, Queues tree total download client serta Queues tree client.
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=global-out priority=1 queue="default"
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="SQUID HIT" packet-mark="PROXY HIT" parent=Local priority=2 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="LIMIT FILE EXTENTION" parent=global-out priority=3
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="YOUTUBE" packet-mark="YOUTUBE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP3" packet-mark="MP3" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP4" packet-mark="MP4" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WMV" packet-mark="WMV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL UPLOAD+++" packet-mark="SEMUA PAKET MASUK" parent=Public priority=4 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" parent=global-out priority=5
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="GAME DOWNLOAD" packet-mark="GAME PAKET" parent="+++TOTAL DOWNLOAD+++" priority=6 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="BROWSING PAKET" packet-mark="BROWSING PAKET" parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" parent="+++TOTAL DOWNLOAD+++" priority=8 packet-mark="SEMUA PAKET KELUAR"
Setting Queues Per Client
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT1" packet-mark="CLIENT1" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT2" packet-mark="CLIENT2" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT3" packet-mark="CLIENT3" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT4" packet-mark="CLIENT4" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT5" packet-mark="CLIENT5" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT6" packet-mark="CLIENT6" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT7" packet-mark="CLIENT7" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT8" packet-mark="CLIENT8" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT9" packet-mark="CLIENT9" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT10" packet-mark="CLIENT10" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT11" packet-mark="CLIENT11" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT12" packet-mark="CLIENT12" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT13" packet-mark="CLIENT13" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT14" packet-mark="CLIENT14" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT15" packet-mark="CLIENT15" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT16" packet-mark="CLIENT16" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT17" packet-mark="CLIENT17" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT18" packet-mark="CLIENT18" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT19" packet-mark="CLIENT19" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT20" packet-mark="CLIENT20" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
clip_image017
Note:
Sesuaika dengan IP Publik Jaringan anda, sesuaikan dengan IP Local anda dan sesuaikan dengan IP Server Proxy anda
Seting IpCop juga!

09/06/13

Cara Instal IPCop 1.4.20 Sebagai External Proxy


    Cara Install IPCOP
    clip_image001
    Jika semua persiapan sudah dilakukan, baik hardware yang dibutuhkan atau software yang diperlukan untuk menginstall IPCop, termasuk sudah selesai membuat CD Iso IPCop maka sekarang kita siap untuk melakukan instalasi firewall IPCop.
    IPCop yang kita gunakan dalam contoh instalasi ini adalah versi 1.4.20 yang sudah kita download dan kita buat CD
    Type jaringannya kita ambil contoh jaringan tanpa menggunakan Wireless ( BLUE ). Jadi kita menggunakan type network GREEN + RED, dengan menggunakan 2 buah NIC. Modem kita set ke Bridge dengan IP address 192.168.2.254 VPI/VCI : 8/81
    Langkah-langkah instalasi IPCop :
    • Pasang Lancard pada slot PCI di komputer. Minimal 2 lancard untuk GREEN dan RED.
        clip_image002clip_image002[1]
        • Setelah 2 Lancard terpasang, setting bios pada pilihan booting pertama kali pada CDROM. Kemudian masukan CD Iso IPCop yang sudah kita buat pada CDROM. Save perubahan bios dan restart komputer.
        • Jika settingan bios benar, seharusnya komputer akan membaca CD Iso untuk booting dan akan tampil seperti ini.
            clip_image003
            • Klik Enter jika sudah siap untuk memulai instalasi IPCop. Dan akan muncul…
                clip_image004
                • Karena kita akan menginstal menggunakan CD Iso maka pilih CDROM/USB-KEY. Untuk selanjutnya pergunakan tombol SPACE/ENTER untuk memilih/eksekusi. Tombol TAB/CTRL+TAB untuk berpindah ke pilihan lainnya.
                • Sistem akan melakukan format harddisk dan ingat semua data yang ada di harddisk akan terhapus. Pilih OK jika setuju dan Cancel untuk membatalkan.
                    clip_image005
                    • Proses format dan partisi akan berjalan dan silahkan tunggu sampai selesai pengcopyan file kedalam komputer.
                        clip_image006
                        • Jika sebelumnya kita memiliki backup IPCop, kita bisa menggunakannya untuk diupload pada sistem. Namun karena kita anggap kita baru melakukan instalasi IPCop, maka kita SKIP aja dan OK.
                            clip_image007
                            • Proses pengcopyan complete…otomatis CDROM akan terbuka dan kita bisa mengeluarkan CD ISO IPCop. Selanjutnya kita pilih keyboard mapping dan zona waktu negara kita. Pilih saja keyboard us dan zona waktu Asia/Jakarta.
                                clip_image008clip_image009
                                • Step berikutnya masukan hostname router. Default hostname adalah ipcop. Bisa ganti sesuai kesukaan kita. Contoh “gigacop”.
                                    clip_image010
                                    • Jika memiliki server domain, masukan domain name server. Namun jika tidak, secara default akan diberi nama “localdomain”
                                        clip_image012
                                        • Karena kita menggunakan Speedy untuk koneksi ke internet pada RED, maka untuk sementara setting VPN kita lewati. Pilih Disable ISDN.
                                            clip_image013
                                            • Network Configuration menu untuk menentukan type jaringan yang akan kita gunakan pada IPCop. Kita bisa memilih GREEN + RED atau jika kita berencana untuk menggabungkan dengan Server lain pilih GREEN + RED + ORANGE. Jika kita menambah WLAN pada firewall pilih GREEN + RED + BLUE. Sekarang kita coba pilih GREEN + RED, karena kita akan menggunakan interface RED untuk tersambung ke Internet/Modem dan interface GREEN untuk jaringan local.
                                                clip_image014
                                                clip_image015
                                                • Selanjutnya sistem akan mencari secara otomatis driver lancard GREEN, pilih '”Probe” untuk scan driver. Jika landcard kita sudah terdukung dengan IPCop, maka secara otomatis sistem akan menemukan merk dan jenis lancard tersebut.
                                                    clip_image016
                                                    • Jika driver sudah diketemukan, klik OK dan masukan IP address pada interface GREEN. Contoh masukan IP 192.168.1.1 netmask 255.255.255.0 ( IP address ini nanti yang kita gunakan untuk melakukan setting melalui WEB/HTTP).
                                                        clip_image017
                                                        • Pada step ini, jika kita berhasil memasukan IP dan Netmask maka akan muncul screen…
                                                            clip_image018
                                                            • Langkah-langkah untuk setting interface GREEN tersebut diatas juga harus dilakukan sama pada interface RED. Dengan memberikan IP address lain dari interface GREEN. Contoh IP address RED : 192.168.2.1 Netmask : 255.255.255.0
                                                                clip_image019
                                                                clip_image020
                                                                • Tentukan juga DNS dan Gateway pada RED. Karena contoh kita menggunakan Speedy Telkom untuk koneksi ke internet, maka Primary DNS isi : 203.130.208.18 Secondary DNS isikan : 203.130.193.74/202.134.0.155 Gateway kita isikan sesuai ISP atau IP address RED. Contoh : 125.163.176.1 ( dari ISP ) atau 192.168.2.1 ( IP address RED ).
                                                                    clip_image021
                                                                    • Enable DHCP server aktifkan. Biar server bisa secara otomatis memberikan IP address ke client. Dan ini akan lebih mudah jika kita harus memberikan IP address satu per satu ke komputer client. Setting ini untuk DHCP pada interface GREEN. Contoh kita masukan pada Start address : 192.168.1.10 End address : 192.168.2.50 Primary DNS : 192.168.2.1 / 203.130.208.18 Secondary DNS : 202.134.0.155 / 192.168.2.1 ( IP RED )
                                                                        clip_image022
                                                                        • Setelah pengisian DHCP, kita memasuki tahap terakhir instalasi IPCop. yaitu kita diminta untuk memasukan password root, password admin dan password backup.
                                                                            clip_image023
                                                                            • Dalam memasukan password ini kita harus hati-hati. Karena jika kita lupa/salah memasukan maka kita harus melakukan langkah-langkah instalasi dari awal. Password yang kita masukan tidak akan terlihat pada record isian. Untuk pindah ke baris berikutnya, geser dengan tanda panah kebawah, dan ulangi lagi memasukan password. dan akhiri dengan OK jika sudah selesai.
                                                                            • Jika instalasi complete…kita diminta untuk merestart komputer dengan menggunakan tombol restart pada CPU. Namun jangan lupa ubah dulu default first booting pada HDD 0 (harddisk).
                                                                                clip_image024
                                                                                • Untuk merubah setting IPCop selanjutnya bisa dilakukan dengan menggunakan Web GUI, http, https. Dengan mengetikan alamat di browsing : https://ipaddressGREEN:445 atau http://ipaddressGREEN:81

                                                                                07/06/13

                                                                                Cara Bypass Hit Squid, Mangle Game, Queue Tree, Browsing di Mikrotik + Eksternal Proxy (IpCop)


                                                                                Cara Bypass Hit Squid, Mangle Game, Queue Tree, Browsing di Mikrotik

                                                                                Garashi Net CMS Disini membagi Https di queue tree dan untuk Limit extention di gabung ke dalam Semua Down , jadi misalnya bandwidth 2 MB didalam 2 MB tersebut saya namakan ALL DOWN yang di dalamnya ada:Browsing (Http),Https dan Limit Extention,kemudian untuk upload saya gunakan parent=global-out tidak parent=Proxy karna mangle saya gunakan postrouting yang di serahakan ke Proxy external ini akan membuat Hit Proxy menjadi besar..
                                                                                Bagi yang menggunakan PC mikrotik supaya sinkron dengan scripts di bawah silahkan upgrade dulu PC mikrotiknya dengan Os.5.18.
                                                                                Topologi Jaringan:
                                                                                Ether1 - Public --------> IP Address : 192.168.1.2    Network : 192.168.1.0/24 Modem
                                                                                Ether2 - Local ---------> IP Address : 192.168.0.1  Network : 192.168.0.0/24 HUB (Client)
                                                                                Ether3 - Proxy ---------> IP Address : 192.168.5.1    Network : 192.168.5.0/24 External Proxy
                                                                                IP Green Card Proxy External -----> IP Address : 192.168.5.2 Network : 192.168.5.0/24
                                                                                Ganti nama interface menjadi internet,Local,Proxy supaya sesuai dengan scripts tutorial berikut , perintahnya:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /interface set 0 name=Public
                                                                                /interface set 1 name=Local
                                                                                /interface set 2 name=Proxy
                                                                                Set Jam supaya tidak berubah-ubah:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /system ntp client \
                                                                                set enabled=yes mode=unicast \
                                                                                primary-ntp=152.118.24.8 \
                                                                                secondary-ntp=202.169.224.16
                                                                                System Note:Ini scripts gunanya nanti jika buka “New Terminal” akan nongol Note nya=
                                                                                Pastekan di “New Terminal” winbox
                                                                                /system note \
                                                                                set note=Garashinet.setup.by GNet \
                                                                                show-at-login=yes
                                                                                NAT Transparent Proxy dan Local Masquerade:Sesuaikan dengan network Proxy anda dan ip address Proxy anda dan juga port Proxy anda:
                                                                                Edit Sebelum di Pastekan di “New Terminal” winbox
                                                                                /ip firewall nat add action=dst-nat \
                                                                                chain=dstnat comment="TRANSPARENT PROXY" \
                                                                                disabled=no dst-port=80 in-interface=Local \
                                                                                protocol=tcp src-address=!192.168.5.0/24 \
                                                                                to-addresses=192.168.5.2 to-ports=3128
                                                                                /ip firewall nat add action=masquerade chain=srcnat \
                                                                                comment=MASQUERADE disabled=no
                                                                                Ip firewall layer7-protocol
                                                                                Untuk melimit download seperti rar,zip,youtube,exe,dll kecuali file yang tersimpan di Proxy otomatis loss:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /ip firewall layer7-protocol
                                                                                add name="YOUTUBE DOWNLOAD" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
                                                                                add name=EXE regexp="\\.(exe)"
                                                                                add name=RAR regexp="\\.(rar)"
                                                                                add name=ZIP regexp="\\.(zip)"
                                                                                add name=7z regexp="\\.(7z)"
                                                                                add name=WMV regexp="\\.(wmv)"
                                                                                add name=MPG regexp="\\.(mpg)"
                                                                                add name=MPEG regexp="\\.(mpeg)"
                                                                                add name=AVI regexp="\\.(avi)"
                                                                                add name=FLV regexp="\\.(flv)"
                                                                                add name=WAV regexp="\\.(wav)"
                                                                                add name=MP3 regexp="\\.(mp3)"
                                                                                add name=MP4 regexp="\\.(mp4)"
                                                                                add name=ISO regexp="\\.(iso)"
                                                                                add name=3GP regexp="\\.(3gp)"
                                                                                add name=MOV regexp="\\.(mov)"
                                                                                add name=MKV regexp="\\.(mkv)"
                                                                                add name="YOUTUBE STREAMING" regexp=youtube
                                                                                add name=PORN regexp=porn
                                                                                add name=TUBE regexp=tube
                                                                                add name=VIDEO regexp=video
                                                                                add name=MOVIE regexp=movie
                                                                                Ip Firewall Filter Drop Virus:Pastekan di “New Terminal” winbox
                                                                                /ip firewall filter
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=8291 protocol=tcp
                                                                                add action=drop chain=forward \
                                                                                connection-state=invalid disabled=no
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=135-139 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1433-1434 protocol=tcp
                                                                                add action=drop chain=virus \
                                                                                disabled=no dst-port=445 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=445 protocol=udp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=593 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1024-1030 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1080 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1214 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1363 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1364 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1368 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1373 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=1377 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=2745 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=2283 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=2535 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=2745 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=3127 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=3410 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=4444 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=4444 protocol=udp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=5554 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=8866 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=9898 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=10080 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=12345 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=17300 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=27374 protocol=tcp
                                                                                add action=drop chain=virus disabled=no \
                                                                                dst-port=65506 protocol=tcp
                                                                                add action=jump chain=forward \
                                                                                disabled=no jump-target=virus
                                                                                add action=drop chain=input \
                                                                                connection-state=invalid disabled=no
                                                                                add action=accept chain=input \
                                                                                disabled=no protocol=udp
                                                                                add action=accept chain=input \
                                                                                disabled=no limit=50/5s,2 protocol=icmp
                                                                                add action=drop chain=input \
                                                                                disabled=no protocol=icmp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=21 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=22 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=23 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=80 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=8291 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=1723 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=23 protocol=tcp
                                                                                add action=accept chain=input \
                                                                                disabled=no dst-port=80 protocol=tcp
                                                                                add action=accept chain=input disabled=no \
                                                                                dst-port=1723 protocol=tcp
                                                                                add action=add-src-to-address-list \
                                                                                address-list=DDOS address-list-timeout=15s \
                                                                                chain=input disabled=no dst-port=1337 protocol=tcp
                                                                                add action=add-src-to-address-list \
                                                                                address-list=DDOS address-list-timeout=15m \
                                                                                chain=input disabled=no dst-port=7331 \
                                                                                protocol=tcp src-address-list=knock
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="Port scanners to list " \
                                                                                disabled=no protocol=tcp psd=21,3s,3,1
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="SYN/FIN scan" disabled=no \
                                                                                protocol=tcp tcp-flags=fin,syn
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="SYN/RST scan" disabled=no \
                                                                                protocol=tcp tcp-flags=syn,rst
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="FIN/PSH/URG scan" disabled=\
                                                                                no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="ALL/ALL scan" disabled=no \
                                                                                protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
                                                                                add action=add-src-to-address-list \
                                                                                address-list="port scanners" \
                                                                                address-list-timeout=2w chain=input \
                                                                                comment="NMAP NULL scan" disabled=no \
                                                                                protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no dst-port=\
                                                                                0-65535 protocol=tcp \
                                                                                src-address=61.213.183.1-61.213.183.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no \
                                                                                dst-port=0-65535 protocol=tcp \
                                                                                src-address=67.195.134.1-67.195.134.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no \
                                                                                dst-port=0-65535 protocol=tcp \
                                                                                src-address=68.142.233.1-68.142.233.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no dst-port=\
                                                                                0-65535 protocol=tcp \
                                                                                src-address=68.180.217.1-68.180.217.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no \
                                                                                dst-port=0-65535 protocol=tcp \
                                                                                src-address=203.84.204.1-203.84.204.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no \
                                                                                dst-port=0-65535 protocol=tcp \
                                                                                src-address=69.63.176.1-69.63.176.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" \
                                                                                disabled=no dst-port=0-65535 protocol=tcp \
                                                                                src-address=69.63.181.1-69.63.181.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" \
                                                                                disabled=no dst-port=0-65535 protocol=tcp \
                                                                                src-address=63.245.209.1-63.245.209.254
                                                                                add action=accept chain=input \
                                                                                comment="ANTI NETCUT" disabled=no dst-port=\
                                                                                0-65535 protocol=tcp \
                                                                                src-address=63.245.213.1-63.245.213.254
                                                                                Ip Firewall MangleIni Scripts Mangle Squid Hit,DSCP=12 untuk me Loss kan Proxy dari limit client,Di queue tree saya buat 80 MB Posisi di mangle paling di letakkan paling atas=
                                                                                Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-packet chain=postrouting comment="SQUID PROXY HIT" \
                                                                                dscp=12 new-packet-mark="garashinet SPH" passthrough=no
                                                                                Scripts mangle untuk menstabilkan ping jika koneksi padat dan DNS=
                                                                                Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=prerouting comment=ICMP \
                                                                                new-connection-mark="garashinet I" passthrough=yes protocol=\
                                                                                icmp
                                                                                add action=change-dscp chain=prerouting connection-mark=\
                                                                                "garashinet I" new-dscp=1 passthrough=yes
                                                                                add action=mark-packet chain=prerouting connection-mark=\
                                                                                "garashinet I" new-packet-mark=\
                                                                                "garashinet I" passthrough=no
                                                                                add action=mark-connection chain=prerouting comment=DNS dst-port=\
                                                                                53 new-connection-mark="garashinet D" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting dst-port=53 \
                                                                                new-connection-mark="garashinet D" passthrough=yes protocol=\
                                                                                udp
                                                                                add action=change-dscp chain=prerouting connection-mark=\
                                                                                "garashinet D" new-dscp=1 passthrough=yes
                                                                                add action=mark-packet chain=prerouting connection-mark=\
                                                                                "garashinet D" new-packet-mark=\
                                                                                "garashinet D" passthrough=no
                                                                                Ini Di bawah Scripts untuk Game Online dan Game Facebook:Edit Sebelum di Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=prerouting comment="GAME ONLINE" disabled=no \
                                                                                dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
                                                                                new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
                                                                                51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
                                                                                new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
                                                                                51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
                                                                                new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port="10009,13008,\
                                                                                16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15\
                                                                                002" new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port="16402-16502,\
                                                                                18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49\
                                                                                100" new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port=\
                                                                                14009-14010,14300,14301,14403,7000,14500 new-connection-mark=\
                                                                                "garashinet GO" passthrough=yes protocol=tcp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
                                                                                00-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
                                                                                new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=udp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port=\
                                                                                42051-42052,11100-11125,11440-11460 new-connection-mark=\
                                                                                "garashinet GO" passthrough=yes protocol=udp
                                                                                add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
                                                                                new-connection-mark="garashinet GO" passthrough=yes \
                                                                                protocol=udp
                                                                                add action=mark-packet chain=prerouting connection-mark=\
                                                                                "garashinet GO" disabled=no new-packet-mark=\
                                                                                "garashinet GO" passthrough=no
                                                                                add action=mark-connection chain=prerouting comment="GAME FACEBOOK" disabled=\
                                                                                no dst-port=843,9339 new-connection-mark="garashinet GF" \
                                                                                passthrough=yes protocol=tcp
                                                                                add action=mark-packet chain=prerouting connection-mark=\
                                                                                "garashinet GF" disabled=no new-packet-mark=\
                                                                                "garashinet GF" passthrough=no










                                                                                Ini Di bawah adalah Scripts dan lain lain nya…di bawah port 1935 dalah port tv online..
                                                                                jika ada port lain silahkan tambah dengna pembatas koma:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=prerouting comment=DLL disabled=no dst-port=\
                                                                                1935 new-connection-mark="garashinet DLL" passthrough=yes \ protocol=tcp
                                                                                add action=mark-packet chain=forward connection-mark=\
                                                                                "garashinet DLL" disabled=no new-packet-mark=\
                                                                                "garashinet DLL" passthrough=no
                                                                                Di bawah ini adalah scripts Https:Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=postrouting comment=HTTPS disabled=no \
                                                                                dst-port=443 new-connection-mark="garashinet H" passthrough=\
                                                                                yes protocol=tcp
                                                                                add action=mark-packet chain=postrouting connection-mark=\
                                                                                "garashinet H" disabled=no new-packet-mark=\
                                                                                "garashinet H" passthrough=no
                                                                                Ini Di bawah Scripts mangle untuk Limit extention (yang download rar,zip,exe,dll ) akan di limit dan jika udah pernah di download tidak akan masuk limit mangle ini,otomatis ke Ip Firewall Mangle Squid Hit,DSCP=12
                                                                                Bisa di perhatikan setiap paket layer 7 di bawah mempunyai connection mark,beda dengan tutorial sebelumnya:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=forward comment="LIMIT EXTENTION" disabled=\
                                                                                no layer7-protocol="YOUTUBE DOWNLOAD" new-connection-mark=\
                                                                                "YOUTUBE DOWNLOAD" passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark="YOUTUBE DOWNLOAD" \
                                                                                disabled=no new-packet-mark="YOUTUBE DOWNLOAD" \
                                                                                passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=\
                                                                                "YOUTUBE STREAMING" new-connection-mark="YOUTUBE STREAMING" passthrough=\
                                                                                yes
                                                                                add action=mark-packet chain=forward connection-mark="YOUTUBE STREAMING" \
                                                                                disabled=no new-packet-mark="YOUTUBE STREAMING" \
                                                                                passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=TUBE \
                                                                                new-connection-mark=PORN1 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=PORN1 disabled=no \
                                                                                new-packet-mark=PORN1 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=PORN \
                                                                                new-connection-mark=PORN2 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=PORN2 disabled=no \
                                                                                new-packet-mark=PORN2 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=VIDEO \
                                                                                new-connection-mark=PORN3 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=PORN3 disabled=no \
                                                                                new-packet-mark=PORN3 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MOVIE \
                                                                                new-connection-mark=PORN4 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=PORN4 disabled=no \
                                                                                new-packet-mark=PORN4 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MKV \
                                                                                new-connection-mark=MKV passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MKV disabled=no \
                                                                                new-packet-mark=MKV passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MP3 \
                                                                                new-connection-mark=MP3 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MP3 disabled=no \
                                                                                new-packet-mark=MP3 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MP4 \
                                                                                new-connection-mark=MP4 passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MP4 disabled=no \
                                                                                new-packet-mark=MP4 passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=ZIP \
                                                                                new-connection-mark=ZIP passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=ZIP disabled=no \
                                                                                new-packet-mark=ZIP passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=EXE \
                                                                                new-connection-mark=EXE passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=EXE disabled=no \
                                                                                new-packet-mark=EXE passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=FLV \
                                                                                new-connection-mark=FLV passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=FLV disabled=no \
                                                                                new-packet-mark=FLV passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=ISO \
                                                                                new-connection-mark=ISO passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=ISO disabled=no \
                                                                                new-packet-mark=ISO passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MOV \
                                                                                new-connection-mark=MOV passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MOV disabled=no \
                                                                                new-packet-mark=MOV passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MPEG \
                                                                                new-connection-mark=MPEG passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MPEG disabled=no \
                                                                                new-packet-mark=MPEG passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=MPG \
                                                                                new-connection-mark=MPG passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=MPG disabled=no \
                                                                                new-packet-mark=MPG passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=WAV \
                                                                                new-connection-mark=WAV passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=WAV disabled=no \
                                                                                new-packet-mark=WAV passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=RAR \
                                                                                new-connection-mark=RAR passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=RAR disabled=no \
                                                                                new-packet-mark=RAR passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=WMV \
                                                                                new-connection-mark=WMV passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=WMV disabled=no \
                                                                                new-packet-mark=WMV passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=3GP \
                                                                                new-connection-mark=3GP passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=3GP disabled=no \
                                                                                new-packet-mark=3GP passthrough=no
                                                                                add action=mark-connection chain=forward disabled=no layer7-protocol=7z \
                                                                                new-connection-mark=7z passthrough=yes
                                                                                add action=mark-packet chain=forward connection-mark=7z disabled=no \
                                                                                new-packet-mark=7z passthrough=no








































                                                                                Ini Di bawah Scripts mangle Untuk pembagian otomatis bandwidth browsing Upload dan Download,Sesuaikan network yang kolom bewarna merah dengan network Proxy anda=
                                                                                Bisa di perhatikan paket di bawah menggunakan postrouting dan in interface Proxy yang akan membuat lebih Besar HIT nya,beda dengan tutorial sebelumnya:
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /ip firewall mangle
                                                                                add action=mark-connection chain=prerouting comment=HTTP disabled=no \
                                                                                dst-port=80 in-interface=Proxy new-connection-mark=\
                                                                                "garashinet HTTP" passthrough=yes protocol=tcp
                                                                                add action=mark-packet chain=postrouting connection-mark=\
                                                                                "garashinet HTTP" disabled=no dst-address=192.168.5.0/24 \
                                                                                new-packet-mark="garashinet HTTP D" passthrough=no
                                                                                add action=mark-packet chain=postrouting connection-mark=\
                                                                                "garashinet HTTP" disabled=no new-packet-mark=\
                                                                                "garashinet HTTP U" passthrough=no src-address=\
                                                                                192.168.5.0/24
                                                                                Queue Type
                                                                                Di bawah adalah Queue type untuk Bandwidth 1 MB,Jika Bandwidth anda 2 MB dan upload di bawah adalah 512KB ,jika anda mempunyai upload yang berbeda silahkan sesuaikan
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue type
                                                                                add kind=pcq name="PROXY DOWN" pcq-burst-rate=0 pcq-burst-threshold=0 \
                                                                                pcq-burst-time=10s pcq-classifier=\
                                                                                src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
                                                                                pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
                                                                                pcq-src-address6-mask=128 pcq-total-limit=1024
                                                                                add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
                                                                                5s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
                                                                                pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
                                                                                pcq-src-address6-mask=128 pcq-total-limit=1024
                                                                                add kind=pcq name=UP pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
                                                                                10s pcq-classifier=src-address,src-port pcq-dst-address-mask=32 \
                                                                                pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
                                                                                pcq-src-address6-mask=128 pcq-total-limit=512
                                                                                add kind=pfifo name=PING pfifo-limit=64
                                                                                add kind=pcq name=DLL pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
                                                                                10s pcq-classifier=src-address,dst-address,src-port,dst-port \
                                                                                pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 \
                                                                                pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=1024
                                                                                add kind=pcq name=HTTPS pcq-burst-rate=0 pcq-burst-threshold=0 \
                                                                                pcq-burst-time=10s pcq-classifier=\
                                                                                src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
                                                                                pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
                                                                                pcq-src-address6-mask=64 pcq-total-limit=1024
                                                                                Queue TreeDi bawah ini adalah queue tree “ALL DOWN” yang child nya nanti adalah
                                                                                A.BROWSING,
                                                                                C.HTTPS,
                                                                                D.LIMIT EXTENTION,
                                                                                E.DLL
                                                                                800k untuk bandwidth 3 MB ,200k saya sisakan , silahkan sesuaikan dengan bandwidth anda:
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=800k name="4.ALL DOWN" packet-mark="" parent=global-out \
                                                                                priority=3
                                                                                Dibawah ini adalah queue tree “LIMIT EXTENTION” yang childnya nanti adalah ZIP,RAR,YOUTUBE dan lain-lain , 500k adalah setengah dari total bandwidth,silahkan sesuaikan dengan bandwidth anda:
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=500k name="D.LIMIT EXTENTION" packet-mark="" parent=\
                                                                                "4.ALL DOWN" priority=4
                                                                                Di bawah ini adalah queue tree “YOUTUBE” yang nantinya childnya adalah YOUTUBE STREAMING dan YOUTUBE DOWNLOAD :
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=YOUTUBE packet-mark="" parent="D.LIMIT EXTENTION" \
                                                                                priority=4
                                                                                Di bawah ini adalah queue tree “PORN” yang nantinya childnya adalah PORN1, PORN2, PORN3, PORN4:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=PORN packet-mark="" parent="D.LIMIT EXTENTION" priority=4
                                                                                Di bawah Ini adalah queue tree “GAME” yang nantinya childnya adalah GAME ONLINE dan GAME FACEBOOK , yang bertulisan merah di bawah silahkan disesuaikan dengan bandwidth anda:
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
                                                                                max-limit=3M name=3.GAME packet-mark="" parent=global-out priority=2
                                                                                Di bawah ini adalah queue tree “BROWSING DOWNLOAD”:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=A.BROWSING packet-mark="garashinet HTTP D" \
                                                                                parent="4.ALL DOWN" priority=3 queue=DOWN
                                                                                Di bawah ini adalah queue tree “BROWSING UPLOAD” , yang bertulisan merah di bawah silahkan sesuaikan dengan bandwidth anda:
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=300k name="2.BROWSING UPLOAD" packet-mark=\
                                                                                "garashinet HTTP U" parent=global-out priority=2 queue=UP
                                                                                Di bawah ini adalah queue tree LIMIT EXTENTION RAR,ZIP,YOUTUBE dan lain-lain:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name="YOUTUBE STREAMING" packet-mark="YOUTUBE STREAMING" \
                                                                                parent=YOUTUBE priority=4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MKV packet-mark=MKV parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MP3 packet-mark=MP3 parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MP4 packet-mark=MP4 parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=ZIP packet-mark=ZIP parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=EXE packet-mark=EXE parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=ISO packet-mark=ISO parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=AVI packet-mark=AVI parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MOV packet-mark=MOV parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MPEG packet-mark=MPEG parent="D.LIMIT EXTENTION" \
                                                                                priority=4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=MPG packet-mark=MPG parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=RAR packet-mark=RAR parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=WAV packet-mark=WAV parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=WMV packet-mark=WMV parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=3GP packet-mark=3GP parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=7z packet-mark=7z parent="D.LIMIT EXTENTION" priority=4 \
                                                                                queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name="YOUTUBE DOWNLOAD" packet-mark="YOUTUBE DOWNLOAD" \
                                                                                parent=YOUTUBE priority=4 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=PORN1 packet-mark=PORN1 parent=PORN priority=4 queue=\
                                                                                DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=PORN2 packet-mark=PORN2 parent=PORN priority=4 queue=\
                                                                                DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=PORN3 packet-mark=PORN3 parent=PORN priority=4 queue=\
                                                                                DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=PORN4 packet-mark=PORN4 parent=PORN priority=4 queue=\
                                                                                DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name=FLV packet-mark=FLV parent="D.LIMIT EXTENTION" priority=\
                                                                                4 queue=DOWN
                                                                                Di bawah ini adalah queue tree “PROXY HIT” dengan limit 80M:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=80M \
                                                                                max-limit=80M name="1.PROXY HIT" packet-mark=\
                                                                                "garashinet SPH" parent=Local priority=2 queue="PROXY DOWN"
                                                                                Di bawah ini adalah queue tree “GAME ONLINE dan GAME FACEBOOK”:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name="A.GAME ONLINE" packet-mark="garashinet GO" \
                                                                                parent=3.GAME priority=2 queue=DOWN
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=0 name="B.GAME FACEBOOK" packet-mark=\
                                                                                "garashinet GF" parent=3.GAME priority=2 queue=DOWN
                                                                                Di bawah ini adalah queue tree HTTPS ,yg bertulisan merah di bawah ini silahkan sesuaikan dengan bandwidth anda (recomendasi 75% dari bandwidth) :
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=2M name=C.HTTPS packet-mark="garashinet H" parent=\
                                                                                "4.ALL DOWN" priority=2 queue=HTTPS
                                                                                Di bawah ini adalah queue tree DLL,yang bertulisan merah di bawah silahkan sesuaikan dengan bandwidth anda (recomendasi 30% dari bandwidth):
                                                                                Edit sebelum di Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
                                                                                max-limit=1M name=E.DLL packet-mark="garashinet DLL" parent=\
                                                                                "4.ALL DOWN" priority=8 queue=DLL
                                                                                Di bawah ini adalah queue tree ICMP dan DNS:
                                                                                Pastekan di “New Terminal” winbox
                                                                                /queue tree
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
                                                                                max-limit=100M name=4.ICMP packet-mark="garashinet I" \
                                                                                parent=global-out priority=1 queue=PING
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
                                                                                max-limit=100M name=6.DNS packet-mark="garashinet D" parent=\
                                                                                global-out priority=1 queue=PING
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
                                                                                max-limit=100M name=5.ICMP packet-mark="garashinet I" \
                                                                                parent=Public priority=1 queue=PING
                                                                                add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
                                                                                max-limit=100M name=7.DNS packet-mark="garashinet D" parent=\
                                                                                Public priority=1 queue=PING
                                                                                Catatan Penting:
                                                                                Bgi yang mempunyai Mikrotik Routerboard CPU Frequency di bawah 600 Mhz seperti RB750,RB750G,RB,RB750UP,RB,Dll,CPU Frequency bisa di lihat di Winbox bagian “System” kemudian “Resources”
                                                                                Harap Di edit Priority Queue Tree nya sebagai berikut ,Double Klik Point di bawah ini dan Edit Prioritynya:
                                                                                    1.PROXY HIT : Priority : 1
                                                                                    4.ALL HTTP DOWN : Priority : 8
                                                                                        A.BROWSING : Priority : 8
                                                                                        C.HTTPS: Priority : 8
                                                                                        D.LIMIT EXTENTION: Priority : 8
                                                                                        3GP,7z,AVI,EXE,FLV,ISO,MKV,MOV,MP3,MP4,MPEG,MPG,PORN,PORN1,PORN2,PORN3,PORN4,RAR : Priority : 8
                                                                                        YOUTUBE,YOUTUBE DOWNLOAD,YOUTUBE STREAMING,ZIP : Priority : 8
                                                                                        E.DLL : Priority : 8
                                                                                Tujuan..karna Processor kurang cepat jadi mesti di jauhkan priority dari PROXY HIT dengan yang lainnya.
                                                                                Supaya terbaca Hit dahulu baru yang laindan jangan Lupa habis di setting restart Mikrotik anda
                                                                                Selesai ..dan selamat mencoba…..







                                                                                Cara Flash Mito A82 100% Success

                                                                                Flashing Mito A82 Success 100% Lupa pola, Lupa Password dan Bootloop dapat diatasi dengan cara flashing, untuk lupa pola atau lupa passwo...