Tampilkan postingan dengan label IpCop. Tampilkan semua postingan
Tampilkan postingan dengan label IpCop. Tampilkan semua postingan

15/11/13

Setting Mikrotik Dan Proxy External IpCop

Kebutuhan akan akses jaringan yang cepat sangat penting, tapi bagaimana dengan bandwidth yang pas-pasan terutama di daerah, paling tinggi untuk acces speedy cuma paket 1Mb, untuk 5-10 PC warnet game online dan browsing sudah ngosh-ngoshan, apalagi client yang doyan download dan nonton you tube?
Ada yang mengatasi dengan memasang 2 line speedy 1Mb, agar bandwidth speedy bisa mencapai 2Mb, apa itu bisa? . Loadbalance solusinya..   Entahlah

Akhirnya Warnet Pakai Speedy mencoba menggabungkan Mikrotik RB750 dengan Proxy External IpCop dan walaupun belum menemukan settingan yang memuaskan tapi cukup membatu terutama untuk Update game online seperti PB dan LS dan game online lainnya, ada perubahan saat mengakses halaman Web yang sudah pernah di buka, cukup cepat..

Berikut ini Screen Shootnya..
Proxy Hit


Squid Log
Untuk sementara Warnet Pakai Speedy merasa tenang, karena klient yang berteriak leg, sudah berkurang walaupun ada yang teriak tapi maklum setelah Warnet Pakai SPeedy perhatikan disebabkan oleh ping dari google atau DNS speedy yang telah pada waktu dan hari-hari tertentu, contohnya hari ini , Jum,at
Perhatikan Screenshoot dari ping ke Google
Ping Google.com

Jika ada yang ingin mencoba mencoba silahkan..
Untuk tutorialnya ada di blog warnet pakai speedy ini..

Tambahan :
Untuk settingg squid.conf  IpCop Warnet pakai SPeedy menggunakan seperti dibawah ini :
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
#
# Instead, modify the file '/var/ipcop/proxy/advanced/acls/include.acl' and
# then restart the proxy service using the web interface. Changes made to the
# 'include.acl' file will propagate to the 'squid.conf' file at that time.

shutdown_lifetime 5 seconds
icp_port 0

http_port 192.168.5.2:3128 transparent
#tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
#End of custom includes

cache_effective_user squid
cache_effective_group squid
umask 022

pid_filename /var/run/squid.pid

cache_mem 8 MB
cache_dir aufs /var/log/cache 1000 16 256

error_directory /usr/lib/squid/advproxy/errors.ipcop/English

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

log_mime_hdrs off
forwarded_for off
via off

acl within_timeframe time MTWHFAS 00:00-24:00

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128 # Squids port (for icons)

acl IPCop_http  port 81
acl IPCop_https port 445
acl IPCop_ips              dst 192.168.5.2
acl IPCop_networks         src "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_servers          dst "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_green_network    src 192.168.5.0/255.255.255.0
acl IPCop_green_servers    dst 192.168.5.0/255.255.255.0
acl CONNECT method CONNECT
#Start of custom includes

cache_swap_low 98
cache_swap_high 99
maximum_object_size_in_memory 64 KB
ipcache_size 8192
cache_vary on
ipcache_low 98
ipcache_high 99

# Add File Extension you want to cache
refresh_pattern -i \.(jp?g|gif|pnp|png|\?bm?)$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.jar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.klz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dif$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.avi$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.iso$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.3gp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mpeg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xml$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.exe$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.zip$ 0 90% 40320 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mp3$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dll$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.rar$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.ver$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.erl$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.npz$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xt$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.xtp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.cfg$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.des$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.new$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.t2bk$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.smd$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.gi$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.dat$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.luc$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.flv$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.html$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.htm$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.php$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.jsp$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.swf$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.bin$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.pdf$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i \.mp4$ 0 90% 43200 ignore-reload override-expire reload-into-ims
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 ignore-reload override-expire reload-into-ims

refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://www.telkomspeedy.com/.* 720 100% 28800
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.gemscool.com/.* 720 80% 10080

refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080

refresh_pattern ^http://*.detik.com/.* 720 90% 2880

refresh_pattern ^http://*.facebook.com/.* 720 90% 2880
refresh_pattern ^http://*.akamaihd.*/.* 720 90% 2880

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
##--------------
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
store_avg_object_size 32 KB
log_fqdn off
log_icp_queries off
memory_pools off
log_ip_on_direct off
log_mime_hdrs off
buffered_logs off
icp_hit_stale on
query_icmp on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on

#acl download url_regex -i ftp .mp3 .vqf .flv .tar.gz .exe .mpeg .mp2 .mp4 .torent .gz .rpm .zip .rar .avi .3gp .mov .mpe .mpg .qt .ram .rm .iso .raw .wav .pdf .wmv .wma .ogg .doc
#acl download url_regex -i \.exe$ \.mp3$ \.vqf$ \.gz$ \.rpm$ \.zip$ \.rar$ \.pdf$ \.doc$ \.avi$ \.mpe$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.dat$ \.raw$ \.wav$ \.mp4$ \.mpeg$ \.3gp$ \.flv$
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 24000/24000
#delay_access 1 deny IPCop_ips
#delay_access 1 allow download
#delay_initial_bucket_level 100

#Access to squid:
#local machine, no restriction
http_access allow         localhost

#GUI admin if local machine connects
http_access allow         IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https

#Deny not web services
http_access deny          !Safe_ports
http_access deny  CONNECT !SSL_ports

#Prevent internal proxy access to Green
http_access deny IPCop_green_servers !IPCop_green_network

#Set custom configured ACLs
http_access allow IPCop_networks within_timeframe
http_access deny  all

#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all

maximum_object_size 10096 KB
minimum_object_size 0 KB

request_body_max_size 0 KB
reply_body_max_size 0 allow all

visible_hostname garashinet.localdomain

Agar Hit dapat di Access oleh mikrotik warnet pakai speedy menambahkan ini pada etc/rc.d/rc.local
route add default gateway 192.168.5.1
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.5.2 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.5.2 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
Demikianlah Setting Mikrotik dan Proxy External IpCop
Semoga bisa membantu..

01/11/13

Instal IpCop Sebagai External Proxy Game Online



A. TOPOLOGI JARINGAN
Pertama saya akan membuat topologi jaringan terlebih dahulu

SAYA REKOMENDASIKAN YANG BARU TAHU IPCOP, MEMAKAI TOPOLOGI INI
B. SYSTEM REQUIREMENT
Sebenarnya untuk IPCOP ini cukup kecil minimum hardware yang dipakai, akan tetapi jika anda ingin membuat server proxy yang tangguh, pastinya membutuhkan hardware yang bagus.

Sistem Hardware yang saya pakai :
Processor Intel Xeon
RAM 4 GB
HDD 500 GB

C. DOWNLOAD IPCOP
Untuk mendapatkan IPCOP silahkan download ISO nya di sini

D. Persiapan Burning atau membuat bootable IPCOP via USB
Untuk burning ke CD, cukup burning aja pake Nero atau program lainnya. Sekarang saya akan menjelaskan bagaimana cara membuat bootable ke USB.
Yang diperlukan adalah :
1. Program dd yang berfungsi untuk membuat bootable , dapat didownload di sini
2. IPCOP untuk USB dapat di download di sini , cari yang ada namanya fdd seperti ini ipcop-2.0.3-install-usb-fdd.i486.img.gz .Buka dan Extract file extension gz tersebut dengan winrar lalu anda akan mendapatkan file dengan extension img saja. Simpan program dd tersebut ke satu folder file img ipcop (rekomendasi saya di C saja, karena lebih mudah nanti)
Colok Flashdisk (flashdisk saya di sini drive letternya F) dan Buka command prompt , lalu ketikkan
C:\> dd if=ipcop-2.0.3-install-usb-fdd.i486.img of=\\.\f: bs=1440k
Tunggu beberapa saat hingga kembali ke C:\> lagi

E. Installasi IPCOP
Saya comot aja dari blog http://rotyyu.blogspot.com/2013/01/tutorial-instalasi-distro-ipcop-203.html hehehe
Berikut ini adalah step by step instalasi IPCop 2.0.3:

  1. Pastikan PC sudah diatur untuk booting dari CD. Pengaturan ini dapat dilakukan melalui BIOS. Di awal instalasi tekan tombol Enter untuk melanjutkan.
  2. Pilih bahasa yang akan digunakan.
  3. Konfirmasi untuk melanjutkan instalasi dengan memiliki Ok.
  4. Pilih jenis papan ketik yang digunakan.
  5. Pilih zona waktu di mana server berada.
  6. Pastikan pengaturan waktu sudah benar.
  7. Tentukan harddisk yang akan digunakan untuk instalasi.

  8. Konfirmasi dengan memilih Ok.
  9. Pilih tipe instalasi. Jika menggunakan flash card, sebaiknya pilih Flash karena akan memperpanjang umur kartunya.
  10. Instalasi akan berlangsung beberapa saat, tunggu hingga selesai.
  11. Jika punya salinan konfigurasi dari instalasi IPCop sebelumnya, inilah saat yang tepat bila ingin menggunakannya.
  12. Instalasi selesai. Bagian selanjutnya adalah konfigurasi dasar.


  1. Pertama sekali berikan nama host untuk server ini.
  2. Lanjutkan dengan memberikan nama domain.
  3. Pilih tipe antar muka untuk interface RED. Pilih Static ya :)
  4. Pilih kartu jaringan.
  5. Tentukan jenis antarmuka yang dipilih di langkah sebelumnya. GREEN untuk kartu yang terhubung ke jaringan lokal.
  6. Kembali ke langkah empat dan lima. Pilih RED untuk kartu jaringan yang terhubung ke Internet.
  7. Pastikan dua kartu jaringan sudah diberi warna. jadi LAN ONBOARD (intel corporation) adalah Green dan Network Card sebagai RED. bagaimana cara mengetahui Onboard atau Network Card, Network Card yang dicolok punya nama produk kan? :D
  8. Masukkan pengaturan alamat IP untuk kartu jaringan GREEN. Isikan 192.168.12.1 (lihat topologi)

  9. Masukkan DNS server yang akan digunakan. Primary DNS isikan 192.168.12.15 , Secondary DNS isikan 192.168.12.15 dan Default Gateway 192.168.12.15 (Lihat topologi jaringan di atas)
  10. Jangan aktifkan DHCP

  11. Tentukan password untuk root.
  12. Tentukan password untuk admin, user ini akan digunakan melalui antarmuka web.
  13. Tentukan password untuk user backup, user ini nantinya akan digunakan untuk backup dan restore konfigurasi IPCop.
  14. Konfigurasi dasar selesai.
F. KONFIGURASI PROXY IPCOP
Tambahkan IP Address IPCOP pada Mikrotik ( 192.168.12.15 )

Untuk tes koneksi antara mikrotik dan IPCOP, silahkan PING dari IPCOP ataupun Mikrotik

Buatlah sebuah NAT mikrotik untuk mengakses proxy IPCOP


Lalu buka web interface IPCOP dengan mengetikkan
https://192.168.12.1:8443

Aktifkan Proxy IPCOP dengan Port 878


Enable On GREEN = Check
Transparant On GREEN = Check
Log Enable = Check
Klik SAVE

Disable internal proxy access to GREEN from the subnet = Check
Masukkan subnet IP LAN Mikrotik pada kolom Allowed Subnet , 192.168.1.0/24
Klik SAVE

Sekarang Proxy IPCOP berhasil di sinkron kan oleh mikrotik

G. INSTALL ADDON UPDATE ACCELERATOR
Apalagi Update Accelerator ? Update Accelerator berfungsi untuk mengambil nilai REGEX ( lihat di google apa itu REGEX ). Intinya berfungsi untuk update patch game online
Download AddOn nya di sini
Lalu bagaimana cara mengupload AddOn tersebut ? Saya memakai Program WinSCP

Cara Upload file ke IPCOP
Sebelumnya anda harus mengaktifkan SSH Access pada IPCOP, buka web interface IPCOP kembali, lalu Aktifkan SSH Access Pada Menu System -> SSH Access

Masih ingat password saat menginstall IPCOP ? Gunakan username root dan password tersebut, dengan port 8022 yang telah diberikan akses oleh SSH IPCOP menggunakan WinSCP

Setelah berhasil masuk, pada sebelah kiri adalah folder komputer dan sebelah kanan adalah folder IPCOP.
Saya rekomendasikan upload file Update Accelerator tersebut pada folder tmp IPCOP.
Lalu extract file tersebut seperti di bawah ini :



Setelah diinstall, sekarang anda akan melihat Update Accelerator pada Service -> Update Accelerator

Check konfigurasi seperti gambar di atas

H. Menambahkan REGEX Update Game Online
Buka file /usr/sbin/updxlrator lalu ketikkan REGEX nya sebelum

Lalu bagaimana cara membuat regex tersebut ?
Download program URL HELPER
Klik Start lalu pilih Network Interface / LAN Onboard, coba download sebuah program/game. Contoh saya lagi update Opera. Jadi hasil scanner data yang didapatkan dari URL Helper yaitu :
http://get.geo.opera.com/pub/opera/win/1216/autoupdate/Opera-12.16-1860.i386.autoupdate.exe

bagaimana cara membuat regex manual ?
if($source_url =~ m@^http://get\.geo\.opera\.com/pub/opera/.*\.(exe)$@i)
{
  $xlrator_url =&check_cache($source_url,$hostaddr,$username,"Opera",$mirror);
}
Berikut saya berikan regex untuk update game online

#game co.id
if ($source_url =~ m@^http://.*\.agame\.com/.*\.(swf|dcr)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"GameCoId",$mirror);
    }
#LS
if ($source_url =~ m@^http://patch\.gemscool\.com/lsaga/Client/.*\.(iop)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"LS",$mirror);
    }
#DN
if ($source_url =~ m@^http://patch\.gemscool\.com/dragonnest/live/.*\.(pak)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"DN",$mirror);
    }
#PB
if ($source_url =~ m@^http://file\.pb\.gemscool\.com/gamepatch/.*\.(zip)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"PB",$mirror);
    }
#FIFA
if ($source_url =~ m@^http://202.158.252.194/FIFAON/.*\.(des|erl)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"FIFA",$mirror);
    }
#Mercenary OPS
if ($source_url =~ m@^http://crl\.cnnic\.cn/download/crl/.*\.(crl)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"Mercenary OPS",$mirror);
    }
#Modo Marble
if ($source_url =~ m@^http://update1\.netmarble\.co\.id/modoo/Patch/ModooMarble/.*\.(zip)$@i)
    {
        $xlrator_url = &check_cache($source_url,$hostaddr,$username,"Modo Marble
",$mirror);
    }
Copotan dari SINI

10/06/13

Setting IpCop Sebagai Web Proxy Eksternal Mikrotik

Untuk Setting IpCop Sebagai Web Proxy Eksternal Mikrotik yang perlu diperhatikan adalah :

  1. Mikrotik sudah konek ke internat
  2. IpCop sudah di instal serta pengaturannya [ DISINI ]
  3. Setting HIT SQUID dan Bandwidth management di Mikrotik [ DISINI atau DISINI ]

my_Logo2

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik

Topology Jaringan Saya Seperti Ini


Dalam sebuah jaringan internet seperti diwarnet-warnet itu sangat cocok dengan menggunakan Server proxy apalagi warnet yang khususnya Game online, Server proxy ini sangat mendukung untuk kelancaran jaringan anda, yang mana nantinya didalam server anda akan mendukung squid proxy, Hit, Queues tree dan Mangle pada mikrotik anda, berikut tutornya.

Sebelumnya saya akan menerapkan IP address dari beberapa jaringan saya :
IP Address Ehter1 untuk koneksi dari modem : 192.168.1.2
IP Address Ether2 untuk koneksi Local 192.168.0.1
IP Address Ether3 ke Proxy : 192.168.5.1
dan
IP Address External Proxy : 192.168.5.2 (Green IpCop)
Sebelum memulai tutorialnya jangan lupa untuk menyesuaikan "nama interface" Routerboar mikrotik anda serta menyesuaikan IP address tutorial ini dengan ip address jaringan anda, disini kita akan membahasa masalah hit squid Proxy, pembagian bandwith download serta upload dan juga tentang Ping untuk Game Online dan Browsing.
Langsung saja kepermasalahan, untuk permulaan ada dapat mengeset interface lan anda lewat "new terminal" di Mikrotik, berikut nama interface di mikrotik saya,

Set Interface Mikrotik
/interface set 0 name=Public
/interface set 1 name=Local
/interface set 2 name=Proxy
Maka hasilnya dapat anda lihat seperti gambar dibawah ini
clip_image002

Set IP Address pada tiap-tiap interface (ketik di new terminal)
/ip address add address=192.168.1.2 netmask=255.255.255.0 interface=Public
/ip address add address=192.168.0.1 netmask=255.255.255.0 interface=Local
/ip address add address=192.168.5.1 netmask=255.255.255.0 interface=Proxy
clip_image003

Set range jaringan Local anda
/ip pool add name=pool ranges=192.168.0.2-192.168.0.254
clip_image004

Set DNS jaringan (Sesuaikan dengan DNS Anda)
/ip dns set servers=203.130.208.18 allow-remote-requested=yes
clip_image006
Setting Gateway sesuai dengan gateway jaringan anda (dari ISP)
/ip route add gateway=192.168.1.1
clip_image008

Setting IP Firewall Nat di Mikrotik, disini diterapkan juga Nat untuk Redirect Proxy Squid dengan menggunakan port 3128,
Bila mana pada Firewall nat ada terdapat IP address dan nama interface, maka sesuaikan dengan IP address dan nama interface mikrotik anda, berikut perintahnya :
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.0.0/24 action=masquerade src-address-list="REGISTRASI IP CLIENT" comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.5.0/24 action=masquerade src-address-list="REGISTRASI IP PROXY" comment="PROXY NAT MASQUERADE"
/ip firewall nat add chain=dstnat src-address=!192.168.5.0/24 protocol=tcp dst-port=80 in-interface=Local src-address-list="REGISTRASI IP PROXY" action=dst-nat to-address=192.168.5.2 to-ports=3128 comment="REDIRECT KE PROXY"
/ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" disabled=no dst-port=53 in-interface=Local protocol=udp to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
Maka hasilnya anda dapat lihat pada gambar dibawah ini
clip_image009
Set Security atau keamanan Mikrotik
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER1" address-list-timeout=2w chain=input comment="PORT SCANNER2 KE ADDRESS LIST " disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER2" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER3" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER4" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER5" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER6" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER7" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input comment="BLOK PORT SCANNER" disabled=no src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input comment="IZINKAN MENDIRIKAN KONEKSI" connection-state=established disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN KONEKSI TERKAIT" connection-state=related disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN PING LOCAL" disabled=no protocol=icmp src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN PING PROXY" disabled=no protocol=icmp src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI LOCAL" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI PROXY" disabled=no src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=jump chain=forward comment="FILTER PAKET YANG JELEK" disabled=no jump-target=tcp protocol=tcp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=udp protocol=udp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp comment="TOLAK SMTP" disabled=no dst-port=25 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK RPC2portmapper" disabled=no dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NBT" disabled=no dst-port=137-139 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK CIFS" disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NFS" disabled=no dst-port=2049 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=20034 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no dst-port=67-68 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no dst-port=69 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no dst-port=137-139 protocol=udp
/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no dst-port=2049 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no src-address-list="REGISTRASI IP PROXY"
clip_image010

Membuat Address List jaringan Local yang dapat konek ke internet, (sesuaikan dengan ip address Local anda)
/ip firewall address-list add address=192.168.5.2 comment="SQUID PROXY EXTERNAL" disabled=no list=" REGISTRASI IP PROXY"
/ip firewall address-list add address=192.168.0.2 comment="CLIENT1" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.3 comment="CLIENT2" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.4 comment="CLIENT3" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.5 comment="CLIENT4" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.6 comment="CLIENT5" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.7 comment="CLIENT6" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.8 comment="CLIENT7" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.9 comment="CLIENT8" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.10 comment="CLIENT9" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.11 comment="CLIENT10" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.12 comment="CLIENT11" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.13 comment="CLIENT12" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.14 comment="CLIENT13" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.15 comment="CLIENT14" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.16 comment="CLIENT15" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.17 comment="CLIENT16" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.18 comment="CLIENT17" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.19 comment="CLIENT18" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.20 comment="CLIENT19" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.21 comment="CLIENT20" disabled=no list="REGISTRASI IP CLIENT"
Kemudian setting Upload dan Donwload Youtube serta files ectention di Layar7 Protocols.
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp=\\.(vcd)

clip_image011

Setting Firewall Mangle
Berikut perintah Firewall Mangle untuk Squid Hit Proxy, Mangle untuk squid koneksi dan Mangle untuk squid paket
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HIT" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING SQUID" disabled=no dst-address-list="!REGISTRASI IP CLIENT" dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthrough=yes protocol=tcp src-address-list="REGISTRASI IP PROXY"
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" connection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthrough=no
SET Mangle untuk semua koneksi masuk dan keluar, Mangle Browsing dari semua koneksi masuk dan Mangle ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no dst-address-list="!REGISTRASI IP CLIENT" in-interface=Local new-connection-mark="SEMUA KONEKSI MASUK" passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark="SEMUA KONEKSI KELUAR" out-interface=Local passthrough=yes src-address-list="!REGISTRASI IP CLIENT" comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark="SEMUA PAKET MASUK" passthrough=yes connection-mark="SEMUA KONEKSI MASUK" comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" comment="SEMUA PAKET KELUAR"
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING CLIENT" connection-mark="SEMUA KONEKSI MASUK" disabled=no new-connection-mark="BROWSING KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting disabled=no dscp=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KOMEKSI"
clip_image012

Mangle untuk game online seperti RF-Online, Pointblank dll,
/ip firewall mangle add action=mark-connection chain=prerouting comment="POINT BLANK" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="RF ONLINE" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing paket
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICMP PAKET"
/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no
/ip firewall mangle add action=mark-connection new-connection-mark="GAME KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI MASUK" comment="GAME CLIENT"
/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp
clip_image013

Setting Change DSCP ICMP dan port 53
/ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=udp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=tcp

Set Mangle Files Ectention seperti iso, rar, mp3, zip, exe, dll.
/ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no out-interface=Local new-connection-mark="EXTENTION KONEKSI" passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" layer7-protocol=YOUTUBE disabled=no new-packet-mark="YOUTUBE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" layer7-protocol=WMV disabled=no new-packet-mark="WMV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" layer7-protocol=EXE disabled=no new-packet-mark="EXE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" layer7-protocol=ZIP new-packet-mark="ZIP" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" layer7-protocol=RAR new-packet-mark="RAR" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" layer7-protocol=MPG new-packet-mark="MPG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" layer7-protocol=MPEG new-packet-mark="MPEG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" layer7-protocol=MP3 new-packet-mark="MP3" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" layer7-protocol=MOV new-packet-mark="MOV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disabled=no layer7-protocol=ISO new-packet-mark="ISO" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" layer7-protocol=MKV new-packet-mark="MKV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" layer7-protocol=FLV new-packet-mark="FLV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" layer7-protocol=AVI new-packet-mark="AVI" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" layer7-protocol=CAB new-packet-mark="CAB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" layer7-protocol=ASF new-packet-mark="ASF" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" layer7-protocol=WAV new-packet-mark="WAV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" layer7-protocol=RM new-packet-mark="RM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" layer7-protocol=RAM new-packet-mark="RAM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" layer7-protocol=RMVB new-packet-mark="RMVB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" layer7-protocol=DAT new-packet-mark="DAT" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" layer7-protocol=DAA new-packet-mark="DAA" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" layer7-protocol=NRG new-packet-mark="NRG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" layer7-protocol=BIN new-packet-mark="BIN" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" VCD new-packet-mark="VCD" passthrough=no
clip_image015

Setting Mangle Paket pada client, sesuaikan dengan IP Address Client anda
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT1" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.2 new-packet-mark="CLIENT1" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT2" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.3 new-packet-mark="CLIENT2" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT3" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.4 new-packet-mark="CLIENT3" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT4" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.5 new-packet-mark="CLIENT4" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT5" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.6 new-packet-mark="CLIENT5" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT6" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.7 new-packet-mark="CLIENT6" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT7" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.8 new-packet-mark="CLIENT7" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT8" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.9 new-packet-mark="CLIENT8" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT9" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.10 new-packet-mark="CLIENT9" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT10" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.11 new-packet-mark="CLIENT10" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT11" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.12 new-packet-mark="CLIENT11" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT12" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.13 new-packet-mark="CLIENT12" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT13" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.30.14 new-packet-mark="CLIENT13" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT14" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.15 new-packet-mark="CLIENT14" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT15" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.16 new-packet-mark="CLIENT15" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT16" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.17 new-packet-mark="CLIENT16" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT17" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.18 new-packet-mark="CLIENT17" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT18" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.19 new-packet-mark="CLIENT18" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT19" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.20 new-packet-mark="CLIENT19" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT20" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.21 new-packet-mark="CLIENT20" passthrough=no protocol=tcp
clip_image016


Setting Queues Tree, ICMP Priority, Queues Squid Hit Priority, Queues Limit file Ectention Priority, Queues tree semua upload priority, total download priority, Game download priority, Browsing paket priority, Queues tree total download client serta Queues tree client.
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=global-out priority=1 queue="default"
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="SQUID HIT" packet-mark="PROXY HIT" parent=Local priority=2 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="LIMIT FILE EXTENTION" parent=global-out priority=3
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="YOUTUBE" packet-mark="YOUTUBE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP3" packet-mark="MP3" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP4" packet-mark="MP4" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WMV" packet-mark="WMV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL UPLOAD+++" packet-mark="SEMUA PAKET MASUK" parent=Public priority=4 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" parent=global-out priority=5
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="GAME DOWNLOAD" packet-mark="GAME PAKET" parent="+++TOTAL DOWNLOAD+++" priority=6 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="BROWSING PAKET" packet-mark="BROWSING PAKET" parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" parent="+++TOTAL DOWNLOAD+++" priority=8 packet-mark="SEMUA PAKET KELUAR"
Setting Queues Per Client
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT1" packet-mark="CLIENT1" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT2" packet-mark="CLIENT2" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT3" packet-mark="CLIENT3" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT4" packet-mark="CLIENT4" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT5" packet-mark="CLIENT5" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT6" packet-mark="CLIENT6" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT7" packet-mark="CLIENT7" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT8" packet-mark="CLIENT8" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT9" packet-mark="CLIENT9" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT10" packet-mark="CLIENT10" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT11" packet-mark="CLIENT11" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT12" packet-mark="CLIENT12" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT13" packet-mark="CLIENT13" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT14" packet-mark="CLIENT14" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT15" packet-mark="CLIENT15" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT16" packet-mark="CLIENT16" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT17" packet-mark="CLIENT17" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT18" packet-mark="CLIENT18" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT19" packet-mark="CLIENT19" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT20" packet-mark="CLIENT20" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
clip_image017
Note:
Sesuaika dengan IP Publik Jaringan anda, sesuaikan dengan IP Local anda dan sesuaikan dengan IP Server Proxy anda
Seting IpCop juga!

Cara Flash Mito A82 100% Success

Flashing Mito A82 Success 100% Lupa pola, Lupa Password dan Bootloop dapat diatasi dengan cara flashing, untuk lupa pola atau lupa passwo...