Tampilkan postingan dengan label Jaringan. Tampilkan semua postingan
Tampilkan postingan dengan label Jaringan. Tampilkan semua postingan

25/10/13

Cara Setting Transparent Proxy Mikrotik

Cara Setting Transparent Proxy Mikrotik
Transparent Proxy adalah konsep proxy transparan yaitu konfigurasi proxy dimana client yang terhubung ke proxy tidak harus menyeting atau memasukkan konfigurasi proxy ke browser satu per satu. Sehingga penggunaan proxy akan lebih simpel dan mudah. 

Setting Web Proxy Mikrotik

Silakan buka Winbox dan ikuti langkah berikut :
1. Masuk ke menu IP --> Web Proxy pada Winbox
2. Untuk mengaktifkan Web Proxy centang tombol "Enabled"
3. Isikan port yang akan digunakan oleh Proxy. Isikan saja port 8080
4. Cache Administrator bisa anda ganti dengan email anda sendiri selaku Admin nya
5. Max. Cache Size menentukan berapa besar alokasi memori untuk menyimpan cache proxy nya. Silakan anda isikan sesuai kebutuhan atau bisa saja pilih unlimited.
6. Centang opsi Cache On Disk agar penyimpanan dilakukan pada harddisk Mikrotik bukannya RAM. Karena biasanya harddisk Mikrotik lebih basar daripada RAM nya.
7. Klik Apply --> OK 



Sampai disini Web Proxy sudah berhasil dibuat. Anda sudah bisa menggunakan Web Proxy Mikrotik ini namun harus mengkonfigurasi setingan Proxy pada Browser anda dulu dengan IP address Mikrotik dan port 8080. Nah, biar ga ribet seting browser dan membuatnya lebih simple kita akan mengaktifkan fungsi Transparent Proxy.

Cara Setting Transparent Proxy Mikrotik

Cara kerja Transparent Proxy ini dengan mengalihkan (redirect) Traffic data HTTP (destination port 80) ke port yang digunakan proxy yaitu 8080. Caranya dengan mengkonfigurasi Firewall NAT nya dengan chain=dstnat dan action redirect.
Berikut ini command nya :
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
atau bisa melalui Winbox, masuk menu IP --> Firewall



Pada tab General 
Chain : dstnat
Protocol : tcp
Dst. Port : 80


Pada tab Action
Action : redirect
To Ports : 8080

Sekarang Proxy Mikrotik nya sudah Transparent. Untuk mengujinya, silakan anda buka menu IP --> Web Proxy di Winbox. Masuk tab Status dan klik Connections. Kalau keduanya sudah ada isinya berarti transparent Proxy Mikrotik sudah jalan.


Selain itu anda juga bisa menguji nya dengan membuka browser kemudian masukkan alamat sembarang supaya terjadi pesan error. Jika Transparent Proxy Mikrotik sudah jalan maka akan muncul pesan error dari Mikrotik nya seperti gambar berikut ini :


VIDEO TUTORIAL



 Tutorial Cara Setting Transparent Proxy Mikrotik

26/09/13

Cara Mempercepat Koneksi Internet Dengan Hack Regedit

Cara Mempercepat Koneksi Internet

Tips Mempercepat Koneksi Internet
Tips Mempercepat Koneksi Internet
Secara Default, Windows Menkonsumsi 20% Bandwith Komputer Anda.
Bandwith ini digunakan untuk "jaga-jaga" dan juga untuk memeriksa komputer anda dari situsnya Microsoft sana.
Caranya adalah:
klik Start–>Run–>type "gpedit.msc" tanpa tanda kutip "".
Ini untuk membuka group policy editor.
Kalau sudah muncul windowsnya, masuk ke:
Local Computer Policy–>Computer Configuration–>Administrative Templates–>Network–>QOS Packet Scheduler–>Limit Reservable Bandwidth
Double click pada Limit Reservable bandwidth. Disana ditunjukkan bahwa string ini belum diatur (not configured) tap pada kenyataannya pada tab Explain’ ada penjelasan:
"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
Jadi Trik yang kita lakukan adalah mendisablenya dengan mengeset nilainya menjadi NOL.

Mempercepat Browsing Dengan DNS Cache
Buka notepad dan copy paste kode di bawah ini:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic es|DnscacheParameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtILimit"=dword:0000fa00
"MaxSOACacheEntryTtILimit"=dword:0000012d
Simpan dengan nama dnscache.reg
Double click file ini di windows explorer, tekan "yes".
Cara Lain Mempercepat Koneksi Internet
Copy Paste Kode Di Bawah Ini Ke Dalam Notepad. Simpan Dengan Nama "speed.reg"
REGEDIT4
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesT cpipParameters]
"SackOpts"=dword:00000001
"TcpWindowSize"=dword:0005ae4c
"Tcp1323Opts"=dword:00000003
"DefaultTTL"=dword:00000040
"EnablePMTUBHDetect"=dword:00000000
"EnablePMTUDiscovery"=dword:00000001
"GlobalMaxTcpWindowSize"=dword:0005ae4c
Bagi Pengguna Koneksi LAN
berikut ini cara untuk mempercepat koneksi LAN
Buka registry editor (start > run> ketik regedit)
masuk ke
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionExplorer-
RemoteComputerNameSpace dan DELETE key {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Tutup registry editor dan restart windows.
5.Bagi Pengguna Koneksi Internet Dengan Broadband/DSL Cobalah Trik Berikut Ini:
Buka registry editor dan masuk ke: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesT cpipParameters
Buat string DWORD baru, dengan cara mengklik ‘Edit -> New -> DWORD Value’ dan buat nama-nama value dibawah ini (buat sendiri karena belum ada).
DefaultTTL = "80″ hex (atau 128 decimal) .
EnablePMTUBHDetect = "0″
EnablePMTUDiscovery = "1″
GlobalMaxTcpWindowSize = "7FFF" hex (or 32767 decimal)
TcpMaxDupAcks = "2″
SackOpts = "1″
Tcp1323Opts = "1″
TcpWindowSize = "7FFF" hex (or 32767 decimal)
tutup registry dan restart computer.

Cara Mempercepat Koneksi Internet Speedy Tanpa Software

Cara Mempercepat Koneksi Internet Speedy

Tips Mempercepat Koneksi Internet Speedy
Tips Mempercepat Koneksi Internet Speedy
Cara Yang Pertama:
  1. Masuk ke settingan modem, 192.168.1.1
  2. Klik Advanced Setup
  3. Klik ADSL, lalu pilih ADSL Mode, awalnya pasti ADSL2+ lalu diganti jadi G.DMT, lalu klik save, tunggu beberapa saat browsing lagi
Cara Yang Kedua:
  1. Setelah lakukan cara pertama lalu masuk ke control panel lalu pilih Network Connections
  2. Klik kanan di LAN atau Wireless Network Connection, lalu pilih properties. Tergantung kalian pake LAN atau WIFI
  3. Lalu klik di internet protocol (TCP/IP) klik properties
  4. Pilih Use the following DNS server addresses
  5. Masukkan preferred DNS server: 8.8.8.8
  6. Masukkan Alternate DNS server :8.8.4.4, Lalu klik ok
  7. Klik kanan di gambar jaringan di paling bawah kanan layar komputer kita, lalu pilih repair, dan setelah itu buktikan kecepatan yang terasa pasti lebih cepat dari kecepatan yang sebelumnya.

04/08/13

IP Address Di Ban..? Solusinya.

"Warnet ini tidakdapat mengakses layanan gemscool karena ip address telah diblokir.
Silahkan hubungi layananwarnet biz gemscool."
Menyedihkan :(

Pernah liat kata-kata diatas? atau pernah mengalaminya?
Mudah-mudahan jangan..

Tapi bagi yang sudah kadung atau terlanjur mengalami hal yang sama pasti bingung, marah, kesal, nyumpahin dan sebagainya.
Mungkin itu adalah konsekwensi dari warnet.. 
Karena tidak mungkin semua client user bisa diawasi,. khususnya yang menggunakan yang namanya Cheat. Sudah menjadi rahasia umum kalau warnet selalu menjadi korban ban, tidak tidak dengan penyedia cheat, blog atau website yang menyediakan cheat bahkan update lagi, begitu mudahnya para user menemukan cheat, gratis pula.

Dilema memang, atau memang begini nasib game di indonesia
Cheater dan Cheat Developer tidak bisa tersentuh oleh penyedia layanan game online, ya yang jadi korban atas perbuatan mereka ya tentu "Pengusaha Warnet", "Operator Warnet", dan "Warnet".
Di Ban ..
Ganti Isp
Dsb.....

"TAK SATU JALAN MENUJU ROMA"
Tentu ada solusinya....

1. Jika benar Ip Address ISP yang diblokir berarti harus ganti IP Address ISP baru..
2. Tapi biasanya yang diblokir adalah Mac Address PC yang bersangkutan,. Ganti "Mac Address"

Cara ganti Mac Address Computer
A. Cara Manual ..
Klik --> Star ---> Control Panel ---> Network Connections.
Klik kanan "Local Area Connetion", klik "Properties", pada bagian "Connect using" klik tombol "Configure", pilih tab "Advance". Selanjutnya pilih "Locally Administered Address", pada box "Value" masukan mac address baru, 
Atau seperti SS dibawah ini

 Selesai..

B. Menggunakan Software
Untuk cara yang satu ini banyak di internet
Ketik saja keyword di Google Searcah "cara mengganti mac address dengan software"
Nggak nemu?
Download langsung aja [ disini ]

SELESAI





03/08/13

Cara Load Balancing 2 Line Speedy Dengan Mikrotik RB750

Cara Load Balancing 2 Line Jaringan Telkom Speedy 

Misalnya :
IP Modem Speedy
IP Modem 1 : 192.168.1.1
IP Modem 2 : 192.168.2.1

IP Mikrotik 
Ether 1 Mikrotik : 192.168.1.2 (Speedy1)
Ether 2 Mikrotik : 192.168.2.2 (Speedy2)
Ether 3 Mikrotik : 192.168.0.1 (Local)

Colokkan Modem 1 pada Ether 1
Colokkan Modem 2 pada Ether 2
Colokkan Swicht Hub pada Ether 3
Dial Up dari Modem

Lanjut ...
1. Set IP Address Mikrotik
/ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Speedy1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Speedy2
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local 

2. Set  Routes
/ip routes
add dst-address=0.0.0.0/0 gateway=192.168.1.1 mark=Speedy1
add dst-address=0.0.0.0/0 gateway=192.168.2.1 mark=Speedy2 

3. Set Mangle (untuk load balancing)
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=Speedy1 passthrough=yes connection-state=new in-interface=Local extra-nth=2,1
add chain=prerouting action=mark-routing new-routing-mark=Speedy1 passthrough=no in-interface=Local connection-mark=Speedy1 add chain=prerouting action=mark-connection new-connection-mark=Speedy2 passthrough=yes connection-state=new in-interface=Local extra-nth=2,2
add chain=prerouting action=mark-routing new-routing-mark=Speedy2 passthrough=no in-interface=Local connection-mark=Speedy2 

4. Set NAT (untuk load balancing)
/ip firewall Nat
add chain=srcnat action=masquerade 
 atau
/ip firewall Nat
add chain=srcnat out-interface=Speedy1 action=masquerade
add chain=srcnat out-interface=Speedy2 action=masquerade 

Masukkan menggunakan "WinBox", Jika ingin copas silahkan copas ke notepad dulu baru kemudian di copas ke "New Terminal Mikrotik"

Pada dasarnya cara setting mikrotik menggunakan 1 atau lebih line speedy adalah sama, hanya perbedaan pada pengaturan mangle dan nat..

Selamat mencoba.. semoga membantu

13/06/13

Setting Mikrotik Untuk Game Online Dan Browsing (1Mb Speedy)

SETTING MIKROTIK UNTUK GAME ONLINE DAN BROWSING (1Mb Speedy)

Pada tutor kali ini saya coba uraikan settingan mikrotik untuk game online dicampur dengan kepentingan browsing agar berjalan serasi dan seimbang.

Lgo Warnet Garashi
Note:
Script di bawah hanya berjalan pada mikrotik versi 3.30 ke atas. Bandwidth yang diimplementasikan 1Mbps/256Kbps (SPEEDY)

SET INTERFACE MIKROTIK
/interface
set 0 name=Public
set 1 name=Local

SET IP  ADDRESS
/ip address
add address=192.168.1.2/24 interface=Public
add address=192.168.0.1/24 interface=Local

SET ROUTE
/ip route
add gateway=192.168.1.1

SET DNS
/ip dns
set primary-dns=222.124.204.34,202.134.0.155
set allow-remote-requests=yes

SET NAT
/ip fi nat
add chain=srcnat action=masquerade out-interface=Public

ROUTING UNTUK GAME ONLINE:
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6001,6000-6152,7777" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,7451,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15002" \
new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49100" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=udp


GAME DIBUAT PREROUTING AGAR TIDAK BERLIKU DI TUBUH ROUTER
/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="zar-goc"  \
new-packet-mark="zar-gopd" passthrough=no

INI ROUTING UNTUK GAME FACEBOOK
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="zar-gfc" passthrough=yes \
protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" disabled=no \
dst-address=192.168.0.0/24 new-packet-mark="zar-gfpd" \
passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" new-packet-mark="zar-gfpu"\
passthrough=no src-address=192.168.0.0/24

PCQ UNTUK SPEED BAGI RATA
/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port
/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port

INI QUEUE UNTUK GAME ONLINE
/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2
/queue tree \
add name="3.GAME UPLOAD" \
parent=Public priority=2
/queue tree \
add name="1.GAME ONLINE DOWN" \
packet-mark="zar-gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN
/queue tree \
add max-limit=256000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="zar-gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN
/queue tree \
add name="1.GAME ONLINE UPLOAD" \
packet-mark="zar-gopd" \
parent="3.GAME UPLOAD" priority=2 queue=UP
/queue tree \
add limit-at=0 max-limit=128000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="zar-gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP


LIMIT FILE EXTENSI, SEPERTI .EXE .RAR .YOUTUBE, DLL
/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1) \
[\\x09-\\x0d ][1-5][0-9][0-9] \
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie

ROUTING UNTUK EXTENSI
/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no

ROUTING UNTUK BROWSING (DOWNLOAD/UPLOAD)
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP  dst-port=21,80 \
new-connection-mark="browsing-con" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
dst-address=192.168.0.0/24 \
new-packet-mark="download" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
new-packet-mark="upload" \
passthrough=no src-address=192.168.0.0/24

INI QUEUE UNTUK KEGIATAN  BROWSING-DOWNLOAD-UPLOAD
/queue tree \
add max-limit=128000 \
name="UPLOAD-BROWSING" \
packet-mark="upload" parent=Public \
priority=4 queue=UP
/queue tree \
add max-limit=750000 \
name="1.2 HTTP-DOWN" \
parent=global-out priority=2
/queue tree \
add max-limit=750000 \
name="1.3 BROWSING DOWN" \
packet-mark="download" \
parent="1.2 HTTP-DOWN" \
priority=4 queue=DOWN
/queue tree \
add max-limit=512000 \
name="1.4 LIMIT EXTENTION" \
parent="1.2 HTTP-DOWN" priority=5
/queue tree
add name=YOUTUBE \
parent="1.4 LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="1.4 LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="1.4 LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
 
Catatan:
  1. Game online dirouting langsung ke alamat port game online dan menggunakan bandwith maksimal (unlimited) karena tidak terlalu memakan bandwith sekalipun game PB hanya butuh koneksi dengan trafic yang mulus.
  2. Browsing dirouting pada port 80 dan 21 dan diberikan bandwith maksimal 750Kbps untuk download dan   128Kbps untuk upload dan tidak boleh melebihi dari itu atau game online akan nge-lag.
  3. Limit Extensi dirouting berdasarkan layer 7 protocol dan diberikan maksimal bandwidth 512Kbps dan tidak boleh lebih dari itu atau browsing dan game online akan terganggu.

PERHATIAN:
Tutorial di atas untuk 10 PC saja dengan Bandwidthnya 1Mbps,. Jika PC lebih dari 10 dan BW tetap 1 MBPS, maka pada queue tree download menjadi 512Kbps dan limit extensi menjadi 256Kbps.
Jika mempunyai BW 2Mbps ke atas, silahkan 2x lipatkan saja pada queue tree-nya atau gunakan logika anda sendiri.



10/06/13

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik (2nd Mode)

Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik

Topology Jaringan Saya Seperti Ini


Dalam sebuah jaringan internet seperti diwarnet-warnet itu sangat cocok dengan menggunakan Server proxy apalagi warnet yang khususnya Game online, Server proxy ini sangat mendukung untuk kelancaran jaringan anda, yang mana nantinya didalam server anda akan mendukung squid proxy, Hit, Queues tree dan Mangle pada mikrotik anda, berikut tutornya.

Sebelumnya saya akan menerapkan IP address dari beberapa jaringan saya :
IP Address Ehter1 untuk koneksi dari modem : 192.168.1.2
IP Address Ether2 untuk koneksi Local 192.168.0.1
IP Address Ether3 ke Proxy : 192.168.5.1
dan
IP Address External Proxy : 192.168.5.2 (Green IpCop)
Sebelum memulai tutorialnya jangan lupa untuk menyesuaikan "nama interface" Routerboar mikrotik anda serta menyesuaikan IP address tutorial ini dengan ip address jaringan anda, disini kita akan membahasa masalah hit squid Proxy, pembagian bandwith download serta upload dan juga tentang Ping untuk Game Online dan Browsing.
Langsung saja kepermasalahan, untuk permulaan ada dapat mengeset interface lan anda lewat "new terminal" di Mikrotik, berikut nama interface di mikrotik saya,

Set Interface Mikrotik
/interface set 0 name=Public
/interface set 1 name=Local
/interface set 2 name=Proxy
Maka hasilnya dapat anda lihat seperti gambar dibawah ini
clip_image002

Set IP Address pada tiap-tiap interface (ketik di new terminal)
/ip address add address=192.168.1.2 netmask=255.255.255.0 interface=Public
/ip address add address=192.168.0.1 netmask=255.255.255.0 interface=Local
/ip address add address=192.168.5.1 netmask=255.255.255.0 interface=Proxy
clip_image003

Set range jaringan Local anda
/ip pool add name=pool ranges=192.168.0.2-192.168.0.254
clip_image004

Set DNS jaringan (Sesuaikan dengan DNS Anda)
/ip dns set servers=203.130.208.18 allow-remote-requested=yes
clip_image006
Setting Gateway sesuai dengan gateway jaringan anda (dari ISP)
/ip route add gateway=192.168.1.1
clip_image008

Setting IP Firewall Nat di Mikrotik, disini diterapkan juga Nat untuk Redirect Proxy Squid dengan menggunakan port 3128,
Bila mana pada Firewall nat ada terdapat IP address dan nama interface, maka sesuaikan dengan IP address dan nama interface mikrotik anda, berikut perintahnya :
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.0.0/24 action=masquerade src-address-list="REGISTRASI IP CLIENT" comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=Public src-address=192.168.5.0/24 action=masquerade src-address-list="REGISTRASI IP PROXY" comment="PROXY NAT MASQUERADE"
/ip firewall nat add chain=dstnat src-address=!192.168.5.0/24 protocol=tcp dst-port=80 in-interface=Local src-address-list="REGISTRASI IP PROXY" action=dst-nat to-address=192.168.5.2 to-ports=3128 comment="REDIRECT KE PROXY"
/ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" disabled=no dst-port=53 in-interface=Local protocol=udp to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=Proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
Maka hasilnya anda dapat lihat pada gambar dibawah ini
clip_image009
Set Security atau keamanan Mikrotik
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER1" address-list-timeout=2w chain=input comment="PORT SCANNER2 KE ADDRESS LIST " disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER2" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER3" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER4" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER5" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER6" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER7" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input comment="BLOK PORT SCANNER" disabled=no src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input comment="IZINKAN MENDIRIKAN KONEKSI" connection-state=established disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN KONEKSI TERKAIT" connection-state=related disabled=no
/ip firewall filter add action=accept chain=input comment="IZINKAN PING LOCAL" disabled=no protocol=icmp src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN PING PROXY" disabled=no protocol=icmp src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI LOCAL" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI PROXY" disabled=no src-address-list="REGISTRASI IP PROXY"
/ip firewall filter add action=jump chain=forward comment="FILTER PAKET YANG JELEK" disabled=no jump-target=tcp protocol=tcp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=udp protocol=udp
/ip firewall filter add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp comment="TOLAK SMTP" disabled=no dst-port=25 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK RPC2portmapper" disabled=no dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NBT" disabled=no dst-port=137-139 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK CIFS" disabled=no dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NFS" disabled=no dst-port=2049 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=20034 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no dst-port=67-68 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no dst-port=69 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no dst-port=137-139 protocol=udp
/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no dst-port=2049 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no src-address-list="REGISTRASI IP CLIENT"
/ip firewall filter add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no src-address-list="REGISTRASI IP PROXY"
clip_image010

Membuat Address List jaringan Local yang dapat konek ke internet, (sesuaikan dengan ip address Local anda)
/ip firewall address-list add address=192.168.5.2 comment="SQUID PROXY EXTERNAL" disabled=no list=" REGISTRASI IP PROXY"
/ip firewall address-list add address=192.168.0.2 comment="CLIENT1" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.3 comment="CLIENT2" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.4 comment="CLIENT3" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.5 comment="CLIENT4" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.6 comment="CLIENT5" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.7 comment="CLIENT6" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.8 comment="CLIENT7" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.9 comment="CLIENT8" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.10 comment="CLIENT9" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.11 comment="CLIENT10" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.12 comment="CLIENT11" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.13 comment="CLIENT12" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.14 comment="CLIENT13" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.15 comment="CLIENT14" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.16 comment="CLIENT15" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.17 comment="CLIENT16" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.18 comment="CLIENT17" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.19 comment="CLIENT18" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.20 comment="CLIENT19" disabled=no list="REGISTRASI IP CLIENT"
/ip firewall address-list add address=192.168.0.21 comment="CLIENT20" disabled=no list="REGISTRASI IP CLIENT"
Kemudian setting Upload dan Donwload Youtube serta files ectention di Layar7 Protocols.
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp=\\.(vcd)

clip_image011

Setting Firewall Mangle
Berikut perintah Firewall Mangle untuk Squid Hit Proxy, Mangle untuk squid koneksi dan Mangle untuk squid paket
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HIT" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING SQUID" disabled=no dst-address-list="!REGISTRASI IP CLIENT" dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthrough=yes protocol=tcp src-address-list="REGISTRASI IP PROXY"
/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" connection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthrough=no
SET Mangle untuk semua koneksi masuk dan keluar, Mangle Browsing dari semua koneksi masuk dan Mangle ICMP
/ip firewall mangle add action=mark-connection chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no dst-address-list="!REGISTRASI IP CLIENT" in-interface=Local new-connection-mark="SEMUA KONEKSI MASUK" passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark="SEMUA KONEKSI KELUAR" out-interface=Local passthrough=yes src-address-list="!REGISTRASI IP CLIENT" comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark="SEMUA PAKET MASUK" passthrough=yes connection-mark="SEMUA KONEKSI MASUK" comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" comment="SEMUA PAKET KELUAR"
/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING CLIENT" connection-mark="SEMUA KONEKSI MASUK" disabled=no new-connection-mark="BROWSING KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting disabled=no dscp=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KOMEKSI"
clip_image012

Mangle untuk game online seperti RF-Online, Pointblank dll,
/ip firewall mangle add action=mark-connection chain=prerouting comment="POINT BLANK" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="RF ONLINE" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing paket
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICMP PAKET"
/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no
/ip firewall mangle add action=mark-connection new-connection-mark="GAME KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI MASUK" comment="GAME CLIENT"
/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp
clip_image013

Setting Change DSCP ICMP dan port 53
/ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=udp
/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=tcp

Set Mangle Files Ectention seperti iso, rar, mp3, zip, exe, dll.
/ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no out-interface=Local new-connection-mark="EXTENTION KONEKSI" passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" layer7-protocol=YOUTUBE disabled=no new-packet-mark="YOUTUBE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" layer7-protocol=WMV disabled=no new-packet-mark="WMV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" layer7-protocol=EXE disabled=no new-packet-mark="EXE" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" layer7-protocol=ZIP new-packet-mark="ZIP" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" layer7-protocol=RAR new-packet-mark="RAR" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" layer7-protocol=MPG new-packet-mark="MPG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" layer7-protocol=MPEG new-packet-mark="MPEG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" layer7-protocol=MP3 new-packet-mark="MP3" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" layer7-protocol=MOV new-packet-mark="MOV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disabled=no layer7-protocol=ISO new-packet-mark="ISO" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" layer7-protocol=MKV new-packet-mark="MKV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" layer7-protocol=FLV new-packet-mark="FLV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" layer7-protocol=AVI new-packet-mark="AVI" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" layer7-protocol=CAB new-packet-mark="CAB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" layer7-protocol=ASF new-packet-mark="ASF" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" layer7-protocol=WAV new-packet-mark="WAV" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" layer7-protocol=RM new-packet-mark="RM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" layer7-protocol=RAM new-packet-mark="RAM" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" layer7-protocol=RMVB new-packet-mark="RMVB" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" layer7-protocol=DAT new-packet-mark="DAT" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" layer7-protocol=DAA new-packet-mark="DAA" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" layer7-protocol=NRG new-packet-mark="NRG" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" layer7-protocol=BIN new-packet-mark="BIN" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" VCD new-packet-mark="VCD" passthrough=no
clip_image015

Setting Mangle Paket pada client, sesuaikan dengan IP Address Client anda
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT1" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.2 new-packet-mark="CLIENT1" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT2" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.3 new-packet-mark="CLIENT2" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT3" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.4 new-packet-mark="CLIENT3" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT4" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.5 new-packet-mark="CLIENT4" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT5" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.6 new-packet-mark="CLIENT5" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT6" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.7 new-packet-mark="CLIENT6" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT7" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.8 new-packet-mark="CLIENT7" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT8" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.9 new-packet-mark="CLIENT8" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT9" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.10 new-packet-mark="CLIENT9" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT10" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.11 new-packet-mark="CLIENT10" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT11" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.12 new-packet-mark="CLIENT11" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT12" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.13 new-packet-mark="CLIENT12" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT13" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.30.14 new-packet-mark="CLIENT13" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT14" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.15 new-packet-mark="CLIENT14" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT15" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.16 new-packet-mark="CLIENT15" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT16" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.17 new-packet-mark="CLIENT16" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT17" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.18 new-packet-mark="CLIENT17" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT18" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.19 new-packet-mark="CLIENT18" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT19" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.20 new-packet-mark="CLIENT19" passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT20" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.0.21 new-packet-mark="CLIENT20" passthrough=no protocol=tcp
clip_image016


Setting Queues Tree, ICMP Priority, Queues Squid Hit Priority, Queues Limit file Ectention Priority, Queues tree semua upload priority, total download priority, Game download priority, Browsing paket priority, Queues tree total download client serta Queues tree client.
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=global-out priority=1 queue="default"
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="SQUID HIT" packet-mark="PROXY HIT" parent=Local priority=2 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="LIMIT FILE EXTENTION" parent=global-out priority=3
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="YOUTUBE" packet-mark="YOUTUBE" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP3" packet-mark="MP3" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP4" packet-mark="MP4" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WMV" packet-mark="WMV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" priority=3 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL UPLOAD+++" packet-mark="SEMUA PAKET MASUK" parent=Public priority=4 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" parent=global-out priority=5
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="GAME DOWNLOAD" packet-mark="GAME PAKET" parent="+++TOTAL DOWNLOAD+++" priority=6 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="BROWSING PAKET" packet-mark="BROWSING PAKET" parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" parent="+++TOTAL DOWNLOAD+++" priority=8 packet-mark="SEMUA PAKET KELUAR"
Setting Queues Per Client
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT1" packet-mark="CLIENT1" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT2" packet-mark="CLIENT2" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT3" packet-mark="CLIENT3" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT4" packet-mark="CLIENT4" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT5" packet-mark="CLIENT5" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT6" packet-mark="CLIENT6" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT7" packet-mark="CLIENT7" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT8" packet-mark="CLIENT8" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT9" packet-mark="CLIENT9" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT10" packet-mark="CLIENT10" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT11" packet-mark="CLIENT11" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT12" packet-mark="CLIENT12" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT13" packet-mark="CLIENT13" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT14" packet-mark="CLIENT14" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT15" packet-mark="CLIENT15" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT16" packet-mark="CLIENT16" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT17" packet-mark="CLIENT17" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT18" packet-mark="CLIENT18" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT19" packet-mark="CLIENT19" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT20" packet-mark="CLIENT20" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default
clip_image017
Note:
Sesuaika dengan IP Publik Jaringan anda, sesuaikan dengan IP Local anda dan sesuaikan dengan IP Server Proxy anda
Seting IpCop juga!

01/03/13

Block Situs Cheat Point Blank Dengan Mikrotik Warnet Pakai Speedy

 Block Situs Cheat Point Blank Dengan Mikrotik Warnet Pakai Speedy
 Benar-benar kesel dan stress lagi main Point Blank ternyata koneksi terputus dari server, coba untuk masuk lagi ternyata tidak bisa masuk lagi ke server Point Blank,...
Dikirain bahwa Point Blank lagi mentenance, setelah nanya ke warnet sebelah, ditempatnya aman-aman saja, client masih asik main PB,..

Awalnya warnet pakai speedy berfikir mungkin jaringan speedy lagi down, tetapi kenapa untuk nonton youtube dan main game online seperti friv masih bisa dan lancar-lancar saja..
Jangan-jangan, jangan-jangan nih...

Warnet Pakai Speedy tunggu sampai esok harinya, ternyata masih sama, tetap tidak bisa masuk ke Point Blank, yaaaaaaaaaaaaaaaaah... Ternyata IP Address Speedy Warnet Pakai Speedy sudah di Ban oleh server Gemscool katanya..

Dari pada pusing-pusing mendingan cari solusi..
  1. Ganti Jaringan Speedy, otomatis IP Address ganti
  2. " Penting  ", blok semua situ yang menyediakan cheat, baik itu PB, Lost Saga, Atlantica, dan game online lainnya yang memungkin kita akan terbanned lagi IP nya..
  3. Bikin Rule/Peraturan, bagi yang ngecheat ditendang pantatnya, ditelanjangin, diceplokin telur busuk, terakhir... GANTUNG.... (yang bikin cheatnya). wkwkwkwk
 Sekarang kembali ke POINT... yaitu "Block Situs Cheat Dengan Mikrotik"

LANKAH-LANGKAH BLOCK SITUS CHEAT DENGAN MIKROTIK

1) Login ke Mikrotik menggunakan WinBox

2) Akan muncul halaman utama WinBox

3) Klik "IP" ----> "Firewall" ----> "Layer 7 Protocol" ----> Klik " + "
Contoh :
Isikan pada :
Name : PEKALONGAN-COMMUNITY
Regexp : http://toyibg.blogspot.com
Klik "Comment" untuk menambahkan komentar anda "

4) Setelah semua terisi klik "OK"
5)Selanjutnya kita masuk ke "Filter Rules"
Klik "IP" ----> "Firewall" ----> "Filter Rules" ----> " + "
General ----> Chain : "forward"

Advanced ----> Layer 7 Protocol : "PEKALONGAN-COMMUNITY"

Action -----> Action : "drop"

Pilih "Comment", untuk menambahkan komentar, kemudian klik "OK"

6) Ulangi langkah 3 s/d 5 jika ingin menambahkan situs-situs lain yang ingin di blok..

7) Test untuk masuk salah satu situs tadi ...

8) Selesai..

TUTORIAL DIATAS SUDAH DICOBA DAN WORK 100%
YANG MAIN GAME POINT BLANK YANG SUKA NGE CHEAT PUSING 7 KELILING..

SEKARANG CLIENT MAIN POINT BLANK DI SERVER GWARNET, KARENA WARNET PAKAI SPEEDY SUDAH MENJADI MEMBER 





18/02/13

Setting Mikrotik, Proxy Server Warnet

SETTING MIKROTIK+PROXY SERVER WARNET

“NOT TESTED JUST DOCUMENT”

Spesifikasi Minimum Computer Untuk External Proxy

Procesor P IV 2.0Ghz –> UP
Ram 1 Gb
Harddisk 250 Gb

Langkah Kerja

  1. Instalasi Ubuntu Server 10.10 32 bit , Bagi Yang Belum Punya Cd
    Instalasi bisa download Ubuntu server 10.10 di Situs resminya Ubuntu (
    gak usah kuatir harus bayar karena Ubuntu Produk freeware
  2. Seperti biasa kita setting komputer dulu untuk first bootingnya ke CD
    room / Usb Cd room bagi yg menggunakan Usb CD room di BIOS nya. Bagi
    yang pernah instal windows pasti sudah tau yang saya maksud.


Ikuti proses Instalasinya seperti langkah - langkah dibawah ini :

  1. Masukkan Cd Ubuntu ke Cd room
  2. Pilih language english (enter)
  3. Pilih instal ubuntu server (enter)
  4. Tekan enter pada choose langguage english
  5. Pilih united states
  6. Klik no pada detect keyboard layout?
  7. Klik USA pada ubuntu installer main menu
  8. Klik USA pada keyboard layout
  9. Klik continue pada configure the network
  10. Pilih configure network manually isi ip address dg 192.168.3.2 pilih continue enter
  11. Netmask 255.255.255.0 pilih continue enter
  12. Gateway 192.168.3.1 terus klik continue
  13. Name server addresses 192.168.3.1 pilih continue enter
  14. Hotsname : isi dg proxyku terus pilih continue enter
  15. Domain name: di kosongin saja, pilih continue enter
  16. Pada configure the clok pilih select from worldwide list terus cari jakarta (sesuaikan lokasi anda) terus enter
  17. Pada menu partition disk pilih manual
  18. Kita hapus partisi lama dulu :
  19. Pilih partisi nya terus enter pilih delete the partion (ulangi perintah ini untuk semua partisi yg tersisa)
  20. Jika telah selesai pilih Guided partitioning, kemudian pilih manual arahkan pada FREE SPACE (enter),
  21. Pilih Create new partition (enter)
  22. New partition size isi 1 Gb (pilih continue dan enter), pilih
    Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter)
    pada Mount point pilih /boot (enter), pd mount option pilih
    [*] noatime
    (pilih continue dan enter), pada Bootable Flag rubah menjadi on JIKA
    STATUS NYA TDK BERUBAH ABAIKAN SAJA kemudian pilih done setting up the
    partition
  23. New partition size isi 10 gb (pilih continue dan enter), pilih
    Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter)
    pada Mount point pilih / (enter), pd mount option pilih
    [*] noatime
    (pilih continue dan enter), kemudian pilih done setting up the partition
  24. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter)
    new partition size isi 2 gb ( besarnya 2x RAM) pilih continue dan enter,
    pilih Primary (enter), pilih Beginning (enter), pada use as pilih swap
    area (enter), kemudian Pilih done setting up the partition
  25. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter)
    new partition size isi sisa semua harddisk (pilih continue dan enter),
    pilih Primary (enter), pilih Beginning (enter), pada use as pilih
    Reinsfers (enter)
    pada Moun point enter manually buat menjadi /cache, pd mount option
    pilih
    [*] noatime dan realtime kemudian Pilih continue dan done setting
    up the partition
  26. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
  27. Full name for the new user isi dg proxyku, terus continue & enter
  28. Username for your account isi dg proxyku, terus continue & enter
  29. a password for the new user isi dg proxyku, terus continue & enter
  30. re-enter password to verify isi dg proxyku, terus continue & enter
  31. use weak password pilih yes
  32. encrypt your home directory pilih no
  33. HTTP proxy information KOSONGIN SAJA
  34. configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
  35. choose software to install pilih OpenSSH server pilih contineus
  36. finish the installation dan reboot, ambil CD Ubuntu,
  37. 1st Boot kembalikan ke Hardisk.


selanjutnya anda instal paket yang dibutuhkan

Penting
# login dg proxyku
# password proxyku
# ketik sudo su -
# isi proxyku
# Ketik passwd
# enter new UNIX password isi dg proxyku
# retype new UNIX password isi proxyku

Setelah selesai, hubungkan Kabel CROSS Dari Pc Ubuntu ke Mikrotik. Buka winbox untuk remote mikrotik, coba Ping IP Ubuntu dari new terminal yang ada di winbox. Lihat dan perhatikan apakah sudah reply atau belum. kalau belum coba diteliti lagi mungkin ada yang belum bener. kalau sudah “reply”.

Langkah Berikutnya kita akan menginstal paket yang dibutuhkan, sebelumnya anda download Putty dan Winscp untuk remote ubuntu servernya kalau sudah anda remote ubuntu lewat Putty dengan mengetikan IP address Pc Ubuntunya (192.168.3.2 ). kalau muncul pesan warning pilih aja Yes.

Setelah muncul jendela terminal di Putty login seperti anda login di Ubuntu sebagai #root.

Kemudian anda instal paket yang di butuhkan dengan mengetik perintah di bawah ini :

root@proxyku:~# sudo apt-get update
root@proxyku:~# sudo apt-get install squid squidclient squid-cgi
root@proxyku:~# sudo apt-get install gcc
root@proxyku:~# sudo apt-get install build-essential
root@proxyku:~# sudo apt-get install sharutils
root@proxyku:~# sudo apt-get install ccze
root@proxyku:~# sudo apt-get install libzip-dev
root@proxyku:~# sudo apt-get install automake1.9

Kemudian download squid 2.7STABLE9 dengan mengetikan perintah di terminal ubuntu melalui putty :
root@proxyku:~# wget http://tempat-sampah.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz
Extrak filenya dengan perintah :
root@proxyku:~# tar xvf squid-2.7.STABLE9+patch.tar.gz
root@proxyku:~# cd squid-2.7.STABLE9

Setelah itu anda lanjutkan dengan kompil file tersebut dengan perintah di bawah ini :
root@proxyku:~# ./configure
--prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin
--libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid
--datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24
--with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

Kalau anda bingung anda copas aja tiap barisnya terus anda paste di
Puttynya dengan klik kanan aja terus anda ENTER. ( warna - warna yang
ada di atas buat tanda bahwa tiap satu warna berarti satu baris yang
anda copy paste ke putty )

Setelah itu anda lanjutkan dengan perintah :
root@proxyku:~#make
root@proxyku:~#sudo make install

Setelah selesai anda STOP squidnya. tapi sebelum anda stop squidnya anda
ganti dulu isi yang ada di /etc/init.d/squid dengan perintah :
root@proxyku:~#sudo nano /etc/init.d/squid

Kemudian anda hapus semua isinya dan anda ganti dengan ini, copas aja langsung dari blog ini ke putty. kalau sudah anda tekan ctrl+x, terus anda ketik y terus enter untuk menyimpan hasil perubahan isi di
/etc/init.d/squid

terus anda ketik perintah lagi :
root@proxyku:~# sudo chmod +x /etc/init.d/squid

stop squidnya dengan perintah:
root@proxyku:~# sudo /etc/init.d/squid stop

kalau sudah anda download dulu squid.conf di sini download here terus anda pastekan ke ubuntu lewat WinSCP.

Bagi yang bingung remote dengan winscp, isi Hostname dengan IP addressnya ubuntu (192.168.3.2 ) Username : root password : proxyku .terus anda tinggal drag and drop file yang ada di cpu anda ke cpu ubuntu.

Llanjutkan dengan memberikan permission pada folder cache dengan perintah :
root@proxyku:~#chown proxy:proxy /cache
root@proxyku:~#chmod 777 /cache
root@proxyku:~#chown proxy:proxy /etc/squid/storeurl.pl
root@proxyku:~#chmod 777 /etc/squid/storeurl.pl

Kalau sudah, lanjutkan dengan membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah :
root@proxyku:~#squid -f /etc/squid/squid.conf –z

lalu anda restart squidnya dengan perintah :

root@proxyku:~#/etc/init.d/squid restart

Cek apakah proxy lancar,

root@proxyku:~#sudo tail -f /var/log/squid/access.log | ccze

SETTING MIKROTIK

setting mikrotiknya seperti dibawah ini :

Masukkan ini di mangle :
;;; Intl-conn

chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no

0 ;;; PROXY-HIT

chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12

1 ;;; http-conn

chain=prerouting action=mark-connection new-connection-mark=http-conn passthrough=yes protocol=tcp dst-port=80

2 ;;; https-conn

chain=prerouting action=mark-packet new-packet-mark=http passthrough=yes connection-mark=http-conn

3 ;;; https-conn

chain=prerouting action=mark-connection new-connection-mark=https-conn passthrough=yes connection-state=new protocol=tcp dst-port=443


4

chain=prerouting action=mark-routing new-routing-mark=https passthrough=no connection-mark=https-conn

5 ;;; CHANGE MMS

chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=ether1-gateway tcp-mss=1441-65535

IP FIREWALL ADDRESS-LIST :
0 ;;; LocalNet
LocalNet 192.168.1.0/24 — IP local sesuaikan dengan IP lokal anda
1 ;;; PROXY
ProxyNet 192.168.11.0/24 – IP network Proxy
2 DNS 202.134.1.10 -- sesuaikan DNS ISP anda
3 DNS 202.134.0.155 -- sesuaikan DNS ISP anda
4 GAMES 63.251.101.0/25
5 GAMES 74.114.8.0/21

IP FIREWALL NAT :
0;;;; Nat Proxy

chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=3128 protocol=tcp src-address=!192.168.3.2 src-address-list=LocalNet dst-address-list=!ProxyNet dst port=80,8080,3128 connection-mark=http-conn


1 ;;; Added by webbox
chain=srcnat action=masquerade out-interface=ether1-gateway


2 ;;; Proxy Out

chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 192.168.1.2 src-address=IP LOKAL ANDA misalnya 192.168.2.1


4

chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53

5 ;;; SSH
chain=dstnat action=dst-nat to-addresses=192.168.11.11 to-ports=22 protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000

Untuk Bandwidth management Kita gunakan Simple Queue. dengan menambahkan
packet-intl di simple queue. bagi yang belum Tau setting simple queue

SAMPAI DISINI KITA SUDAH SELESAI MEMBUAT MIKROTIK + EXTERNAL PROXY UBUNTU SERVER 10.10

Bagaimana kita bisa tahu bahwa squid proxy kita sudah jalan???? kita balik maneng neng Putty kita tulis perintah :

root@proxyku:~#tail -f /var/log/squid/access.log enter

 

Sumber

Map picture

Cara Flash Mito A82 100% Success

Flashing Mito A82 Success 100% Lupa pola, Lupa Password dan Bootloop dapat diatasi dengan cara flashing, untuk lupa pola atau lupa passwo...