Вы находитесь на странице: 1из 2

Cara bypas traffic icmp (ping)

skenarionya seperti berikut, seorang user dengan ip 192.168.10.34 kita berikan


alokasi bw sebesar 1Mbps,

dengan bw yang sebesar itu latency yang di dapatkan ketika menjalankan ping
harusnya normal-normal saja ketika trafic bw masih half duplex atau 500kbps,

tapi lain cerita jika trafic sudah mencapai limit 1Mbps. maka ping dan latencynya
otomatis membengkak.

maka dari itu kita hrus memisahkan trafic icmp, agar tidak ikut terlimit ketika
penggunaan bwsudah mencapai 1Mbps.

berikut, tutorialnya semoga barokah.

kita buat dlu list addres dan mangelnya sebagai berikut.

/ip firewall address-list

add address=0.0.0.0/8 list=private-lokal

add address=10.0.0.0/8 list=private-lokal

add address=100.64.0.0/10 list=private-lokal

add address=127.0.0.0/8 list=private-lokal

add address=169.254.0.0/16 list=private-lokal

add address=172.16.0.0/12 list=private-lokal

add address=192.0.0.0/24 list=private-lokal

add address=192.0.2.0/24 list=private-lokal

add address=192.168.0.0/16 list=private-lokal

add address=198.18.0.0/15 list=private-lokal

add address=198.51.100.0/24 list=private-lokal

add address=203.0.113.0/24 list=private-lokal

add address=224.0.0.0/3 list=private-lokal

add address=172.150.10.0/24 list=private-lokal

add address=192.168.10.1/24 list=private-lokal

Copy jg mangelnya sebagai berikut.

/ip firewall mangle

add action=accept chain=input dst-address-list=private-lokal src-address-


list=private-lokal

add action=accept chain=prerouting dst-address-list=private-lokal src-address-


list=private-lokal
add action=accept chain=forward dst-address-list=private-lokal src-address-
list=private-lokal

add action=accept chain=postrouting dst-address-list=private-lokal src-address-


list=private-lokal

add action=accept chain=output dst-address-list=private-lokal src-address-


list=private-lokal

add action=mark-connection chain=prerouting comment="Trafik DNS" dst-address-list=!


private-lokal new-connection-mark=icmp-dns passthrough=yes \

protocol=icmp src-address-list=private-lokal

add action=mark-connection chain=prerouting dst-address-list=!private-lokal dst-


port=53,5353,123 new-connection-mark=icmp-dns passthrough=yes \

protocol=tcp src-address-list=private-lokal

add action=mark-connection chain=prerouting dst-address-list=!private-lokal dst-


port=53,5353,123 new-connection-mark=icmp-dns passthrough=yes \

protocol=udp src-address-list=private-lokal

add action=accept chain=prerouting connection-mark=icmp-dns

add action=mark-packet chain=forward connection-mark=icmp-dns new-packet-mark=icmp-


dns passthrough=no

buatkan juga queu treenya.

edit pada bagian paket upload parentnya (isi sesuai interface wan) saya menggunakan
ether-1 tanpa diedit sebelumya

/queue tree

add max-limit=1G name=PAKET-DOWNLOAD parent=global queue=default

add limit-at=64k max-limit=100M name=D.01.ICMP-DNS packet-mark=icmp-dns


parent=PAKET-DOWNLOAD priority=1 queue=default

add max-limit=1G name=PAKET-UPLOAD parent=(isi sesuai interface wan kalian dalam


hal ini ether-1) queue=default

add limit-at=64k max-limit=100M name=U.01.ICMP-DNS packet-mark=icmp-dns


parent=PAKET-UPLOAD priority=1 queue=default

Вам также может понравиться