XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh 2 ISP load balance interface ethernet set ether4 name=LAN interface ethernet set ether3 name=WAN1 interface ethernet set ether2 name=WAN2 interface ethernet set ether1 name=WAN3 / ip address add address=10.1.0.1/27 network=10.1.0.0 broadcast=10.1.0.31 interface=LAN comment="LAN IP" disabled=no add address=10.111.0.4/29 network=10.111.0.0 broadcast=10.111.0.7 interface=WAN1 comment="Fastnet A1/17" disabled=no add address=10.112.0.2/29 network=10.112.0.0 broadcast=10.112.0.7 interface=WAN2 comment="Fastnet A1/1" disabled=no ip dns set primary-dns=202.73.99.8 allow-remote-request=no ip dns set secondary-dns=61.247.0.8 allow-remote-request=no / ip firewall mangle add chain=prerouting in-interface=LAN connection-state=new nth=2,2 action=mark-connection new-connection-mark=odd passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=2,1 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no / ip firewall nat add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.112.0.6 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=10.111.0.6 to-ports=0-65535 comment="" disabled=no / ip route add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=odd comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 comment="" disabled=no /ip pool add name=dhcp-pool ranges=192.168.0.31-192.168.0.100 /ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.2 /ip dhcp-server add interface=LAN address-pool=dhcp-pool

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh 3 koneksi load balance / ip address add address=172.15.15.1/25 network=172.15.15.0 broadcast=172.15.15.127 interface=LAN comment="LAN IP" disabled=no add address=10.111.0.2/29 network=10.111.0.0 broadcast=10.111.0.7 interface=WAN1 comment="WAN1" disabled=no add address=172.16.1.15/24 network=172.16.1.0 broadcast=172.16.1.255 interface=WAN2 comment="Fastnet Dari PERAK" disabled=no add address=172.15.15.2/29 network=172.15.15.0 broadcast=172.15.15.7 interface=WAN3 comment="Fastnet Dari TP" disabled=no / ip firewall mangle add chain=prerouting in-interface=LAN connection-state=new nth=1,2,0 action=mark-connection new-connection-mark=odd passthrough=yes comment=" disabled=no add chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=1,2,1 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no add chain=prerouting in-interface=LAN connection-state=new nth=2,3,2 action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no add chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no / ip firewall nat add chain=srcnat connection-mark=odd action=src-nat to-addresses=172.15.15.1 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=172.16.1.1 to-ports=0-65535 comment="" disabled=no add chain=srcnat connection-mark=even action=src-nat to-addresses=10.113.0.2 to-ports=0-65535 comment="" disabled=no / ip route add dst-address=0.0.0.0/0 gateway=172.15.15.1 scope=7 target-scope=10 routing-mark=odd comment="" disabled=no add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no ****add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" disabled=no Mari kita ambil contoh untuk penerapan Nth untuk 4 koneksi. Maka Angka Nth untuk masing2 rule di Mikrotik adalah (counter yg dipakai adalah 4) : Rule 1 = 3,4,0 Rule 2 = 3,4,1 Rule 3 = 3,4,2 Rule 4 = 3,4,3

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Contoh mengabungkan 5 koneksi speedy /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-1 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***" add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-2 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***" add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-3 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***" add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-4 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***" add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=Speedy-5 max-mru=1480 max-mtu=1480 mrru=disabled name="******@telkom.net" password="***" profile=default service-name="" use-peer-dns=no user="***" /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=ADSL-1 passthrough=yes connection-state=new in-interface=HotSpot nth=5,1 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-1 passthrough=no in-interface=HotSpot connection-mark=ADSL-1 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-2 passthrough=yes connection-state=new in-interface=HotSpot nth=5,2 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-2 passthrough=no in-interface=HotSpot connection-mark=ADSL-2 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-3 passthrough=yes connection-state=new in-interface=HotSpot nth=5,3 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-3 passthrough=no in-interface=HotSpot connection-mark=ADSL-3 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-4 passthrough=yes connection-state=new in-interface=HotSpot nth=5,4 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-4 passthrough=no in-interface=HotSpot connection-mark=ADSL-4 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=ADSL-5 passthrough=yes connection-state=new in-interface=HotSpot nth=5,5 comment="" disabled=no add chain=prerouting action=mark-routing new-routing-mark=ADSL-5 passthrough=no in-interface=HotSpot connection-mark=ADSL-5 comment="" disabled=no /ip firewall nat add chain=srcnat action=src-nat to-addresses=[IP-Speedy-1] to-ports=0-65535 connection-mark=ADSL-1 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-2] to-ports=0-65535 connection-mark=ADSL-2 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-3] to-ports=0-65535 connection-mark=ADSL-3 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-4] to-ports=0-65535 connection-mark=ADSL-4 comment="" disabled=no add chain=srcnat action=src-nat to-addresses=[IP-Speedy-5] to-ports=0-65535 connection-mark=ADSL-5 comment="" disabled=no /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1 routing-mark=ADSL-1 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-2 routing-mark=ADSL-2 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-3 routing-mark=ADSL-3 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-4 routing-mark=ADSL-4 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-5 routing-mark=ADSL-5 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Setup Filtering Virus /ip firewall filter add chain=forward connection-state=established comment=allow established connections add chain=forward connection-state=related comment=allow related connections add chain=forward connection-state=invalid action=drop comment=drop invalid connections /ip firewall filter add chain=forward action=jump jump-target=virus comment=jump to the virus chain add chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop Blaster Worm add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop Messenger Worm add chain=virus protocol=tcp dst-port=445 action=drop comment=Drop Blaster Worm add chain=virus protocol=udp dst-port=445 action=drop comment=Drop Blaster Worm add chain=virus protocol=tcp dst-port=593 action=drop comment= add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment= add chain=virus protocol=tcp dst-port=1080 action=drop comment=Drop MyDoom add chain=virus protocol=tcp dst-port=1214 action=drop comment= add chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requester add chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm server add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast add chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafx add chain=virus protocol=tcp dst-port=1377 action=drop comment=cichlid add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Worm add chain=virus protocol=tcp dst-port=2745 action=drop comment=Bagle Virus add chain=virus protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y add chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop Beagle add chain=virus protocol=tcp dst-port=2745 action=drop comment=Drop Beagle.C-K add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=Drop MyDoom add chain=virus protocol=tcp dst-port=3410 action=drop comment=Drop Backdoor OptixPro add chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm add chain=virus protocol=udp dst-port=4444 action=drop comment=Worm add chain=virus protocol=tcp dst-port=5554 action=drop comment=Drop Sasser add chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop Beagle.B add chain=virus protocol=tcp dst-port=9898 action=drop comment=Drop Dabber.A-B add chain=virus protocol=tcp dst-port=10000 action=drop comment=Drop Dumaru.Y add chain=virus protocol=tcp dst-port=10080 action=drop comment=Drop MyDoom.B add chain=virus protocol=tcp dst-port=12345 action=drop comment=Drop NetBus add chain=virus protocol=tcp dst-port=17300 action=drop comment=Drop Kuang2 add chain=virus protocol=tcp dst-port=27374 action=drop comment=Drop SubSeven add chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop PhatBot, Agobot, Gaobot Another Port Filtering /ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop Setup Web proxy / ip web-proxy set enabled=yes set src-address=0.0.0.0 set port=8080 set hostname=proxy.xps set transparent-proxy=yes set parent-proxy=0.0.0.0:0 set cache-administrator=progtel2004@yahoo.com set max-object-size=4096KiB set cache-drive=system set max-cache-size=unlimited set max-ram-cache-size=unlimited add nat for redirect port for squid to make transparant / ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade comment="" disabled=no add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 action=redirect to-ports=8080 comment="" disabled=no add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Setup Pemisahan IIX dan IX # Script untuk menambahkan IP Address BGP yang terdaftar di Router INDO(OIXP) # ke RouterOS dalam ADDRESS-LIST dengan nama "indo" /sys note set show-at-login=yes note="XP Solution Surabaya " /ip firewall address-list add list=indo address="1.2.3.4" rem [find list=indo] add list=indo address="167.205.0.0/16" add list=indo address="222.124.0.0/16" add list=indo address="61.94.0.0/16" add list=indo address="125.162.0.0/16" add list=indo address="125.163.0.0/16" add list=indo address="125.160.0.0/16" add list=indo address="125.161.0.0/16" add list=indo address="125.164.0.0/16" / ip firewall mangle add chain=forward src-address-list=indo action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes comment=mark all indonesia source connection traffic disabled=no add chain=forward dst-address-list=indo action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes comment=mark all indonesia destination connection traffic disabled=no add chain=forward src-address-list=!indo action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes comment=mark all overseas source connection traffic disabled=no add chain=forward dst-address-list=!indo action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes comment=mark all overseas destination connection traffic disabled=no add chain=prerouting connection-mark=mark-con-indonesia action=mark-packet new-packet-mark=indonesia passthrough=yes comment=mark all Indonesia traffic disabled=no add chain=prerouting connection-mark=mark-con-overseas action=mark-packet new-packet-mark=overseas passthrough=yes comment=mark all overseas traffic disabled=no Queing / queue simple add name=RTRW Net target-addresses=10.111.0.2/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=indonesia direction=both priority=8 queue=default/default limit-at=0/0 maxlimit=256000/256000 total-queue=default disabled=no add name=Laptop Acer Intl target-addresses=192.168.2.0/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=overseas direction=both priority=8 queue=default/default limit-at=0/0 max-limit=128000/128000 total-queue=default disabled=no

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Script untuk melakukan Reset Mikrotik system script add name=destroy source={system reset} system scheduler add name=ancur on-event=destroy start-date=masukkin_tanggalnya start-time=masukiin_jamnya Backup, Restore, Export dan Import Setting Backup berlaku untuk semua setting yang ada saat itu. >system backup save name=backup_setting Restore berlaku untuk semua setting yang ada saat itu. >system backup load name=backup_setting Export berlaku untuk semua setting pada directory aktif saat itu. Contoh : bila aktif pada directory simple queue, maka hanya directory tersebut yang disimpan ke file. Sehingga, bila aktif pada directory root / maka semua setting akan diexport. >queue simple export file=simple_queue Import hanya berjalan dari root / dan hanya berlaku untuk file dengan ext .rsc. >import simple_queue.rsc Perbedaan export dan backup terletak pada file hasil, dimana file hasil dari backup berupa file binary dan file dari proses export berupa text file, dan hal itu merupakan suatu kelebihan, misal bisa dicetak untuk dokumentasi dsb. Script dan Schedule Setting schedule auto shutdown. Pertama buat script shutdown dalam contoh ini diberi nama autodown. >system script add name=autodown source=system shutdown Kemudian buat schedule untuk shutdown. >system scheduler add name=mikrotikdown on-event=autodown start-date=nov/19/2007 start-time=18:10:00 interval=1d Untuk memudahkan backup, selain disimpan pada server mikrotik sendiri, perlu juga di simpan pada komputer, lain, salah satu alternatif pengiriman file otomatis adalah menggunakan email, selain itu, bisa juga dilakukan dengan menggunakan ftp. >system script add name=autobackup source/ export file=backup_setting\n/ tool e-mail send to=progtel2004@yahoo.co subject=backup setting mikrotik from=007@yahoo.com body=file backup setting mikrotik server=192.168.1.103 file=backup_setting.rsc Kemudian buat schedule untuk backup mingguan. >system scheduler add name=mikrotikbackup on-event=autobackup start-date=dec/10/2007 start-time=08:30:00 interval=1w

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Simple Queue VS Que Tree : /queue simple add name=XPS target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 maxlimit=1000000/1000000 total-queue=default-small disabled=no add name=USER target-addresses=192.168.0.2/32,192.168.0.3/32,192.168.0.4/32,192.168.0.5/32,192.168.0.6/32,192.168.0.7/32 192.168.0.8/32,192.168.0.9/32,192.168.0.10/32 dst-address=0.0.0.0/0 interface=all parent=XPS direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=384000/384000 total-queue=default-small disabled=no add name=Client-1 target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lan parent=USER direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 maxlimit=32000/64000 total-queue=default-small disabled=no Contoh configurasi Queue Tree: Mangle Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle. /ip firewall mangle add chain=forward src-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=" disabled=no add chain=forward dst-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=" disabled=no add chain=forward protocol=icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-icmp passthrough=no comment=" disabled=no add chain=forward src-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-1 passthrough=no comment=" disabled=no add chain=forward dst-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-1 passthrough=no comment=" disabled=no add chain=forward src-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-2 passthrough=no comment=" disabled=no add chain=forward dst-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-2 passthrough=no comment=" disabled=no Queue-tree: /queue tree add name=upload parent=ether1 packet-mark=" limit-at=0 queue=default priority=1 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=icmd-upload parent=upload packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=lokal-1-upload parent=upload packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=lokal-2-upload parent=upload packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=download parent=global-out packet-mark=" limit-at=0 queue=default priority=1 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=icmp-download parent=download packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=lokal-1-download parent=download packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name=lokal-2-download parent=download packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no Another simple queue Konfigurasi Simple queues dan Que tree mudah mudahan bisa menjadi referensi untuk anda yang akan menggunakan limiter bandwith with mikrotik. Configurasi Simple Queue: Anda bisa membuat kelompok (parent) untuk client-kusus dengan bandwith 256kbps yang didalamnya terdiri dari 3 user sehingga bandwith 256 tadi akan di share untuk 3 user tesebut, dan parent2 yang lainpun bisa anda buat sesuai keinginan anda.

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

/queue simple add name=CLIENT target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 maxlimit=1000000/1000000 total-queue=default-small add name=Client-kusus target-addresses=192.168.0.1/32,192.168.0.2/32,192.168.0.3/32,dst-address=0.0.0.0/0 interface=all parent=CUSTOMER direction=both priority=8 queue=defaultsmall/default-small limit-at=0/0 max-limit=256000/256000 total-queue=default-small add name=mylove target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 maxlimit=32000/56000 total-queue=default-small add name=myfriend target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 max-limit=32000/56000 total-queue=default-small add name=maymay target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/0 maxlimit=32000/56000 total-queue=default-small Contoh configurasi Queue Tree: Mangle : Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle. /ip firewall mangle add chain=forward src-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes add chain=forward dst-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes add chain=forward protocol=icmp connection-mark=local action=mark-packet new-packet-mark=local-icmp passthrough=no add chain=forward src-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no add chain=forward dst-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no add chain=forward src-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no add chain=forward dst-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no Queue-Tree : /queue tree add name=upload parent=[int-ke-internet] packet-mark= priority=1 max-limit=256K add name=icmp-upload parent=upload packet-mark=local-icmp priority=3 max-limit=32K add name=local-1-upload parent=upload packet-mark=local-1 priority=5 max-limit=64K add name=local-2-upload parent=upload packet-mark=local-2 priority=5 max-limit=64K add name=download parent=[int-ke-local] packet-mark= priority=1 max-limit=512K add name=icmp-download parent=download packet-mark=local-icmp priority=3 max-limit=64K add name=local-1-download parent=download packet-mark=local-1 priority=5 max-limit=128K add name=local-2-download parent=download packet-mark=local-2 priority=5 max-limit=128

XP-Solution Surabaya # Modul Training Mikrotik # By Nathan Gusti Ryan

Memanipulasi ToS ICMP & DNS di MikroTik Tujuan : * Memperkecil delay ping dari sisi klien ke arah Internet. * Mempercepat resolving hostname ke ip address. Asumsi : Klien-klien berada pada subnet 10.10.10.0/28 1. Memanipulasi Type of Service untuk ICMP Packet : / ip firewall mangle add chain=prerouting src-address=0.0.0.0 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes add chain=prerouting packet-mark=ICMP-PM action=change-dscp new-dscp=0 2. Memanipulasi Type of Service untuk DNS Resolving : / ip firewall mangle add chain=prerouting src-address=0.0.0.0 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes add chain=prerouting src-address=0.0.0.0 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes add chain=prerouting packet-mark=DNS-PM action=change-dscp new-dscp=0 3. Menambahkan Queue Type : /queue type add name="PFIFO-64 kind=pfifo pfifo-limit=64 4. Mengalokasikan Bandwidth untuk ICMP Packet : /queue tree add name=ICMP parent=WAN packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64 5. Mengalokasikan Bandwidth untuk DNS Resolving : /queue tree add name=DNS parent=WAN packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64 New Load Balance /ip firewall mangle add chain=prerouting src-address=10.1.0.1-10.1.0.6 action=mark-routing new-routing-mark=GroupA comment="IP 10.1.0.2-10.1.0.6" add chain=prerouting src-address=10.1.0.9-10.1.0.14 action=mark-routing new-routing-mark=GroupB comment="IP 10.1.0.9-10.1.0.14" add chain=prerouting src-address=10.1.0.17-10.1.0.22 action=mark-routing new-routing-mark=GroupC comment="IP 10.1.0.17-10.1.0.22" add chain=prerouting src-address=10.1.0.25-10.1.0.30 action=mark-routing new-routing-mark=GroupD comment="IP 10.1.0.25-10.1.0.30" Layer 7 Protocol Site http://www.mikrotik.com/download/l7-protos.rsc Marking Packet IIX & International /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=IIX passthrough=yes dst-address-list=indo in-interface=LAN add chain=prerouting action=mark-packet new-packet-mark=Packet IIX passthrough=no connection-mark=IIX add chain=prerouting action=mark-connection new-connection-mark=INTL passthrough=yes dst-address-list=!indo in-interface=LAN add chain=prerouting action=mark-packet new-packet-mark=Packet INTL passthrough=no connection-mark=INTL