Senin, 05 Desember 2011

Protect Warnet Dari Keylogger di Mikrotik

10.03  All About Mikrotik  

Assalamualaikum , kembali dengan saya disini , El-Farhatz mau sedikit berbagi , barusan dapat curhat dari temen pengelola warnet (doi termasuk client ane ) bahwa akun akun email , facebook dan sejenisnya milik pelanggannya dibajak oleh peretas ( baca : hacker or lamer) i dont know :smile

mungkin analisa ane seh biasa pake keylogger dan sejenisnya ,pertama mungkin kita bisa menggunakan scan dengan anti virus , kaspersky ato ang lainnya , ato pake anti keylogger juga bisa , bisa dicari2 di gugel , piss bisa juga pake deepfreeze tapi bisa juga di undepfreeze Ketawa , kalo keyloggernya rada nakal kita bisa blok keylogger tadi di network kita

akhirnya ane inisiatip blok lewat port aje , kebetulan jaringan di warnet ini pake mikrotik. langsng saja , jadi judulnye berubah blok keylogger di jaringan mikrotik piss

keylogger biasanya report akun2 kepada si bos nya menggunakan beberapa port ,

1. ftp
2. email

port ftp berada di angka 21

sementara port yang digunakan untuk layanan email berada pada port :
1. 25
2. 995
3. 465
4. 587
5. 110
6. dll

mari kita block port-port tersebut di mikrotik, ini cara yang menurut ane bagus untuk owner warnet ato op op warnet, karena kebanyakan keylogger menggunakan metode penyimpanan log 3 metode:

1. ftp
2. email

ane googling ada juga yang melalui dumping file , tapi ane kurang gt mudeng system ini,

dan bagusnya setau ane semua port diatas tidak digunakan oleh game online indonesia manapun. karena kebanyakan warnet gabung dengan game online Ketawa

dibawah ini ada script mikrotik yang bisa langsung di paste di terminal mikrotik anda ntar src address nya sesuaikan dengan ip network LAN warnet tujuan.


Code:
1    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=21 comment="BLOCK FTP"
2    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=995 comment="BLOCK MAIL"
3    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=25 comment="BLOCK PORT"
4    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=465 comment="BLOCK PORT"
5    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=587 comment="BLOCK PORT"
6    ip firewall filter add chain=forward protocol=tcp src-address=110.110.1.0/24 action=drop port=110 comment="BLOCK PORT"

ane contohkan disini pake 110.110.1.0/24 karena jaringan network dimarkas ane pake 110.110.1.0/24 , bisa disesuaikan dengan ip lan warnet nya
nah dengan begitu kita bisa agak merasa aman karena si empunya keylogger ga bisa nerima setoran dari si program keylogger ini terkecuali si keylogger mengganti port email / ftp, tapi carai ini agak sedikit advance, dan sangat jarang lamer / orang yang iseng mempunyai skill seperti itu. :asik

kalo ada user mau ftpan ato mau menggunakan port2 tadi bisa aja tinggal bilang ke server sementara di disable aja blok nya Ketawa , hehe its so easy kan ?


semoga bermanfaat

.thz
Regards

El-Farhatz

sumber : http://devilzc0de.org/forum/thread-6324.html?highlight=mikrotik

Read More

Mikrotik PCC LoadBalance

09.53  All About Mikrotik  

Contoh berikut adalah penggunaan PCC untuk loadbalance 3 Line PPPoE

5 Interface yang kita pakai yaitu :
- Public1
- Public2
- Public3
- Proxy
- Local

dan PPPoE name = Speedy1, Speedy2 dan Speedy3

Code:
{{{
/interface ethernet
set 0 name=Public1
set 1 name=Public2
set 2 name=Public3
set 3 name=Proxy
set 4 name=Local
}}}
Dengan IP Address sbb :

Code:
{{{
/ip address
add address=192.168.11.2/30 interface=Public1
add address=192.168.22.2/30 interface=Public2
add address=192.168.33.2/30 interface=Public3
add address=192.168.3.1/30 interface=Proxy
add address=192.168.2.30/27 interface=Local
}}}

Untuk dialup PPPoE nya jangan centang add-default-route nya, kita bikin manual di ip route seperti dibawah ini :
Code:
{{{
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="PPPOE 1" dial-on-demand=no disabled=no interface=Public1 max-mru=1480 max-mtu=\
    1480 mrru=disabled name=Speedy1 password=XXXXXXXXX profile=default service-name="" use-peer-dns=no user=XXXXXXXXX@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="PPPOE 2" dial-on-demand=no disabled=no interface=Public2 max-mru=1480 max-mtu=\
    1480 mrru=disabled name=Speedy2 password=XXXXXXXXX profile=default service-name="" use-peer-dns=no user=XXXXXXXXX@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="PPPOE 3" dial-on-demand=no disabled=no interface=Public3 max-mru=1480 max-mtu=\
    1480 mrru=disabled name=Speedy3 password=XXXXXXXXX profile=default service-name="" use-peer-dns=no user=XXXXXXXXX@telkom.net
Code:
{{{
/ip route
add check-gateway=arp comment="Default Route - Distance 1" disabled=no distance=1 gateway=Speedy1
add check-gateway=arp comment="Default Route - Distance 2" disabled=no distance=2 gateway=Speedy2
add check-gateway=arp comment="Default Route - Distance 3" disabled=no distance=3 gateway=Speedy3
add check-gateway=arp comment="PPPoE1 - Distance 1" disabled=no distance=1 gateway=Speedy1 routing-mark=pppoe_1
add check-gateway=arp comment="PPPoE2 - Distance 1" disabled=no distance=1 gateway=Speedy2 routing-mark=pppoe_2
add check-gateway=arp comment="PPPoE2 - Distance 1" disabled=no distance=1 gateway=Speedy3 routing-mark=pppoe_3
}}}

Kemudian untuk rule PCC nya adalah sebagai berikut :
 

Code:
{{{
/ip firewall mangle
add action=mark-connection chain=prerouting comment="PROXY PCC" disabled=no dst-address-type=!local dst-port=80,81,8080,8088,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_1 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,8088,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_2 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,8088,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_3 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="PROXY ROUTE" connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 \
passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_2 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_3 disabled=no in-interface=Proxy new-routing-mark=pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,8088,3128 in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,8088,3128 \
    in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,8088,3128 \
    in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no
}}} 

Code:
http://code.google.com/p/warneter/source/browse/wiki/MikrotikPCC.wiki?r=13

kalo output line nya ada 2 gimana,misal 1 lan 1 hotspot?


Jawabannya


Code:
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,8088,3128 in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,8088,3128 \
    in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,8088,3128 \
    in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!53 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_3 passthrough=no

rubah in interface=local jadi interface hotspot

Read More

Minggu, 04 Desember 2011

Buat voucher di MikroTik

07.35  All About Mikrotik  

langsung saja tanpa bicara panjang kali lebar sisi kali sisi

rempah-rempahnya

=========================================================================

=========================================================================
dosis penggunaaan





efek samping


Read More

Load Balance menggunakan Metode PCC

07.21  All About Mikrotik  

Load balance pada mikrotik adalah teknik untuk mendistribusikan beban trafik pada dua atau lebih jalur koneksi secara seimbang, agar trafik dapat berjalan optimal, memaksimalkan throughput, memperkecil waktu tanggap dan menghindari overload pada salah satu jalur koneksi.
Selama ini banyak dari kita yang beranggapan salah, bahwa dengan menggunakan loadbalance dua jalur koneksi , maka besar bandwidth yang akan kita dapatkan menjadi dua kali lipat dari bandwidth sebelum menggunakan loadbalance (akumulasi dari kedua bandwidth tersebut). Hal ini perlu kita perjelas dahulu, bahwa loadbalance tidak akan menambah besar bandwidth yang kita peroleh, tetapi hanya bertugas untuk membagi trafik dari kedua bandwidth tersebut agar dapat terpakai secara seimbang.
Dengan artikel ini, kita akan membuktikan bahwa dalam penggunaan loadbalancing tidak seperti rumus matematika 512 + 256 = 768, akan tetapi 512 + 256 = 512 + 256, atau 512 + 256 = 256 + 256 + 256.
Pada artikel ini kami menggunakan RB433UAH dengan kondisi sebagai berikut :
1. Ether1 dan Ether2 terhubung pada ISP yang berbeda dengan besar bandwdith yang berbeda. ISP1 sebesar 512kbps dan ISP2 sebesar 256kbps.
2. Kita akan menggunakan web-proxy internal dan menggunakan openDNS.
3. Mikrotik RouterOS anda menggunakan versi 4.5 karena fitur PCC mulai dikenal pada versi 3.24.
Jika pada kondisi diatas berbeda dengan kondisi jaringan ditempat anda, maka konfigurasi yang akan kita jabarkan disini harus anda sesuaikan dengan konfigurasi untuk jaringan ditempat anda.

Konfigurasi Dasar

Berikut ini adalah Topologi Jaringan dan IP address yang akan kita gunakan
Quote:/ip address
add address=192.168.101.2/30 interface=ether1
add address=192.168.102.2/30 interface=ether2
add address=10.10.10.1/24 interface=wlan2
/ip dns
set allow-remote-requests=yes primary-dns=208.67.222.222 secondary-dns=208.67.220.220


Untuk koneksi client, kita menggunakan koneksi wireless pada wlan2 dengan range IP client 10.10.10.2 s/d 10.10.10.254 netmask 255.255.255.0, dimana IP 10.10.10.1 yang dipasangkan pada wlan2 berfungsi sebagai gateway dan dns server dari client. Jika anda menggunakan DNS dari salah satu isp anda, maka akan ada tambahan mangle yang akan kami berikan tanda tebal

Setelah pengkonfigurasian IP dan DNS sudah benar, kita harus memasangkan default route ke masing-masing IP gateway ISP kita agar router meneruskan semua trafik yang tidak terhubung padanya ke gateway tersebut. Disini kita menggunakan fitur check-gateway berguna jika salah satu gateway kita putus, maka koneksi akan dibelokkan ke gateway lainnya.
Quote:/ip route
add dst-address=0.0.0.0/0 gateway=192.168.101.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.102.1 distance=2 check-gateway=ping

Untuk pengaturan Access Point sehingga PC client dapat terhubung dengan wireless kita, kita menggunakan perintah
Quote:/interface wireless
set wlan2 mode=ap-bridge band=2.4ghz-b/g ssid=Mikrotik disabled=no


Agar pc client dapat melakukan koneksi ke internet, kita juga harus merubah IP privat client ke IP publik yang ada di interface publik kita yaitu ether1 dan ether2.
Quote:/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2

Sampai langkah ini, router dan pc client sudah dapat melakukan koneksi internet. Lakukan ping baik dari router ataupun pc client ke internet. Jika belum berhasil, cek sekali lagi konfigurasi anda.

Webproxy Internal
Pada routerboard tertentu, seperti RB450G, RB433AH, RB433UAH, RB800 dan RB1100 mempunyai expansion slot (USB, MicroSD, CompactFlash) untuk storage tambahan. Pada contoh berikut, kita akan menggunakan usb flashdisk yang dipasangkan pada slot USB. Untuk pertama kali pemasangan, storage tambahan ini akan terbaca statusnya invalid di /system store. Agar dapat digunakan sebagai media penyimpan cache, maka storage harus diformat dahulu dan diaktifkan Nantinya kita tinggal mengaktifkan webproxy dan set cache-on-disk=yes untuk menggunakan media storage kita. Jangan lupa untuk membelokkan trafik HTTP (tcp port 80) kedalam webproxy kita.
Quote:/store disk format-drive usb1
/store
add disk=usb1 name=cache-usb type=web-proxy
activate cache-usb

/ip proxy
set cache-on-disk=yes enabled=yes max-cache-size=200000KiB port=8080

/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 in-interface=wlan2 action=redirect to-ports=8080



Pengaturan Mangle
Pada loadbalancing kali ini kita akan menggunakan fitur yang disebut PCC (Per Connection Classifier). Dengan PCC kita bisa mengelompokan trafik koneksi yang melalui atau keluar masuk router menjadi beberapa kelompok. Pengelompokan ini bisa dibedakan berdasarkan src-address, dst-address, src-port dan atau dst-port. Router akan mengingat-ingat jalur gateway yang dilewati diawal trafik koneksi, sehingga pada paket-paket selanjutnya yang masih berkaitan dengan koneksi awalnya akan dilewatkan pada jalur gateway yang sama juga. Kelebihan dari PCC ini yang menjawab banyaknya keluhan sering putusnya koneksi pada teknik loadbalancing lainnya sebelum adanya PCC karena perpindahan gateway..
Sebelum membuat mangle loadbalance, untuk mencegah terjadinya loop routing pada trafik, maka semua trafik client yang menuju network yang terhubung langsung dengan router, harus kita bypass dari loadbalancing. Kita bisa membuat daftar IP yang masih dalam satu network router dan memasang mangle pertama kali sebagai berikut
Quote:/ip firewall address-list
add address=192.168.101.0/30 list=lokal
add address=192.168.102.0/30 list=lokal
add address=10.10.10.0/24 list=lokal

/ip firewall mangle
add action=accept chain=prerouting dst-address-list=lokal in-interface=wlan2 comment=”trafik lokal”
add action=accept chain=output dst-address-list=lokal

Pada kasus tertentu, trafik pertama bisa berasal dari Internet, seperti penggunaan remote winbox atau telnet dari internet dan sebagainya, oleh karena itu kita juga memerlukan mark-connection untuk menandai trafik tersebut agar trafik baliknya juga bisa melewati interface dimana trafik itu masuk
Quote:/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=con-from-isp1 passthrough=yes comment=”trafik dari isp1”
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=con-from-isp2 passthrough=yes comment=”trafik dari isp2”

Umumnya, sebuah ISP akan membatasi akses DNS servernya dari IP yang hanya dikenalnya, jadi jika anda menggunakan DNS dari salah satu ISP anda, anda harus menambahkan mangle agar trafik DNS tersebut melalui gateway ISP yang bersangkutan bukan melalui gateway ISP lainnya. Disini kami berikan mangle DNS ISP1 yang melalui gateway ISP1. Jika anda menggunakan publik DNS independent, seperti opendns, anda tidak memerlukan mangle dibawah ini.
Quote:/ip firewall mangle
add action=mark-connection chain=output comment=dns dst-address=202.65.112.21 dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp comment=”trafik DNS citra.net.id”
add action=mark-connection chain=output dst-address=202.65.112.21 dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp
add action=mark-routing chain=output connection-mark=dns new-routing-mark=route-to-isp1 passthrough=no

Karena kita menggunakan webproxy pada router, maka trafik yang perlu kita loadbalance ada 2 jenis. Yang pertama adalah trafik dari client menuju internet (non HTTP), dan trafik dari webproxy menuju internet. Agar lebih terstruktur dan mudah dalam pembacaannya, kita akan menggunakan custom-chain sebagai berikut :
Quote:/ip firewall mangle
add action=jump chain=prerouting comment=”lompat ke client-lb” connection-mark=no-mark in-interface=wlan2 jump-target=client-lb
add action=jump chain=output comment=”lompat ke lb-proxy” connection-mark=no-mark out-interface=!wlan2 jump-target=lb-proxy


Pada mangle diatas, untuk trafik loadbalance client pastikan parameter in-interface adalah interface yang terhubung dengan client, dan untuk trafik loadbalance webproxy, kita menggunakan chain output dengan parameter out-interface yang bukan terhubung ke interface client. Setelah custom chain untuk loadbalancing dibuat, kita bisa membuat mangle di custom chain tersebut sebagai berikut
Quote:/ip firewall mangle
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:3/0 comment=”awal loadbalancing klien”
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=return chain=client-lb comment=”akhir dari loadbalancing”

/ip firewall mangle
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:3/0 comment=”awal load balancing proxy”
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=return chain=lb-proxy comment=”akhir dari loadbalancing”
Untuk contoh diatas, pada loadbalancing client dan webproxy menggunakan parameter pemisahan trafik pcc yang sama, yaitu both-address, sehingga router akan mengingat-ingat berdasarkan src-address dan dst-address dari sebuah koneksi. Karena trafik ISP kita yang berbeda (512kbps dan 256kbps), kita membagi beban trafiknya menjadi 3 bagian. 2 bagian pertama akan melewati gateway ISP1, dan 1 bagian terakhir akan melewati gateway ISP2. Jika masing-masing trafik dari client dan proxy sudah ditandai, langkah berikutnya kita tinggal membuat mangle mark-route yang akan digunakan dalam proses routing nantinya
Quote:/ip firewall mangle
add action=jump chain=prerouting comment=”marking route client” connection-mark=!no-mark in-interface=wlan2 jump-target=route-client
add action=mark-routing chain=route-client connection-mark=to-isp1 new-routing-mark=route-to-isp1 passthrough=no
add action=mark-routing chain=route-client connection-mark=to-isp2 new-routing-mark=route-to-isp2 passthrough=no
add action=mark-routing chain=route-client connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 passthrough=no
add action=mark-routing chain=route-client connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 passthrough=no
add action=return chain=route-client disabled=no

/ip firewall mangle
add action=mark-routing chain=output comment=”marking route proxy” connection-mark=con-from-isp1 new-routing-mark=route-to-isp1 out-interface=!wlan2 passthrough=no
add action=mark-routing chain=output connection-mark=con-from-isp2 new-routing-mark=route-to-isp2 out-interface=!wlan2 passthrough=no


Pengaturan Routing
Pengaturan mangle diatas tidak akan berguna jika anda belum membuat routing berdasar mark-route yang sudah kita buat. Disini kita juga akan membuat routing backup, sehingga apabila sebuah gateway terputus, maka semua koneksi akan melewati gateway yang masing terhubung
Quote:/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.101.1 routing-mark=route-to-isp1 distance=1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.102.1 routing-mark=route-to-isp1 distance=2
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.102.1 routing-mark=route-to-isp2 distance=1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.101.1 routing-mark=route-to-isp2 distance=2

NB : Kalau ngk jalan, kuncinya satu banyakin amal... org dah ane coba puluhan kali jalan kok [Image: 21.gif]



sumber : http://devilzc0de.org/forum/archive/index.php/thread-4976.html

Read More

Pisahin Bandwint Lokal sama Interllokal dengan ip firewall + Mangle

07.20  All About Mikrotik  

Code:
/ip firewall address-list
add list=nice address="1.2.3.4"
add list=nice address="125.166.0.0/15"
add list=nice address="125.162.0.0/16"
add list=nice address="125.163.0.0/16"
add list=nice address="125.160.0.0/16"
add list=nice address="125.161.0.0/16"
add list=nice address="125.164.0.0/16"
add list=nice address="125.165.0.0/16"
add list=nice address="222.124.0.0/16"
add list=nice address="61.94.0.0/16"
add list=nice address="167.205.0.0/16"
add list=nice address="202.158.0.0/17"
add list=nice address="61.5.0.0/17"
add list=nice address="124.195.0.0/17"
add list=nice address="117.102.64.0/18"
add list=nice address="152.118.128.0/18"
add list=nice address="152.118.192.0/18"
add list=nice address="152.118.0.0/18"
add list=nice address="152.118.64.0/18"
add list=nice address="207.209.192.0/18"
add list=nice address="221.132.192.0/18"
add list=nice address="125.208.128.0/18"
add list=nice address="124.153.0.0/18"
add list=nice address="61.14.0.0/18"
add list=nice address="203.130.192.0/18"
add list=nice address="210.210.128.0/18"
add list=nice address="206.182.192.0/18"
add list=nice address="114.57.0.0/18"
add list=nice address="202.152.0.0/18"
add list=nice address="209.93.224.0/19"
add list=nice address="202.173.64.0/19"
add list=nice address="114.199.96.0/19"
add list=nice address="202.171.0.0/19"
add list=nice address="202.47.192.0/19"
add list=nice address="202.169.32.0/19"
add list=nice address="202.182.160.0/19"
add list=nice address="117.102.224.0/19"
add list=nice address="202.51.192.0/19"
add list=nice address="202.149.128.0/19"
add list=nice address="202.147.224.0/19"
add list=nice address="202.146.224.0/19"
add list=nice address="202.159.64.0/19"
add list=nice address="202.95.128.0/19"
add list=nice address="202.152.224.0/19"
add list=nice address="61.247.0.0/19"
add list=nice address="61.247.32.0/19"
add list=nice address="117.104.192.0/19"
add list=nice address="118.98.160.0/19"
add list=nice address="118.98.192.0/19"
add list=nice address="118.136.0.0/19"
add list=nice address="118.136.32.0/19"
add list=nice address="118.136.64.0/19"
add list=nice address="118.136.96.0/19"
add list=nice address="118.136.128.0/19"
add list=nice address="118.136.160.0/19"
add list=nice address="118.136.192.0/19"
add list=nice address="118.136.224.0/19"
add list=nice address="118.137.0.0/19"
add list=nice address="118.137.32.0/19"
add list=nice address="118.137.64.0/19"
add list=nice address="118.137.96.0/19"
add list=nice address="118.137.128.0/19"
add list=nice address="118.137.160.0/19"
add list=nice address="118.137.192.0/19"
add list=nice address="118.137.224.0/19"
add list=nice address="121.52.64.0/19"
add list=nice address="124.81.0.0/19"
add list=nice address="124.81.32.0/19"
add list=nice address="124.81.64.0/19"
add list=nice address="124.81.96.0/19"
add list=nice address="124.81.128.0/19"
add list=nice address="124.81.192.0/19"
add list=nice address="124.81.224.0/19"
add list=nice address="202.10.32.0/19"
add list=nice address="202.53.224.0/19"
add list=nice address="202.57.0.0/19"
add list=nice address="202.73.96.0/19"
add list=nice address="202.77.96.0/19"
add list=nice address="202.81.32.0/19"
add list=nice address="202.137.0.0/19"
add list=nice address="202.138.224.0/19"
add list=nice address="202.148.0.0/19"
add list=nice address="202.150.64.0/19"
add list=nice address="202.153.128.0/19"
add list=nice address="202.154.0.0/19"
add list=nice address="202.154.32.0/19"
add list=nice address="202.155.0.0/19"
add list=nice address="202.155.32.0/19"
add list=nice address="202.155.128.0/19"
add list=nice address="202.159.0.0/19"
add list=nice address="202.159.32.0/19"
add list=nice address="202.162.192.0/19"
add list=nice address="203.128.64.0/19"
add list=nice address="219.83.0.0/19"
add list=nice address="219.83.32.0/19"
add list=nice address="219.83.64.0/19"
add list=nice address="60.253.112.0/20"
add list=nice address="61.8.64.0/20"
add list=nice address="114.57.160.0/20"
add list=nice address="114.199.80.0/20"
add list=nice address="116.68.160.0/20"
add list=nice address="117.20.48.0/20"
add list=nice address="117.103.0.0/20"
add list=nice address="118.98.240.0/20"
add list=nice address="119.2.64.0/20"
add list=nice address="119.82.224.0/20"
add list=nice address="119.110.64.0/20"
add list=nice address="119.235.208.0/20"
add list=nice address="119.252.160.0/20"
add list=nice address="121.50.128.0/20"
add list=nice address="122.129.192.0/20"
add list=nice address="122.200.0.0/20"
add list=nice address="124.81.176.0/20"
add list=nice address="202.3.208.0/20"
add list=nice address="202.6.208.0/20"
add list=nice address="202.6.224.0/20"
add list=nice address="202.43.176.0/20"
add list=nice address="202.46.64.0/20"
add list=nice address="202.46.144.0/20"
add list=nice address="202.47.64.0/20"
add list=nice address="202.51.96.0/20"
add list=nice address="202.51.224.0/20"
add list=nice address="202.58.64.0/20"
add list=nice address="202.58.160.0/20"
add list=nice address="202.59.160.0/20"
add list=nice address="202.65.112.0/20"
add list=nice address="202.67.32.0/20"
add list=nice address="202.69.96.0/20"
add list=nice address="202.72.208.0/20"
add list=nice address="202.73.224.0/20"
add list=nice address="202.77.64.0/20"
add list=nice address="202.80.112.0/20"
add list=nice address="202.80.208.0/20"
add list=nice address="202.87.176.0/20"
add list=nice address="202.93.16.0/20"
add list=nice address="202.93.32.0/20"
add list=nice address="202.93.128.0/20"
add list=nice address="202.93.224.0/20"
add list=nice address="202.123.224.0/20"
add list=nice address="202.127.96.0/20"
add list=nice address="202.133.80.0/20"
add list=nice address="202.143.32.0/20"
add list=nice address="202.145.0.0/20"
add list=nice address="202.146.48.0/20"
add list=nice address="202.147.192.0/20"
add list=nice address="202.152.160.0/20"
add list=nice address="202.152.192.0/20"
add list=nice address="202.153.16.0/20"
add list=nice address="202.153.240.0/20"
add list=nice address="202.155.64.0/20"
add list=nice address="202.155.112.0/20"
add list=nice address="202.159.112.0/20"
add list=nice address="202.165.32.0/20"
add list=nice address="202.182.48.0/20"
add list=nice address="203.78.112.0/20"
add list=nice address="203.83.32.0/20"
add list=nice address="203.89.16.0/20"
add list=nice address="203.123.224.0/20"
add list=nice address="203.153.96.0/20"
add list=nice address="203.161.16.0/20"
add list=nice address="203.166.192.0/20"
add list=nice address="203.201.160.0/20"
add list=nice address="207.83.112.0/20"
add list=nice address="210.23.64.0/20"
add list=nice address="210.57.208.0/20"
add list=nice address="210.79.208.0/20"
add list=nice address="219.83.96.0/20"
add list=nice address="220.157.96.0/20"
add list=nice address="58.65.240.0/21"
add list=nice address="60.253.96.0/21"
add list=nice address="61.45.224.0/21"
add list=nice address="114.57.232.0/21"
add list=nice address="114.134.64.0/21"
add list=nice address="114.141.48.0/21"
add list=nice address="114.141.88.0/21"
add list=nice address="116.0.0.0/21"
add list=nice address="116.12.40.0/21"
add list=nice address="116.50.24.0/21"
add list=nice address="116.68.224.0/21"
add list=nice address="116.68.248.0/21"
add list=nice address="116.90.208.0/21"
add list=nice address="116.197.128.0/21"
add list=nice address="116.254.96.0/21"
add list=nice address="117.18.16.0/21"
add list=nice address="117.74.120.0/21"
add list=nice address="117.103.32.0/21"
add list=nice address="117.103.48.0/21"
add list=nice address="117.103.168.0/21"
add list=nice address="118.98.232.0/21"
add list=nice address="119.2.40.0/21"
add list=nice address="119.10.176.0/21"
add list=nice address="119.82.240.0/21"
add list=nice address="119.110.80.0/21"
add list=nice address="119.160.200.0/21"
add list=nice address="119.235.248.0/21"
add list=nice address="120.29.152.0/21"
add list=nice address="121.58.184.0/21"
add list=nice address="121.100.16.0/21"
add list=nice address="121.101.128.0/21"
add list=nice address="121.101.184.0/21"
add list=nice address="122.49.224.0/21"
add list=nice address="122.128.16.0/21"
add list=nice address="122.144.0.0/21"
add list=nice address="122.200.48.0/21"
add list=nice address="122.200.144.0/21"
add list=nice address="124.66.160.0/21"
add list=nice address="124.81.168.0/21"
add list=nice address="124.158.128.0/21"
add list=nice address="202.43.160.0/21"
add list=nice address="202.43.248.0/21"
add list=nice address="202.46.24.0/21"
add list=nice address="202.46.80.0/21"
add list=nice address="202.51.16.0/21"
add list=nice address="202.58.176.0/21"
add list=nice address="202.59.200.0/21"
add list=nice address="202.62.16.0/21"
add list=nice address="202.72.192.0/21"
add list=nice address="202.74.72.0/21"
add list=nice address="202.75.16.0/21"
add list=nice address="202.87.248.0/21"
add list=nice address="202.89.208.0/21"
add list=nice address="202.91.8.0/21"
add list=nice address="202.91.24.0/21"
add list=nice address="202.93.240.0/21"
add list=nice address="202.122.8.0/21"
add list=nice address="202.129.184.0/21"
add list=nice address="202.133.0.0/21"
add list=nice address="202.134.0.0/21"
add list=nice address="202.146.40.0/21"
add list=nice address="202.149.64.0/21"
add list=nice address="202.149.80.0/21"
add list=nice address="202.150.128.0/21"
add list=nice address="202.153.224.0/21"
add list=nice address="202.155.80.0/21"
add list=nice address="202.155.104.0/21"
add list=nice address="202.158.136.0/21"
add list=nice address="202.159.96.0/21"
add list=nice address="202.162.32.0/21"
add list=nice address="202.164.216.0/21"
add list=nice address="202.169.224.0/21"
add list=nice address="202.169.240.0/21"
add list=nice address="202.179.184.0/21"
add list=nice address="203.77.224.0/21"
add list=nice address="203.80.8.0/21"
add list=nice address="203.84.136.0/21"
add list=nice address="203.84.152.0/21"
add list=nice address="203.123.240.0/21"
add list=nice address="203.134.232.0/21"
add list=nice address="203.135.176.0/21"
add list=nice address="203.142.64.0/21"
add list=nice address="203.142.80.0/21"
add list=nice address="203.153.24.0/21"
add list=nice address="203.153.112.0/21"
add list=nice address="203.174.8.0/21"
add list=nice address="203.176.176.0/21"
add list=nice address="203.190.48.0/21"
add list=nice address="203.190.112.0/21"
add list=nice address="203.190.184.0/21"
add list=nice address="203.190.240.0/21"
add list=nice address="203.191.40.0/21"
add list=nice address="210.211.16.0/21"
add list=nice address="219.83.112.0/21"
add list=nice address="220.247.168.0/21"
add list=nice address="222.229.80.0/21"
add list=nice address="58.145.168.0/22"
add list=nice address="60.253.104.0/22"
add list=nice address="61.45.232.0/22"
add list=nice address="114.30.80.0/22"
add list=nice address="114.31.240.0/22"
add list=nice address="116.66.200.0/22"
add list=nice address="116.90.176.0/22"
add list=nice address="116.199.204.0/22"
add list=nice address="117.102.160.0/22"
add list=nice address="117.103.56.0/22"
add list=nice address="118.98.228.0/22"
add list=nice address="119.2.48.0/22"
add list=nice address="119.18.156.0/22"
add list=nice address="119.235.16.0/22"
add list=nice address="120.29.224.0/22"
add list=nice address="121.52.52.0/22"
add list=nice address="122.102.48.0/22"
add list=nice address="124.6.32.0/22"
add list=nice address="124.81.164.0/22"
add list=nice address="146.23.252.0/22"
add list=nice address="202.2.92.0/22"
add list=nice address="202.46.0.0/22"
add list=nice address="202.46.88.0/22"
add list=nice address="202.51.28.0/22"
add list=nice address="202.51.252.0/22"
add list=nice address="202.52.12.0/22"
add list=nice address="202.55.164.0/22"
add list=nice address="202.55.168.0/22"
add list=nice address="202.59.196.0/22"
add list=nice address="202.62.8.0/22"
add list=nice address="202.62.24.0/22"
add list=nice address="202.67.8.0/22"
add list=nice address="202.70.52.0/22"
add list=nice address="202.70.60.0/22"
add list=nice address="202.72.200.0/22"
add list=nice address="202.78.196.0/22"
add list=nice address="202.81.4.0/22"
add list=nice address="202.87.240.0/22"
add list=nice address="202.93.112.0/22"
add list=nice address="202.146.0.0/22"
add list=nice address="202.146.128.0/22"
add list=nice address="202.146.176.0/22"
add list=nice address="202.149.72.0/22"
add list=nice address="202.149.88.0/22"
add list=nice address="202.153.236.0/22"
add list=nice address="202.154.184.0/22"
add list=nice address="202.155.92.0/22"
add list=nice address="202.155.96.0/22"
add list=nice address="202.158.132.0/22"
add list=nice address="202.159.108.0/22"
add list=nice address="202.162.40.0/22"
add list=nice address="202.173.16.0/22"
add list=nice address="202.180.0.0/22"
add list=nice address="202.180.16.0/22"
add list=nice address="202.180.52.0/22"
add list=nice address="203.77.208.0/22"
add list=nice address="203.77.236.0/22"
add list=nice address="203.77.248.0/22"
add list=nice address="203.81.184.0/22"
add list=nice address="203.99.96.0/22"
add list=nice address="203.123.60.0/22"
add list=nice address="203.123.248.0/22"
add list=nice address="203.128.248.0/22"
add list=nice address="203.142.76.0/22"
add list=nice address="203.160.56.0/22"
add list=nice address="203.190.40.0/22"
add list=nice address="219.83.120.0/22"
add list=nice address="222.165.192.0/22"
add list=nice address="222.165.252.0/22"
add list=nice address="32.234.170.0/23"
add list=nice address="32.234.172.0/23"
add list=nice address="60.253.108.0/23"
add list=nice address="61.45.236.0/23"
add list=nice address="116.66.204.0/23"
add list=nice address="116.199.202.0/23"
add list=nice address="116.212.100.0/23"
add list=nice address="117.102.166.0/23"
add list=nice address="117.103.60.0/23"
add list=nice address="118.82.0.0/23"
add list=nice address="118.82.12.0/23"
add list=nice address="119.235.20.0/23"
add list=nice address="120.136.18.0/23"
add list=nice address="121.52.50.0/23"
add list=nice address="121.52.58.0/23"
add list=nice address="121.52.134.0/23"
add list=nice address="123.176.120.0/23"
add list=nice address="124.158.136.0/23"
add list=nice address="194.146.106.0/23"
add list=nice address="202.20.106.0/23"
add list=nice address="202.43.168.0/23"
add list=nice address="202.46.4.0/23"
add list=nice address="202.46.14.0/23"
add list=nice address="202.46.92.0/23"
add list=nice address="202.46.130.0/23"
add list=nice address="202.46.240.0/23"
add list=nice address="202.46.252.0/23"
add list=nice address="202.51.56.0/23"
add list=nice address="202.58.196.0/23"
add list=nice address="202.59.194.0/23"
add list=nice address="202.62.28.0/23"
add list=nice address="202.65.236.0/23"
add list=nice address="202.67.12.0/23"
add list=nice address="202.70.50.0/23"
add list=nice address="202.70.56.0/23"
add list=nice address="202.75.26.0/23"
add list=nice address="202.78.192.0/23"
add list=nice address="202.78.200.0/23"
add list=nice address="202.78.204.0/23"
add list=nice address="202.89.216.0/23"
add list=nice address="202.89.222.0/23"
add list=nice address="202.93.116.0/23"
add list=nice address="202.135.6.0/23"
add list=nice address="202.135.134.0/23"
add list=nice address="202.146.4.0/23"
add list=nice address="202.146.132.0/23"
add list=nice address="202.149.78.0/23"
add list=nice address="202.149.92.0/23"
add list=nice address="202.153.232.0/23"
add list=nice address="202.154.176.0/23"
add list=nice address="202.155.100.0/23"
add list=nice address="202.158.130.0/23"
add list=nice address="202.159.106.0/23"
add list=nice address="202.162.46.0/23"
add list=nice address="202.169.232.0/23"
add list=nice address="202.169.236.0/23"
add list=nice address="202.173.20.0/23"
add list=nice address="202.180.4.0/23"
add list=nice address="202.180.8.0/23"
add list=nice address="202.180.50.0/23"
add list=nice address="202.191.2.0/23"
add list=nice address="203.31.164.0/23"
add list=nice address="203.77.214.0/23"
add list=nice address="203.77.220.0/23"
add list=nice address="203.77.232.0/23"
add list=nice address="203.77.246.0/23"
add list=nice address="203.81.190.0/23"
add list=nice address="203.123.252.0/23"
add list=nice address="203.153.120.0/23"
add list=nice address="203.160.60.0/23"
add list=nice address="203.189.88.0/23"
add list=nice address="203.190.36.0/23"
add list=nice address="203.190.46.0/23"
add list=nice address="203.194.70.0/23"
add list=nice address="206.73.208.0/23"
add list=nice address="206.73.234.0/23"
add list=nice address="206.73.238.0/23"
add list=nice address="219.83.124.0/23"
add list=nice address="32.234.175.0/24"
add list=nice address="58.145.173.0/24"
add list=nice address="58.145.175.0/24"
add list=nice address="58.147.185.0/24"
add list=nice address="58.147.189.0/24"
add list=nice address="60.253.110.0/24"
add list=nice address="61.45.238.0/24"
add list=nice address="87.237.160.0/24"
add list=nice address="114.4.0.0/24"
add list=nice address="116.66.207.0/24"
add list=nice address="116.90.163.0/24"
add list=nice address="116.90.164.0/24"
add list=nice address="116.90.166.0/24"
add list=nice address="116.212.96.0/24"
add list=nice address="117.102.164.0/24"
add list=nice address="118.82.14.0/24"
add list=nice address="118.82.18.0/24"
add list=nice address="118.82.31.0/24"
add list=nice address="119.2.55.0/24"
add list=nice address="120.136.16.0/24"
add list=nice address="120.136.23.0/24"
add list=nice address="121.52.25.0/24"
add list=nice address="121.52.35.0/24"
add list=nice address="121.52.42.0/24"
add list=nice address="121.52.49.0/24"
add list=nice address="121.52.61.0/24"
add list=nice address="121.52.129.0/24"
add list=nice address="121.52.130.0/24"
add list=nice address="122.102.52.0/24"
add list=nice address="122.201.39.0/24"
add list=nice address="123.176.122.0/24"
add list=nice address="123.176.127.0/24"
add list=nice address="124.81.160.0/24"
add list=nice address="124.81.162.0/24"
add list=nice address="124.158.138.0/24"
add list=nice address="144.5.46.0/24"
add list=nice address="152.158.247.0/24"
add list=nice address="156.146.3.0/24"
add list=nice address="192.5.5.0/24"
add list=nice address="192.23.186.0/24"
add list=nice address="192.36.148.0/24"
add list=nice address="192.92.81.0/24"
add list=nice address="194.0.1.0/24"
add list=nice address="194.0.2.0/24"
add list=nice address="194.146.108.0/24"
add list=nice address="202.14.255.0/24"
add list=nice address="202.22.31.0/24"
add list=nice address="202.43.170.0/24"
add list=nice address="202.43.173.0/24"
add list=nice address="202.43.175.0/24"
add list=nice address="202.46.9.0/24"
add list=nice address="202.46.11.0/24"
add list=nice address="202.46.94.0/24"
add list=nice address="202.46.129.0/24"
add list=nice address="202.51.122.0/24"
add list=nice address="202.51.126.0/24"
add list=nice address="202.52.8.0/24"
add list=nice address="202.55.160.0/24"
add list=nice address="202.55.172.0/24"
add list=nice address="202.58.203.0/24"
add list=nice address="202.58.204.0/24"
add list=nice address="202.59.192.0/24"
add list=nice address="202.62.31.0/24"
add list=nice address="202.65.227.0/24"
add list=nice address="202.65.238.0/24"
add list=nice address="202.67.15.0/24"
add list=nice address="202.70.49.0/24"
add list=nice address="202.70.59.0/24"
add list=nice address="202.75.25.0/24"
add list=nice address="202.75.29.0/24"
add list=nice address="202.75.30.0/24"
add list=nice address="202.78.195.0/24"
add list=nice address="202.78.203.0/24"
add list=nice address="202.78.207.0/24"
add list=nice address="202.87.245.0/24"
add list=nice address="202.87.247.0/24"
add list=nice address="202.92.192.0/24"
add list=nice address="202.92.200.0/24"
add list=nice address="202.92.207.0/24"
add list=nice address="202.122.162.0/24"
add list=nice address="202.122.165.0/24"
add list=nice address="202.122.166.0/24"
add list=nice address="202.135.5.0/24"
add list=nice address="202.135.23.0/24"
add list=nice address="202.135.28.0/24"
add list=nice address="202.135.42.0/24"
add list=nice address="202.135.54.0/24"
add list=nice address="202.135.129.0/24"
add list=nice address="202.135.133.0/24"
add list=nice address="202.135.145.0/24"
add list=nice address="202.135.155.0/24"
add list=nice address="202.135.161.0/24"
add list=nice address="202.135.248.0/24"
add list=nice address="202.146.32.0/24"
add list=nice address="202.146.34.0/24"
add list=nice address="202.146.135.0/24"
add list=nice address="202.146.180.0/24"
add list=nice address="202.149.77.0/24"
add list=nice address="202.150.160.0/24"
add list=nice address="202.151.9.0/24"
add list=nice address="202.154.183.0/24"
add list=nice address="202.154.190.0/24"
add list=nice address="202.155.88.0/24"
add list=nice address="202.155.91.0/24"
add list=nice address="202.155.102.0/24"
add list=nice address="202.158.129.0/24"
add list=nice address="202.160.254.0/24"
add list=nice address="202.162.44.0/24"
add list=nice address="202.167.97.0/24"
add list=nice address="202.169.234.0/24"
add list=nice address="202.180.6.0/24"
add list=nice address="202.180.10.0/24"
add list=nice address="202.180.20.0/24"
add list=nice address="202.180.49.0/24"
add list=nice address="203.14.176.0/24"
add list=nice address="203.77.212.0/24"
add list=nice address="203.77.216.0/24"
add list=nice address="203.77.223.0/24"
add list=nice address="203.77.252.0/24"
add list=nice address="203.77.255.0/24"
add list=nice address="203.99.100.0/24"
add list=nice address="203.99.103.0/24"
add list=nice address="203.99.119.0/24"
add list=nice address="203.99.120.0/24"
add list=nice address="203.99.127.0/24"
add list=nice address="203.119.13.0/24"
add list=nice address="203.119.17.0/24"
add list=nice address="203.123.254.0/24"
add list=nice address="203.153.122.0/24"
add list=nice address="203.160.62.0/24"
add list=nice address="203.163.66.0/24"
add list=nice address="203.163.76.0/24"
add list=nice address="203.163.81.0/24"
add list=nice address="203.163.88.0/24"
add list=nice address="203.163.95.0/24"
add list=nice address="203.163.113.0/24"
add list=nice address="203.173.89.0/24"
add list=nice address="203.173.90.0/24"
add list=nice address="203.174.5.0/24"
add list=nice address="203.194.90.0/24"
add list=nice address="205.248.57.0/24"
add list=nice address="205.248.151.0/24"
add list=nice address="205.248.158.0/24"
add list=nice address="206.73.79.0/24"
add list=nice address="206.73.80.0/24"
add list=nice address="206.73.194.0/24"
add list=nice address="206.73.203.0/24"
add list=nice address="206.73.205.0/24"
add list=nice address="206.73.222.0/24"
add list=nice address="206.73.227.0/24"
add list=nice address="206.73.228.0/24"
add list=nice address="206.73.240.0/24"
add list=nice address="206.73.244.0/24"
add list=nice address="206.73.248.0/24"
add list=nice address="206.182.36.0/24"
add list=nice address="207.117.234.0/24"
add list=nice address="218.100.32.0/24"
add list=nice address="222.165.196.0/24"
add list=nice address="222.165.200.0/24"
add list=nice address="222.165.203.0/24"
add list=nice address="222.165.218.0/24"
add list=nice address="222.165.220.0/24"
add list=nice address="222.165.222.0/24"
add list=nice address="222.165.251.0/24"

/ip firewall mangle
add chain=prerouting in-interface=bridge1 dst-address-list=nice action=mark-connection new-connection-mark=conn-iix passthrough=yes
add chain=prerouting connection-mark=conn-iix action=mark-packet new-packet-mark=packet-iix passthrough=no
add chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no

/queue simple
add name="client02-iix" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-iix priority=8 queue=default-small/default-small limit-at=0/0 max-limit=64000/256000 total-queue=default-small
add name="client02-intl" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-intl priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32000/128000 total-queue=default-small
 
sumber : http://devilzc0de.org/forum/archive/index.php/thread-592.html

Read More

Konfigurasi simple queue dan queue tree

07.15  All About Mikrotik  

ini adalah configurasi simple queue:


Code:
[kiddies@Mikrotik] queue> simple
[kiddies@Mikrotik] queue simple

add name=”WARNET” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=1000000/1000000 total-queue=default-small \
disabled=no
add name=”USER” target-addresses=192.168.0.2/32,192.168.0.3/32,192.168.0.4/32,192.168.0.5/32,192.168.0.6/32,192.168.0.7/32\
,192.168.0.8/32,192.168.0.9/32,192.168.0.10/32 dst-address=0.0.0.0/0 interface=all parent=WARNET direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=384000/384000 total-queue=default-small \
disabled=no
add name=”Client-1″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lan parent=USER direction=both \
priority=8 queue=default-small/default-small limit-at=16000/16000 max-limit=32000/64000 total-queue=default-small \
disabled=no

configurasi queue tree

Code:
Mangle

Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle.

[kiddies@Mikrotik] > ip firewall mangle
[kiddies@Mikrotik] ip firewall mangle>

add chain=forward src-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=”" \
disabled=no
add chain=forward dst-address=192.168.10.0/24 action=mark-connection new-connection-mark=lokal passthrough=yes comment=”" \
disabled=no
add chain=forward protocol=icmp connection-mark=lokal action=mark-packet new-packet-mark=lokal-icmp passthrough=no \
comment=”" disabled=no
add chain=forward src-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet \
new-packet-mark=lokal-1 passthrough=no comment=”" disabled=no
add chain=forward dst-address=192.168.10.1 protocol=!icmp connection-mark=lokal action=mark-packet \
new-packet-mark=lokal-1 passthrough=no comment=”" disabled=no
add chain=forward src-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet \
new-packet-mark=lokal-2 passthrough=no comment=”" disabled=no
add chain=forward dst-address=192.168.10.2 protocol=!icmp connection-mark=lokal action=mark-packet \
new-packet-mark=lokal-2 passthrough=no comment=”" disabled=no

Queue-tree:

[kiddies@LimiTer] queue> tree

[kiddies@LimiTer] queue tree>
add name=”upload” parent=ether1 packet-mark=”" limit-at=0 queue=default priority=1 max-limit=256000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name=”icmd-upload” parent=upload packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”lokal-1-upload” parent=upload packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=64000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”lokal-2-upload” parent=upload packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=64000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”download” parent=global-out packet-mark=”" limit-at=0 queue=default priority=1 max-limit=512000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name=”icmp-download” parent=download packet-mark=lokal-icmp limit-at=0 queue=default priority=3 max-limit=64000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”lokal-1-download” parent=download packet-mark=lokal-1 limit-at=0 queue=default priority=5 max-limit=128000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”lokal-2-download” parent=download packet-mark=lokal-2 limit-at=0 queue=default priority=5 max-limit=128000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Note : Disini anda bisa membuat alokasi bandwith kusus buat icmp download dan upload.
 
 
sumber : http://devilzc0de.org/forum/archive/index.php/thread-471.html

Read More

Senin, 28 November 2011

Belajar Jadi Admin Jaringan

14.59  All About Mikrotik  

Saya ingin berbagi ilmu dengan teman2 sekalian yang ingin belajar Networking dan Server

Banyak orang yang bertanya kepada saya apa sih yang harus dipelajari pertama kali ketika ingin belajar Networking??
Gimana sih caranya menjebol Situs Web??
Apa yang harus dipilih Linux atau Windows??
Bagaimana menahan Virus dan serangan ke komputer maupun Server??
....

Masih banyak lagi pertanyaan seperti itu..
Saya akan membantu Anda harus memulai darimana..

Yang harus Anda Kuasai Adalah:

1. Basic Hardware Networking = Kenapa mesti dipelajari?? Karena dari sinilah inti perjalanan packet yang akan dikirim dari komputer kita ke Server.
ApA itu Switch, Hub, Wireless..Taukah Anda bahwa switch lebih aman daripada WIFI??
Kapan saya menggunakan switch atau Wifi..Semua harus diperhitungkan dengan baik.
Darimana kita belajar..Banyak buku yang mempelajari hal tersebut

2. Basic IP dan Subnetting = Mungkin kalau saya bilang ini adalah yang sangaat penting dari semua-nya adalah IP dan subnetting..Hal ini akan sangat terasa
apabila Anda bekerja di ISP..Anda akan mempelajari cara efisiensi IP,apa itu gateway??
Bagaimana mengatur IP yang baik untuk mencegah terjadi Broadcasting..

3. Technology Switching dan Routing = Kalau Anda sudah melebihi 1 jaringan di kantor Anda harus bisa melakukan routing terhadap jaringan.
Tau tidak bahwa internet bisa terhubung ke mana-mana karena routing ini.
Untuk switching Anda perlu mempelajari Teknologi VLAN

4. Technology Server = Kalau yang satu ini Anda akan banyak berhubungan dengan Server LDAP, DHCP, DNS, Dll...Intinya adalah memberikan service yang
dibutuhkan untuk client. Untuk mencari informasi silahkan minta bantuan Google..Ketikkan service server yang ingin dipelajari

5. Security = Nah setelah terbentuk server dan infrastruktur yang baik barulah Anda memperhatikan Security mulai dari Server, Router, sampai Anda
membuat IDS untuk mendeteksi serangan

6. Monitoring = Monitoring ini mencangkup semua hal baik dari infrastruktur maupun dari sisi Server..Semakin baik monitoring maka Anda akan mudah..

7. Backup = Hal ini sering dilupakan oleh para Network Administrator..Lakukan Backup Deferensial maupun Full untuk mengantisipasi Crash...
Banyak teknologi yang dilakukan. Kalau saya lebih sering menggunakan RAID untuk Backup Harddisk dan Rsync untuk FIle

Darimana saya bisa mempelajari hal-hal tersebut:
1. Dari Google yang pasti nya
2. Buku atau Ebook
3. DVD Tutorial
4. Forum
5. Pengalaman dan TroubleShooting terhadap suatu masalah

Read More

DNS Server yang umum digunakan

14.57  All About Mikrotik  

Ada bermacam-macam DNS Server yang umum digunakan dan terbukti kecepatan dan keamanannya, berikut daftarnya:
DNS Server di Indonesia
Server DNS indosat.net.id termasuk DNS Indosat IM2
Code:
202.155.0.10
202.155.0.15
202.155.0.20
202.155.0.25
202.155.46.66
202.155.46.77
202.155.30.227
DNS Telkom.net.id Telkom Speedy
Code:
202.134.2.5
203.130.196.5
202.134.0.155
202.134.1.10
202.134.0.62
202.159.32.2
202.159.33.2
202.155.30.227
DNS AWARI (Asosiasi Warnet Indonesia)
Code:
203.34.118.10
203.34.118.12
DNS sat.net.id
Code:
202.149.82.25
202.149.82.29
DNS cbn.net.id
Code:
202.158.40.1
202.158.20.1
202.158.3.7
202.158.3.6
Singnet Singapore
Code:
165.21.100.88
165.21.83.88
DNS indo.net.id
Code:
202.159.32.2
202.159.33.2
DNS itb.ac.id
Code:
202.249.24.65
167.205.23.1
167.205.22.123
167.205.30.114
DNS ukdw.ac.id
Code:
222.124.22.18
Nawala Project - sangat di sarankan karena akan memblokir situs tidak baik & cukup stabil.
Code:
180.131.144.144 (primary)
180.131.145.145 (secondary)


Daftar DNS Luar indonesia

DNS Open DNS
Code:
208.67.222.222
208.67.220.220
DNS ScrubIt
Code:
67.138.54.100
207.225.209.66
DNS DNSadvantage
Code:
156.154.70.1
156.154.71.1
DNS vnsc-pri.sys.gtei.net
Code:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Verizon (Reston, VA, US)
Code:
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43
GTE (Irving, TX, US)
Code:
192.76.85.133
206.124.64.1
One Connect IP (Albuquerque, NM, US)
Code:
67.138.54.100
OpenDNS (San Francisco, CA, US)
Code:
208.67.222.222
208.67.220.220
Exetel (Sydney, AU)
Code:
220.233.167.31
VRx Network Services (New York, NY, US)
Code:
199.166.31.3
SpeakEasy (Seattle, WA, US)
Code:
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
Sprintlink (Overland Park, KS, US)
Code:
199.2.252.10
204.97.212.10
204.117.214.10
Cisco (San Jose, CA, US)
Code:
64.102.255.44
128.107.241.185

Catatan : Beberapa DNS tidak bisa digunakan untuk akses FTP dan Website tertentu diblokir oleh Server DNS tersebut..

Read More

Macam-macam port dalam jaringan

14.56  All About Mikrotik  

Port merupakan suatu celah atau pintu gerbang pada suatu sistem komputer sebagai jalur transfer data.
Jenis-jenis port dalam jaringan yang harus diketahui adalah sebagai berikut;

• Port 22 merupakan SSH Secure Shell
Port ini digunakan untuk port SSH.

• Port 21 merupakan FTP Server
Ketika seseorang mengakses FTP server, maka ftp client secara default akan melakukan koneksi melalui port 21 dengan ftp server.

• Port 23 merupakan Telnet
Jika anda menjalankan server telnet maka port ini digunakan client telnet untuk hubungan dengan server telnet.

• Port 80 merupakan Web Server
Port ini biasanya digunakan untuk web server, jadi ketika user mengetikan alamat IP atau hostname di web browser maka web browser akan melihat IP tersebut pada port 80.

• Port 81 merupakan Web Server Alternatif
Ketika port 80 diblok maka port 81 akan digunakan sebagai port altenatif hosting website.

• Port 25 merupakan SMTP(Simple Mail Transport Protokol)
Ketika seseorang mengirim email ke server SMTP anda, maka port yang digunakan adalah port 25.

• Port 2525 merupakan SMTP Alternate Server
Port 2525 adalah port alternatifi aktif dari TZO untuk menservice forwarding email. Port ini bukan standard port, namun dapat digunakan apabila port smtp terkena blok.

• Port 3389 merupakan Remote Desktop
Port ini adalah untuk remote desktop di WinXP.

• Port 110 merupakan POP Server
Jika anda menggunakan Mail server, user jika log ke dalam mesin tersebut via POP3 (Post Office Protokol) atau IMAP4 (Internet Message Access Protocol) untuk menerima emailnya, POP3 merupakan protokol untuk mengakses mail box.

Read More

Cara setting Usermanager

14.53  All About Mikrotik  

1. Pastikan package user-manager udah terinstall di mikrotik, caranya di winbox klik klik system --> package diliat di situ ada apa ga user-manager, kalo ga ada ya diinstall dulu tinggal download package user-man sesuai versi mikrotik, trus kalo udah dapet drag aja ke file list di winbox.. reboot mikrotiknya ntar nginstall sendiri...

2. dengan catatan hotspot sudah berjalan normal ya bro... dengan nama profile hsprof1`

3. bikin server radius
    /radius add service=hotspot address=127.0.0.1 secret=123456

4. seting profile hsprof1 supaya menggunakan Radius Server
    /ip hotspot profile set hsprof1 use-radius=yes

5. Membuat customer (nantinya buat login di user manager web page)
    /tool user-manager customer add login=nama password=terserah permissions=owner

6. menambahkan router kita supaya berhubungan dengan user manager
    /tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=123456

7. insya Alloh jadi bro...
    tinggal buka browser kita trus ketikkan http:\\ip-mikrotik\userman

Read More

Script MikroTik RB750 di SMART Education

14.26  All About Mikrotik  

[anuku@SMART Education] > export
nov/28/2011 07:25:22 by RouterOS 5.8

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \
    mac-address=00:0C:42:7D:90:75 mtu=1500 name=ether1-PUBLIK speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:76 \
    master-port=none mtu=1500 name=ether2-LAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:77 \
    master-port=none mtu=1500 name=ether3-PROXY speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:78 \
    master-port=none mtu=1500 name=HOTSPOT speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:79 \
    master-port=none mtu=1500 name=ether5-aco speed=100Mbps

/interface pptp-server
add disabled=no name=pptp-in1 user=""

/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1

/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
    group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key="" mode=none name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
    wpa2-pre-shared-key=""

/ip firewall layer7-protocol
add name="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~\
    ]*(x-cache: hit)" regexp=""

/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
add dns-name=www.smarteducation.net hotspot-address=192.168.4.1 \
    html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,http-pap \
    name=hsprof1 nas-port-type=wireless-802.11 radius-accounting=yes \
    radius-default-domain="" radius-interim-update=received \
    radius-location-id="" radius-location-name="" radius-mac-format=\
    XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=yes

/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
    name=default pfs-group=modp1024

/ip pool
add name=hs-pool-4 ranges=192.168.4.2-192.168.4.254
add name=vpn-smart ranges=192.168.1.10-192.168.1.30

/ip dhcp-server
add address-pool=hs-pool-4 address-pool6="" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=HOTSPOT lease-time=1h name=\
    dhcp1

/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m \
    interface=HOTSPOT keepalive-timeout=none name=hotspot1 profile=hsprof1

/ip hotspot user profile
set MahasiswaD3 address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m \
    name=MahasiswaD3 shared-users=1 status-autorefresh=1m transparent-proxy=\
    no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    MahasiswaD1 shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    PELANGGAN shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=DOSEN \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=STAFF \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    FRIENDS shared-users=1 status-autorefresh=1m transparent-proxy=no

/ppp profile
set default change-tcp-mss=yes name=default only-one=default \
    remote-ipv6-prefix-pool=none use-compression=default use-encryption=\
    default use-ipv6=yes use-mpls=default use-vj-compression=default
add change-tcp-mss=default local-address=192.168.1.1 name=VPS-SMART only-one=\
    default remote-address=vpn-smart remote-ipv6-prefix-pool=none \
    use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
    default use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=\
    default remote-ipv6-prefix-pool=none use-compression=default \
    use-encryption=yes use-ipv6=yes use-mpls=default use-vj-compression=\
    default

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
    dial-on-demand=no disabled=no interface=ether1-PUBLIK max-mru=1480 \
    max-mtu=1480 mrru=disabled name=pppoe-out1 password=xxxxxxxxxxxxxxxxxxxxxx profile=\
    default service-name="" use-peer-dns=no user=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@telkom.net

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="down and browsing lokal" parent=ether2-LAN priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="down and browsing hotspot" parent=HOTSPOT priority=8

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
add kind=pcq name=pcq-browsing pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=400k \
    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=200
add kind=pcq name="PCQ download hotspot" pcq-burst-rate=0 \
    pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
    pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=\
    250k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=\
    2000
add kind=pcq name="PCQ download lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=250k \
    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload hotspot" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
    multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=browsing packet-mark=browsing-packet parent=\
    "down and browsing lokal" priority=8 queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name=download packet-mark=download-packet parent=\
    "down and browsing lokal" priority=8 queue="PCQ download lokal"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PB+POKER packet-mark="PB + Poker" parent=global-total \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=facebook packet-mark=facebook parent=global-total \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Squid-hit-HTTP packet-mark=hit_pkt parent=global-out \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=128k name=Upload parent=global-out priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="browsing hotspot" packet-mark=\
    "browsing-packet hotspot" parent="down and browsing hotspot" priority=8 \
    queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name="download hotspot" packet-mark=\
    "download-packet hotspot" parent="down and browsing hotspot" priority=8 \
    queue="PCQ download hotspot"

/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""

/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
    auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=0.0.0.0

/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
    default

/routing ospf-v3 instance
set default disabled=no distribute-default=never metric-bgp=auto \
    metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
    metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
    no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0

/routing ospf-v3 area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
    default

/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1

/snmp community
set public address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no

/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 \
    src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=\
    remote

/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no silent-boot=no

/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

/interface ethernet switch port
set ether2-LAN vlan-header=leave-as-is vlan-mode=fallback
set ether3-PROXY vlan-header=leave-as-is vlan-mode=fallback
set HOTSPOT vlan-header=leave-as-is vlan-mode=fallback
set ether5-aco vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback

/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled

/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:98:26:35:02:C9 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no

/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=VPS-SMART \
    enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled

/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no

/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
    frames-per-second=25 receive-all=no ssid-all=no

/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
    no streaming-max-rate=0 streaming-server=0.0.0.0

/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no

/ip accounting
set account-local-traffic=no enabled=no threshold=256

/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0

/ip address
add address=192.168.10.1/24 disabled=no interface=ether1-PUBLIK network=\
    192.168.10.0
add address=192.168.1.1/24 disabled=no interface=ether2-LAN network=\
    192.168.1.0
add address=192.168.2.1/24 disabled=no interface=ether3-PROXY network=\
    192.168.2.0
add address=192.168.4.1/24 comment="hotspot network" disabled=no interface=\
    HOTSPOT network=192.168.4.0
add address=192.168.5.1/24 disabled=no network=192.168.5.0

/ip dhcp-server config
set store-leases-disk=5m

/ip dhcp-server network
add address=192.168.4.0/24 comment="hotspot network" gateway=192.168.4.1

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=125.160.2.162,202.134.1.10

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes

/ip firewall mangle
add action=mark-packet chain=postrouting comment=Proxy-hit disabled=no dscp=\
    12 new-packet-mark=hit_pkt passthrough=no
add action=mark-connection chain=prerouting comment="POKER + POINT BLANK" \
    disabled=no dst-address-list="Poker + PB" dst-port=49100 \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=39190 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address=\
    203.89.146.0/23 dst-address-list="Poker + PB" dst-port=40000-40010 \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=9339 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=843 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=80 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="poker lan" content=\
    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=ether2-LAN \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \
    disabled=no new-packet-mark="PB + Poker" passthrough=no
add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \
    new-packet-mark=facebook passthrough=no
add action=mark-connection chain=prerouting comment="poker hotspot" content=\
    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=HOTSPOT \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \
    disabled=no new-packet-mark="PB + Poker" passthrough=no
add action=mark-connection chain=prerouting comment="facebook lan" content=\
    http://www.facebook.com disabled=no dst-port=80 in-interface=ether2-LAN \
    new-connection-mark=facebook passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \
    new-packet-mark=facebook passthrough=no
add action=mark-connection chain=prerouting comment="facebook hotspot" \
    content=facebook disabled=no dst-address=0.0.0.0 dst-port=80 \
    in-interface=HOTSPOT new-connection-mark=facebook passthrough=yes \
    protocol=tcp
add action=mark-packet chain=forward comment=\
    "koneksi Upload  ===========================" disabled=yes in-interface=\
    ether2-LAN new-packet-mark=paket-upload passthrough=no src-address=\
    192.168.1.0/24
add action=mark-connection chain=postrouting comment=\
    "koneksi download klien lokal" disabled=no new-connection-mark=\
    koneksi-klien out-interface=ether2-LAN passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment=\
    "PACKET-BROWSING client lokal" connection-bytes=1-175000 connection-mark=\
    koneksi-klien disabled=no dscp=!12 new-packet-mark=browsing-packet \
    out-interface=ether2-LAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=\
    "PACKET-DOWNLOAD client lokal" connection-bytes=175001-0 connection-mark=\
    koneksi-klien disabled=no dscp=!12 new-packet-mark=download-packet \
    out-interface=ether2-LAN packet-mark="!PB + Poker" passthrough=no \
    protocol=tcp
add action=mark-connection chain=postrouting comment="koneksi  klien hotspot" \
    disabled=no new-connection-mark="koneksi-klien hotspot" out-interface=\
    HOTSPOT passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="koneksi browsing hotspot" \
    connection-bytes=1-175000 connection-mark="koneksi-klien hotspot" \
    disabled=no dscp=!12 new-packet-mark="browsing-packet hotspot" \
    out-interface=HOTSPOT passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="koneksi download hotspot" \
    connection-bytes=175001-0 connection-mark="koneksi-klien hotspot" \
    disabled=no dscp=!12 new-packet-mark="download-packet hotspot" \
    out-interface=HOTSPOT packet-mark="!PB + Poker" passthrough=no protocol=\
    tcp

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=yes \
    dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=ether2-LAN \
    protocol=tcp src-address=!192.168.2.2 to-addresses=192.168.2.2 to-ports=\
    3128
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
    ether2-LAN protocol=udp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
    ether2-LAN protocol=tcp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=80,81,8080,3128 \
    in-interface=HOTSPOT protocol=tcp src-address=!192.168.2.2 to-addresses=\
    192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \
    protocol=udp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \
    protocol=tcp src-address=!192.168.2.2 to-ports=53
add action=redirect chain=dstnat comment="DNS RESOLVER LOKAL" disabled=no \
    dst-port=53 in-interface=ether2-LAN protocol=udp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=\
    ether2-LAN protocol=tcp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \
    protocol=udp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \
    protocol=tcp to-ports=53
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.4.0/24

/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061 sip-direct-media=yes
set pptp disabled=yes
/ip hotspot service-port
set ftp disabled=no ports=21

/ip hotspot user
add disabled=no mac-address=CC:AF:78:74:08:A2 name=anggi password=anggi \
    profile=MahasiswaD3 server=hotspot1

/ip neighbor discovery
set ether1-PUBLIK disabled=no
set ether2-LAN disabled=no
set ether3-PROXY disabled=no
set HOTSPOT disabled=no
set ether5-aco disabled=no
set pppoe-out1 disabled=yes
set pptp-in1 disabled=yes

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0

/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291

/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080

/ip ssh
set forwarding-enabled=no

/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all

/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes

/ipv6 nd
add advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=\
    unspecified interface=all managed-address-configuration=no mtu=\
    unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
    unspecified

/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes

/mpls interface
add disabled=no interface=all mpls-mtu=1508

/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no

/port firmware
set directory=firmware

/ppp aaa
set accounting=yes interim-update=0s use-radius=no

/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=smart \
    password=fikri profile=VPS-SMART routes="" service=pptp

/queue interface
set ether1-PUBLIK queue=ethernet-default
set ether2-LAN queue=ethernet-default
set ether3-PROXY queue=ethernet-default
set HOTSPOT queue=ethernet-default
set ether5-aco queue=ethernet-default

/radius
add accounting-backup=no accounting-port=1813 address=172.0.0.1 \
    authentication-port=1812 called-id="" disabled=no domain="" realm="" \
    secret=12345 service=login,hotspot timeout=300ms

/radius incoming
set accept=no port=3799

/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5

/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no

/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50

/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s

/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s

/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    timeout-timer=3m update-timer=30s

/store
add disabled=no disk=system name=user-manager1 type=user-manager
add disabled=no disk=system name=web-proxy1 type=web-proxy

/system clock
set time-zone-name=manual

/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00

/system console
add disabled=no term=vt102

/system gps
set channel=0 enabled=no set-system-time=no

/system health
set

/system identity
set name="SMART Education"

/system lcd
set contrast=0 enabled=no port=parallel type=24x4

/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pptp-in1 disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set ether5-aco disabled=yes display-time=5s
set HOTSPOT disabled=yes display-time=5s
set ether3-PROXY disabled=yes display-time=5s
set ether2-LAN disabled=yes display-time=5s
set ether1-PUBLIK disabled=yes display-time=5s

/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical

/system note
set note="" show-at-login=yes

/system ntp client
set enabled=yes mode=unicast primary-ntp=203.160.128.2 secondary-ntp=\
    120.88.47.10

/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no

/system resource irq
set 0 cpu=auto
set 1 cpu=auto

/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""

/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes

/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100

/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""

/tool graphing
set page-refresh=300 store-every=5min

/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes

/tool mac-server
set (unknown) disabled=no interface=all

/tool mac-server ping
set enabled=yes

/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""

/tool sniffer
set file-limit=10KiB file-name="" filter-mac-protocol=!ip filter-stream=yes \
    interface=HOTSPOT memory-limit=10KiB memory-scroll=no only-headers=no \
    streaming-enabled=no streaming-server=0.0.0.0

/tool traffic-generator
set latency-distribution-scale=10 test-id=0

/tool user-manager customer
add backup-allowed=yes disabled=no login=XXXXXXX parent=MikroTik password=\
    fikri paypal-accept-pending=no paypal-allowed=no paypal-secure-response=\
    no permissions=owner signup-allowed=no time-zone=-00:00

/tool user-manager router
add coa-port=1700 customer=MikroTik disabled=no ip-address=192.168.4.1 log=\
    auth-fail name=router1 shared-secret=12345

/tool user-manager user
add customer=MikroTik disabled=no name=tes password=set shared-users=1 \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[anuku@SMART Education] >      

Read More