FATHAYU: 2014

Selasa, 15 April 2014

Limit for Any Extention, Download and Upload

/interface
set 0 name=speedy ----------->(public)
set 1 name=lan ----------------> (local)

/ip address
add address=192.168.0.200/24 interface=speedy
add address=192.168.1.1/24 interface=lan

/ip route
add gateway=192.168.0.1 -------->(IP modem ADSL)

/ip dns
set primary-dns=222.124.204.34
set secondary-dns=202.134.0.155
set allow-remote-requests=yes

/ip fi nat
add chain=srcnat action=masquerade out-interface=speedy

INI ROUTING UNTUK GAME ONLINE:
/ip firewall mangle \
add comment="AYO DANCE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=18901-18909
/ip firewall mangle \
add comment="SEAL ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=1818
/ip firewall mangle \
add comment="POINT BLANK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=39190
/ip firewall mangle \
add chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=40000-40010
/ip firewall mangle \
add comment="LINEAGE 2" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=7777
/ip firewall mangle \
add comment="GHOST ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=19101
/ip firewall mangle \
add comment="RF ELVEN" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=27780
/ip firewall mangle \
add comment="PERFECT WORLD" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=29000
/ip firewall mangle \
add comment="ROHAN" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=22100
/ip firewall mangle \
add comment="ZEUS RO" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5121
/ip firewall mangle \
add comment="DOTA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=6000-6152
/ip firewall mangle \
add comment="IDOL STREET" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=2001
/ip firewall mangle \
add comment="CRAZY KART" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=9601-9602
/ip firewall mangle \
add comment="WOW AMPM" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8085
/ip firewall mangle \
add comment="DRIFT CITY" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=11011-11041
/ip firewall mangle \
add comment="GETAMPED" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=13413
/ip firewall mangle \
add comment="YULLGANG" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=19000
/ip firewall mangle \
add comment="RAN ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5105
/ip firewall mangle \
add comment="CROSSFIRE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=10009
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=12060-12070
/ip firewall mangle \
add comment="WARROCK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5340-5352
/ip firewall mangle \
add comment="FASTBLACK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=6000-6001
/ip firewall mangle \
add comment="ROSE ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=29200
/ip firewall mangle \
add comment="RETURN OF WARRIOR" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=10402
/ip firewall mangle \
add comment="CRAZYKART 2" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=9600
/ip firewall mangle \
add comment="LUNA ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=15002
/ip firewall mangle \
add comment="RUNES OF MAGIC" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=16402-16502
/ip firewall mangle \
add comment="FRESH RO" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5126
/ip firewall mangle \
add comment="TANTRA ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=3010
/ip firewall mangle \
add comment="HEROES OF NEWEARTH INCATAMERS" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=11031
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=11100-11125,11440-11460
/ip firewall mangle \
add comment="ATLANTICA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=4300 dst-address=203.89.147.0/24
/ip firewall mangle \
add comment="ECO ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=12011,12110
/ip firewall mangle \
add comment="CABAL INDO" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=15001,15002
/ip firewall mangle \
add comment="X-SHOT" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=7341-7350,7451
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=7777-7977,30000
/ip firewall mangle \
add comment="FRESH RAGNAROK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5171
/ip firewall mangle \
add comment="3 KINGDOMS" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=42051-42052
/ip firewall mangle \
add comment="AVALON" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=9376-9377
/ip firewall mangle \
add comment="FREE STYLE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=10001-10011,40000
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=40040-40500,1293,1479
/ip firewall mangle \
add comment="GRAND CHASE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=9300,9400,9700
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=9401,9600
/ip firewall mangle \
add comment="BATTLE OF THE IMMORTALS" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=30001,30003
/ip firewall mangle \
add comment="JADE DYNASTY INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=29000
/ip firewall mangle \
add comment="FREEJACK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=20101-20301
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=1660-2960
/ip firewall mangle \
add comment="COUNTER STRIKE ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=36567,8001
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=8001
/ip firewall mangle \
add comment="LOST SAGA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=14009,14010
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=14009-14026
/ip firewall mangle \
add comment="KART RIDER" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=39311
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=39311
/ip firewall mangle \
add comment="FORSAKEN WORLD INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=29001
/ip firewall mangle \
add comment="ANIME FIGHTER ONLINE INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=13412
/ip firewall mangle \
add comment="EDEN ETERNAL - AERIA GAMES" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5567-5570,6543-6546
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=10020-10022
/ip firewall mangle \
add comment="SD GUNDAM CAPSULE FIGHTER ONLINE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=5000-5020
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=12000-15900
/ip firewall mangle \
add comment="DRAGONNEST ONLINE INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=14300-14440
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=15100-15150
/ip firewall mangle \
add comment="SHADOW COMPANY - QEON" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=10500-10610
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=50000-50100
/ip firewall mangle \
add comment="S4 LEAGUE INDONESIA - LYTO" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=16666-16668,28000-28013
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=54500-56500
/ip firewall mangle \
add comment="ELIGIUM ONLINE INDONESIA - GEMSCOOL" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8086,9090-9099
/ip firewall mangle \
add comment="MUSUH ABADI - MAINGAMES" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=12310-12320
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=12310-12320
/ip firewall mangle \
add comment="MERCENARY OPZ" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=443,39190,6112,6000-6099 dst-address=103.14.108.0/24
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=53 dst-address=103.14.108.0/24
/ip firewall mangle \
add comment="MOODO MARBLE - NETMARBLE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=28901-28925
/ip firewall mangle \
add comment="ELSWORD INDONESIA - NETMARBLE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=14300-14325
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=14101-14105
/ip firewall mangle \
add comment="KNIGHT AGE INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=15500,5101,5201
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=15500,5101,5201
/ip firewall mangle \
add comment="LUNE OF EDEN INDONESIA" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8400,8600,8800
/ip firewall mangle \
add comment="AYO OKE - MEGAXUS" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=28001-28010
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=26001-26010
/ip firewall mangle \
add comment="MIRROR WARS - GEMSCOOL" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=20110-20120
/ip firewall mangle \
add comment="AGE OF WUSHU - ZBOX" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=2001,2002,2003 dst-address=49.50.4.62
/ip firewall mangle \
add comment="RAGNAROK ONLINE 2 - LYTO" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=7201-7208,7401
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=17001-17002
/ip firewall mangle \
add comment="3 ONLINE - GEMSCOOL" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=3101,3111
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=7533
/ip firewall mangle \
add comment="A.V.A - PLAYFPS" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=28004
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=7533,16425-16650
/ip firewall mangle \
add comment="SPECIAL FORCE 2 - NETMARBLE" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=27932-27935
/ip firewall mangle \
add comment="" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=udp dst-port=30002-30020
/ip firewall mangle \
add comment="EMPIRE & ALLIES - FACEBOOK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8890
/ip firewall mangle \
add comment="TEXAS HOLDEM POKER - FACEBOOK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=9339
/ip firewall mangle \
add comment="CASTLEVILLE - FACEBOOK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8890
/ip firewall mangle \
add comment="PERJUANGAN SEMUT - FACEBOOK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=843,8001,8012
/ip firewall mangle \
add comment="WILD ONES - FACEBOOK" chain=prerouting action=mark-connection new-connection-mark=game_online passthrough=yes protocol=tcp dst-port=8000
/ip firewall mangle \
add chain=prerouting connection-mark=game_online action=mark-packet new-packet-mark=pkt_game_online passthrough=no

INI ROUTING UNTUK GAME FACEBOOK
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="game_facebook" passthrough=yes \
protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="game_facebook" disabled=no \
dst-address=192.168.2.0/24 new-packet-mark="game_facebook_down" \
passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="game_facebook" new-packet-mark="game_facebook_up"\
passthrough=no src-address=192.168.2.0/24

INI PCQ UNTUK SPEED BAGI RATA
/queue type \
add kind=pcq name=down \
pcq-classifier=dst-address,dst-port
/queue type \
add kind=pcq name=up \
pcq-classifier=src-address,src-port

INI QUEUE UNTUK GAME ONLINE
/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2
/queue tree \
add name="3.GAME UPLOAD" \
parent=ether1-ISP priority=2
/queue tree \
add name="1.GAME ONLINE DOWN" \
packet-mark="pkt_game_online" \
parent="2.GAME DOWN" priority=2 queue=down
/queue tree \
add max-limit=256000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="game_facebook_down" \
parent="2.GAME DOWN" priority=3 queue=down
/queue tree \
add name="1.GAME ONLINE UPLOAD" \
packet-mark="pkt_game_online" \
parent="3.GAME UPLOAD" priority=2 queue=up
/queue tree \
add limit-at=0 max-limit=128000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="game_facebook_upload" \
parent="3.GAME UPLOAD" priority=3 queue=up

INI UNTUK LIMIT FILE EXTENSI, SEPERTI .EXE .RAR .YOUTUBE, DLL
/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1) \
[\\x09-\\x0d ][1-5][0-9][0-9] \
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie

INI ROUTING UNTUK EXTENSI
/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="youtube_download" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="youtube_streaming" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=porn1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=porn \
new-packet-mark=porn2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=porn3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=porn4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=mkv passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=mp3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=mp4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=zip passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=exe passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=flv passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=iso passthrough=no
add action=mark-packet chain=forward \
disabled=no protocol=tcp dst-port=1935 \
new-packet-mark=mivotv passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=mov passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=mpg passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=rar passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=wav passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=wmv passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=3GP \
new-packet-mark=3gp passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no

INI ROUTING UNTUK BROWSING (DOWNLOAD/UPLOAD)
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP dst-port=21,80 \
new-connection-mark="browsing" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing" disabled=no \
dst-address=192.168.2.0/24 \
new-packet-mark="download" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing" disabled=no \
new-packet-mark="upload" \
passthrough=no src-address=192.168.2.0/24

INI QUEUE UNTUK KEGIATAN BROWSING-DOWNLOAD-UPLOAD
/queue tree \
add max-limit=128000 \
name="UPLOAD-BROWSING" \
packet-mark="upload" parent=speedy \
priority=4 queue=up
/queue tree \
add max-limit=750000 \
name="1.2 HTTP-DOWN" \
parent=global-out priority=2
/queue tree \
add max-limit=750000 \
name="1.3 BROWSING DOWN" \
packet-mark="download" \
parent="1.2 HTTP-DOWN" \
priority=4 queue=down
/queue tree \
add max-limit=512000 \
name="1.4 LIMIT EXTENTION" \
parent="1.2 HTTP-DOWN" priority=5
/queue tree
add name=YOUTUBE \
parent="1.4 LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="youtube_streaming" \
parent=YOUTUBE priority=5 queue=down
add name=MKV packet-mark=mkv \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=MP3 packet-mark=mp3 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=MP4 packet-mark=mp4 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=ZIP packet-mark=zip \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=EXE packet-mark=exe \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=ISO packet-mark=iso \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=AVI packet-mark=avi \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=MOV packet-mark=mov \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=MPEG packet-mark=mpeg \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=MPG packet-mark=mpg \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=RAR packet-mark=rar \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=WAV packet-mark=wav \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=WMV packet-mark=wmv \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=3GP packet-mark=3gp \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=7z packet-mark=7z \
parent="1.4 LIMIT EXTENTION" priority=5 \
queue=down
add name="YOUTUBE DOWNLOAD" \
packet-mark="youtube_download" \
parent=YOUTUBE priority=5 queue=down
add name=PORN \
parent="1.4 LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=porn1 parent=PORN \
priority=5 queue=down
add name=PORN2 packet-mark=porn2 \
parent=PORN priority=5 queue=down
add name=PORN3 packet-mark=porn3 \
parent=PORN priority=5 queue=down
add name="MIVO TV" \
packet-mark="mivo_tv" parent=\
"1.4 LIMIT EXTENTION" \
priority=5 queue=down
add name=PORN4 packet-mark=porn4 \
parent=PORN priority=5 queue=down

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Load Balance with External Proxy

Basic configuration :
/ip address
add address=192.168.1.10/24 broadcast=192.168.1.255 comment="" disabled=no interface=ether1-isp1 network=192.168.1.0
add address=10.10.10.10/24 broadcast=10.10.10.255 comment="" disabled=no interface=ether2-lan network=10.10.10.0
add address=11.11.11.1/24 broadcast=11.11.11.255 comment="" disabled=no interface=ether3-Proxy network=11.11.11.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=ether5-isp2 network=192.168.2.0

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=isp2 scope=30 target-scope=10
add check-gateway=ping comment="Default 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping comment="Default 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10

/ip firewall address-list
add address=10.10.10.0/24 comment="" disabled=no list=lokalnet
add address=11.11.11.0/24 comment="" disabled=no list=proxynet
/ip dns
set allow-remote-requests=yes cache-size=2048KiB max-udp-packet-size=4096 servers=8.8.8.8 8.8.4.4

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-isp1 comment="ISP1"
add chain=srcnat action=masquerade out-interface=ether5-isp2 comment="ISP2"

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether2-lan dst-port=53 comment="TRANSPARENT DNS"
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether2-lan dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=udp in-interface=ether3-Proxy dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=5353 protocol=tcp in-interface=ether3-Proxy dst-port=53

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=11.11.11.2 to-ports=3128 protocol=tcp dst-address-list=!proxynet in-interface=ether2-lan \
dst-port=80,8080 comment="PROXY"

Load Balance :
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no protocol=!icmp dscp=12 comment="hit"

/ip firewall mangle
add chain=input action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=new in-interface=ether1-isp1 comment="isp1_conn"
add chain=input action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=new in-interface=ether5-isp2 comment="isp2_conn"

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=established \
in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=established \
in-interface=ether5-isp2 comment="isp2_conn"

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=yes connection-state=related in-interface=ether1-isp1 comment="isp1_conn"
add chain=prerouting action=mark-connection new-connection-mark=isp2_conn passthrough=yes connection-state=related in-interface=ether5-isp2 comment="isp2_conn"

/ip firewall mangle
add chain=output action=mark-routing new-routing-mark=isp1 passthrough=no connection-mark=isp1_conn comment="isp1"
add chain=output action=mark-routing new-routing-mark=isp2 passthrough=no connection-mark=isp2_conn comment="isp1"

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=new protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=established protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp1 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/0 comment="pcc proxy_isp1"
add chain=prerouting action=mark-connection new-connection-mark=proxy_isp2 passthrough=yes connection-state=related protocol=tcp dst-address-type=!local \
in-interface=ether3-Proxy dst-port=80 per-connection-classifier=both-addresses-and-ports:2/1 comment="pcc proxy_isp2"

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=isp1 passthrough=yes connection-mark=proxy_isp1 comment="mark routing isp1"
add chain=prerouting action=mark-routing new-routing-mark=isp2 passthrough=yes connection-mark=proxy_isp2 comment="mark routing isp2"

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=iix passthrough=yes protocol=!icmp dst-address-list=nice comment"iix"
add chain=prerouting action=mark-packet new-packet-mark=iix passthrough=no connection-mark=iix
add chain=prerouting action=mark-connection new-connection-mark=int passthrough=yes protocol=!icmp dst-address-list=!nice comment="int"
add chain=prerouting action=mark-packet new-packet-mark=int passthrough=no connection-mark=int

Done. All traffic from http-proxy interface will be divided evenly in and out of each interface on the gateway. Furthermore, making the download and upload limit.

INFO SERVICE PROXY SETTING AND MIKROTIK

089637490907 / fathayu@gmail.com / fathayu@yahoo.co.id

Selasa, 08 April 2014

Block Teamviewer Connections on Mikrotik

Here is a guide how to block TeamViewer connection

/ip firewall filter
add chain=forward action=add-dst-to-address-list protocol=tcp address-list=TV \
address-list-timeout=1d dst-port=5938
add chain=forward action=drop src-address-list=TV
add chain=forward action=drop dst-address-list=TV

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Rabu, 19 Februari 2014

How To Install Ubuntu as a Gateway

Example:
Ip ubuntu to the modem (eth0): 192.168.1.3/24
Gateway (ip modem): 192.168.1.1
IP ubuntu to lan (eth1): 192.168.2.1/24

There are several steps :
=====================

1. Provide IP on eth0 and eth1
pico /etc/network/interfaces
=====================

===========================================
Save the configuration and exit, then restart using the command :
/etc/init.d/networking restart
===========================================

==========================

2. IP Forwarding settings and iptables
pico /etc/rc.local
==========================

Add the following rules before "exit 0" :
echo 1 > /proc/sys/net/ipv4/ip_forward

Add the following rules :
iptables –t nat –A POSTROUTING –j MASQUERADE

If using squid / lusca as a proxy, add the following rule (adjust the port configuration in your squid.conf) :
iptables –t nat –A PREROUTING –p tcp --dport 80 –j REDIRECT --to-port 3128

If a proxy is used to support https ssl bump for the cache, add the following rule (adjust the port configuration in your squid.conf) :
iptables –t nat –A PREROUTING –p tcp --dport 443 –j REDIRECT --to-port 3127

Then save the changes.
rc.local is enabled by typing the command :
/etc/init.d/rc.local start

==============

pico /etc/sysctl.conf
==============

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Type the command :
sysctl -p

When the report :
net.ipv4.ip_forward=1

Means that ip forwarding is active.

=============
3. Testing on client
=============
IP settings on one client with the following configuration:
ip : 192.168.2.2
netmask : 255.255.255.0
gateway : 192.168.2.1
DNS : 8.8.8.8 8.8.4.4

ping test on cmd
ping 8.8.8.8

If it is currently in a ping reply, then the gateway setting is ok.
If not? ask in the forums or friends who know better :)

May be implemented on the router as a client of a proxy server gateway ubuntu

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Jumat, 14 Februari 2014

Configuration and installation on Ubuntu server lightsquid

# packages required
apt-get install perl libgd-gd2-perl -y &&
apt-get install apache2 -y &&
apt-get install cron -y

# Download Lightsquid
cd /tmp
wget https://www.dropbox.com/s/naaf9ox9zr3q5tx/lightsquid-1.8.tar.gz

# Extract the package lightsquid
tar -xvzf lightsquid-1.8.tar.gz

# Move extract results to your webserver directory ubuntu default instance here I put in (/var/www)
mv lightsquid-1.8 /var/www/lightsquid

# Switching to lightsquid directory and change to all scripts .cgi and .pl be in executable
cd /var/www/lightsquid &&
chmod +x *.cgi &&
chmod +x *.pl

# Change the ownership of access according to your apache
chown -R www-data.www-data *

# Edit httpd.conf
pico /etc/apache2/httpd.conf

# Add the following httpd.conf configuration

AddHandler cgi-script .cgi
AllowOverride All

# Restart Apache
/etc/init.d/apache2 restart

# Adjust the following code according to directory where you lightsquid
cd /var/www/lightsquid
pico lightsquid.cfg
# Replace some lines like this
$cfgpath =”/var/www/lightsquid”;
$tplpath =”/var/www/lightsquid/tpl”;
$langpath =”/var/www/lightsquid/lang”;
$reportpath =”/var/www/lightsquid/report”;
$logpath =”/var/log/squid”;
$ip2namepath =”/var/www/lightsquid/ip2name”;

# type the command
perl check-setup.pl
# If a message appears as below, then lihtsquid ready for use
LightSquid Config Checker, (c) 2005 Sergey Erokhin GNU GPL
LogPath : /var/log/squid
reportpath: /var/www/lightsquid/report
Lang : /var/www/lightsquid/lang/eng
Template : /var/www/lightsquid/tpl/base
Ip2Name : /var/www/lightsquid/ip2name/ip2name.simple
all check passed, now try access to cgi part in browser

# provide the name of the registered IP
pico realname.cfg
# Ip name registration example
192.168.3.254   Billing
192.168.3.2     PC 01
192.168.3.3     PC 02
192.168.3.4     PC 03
192.168.3.5     PC 04
192.168.3.6     PC 05
192.168.3.7     PC 06
192.168.3.8     PC 07

# For group, or skip it if not needed
pico group.cfg
# example ip group
192.168.3.254   Admin
192.168.3.2     Admin
192.168.3.3     Client
192.168.3.4     Client
192.168.3.5     Client
192.168.3.6     Client
192.168.3.7     Client
192.168.3.8     Client

# After that run the script lightparser.pl
perl lightparser.pl /var/log/squid/access.log

# To run the script automatically lightparser.pl add in crontab
crontab -e
10 * * * * /var/www/lightsquid/lightparser.pl today

# Please open your localhost web, and look at what your users do
http://IP-Proxy/lightsquid

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

How do I remotely using WinSCP?

1. Download the application at www.filehippo.com or at the direct site

2. Open application, and it looks like this :

3. Ubuntu server ip type in the hostname column, ubuntu root username in the username field, ubuntu root password in the password field, and it looks like this :

4. Click on the login button, then there will be the login process like this :

5. After successful login, it will appear to be like this :

6. The column on the left is a directory of windows, and the column on the right is the root directory of ubuntu server itself

7. That way if you still have not managed to log into the ubuntu server, there are several possibilities, such as: ssh port is not appropriate or may have changed, or maybe it could be you have not installed ubuntu openssh-server.

8. Good luck and happy learning...

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Installasi Webmin on Ubuntu

# Download Webmin
wget http://www.webmin.com/download/deb/webmin-current.deb
dpkg -i webmin-current.deb
apt-get -f install -y

# Or You Can Choose This Step
# Added The Source of Repository
pico /etc/apt/sources.list
# And This is The Line
deb http://download.webmin.com/download/repository sarge contrib

# Update and Install Webmin
apt-get update
apt-get install webmin

# And Finally
Webmin is ready, just type on your URL browser with https://[serverIP]:10000

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Installasi Graph Monitoring Squid

# Install The Package
apt-get install libgd-gd2-perl -y

# Download The File
cd /tmp
wget http://nchc.dl.sourceforge.net/project/squid-graph/squid-graph/3.2/squid-graph-3.2.tar.gz

# Extract and Copied to Directory of init.d
tar xzvf squid-graph-3.2.tar.gz -C /etc/init.d/

# Change Mode
chmod +x /etc/init.d/squid-graph/*

cd /var/www
mkdir squid-graph
cd /etc/init.d/squid-graph
./squid-graph --tcp-only -n -o=/var/www/squid-graph/ --title="proxy" < /var/log/squid/access.log

# Make a Scheduler
crontab -e
# And Added The Rules Like This One
1 * * * * /etc/init.d/squid-graph/squid-graph --tcp-only -n -o=/var/www/squid-graph/

# Finally
You Can Open on Your URL Browser with http://IP-Proxy/squid-graph

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Installasi and Setting SARG and CALAMARIS

# Install The Packages
apt-get install sarg calamaris libgd-graph-perl libnetaddr-ip-perl ttf-dustin -y

# Setting CALAMARIS
squid -k rotate
mkdir /var/www/calamaris
calamaris -a -F html /var/log/squid/access.log > /var/www/calamaris/index.html

# Edit Config Report
pico /etc/sarg/sarg-reports.conf

# Fill The File Like This One
SARG=/usr/bin/sarg
CONFIG=/etc/sarg/sarg.conf
HTMLOUT=/var/www/squid-reports
PAGETITLE="Access Reports on $(hostname)"
LOGOIMG=/sarg/images/sarg.png
LOGOLINK="http://$(hostname)/"
DAILY=Daily
WEEKLY=Weekly
MONTHLY=Monthly
EXCLUDELOG1="SARG: No records found"
EXCLUDELOG2="SARG: End"

# Edit Config Sarg
pico /etc/sarg/sarg.conf

# Change Rules
output_dir /var/lib/sarg
# With
output_dir /var/www/squid-reports

# Directory of SARG
mkdir /var/www/squid-reports

# Setting SARG
sarg-reports today
sarg-reports daily
sarg-reports weekly
sarg-reports monthly

# Make Scheduler
crontab -e
# Input This Rules Line To The Bottom Of The Line
* 6 * * * /usr/sbin/sarg-reports today
* 12 * * * calamaris -a -F html /var/log/squid/access.log > /var/www/calamaris/index.html

# And Finally
Access Report From CALAMARIS To Your Browser with URL http://[ip-server]/calamaris
Access Report From SARG To Your Browser with URL http://[ip-server]/squid-reports

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

Installasi LUSCA_HEAD-r14809-YOUTUBE.PACTH

# Added Link With Repository From Indonesia
pico /etc/apt/sources.list

# This is The List
deb http://kambing.ui.ac.id/ubuntu/ precise main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-updates main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-security main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-backports main restricted universe multiverse

# Update and Install
apt-get update -y
apt-get install squidclient squid-cgi -y
apt-get install gcc -y
apt-get install build-essential -y
apt-get install sharutils -y
apt-get install ccze -y
apt-get install libzip-dev -y
apt-get install automake1.9 -y
apt-get install acpid -y
apt-get install libfile-readbackwards-perl -y
apt-get install dnsmasq -y
cd /tmp

# Download, Extrack and Patch
wget -c https://www.dropbox.com/s/f9msl2mekxwbye8/LUSCA_HEAD-r14809.tar.gz
tar -xvzf LUSCA_HEAD-r14809.tar.gz
cd LUSCA_HEAD-r14809
wget -c https://www.dropbox.com/s/emmc9fbahovr4lt/LUSCA_HEAD-r14809-YOUTUBE.PACTH.tar.gz
tar -xvzf LUSCA_HEAD-r14809-YOUTUBE.PACTH.tar.gz
patch -p0 < 3xx-loop.diff
patch -p0 < async-issue.diff
patch -p0 < http-gzip.diff
patch -p0 < ignore-must-revalidate.diff
patch -p0 < improve-nn-parser.diff
patch -p0 < lusca-vary.diff
patch -p0 < segmentation-fault.diff

# Compile
./configure \
--prefix=/usr \
--exec_prefix=/usr \
--bindir=/usr/sbin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid \
--datadir=/usr/share/squid \
--enable-async-io=24 \
--with-aufs-threads=24 \
--with-pthreads \
--enable-storeio=aufs \
--enable-linux-netfilter \
--enable-arp-acl \
--enable-epoll \
--enable-removal-policies=heap \
--with-aio \
--with-dl \
--enable-snmp \
--enable-delay-pools \
--enable-htcp \
--enable-cache-digests \
--disable-unlinkd \
--enable-large-cache-files \
--with-large-files \
--enable-err-languages=English \
--enable-default-err-language=English \
--enable-referer-log \
--with-maxfd=65536

make
make install

cd /etc/init.d/
wget -c https://www.dropbox.com/s/pwd0yhunvb0xb9p/squid.init.ubuntu
mv /etc/init.d/squid.init.ubuntu /etc/init.d/squid
chmod +x /etc/init.d/squid
/etc/init.d/squid stop

cd /etc/squid
mv squid.conf squid.conf.backup
wget https://www.dropbox.com/s/JASA-SETTING-PROXY-089637490907/squid.conf
wget https://www.dropbox.com/s/JASA-SETTING-PROXY-089637490907/storeurl.pl
wget https://www.dropbox.com/s/JASA-SETTING-PROXY-089637490907/tunning.conf
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/tunning.conf
chmod 777 /etc/squid/tunning.conf
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
chmod +x /etc/squid/storeurl.pl

# Edit squid.conf With Your Config
pico /etc/squid/squid.conf

mkdir /var/log/squid
chown proxy:proxy /var/log/squid
chmod 777 /var/log/squid
squid -f /etc/squid/squid.conf -z
/etc/init.d/squid restart
squid -NDd1

update-rc.d squid defaults

tail -f /var/log/squid/access.log | ccze

INFO SERVICE PROXY SETTING AND MIKROTIK

089693433305 / fathayu@gmail.com / fathayu@yahoo.co.id

IT Consultant

Selasa, 15 April 2014

Selasa, 08 April 2014

Rabu, 19 Februari 2014

Jumat, 14 Februari 2014