الأحد، 5 مايو 2013

Setting Mikrotik SevenStar Net Binjai Sumatera Utara

Setting Mikrotik SevenStart Net Binjai Sumatera Utara - Warnet SevenStart Net Binjai Sumatera Utara, sebenernya warnet ini sudah saya setting beberapa bulan lalu, namun ada keluhan sedikit soal game dan browsingnya, sehingga di restore kembali ke settingan awal. Dan saya setting ulang dengan limit browsing dan game online menggunakan queue tree. SevenStart menggunakan dua line speedy, sehingga butuh sedikit mangle load balancing untuk membagi paket data yang ada di kedua line tersebut.




Seperti di tulisan jasa setting mikrotik sebelumnya, saya mengumpulkan ip game di address-list yang kemudian di mangle untuk prioritas game, dan membagi bandwidth dengan browsing. Berikut mangle untuk menangkap ip game yang di kumpulkan di address-list mikrotik


/ip firewall filter
add action=drop chain=forward disabled=no in-interface=ether3 src-address-list=!IP
add action=add-dst-to-address-list address-list=FB-Game address-list-timeout=0s chain=forward disabled=no dst-port=843,9339,8291 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010,4300 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=42051-42052,11100-11125,11440-11460 in-interface=\
ether3 protocol=udp

Kemudian saya menggunakan layer7 untuk melimit download, yang mana limit bandwidth menggunakan extensi layer7 ini di beri prioritas terbawah. Berikut Layer7 untuk melimit bandwidth yang saya gunakan.

/ip firewall layer7-protocol
add name=youtube regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=big regexp="^.*get.+\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|msu|msi|nup|vdf|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*\$"
add name=streaming regexp="a.youtube.com|d.youtube.com|e.youtube.com|f.youtube.com|g.youtube.com|h.youtube.com|i.youtube.com|j.youtube.com|l.youtube.com|c.youtube.com|d.youtube.com|youtube|tube|dailymotion.com"

Setelah ip game online indonesia di tangkap sesuai port yang ada pada mikrotik, lalu saya beri mangle untuk game ini, Berikut mangle untuk game online menggunakan mikrotik, yang saya buat.

/ip firewall mangle 
add action=mark-connection chain=prerouting comment=GAME disabled=no dst-address-list=game_online dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=14009-14010 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=14009-14010 new-connection-mark=game_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 new-connection-mark=game_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=42051-42052,11100-11125,11440-11460 new-connection-mark=game_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=game_conn disabled=no new-packet-mark=game_pkt passthrough=no
add action=mark-connection chain=prerouting comment="Update Game" disabled=no dscp=!12 dst-address-list=game_online dst-port=80,21 new-connection-mark=update-conn \
packet-mark=!hit passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=update-conn disabled=no dscp=!12 new-packet-mark=update passthrough=no

Lalu saya buat mangle untuk, update game yang konon jika tidak lewat proxy agar di limit sesuai kebutuhan,

/ip firewall mangle 
add action=mark-connection chain=prerouting comment="Update Game" disabled=no dscp=!12 dst-address-list=game_online dst-port=80,21 new-connection-mark=update-conn \
packet-mark=!hit passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=update-conn disabled=no dscp=!12 new-packet-mark=update passthrough=no

Kemudian mangle untuk layer7 streaming, dan saya tambah dengan sedikit content di manglenya.
/ip firewall mangle 
add action=mark-connection chain=prerouting comment=Streaming disabled=no layer7-protocol=YOUTUBE new-connection-mark=streaming-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dscp=!12 layer7-protocol=streaming new-connection-mark=streaming-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=dailymotion.com disabled=no new-connection-mark=streaming-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=mivo disabled=no new-connection-mark=streaming-conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=streaming-conn disabled=no new-packet-mark=streaming passthrough=no
Kemudian saya set mangle untuk facebook, dan game online facebook.

/ip firewall mangle 
add action=mark-connection chain=prerouting comment=Facebook disabled=no dst-address-list=FB-Game new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=apps.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=facebook.com/apps disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=app.facebook.com/pool-live disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=static.ak.connect.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=statics.poker.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.ninjasaga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.castle.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.static.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.empire.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.poker.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.castle.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.farmville.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.farmville.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=akamai.net disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.channel.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=facebook-conn disabled=no dscp=!12 new-packet-mark=facebook passthrough=no
Untuk Browsingnya saya buat mangle seperti di bawah ini.

/ip firewall mangle 
add action=mark-connection chain=prerouting comment=browsing connection-bytes=100000-256 connection-mark=!facebook-conn disabled=no dscp=!12 dst-address-list=\
!game_online dst-port=80 new-connection-mark=browse-conn packet-mark=!game_pkt passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=browse-conn disabled=no dscp=!12 new-packet-mark=browse passthrough=no
Untuk loadbalancingnya silahkan di gunakan yang nth atau pcc, saya tidak sebut lagi rule-rule tersebut disini.
Untuk Queue Treenya silahkan di kreasikan sendiri..!
Thanks to ForumMikrotik dan segala sumber yang tak bisa disebutkan satu persatu, seperti rule mangle facebook, port game online, rule layer7, dan tak lupa serta connection-bytesnya.

Jasa setting mikrotik dan jasa setting proxy warnet