Memahami Firewall Router Mikrotik

Jasa setting mikrotik Memahami Firewall Router Mikrotik - Jasa setting mikrotik Memahami Firewall Router Mikrotik, firewall (dinding api) merupakan perangkat/tool yang digunakan untuk menentukan sebuah paket boleh masuk maupun meninggal router mikrotik. Firewall lebih cenderung kedalam system perizinan keluar masuknya sebuah data, baik datang dari jaringan internet ke arah lan, maupun dari jaringan lan kearah internet, sehingga dengan fungsi filter pada firewall jaringan di proteks sedemikian rupa. Sehingga tercapai tujuan firewall sesungguhnya, yakni mengamankan jaringan baik masuk maupun keluar.

Dalam memproses data yang masuk maupun keluar dari mikrotik, mikrotik menyediakan beberapa buah proses pemeriksaan, yang kita kenal dengan sebuatan CHAIN. Chain utama mikrotik ada 5 buah yakni:

1. Input
2. Output
3. Forward
4. Postrouting
5. Prerouting

dan salah satu chain penting disebut juga custom chain, menggunakan pitur jump pada action mikrotik.

INPUT

Proses pemeriksaan paket di izinkan atau tidak masuk kedalam sebuah router, proses ini disebut juga local proses, karena proses terjadi didalam router itu sendiri. Semua yang masuk kedalam router melewati chain input

OUTPUT

Proses pemeriksaan paket yang akan meninggalkan router, proses ini juga termasuk dalam local proses, setiap paket sebelum menuju interface keluar yang meninggalkan router akan melewati chain output.

FORWARD

Proses pemeriksaan paket data yang akan di teruskan dari sebuah interface ke interface lain, tanpa melalui proses didalam router, artinya semua proses paket yang dari luar router menuju keluar router (misalnya dari jaringan lan ke jaringa internet) akan melewati chain output. Singkatnya data hanya numpang lewat didalam router.

PREROUTING

Proses pemeriksaan paket data yang masuk kedalam router, sebelum di proses lebih lanjut. Masuk melewati chain prerouting, prerouting di gunakan dalam table mangle, sedangkan chain input, output, forward kita bisa gunakan di tabel filter maupun table mangle. Proses lebih lanjut tersebut dapat terjadi di filter, nat, routing.

POSTROUTING

Proses pemeriksaan data yang meninggalkan router, lewat out-interface sebelum di proses lebih lanjut.

Selain chain diata ada beberapa pitur lain yang tak kalah penting didalam firewall filter router mikrotik, kita bisa melakukan proses filtering firewall berdasarkan protocol, dst-address, src-address, dst-port, connection-state, in-interface, out-interface dan lain sebagainya, bahkan berdasarkan connection-byte bisa juga di lakukan.

Salah satu hal penting firewall mikrotik yakni connection-state, connection-state ada beberapa jenis yang harus kita kenali

• invalid = paket yang tidak memiliki koneksi apapun yakni invalid.
• new =  merupakan paket pertama pembuka sebuah koneksi.
• estabilish = merupakan paket lanjutan dari status paket new sebelumnya, dimana paket koneksi sudah terjalin dan tercipta.
• related = paket pembuka sebuah koneksi, dimana paket ini masih berhubungan dengan paket koneksi sebelumnya

Jasa Setting Mikrotik Murah Remote

Jasa Setting Mikrotik Murah Remote - Jasa Setting Mikrotik Murah Remote, jasa setting mikrotik remote jarak jauh disini artinya bahwa configurasi router mikrotik warnet di lakukan via remote menggunakan winbox mikrotik serta bantuan software ketiga bernama teamviewer yang berguna sebagai pembuka akses ke mikrotik dan komputer client.

Configurasi di bawah ini saya gunakan untuk configurasi sebuah warnet di sidikalang, menggunakan koneksi internet speedy 20mbps. Koneksi sebesar 20mbps ini di bagi untuk game dan browsing, artinya game dan browsing warnet melewati 1 jalur modem ini, berbeda dengan teknik jasa setting mikrotik murah remote yang lain, dimana koneksi browsing dan game di arahkan ke masing masing satu buah modem. Untuk memisah browsing dan game menggunakan dua jalur speedy bisa di baca di tulisan saya sebelumnya -> cara memisahkan game dan browsing 2 line speedy

/ip firewall address-list
add address=192.168.0.0/24 disabled=no list=LAN
add address=49.50.7.0/24 disabled=no list=game_online
add address=203.209.190.35 disabled=no list=game_online
add address=180.178.110.82 disabled=no list=game_online
add address=64.211.145.89 disabled=no list=game_online
add address=64.211.145.91 disabled=no list=game_online
add address=64.211.145.104 disabled=no list=game_online
add address=64.233.181.97 disabled=no list=game_online
add address=64.233.189.113 disabled=no list=game_online
add address=65.54.82.164 disabled=no list=game_online
add address=65.55.162.26 disabled=no list=game_online
add address=66.220.146.25 disabled=no list=game_online
add address=69.63.181.11 disabled=no list=game_online
add address=69.63.181.16 disabled=no list=game_online
add address=69.63.186.30 disabled=no list=game_online
add address=74.125.153.138 disabled=no list=game_online
add address=75.125.122.98 disabled=no list=game_online
add address=116.12.45.2 disabled=no list=game_online
add address=119.110.77.1 disabled=no list=game_online
add address=119.110.77.2 disabled=no list=game_online
add address=119.110.77.3 disabled=no list=game_online
add address=119.110.77.4 disabled=no list=game_online
add address=119.110.77.5 disabled=no list=game_online
add address=119.110.77.6 disabled=no list=game_online
add address=119.110.77.7 disabled=no list=game_online
add address=119.160.200.173 disabled=no list=game_online
add address=119.160.200.166 disabled=no list=game_online
add address=119.160.200.168 disabled=no list=game_online
add address=122.102.49.0/24 disabled=no list=game_online
add address=122.102.48.0/24 disabled=no list=game_online
add address=122.102.50.0/24 disabled=no list=game_online
add address=122.102.51.0/24 disabled=no list=game_online
add address=122.102.52.0/24 disabled=no list=game_online
add address=122.102.53.0/24 disabled=no list=game_online
add address=122.102.54.0/24 disabled=no list=game_online
add address=122.102.55.0/24 disabled=no list=game_online
add address=122.144.2.38 disabled=no list=game_online
add address=122.144.2.132 disabled=no list=game_online
add address=122.144.2.137 disabled=no list=game_online
add address=125.160.17.181 disabled=no list=game_online
add address=125.160.17.182 disabled=no list=game_online
add address=124.195.18.122 disabled=no list=game_online
add address=125.56.199.10 disabled=no list=game_online
add address=125.56.199.16 disabled=no list=game_online
add address=125.56.199.27 disabled=no list=game_online
add address=125.160.173.26 disabled=no list=game_online
add address=125.163.212.218 disabled=no list=game_online
add address=173.194.0.148 disabled=no list=game_online
add address=202.43.161.117 disabled=no list=game_online
add address=202.43.161.120 disabled=no list=game_online
add address=202.43.161.121 disabled=no list=game_online
add address=202.43.167.70 disabled=no list=game_online
add address=202.43.171.131 disabled=no list=game_online
add address=202.43.171.130 disabled=no list=game_online
add address=202.43.171.133 disabled=no list=game_online
add address=202.43.171.134 disabled=no list=game_online
add address=202.57.118.35 disabled=no list=game_online
add address=202.57.118.54 disabled=no list=game_online
add address=202.58.163.204 disabled=no list=game_online
add address=202.67.15.34 disabled=no list=game_online
add address=202.70.134.34 disabled=no list=game_online
add address=202.70.134.35 disabled=no list=game_online
add address=202.70.134.37 disabled=no list=game_online
add address=202.74.73.98 disabled=no list=game_online
add address=202.78.197.83 disabled=no list=game_online
add address=202.78.197.85 disabled=no list=game_online
add address=202.89.208.61 disabled=no list=game_online
add address=202.93.17.0/24 disabled=no list=game_online
add address=202.93.18.0/24 disabled=no list=game_online
add address=202.93.19.0/24 disabled=no list=game_online
add address=202.93.20.0/24 disabled=no list=game_online
add address=202.93.21.0/24 disabled=no list=game_online
add address=202.93.22.0/24 disabled=no list=game_online
add address=202.93.23.0/24 disabled=no list=game_online
add address=202.93.24.0/24 disabled=no list=game_online
add address=202.93.25.0/24 disabled=no list=game_online
add address=202.93.26.0/24 disabled=no list=game_online
add address=202.93.27.0/24 disabled=no list=game_online
add address=202.93.28.0/24 disabled=no list=game_online
add address=202.93.29.0/24 disabled=no list=game_online
add address=202.93.30.0/24 disabled=no list=game_online
add address=202.93.31.0/24 disabled=no list=game_online
add address=202.162.207.111 disabled=no list=game_online
add address=202.138.226.22 disabled=no list=game_online
add address=202.138.226.19 disabled=no list=game_online
add address=202.149.65.139 disabled=no list=game_online
add address=202.149.65.142 disabled=no list=game_online
add address=202.149.65.160 disabled=no list=game_online
add address=202.93.16.0/24 disabled=no list=game_online
add address=203.77.212.20 disabled=no list=game_online
add address=203.89.146.0/24 disabled=no list=game_online
add address=203.89.147.12 disabled=no list=game_online
add address=203.89.147.13 disabled=no list=game_online
add address=204.2.171.27 disabled=no list=game_online
add address=204.2.171.154 disabled=no list=game_online
add address=204.2.171.97 disabled=no list=game_online
add address=204.2.171.112 disabled=no list=game_online
add address=204.117.211.2 disabled=no list=game_online
add address=204.117.211.3 disabled=no list=game_online
add address=204.117.211.4 disabled=no list=game_online
add address=209.190.9.202 disabled=no list=game_online
add address=209.51.218.170 disabled=no list=game_online
add address=211.43.208.219 disabled=no list=game_online
add address=211.233.43.45 disabled=no list=game_online
add address=212.58.226.79 disabled=no list=game_online
add address=202.67.9.252 disabled=no list=game_online
add address=49.128.179.6 disabled=no list=game_online
add address=49.128.179.8 disabled=no list=game_online
add address=203.89.146.172 disabled=no list=game_online
add address=49.128.179.0/24 disabled=no list=game_online
add address=92.51.171.95 disabled=no list=game_online
add address=203.116.49.0/24 disabled=no list=game_online
add address=103.229.163.0/24 disabled=no list=game_online
add address=103.229.163.4 disabled=no list=game_online

/ip firewall filter
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=1194 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300,27014-27050 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    14009-14010,4300,27000-27050,4380,3478,4379,40000-40007 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
    1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=42051-42052,11100-11125,11440-11460 in-interface=\
    ether3 protocol=udp

/ip firewall mangle
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
    new-connection-mark=GAME-CN passthrough=yes protocol=tcp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 \
    new-connection-mark=GAME-CN passthrough=yes protocol=udp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=14000-14010,4380,3478,4379,27000-27050,40000-40007,7779 new-connection-mark=\
    GAME-CN passthrough=yes protocol=udp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777-7779 \
    new-connection-mark=GAME-CN passthrough=yes protocol=tcp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
    new-connection-mark=GAME-CN passthrough=yes protocol=tcp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=\
    10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 new-connection-mark=GAME-CN passthrough=yes protocol=tcp src-address-list=LAN
add action=mark-connection chain=forward disabled=no dst-address-list=game_online dst-port=14000-14010,27014-27050 new-connection-mark=GAME-CN passthrough=yes protocol=tcp \
    src-address-list=LAN
add action=mark-packet chain=forward connection-mark=GAME-CN disabled=no new-packet-mark=GAME passthrough=no
add action=mark-connection chain=forward comment=update disabled=no dst-address-list=game_online dst-port=80,8080 new-connection-mark=UP-CN passthrough=yes protocol=tcp \
    src-address=192.168.0.0/24
add action=mark-packet chain=forward connection-mark=UP-CN disabled=no new-packet-mark=update passthrough=no
add action=mark-connection chain=forward comment=stream content=youtube.com disabled=no dst-address-list=!game_online new-connection-mark=ST-CN passthrough=yes \
    src-address=192.168.0.0/24
add action=mark-connection chain=forward content=vidio.com disabled=no new-connection-mark=ST-CN passthrough=yes src-address=192.168.0.0/24
add action=mark-connection chain=forward content=googlevideo.com disabled=no new-connection-mark=ST-CN passthrough=yes src-address=192.168.0.0/24
add action=mark-packet chain=forward connection-mark=ST-CN disabled=no new-packet-mark=STREMING passthrough=no
add action=mark-connection chain=prerouting disabled=no layer7-protocol=download new-connection-mark=DL-CN passthrough=yes
add action=mark-packet chain=forward connection-mark=DL-CN disabled=no new-packet-mark=DOWNLOAD passthrough=no
add action=mark-connection chain=forward comment=browsing connection-bytes=0-512000 disabled=no dst-address-list=!game_online in-interface=ether3 new-connection-mark=BR-CN \
    passthrough=yes protocol=tcp src-address=192.168.0.0/24
add action=mark-packet chain=forward connection-mark=BR-CN disabled=no new-packet-mark=BROWSING passthrough=no



/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=GAME pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=UPLOAD pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 \
    pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=DOWNLOAD pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=\
    50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
set 8 kind=none name=only-hardware-queue
set 9 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 10 kind=pfifo name=default-small pfifo-limit=10


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=18M name="2. DOWNLOAD" packet-mark=DOWNLOAD parent=ether3 priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=18M name="a. browsing" packet-mark=BROWSING parent="2. DOWNLOAD" priority=1 queue=\
    DOWNLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=18M name="c. high" packet-mark=HIGH parent="2. DOWNLOAD" priority=3 queue=DOWNLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=4M name="d. download" packet-mark=DOWNLOAD parent="2. DOWNLOAD" priority=4 queue=\
    DOWNLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=6M name="e. Streaming" packet-mark=STREMING parent="2. DOWNLOAD" priority=5 queue=\
    DOWNLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2M name="3. UPLOAD" packet-mark="" parent=ether2 priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=18M name="b. update" packet-mark=update parent="2. DOWNLOAD" priority=2 queue=DOWNLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="1. GAME" packet-mark=GAME parent=ether3 priority=1 queue=GAME
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2M name="a. GAME" packet-mark=GAME parent="3. UPLOAD" priority=1 queue=GAME
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=784k name="b. BROWSING" packet-mark=BROWSING parent="3. UPLOAD" priority=2 queue=UPLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=512k name="c. UPDATE" packet-mark=update parent="3. UPLOAD" priority=2 queue=UPLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=512k name="d. HIGH" packet-mark=BROWSING parent="3. UPLOAD" priority=2 queue=UPLOAD
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=512k name="e. STREAM" packet-mark=STREMING parent="3. UPLOAD" priority=2 queue=UPLOAD

Untuk melihat tulisan lainnya bisa membuka daftar isi
Untuk menggunakan configurasi jasa setting mikrotik murah remote ini silahkan di sesuaikan dengan kebutuhan masing-masing, karena configurasi ini belum tentu sesuai dengan apa yang anda ingingkan. sebagai tambahan dan keterangan configurasi jasa setting mikrotik murah remote saya buat di bawah ini:

Ether3 mengarah ke hub client warnet dan ether2 mengarah ke modem gpon, dengan koneksi sebesar 20mbps, konon kata yang punya setelah configurasi modem selesai dilakukan oleh pihak telkom, koneksinya keluar 50mbps benar tidaknya saya tidak tau, biarkan dia yang menikmatinya dan mengubah configurasinya sesuai keinginannya.

Semoga configurasi jasa setting mikrotik murah remote yang simple ini bermanfaat buat anda yang koneksi internetnya menggunakan 1 buah line dari telkom speedy. Penggunaan configurasi ini juga bisa anda manfaatkan untuk koneksi modem adsl lama sebelum anda mendapatkan jaringan FO di tempat.

Jasa setting mikrotik warnet

Jasa Setting Mikrotik Warnet Multi Indo Media Sekadau Kalimantan Barat - Jasa setting mikrotik warnet. beberapa settingan saya dokumentasikan sendiri terkadang bisa juga sudah berubah dan tidak saya gunakan lagi, namun sebagai acuan saya kadang configurasi yang diposting disini masih di ambil sebagian serta menyesuaikannya terhadap ke inginan pelanggan.

Untuk rule yang-ada lebih baik di fahami dahulu sebelum menggunakannya karena disini saya tidak menyebutkan configurasi-mikrotik ini di gunakan untuk apa yang pasti setting-mikrotik-warnet.

Penangkap dan pengoleksi ip address game online indonesia. Atau bisa juga ambil list ipnya yang ada di address-list ip game online indonesia

/ip firewall filter
add action=add-dst-to-address-list address-list=FB-Game address-list-timeout=0s chain=forward disabled=no dst-port=843,9339,8291 in-interface=ether3 protocol=\
tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010,4300 in-interface=ether3 \
protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010 in-interface=ether3 \
protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=42051-42052,11100-11125,11440-11460 \
in-interface=ether3 protocol=udp

Jasa setting mikrotik warnet. Layer 7 Setting-mikrotik Warnet Sekadau Kalimantan Barat

/ip firewall layer7-protocol
add name=youtube regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=big regexp="^.*get.+\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|msu|msi|nup|vdf|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp\
|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*\$"
add name=streaming regexp="a.youtube.com|d.youtube.com|e.youtube.com|f.youtube.com|g.youtube.com|h.youtube.com|i.youtube.com|j.youtube.com|l.youtube.com|c.youtu\
be.com|d.youtube.com|youtube|tube|dailymotion.com"

Untuk configurasi manglenya bisa seperti di bawah ini

/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=hit-proxy passthrough=no protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-connection chain=prerouting comment=GAME disabled=no dst-address-list=game_online dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 new-connection-mark=game_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=14009-14010 new-connection-mark=game_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=14009-14010 new-connection-mark=game_conn passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=\
1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 new-connection-mark=game_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=game_online dst-port=42051-42052,11100-11125,11440-11460 new-connection-mark=game_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=game_conn disabled=no new-packet-mark=game_pkt passthrough=no
add action=mark-connection chain=prerouting comment="Update Game" disabled=no dscp=!12 dst-address-list=game_online dst-port=80,21 new-connection-mark=\
update-conn packet-mark=!hit-proxy passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=update-conn disabled=no dscp=!12 new-packet-mark=update packet-mark=!hit-proxy passthrough=no
add action=mark-connection chain=prerouting comment=Facebook disabled=no dst-address-list=FB-Game new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=apps.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=facebook.com/apps disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=app.facebook.com/pool-live disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=static.ak.connect.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=\
!hit-proxy passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=statics.poker.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=\
!hit-proxy passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.ninjasaga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting content=.castle.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.static.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.empire.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.poker.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting content=.castle.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=.farmville.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting content=.farmville.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=akamai.net disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting content=.channel.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!hit-proxy \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=facebook-conn disabled=no dscp=!12 new-packet-mark=facebook packet-mark=!hit-proxy passthrough=no
add action=mark-connection chain=prerouting comment=Streaming disabled=no dscp=!12 layer7-protocol=streaming new-connection-mark=streaming-conn packet-mark=\
!hit-proxy passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=dailymotion.com disabled=no dscp=!12 new-connection-mark=streaming-conn packet-mark=!hit-proxy passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting content=mivo disabled=no dscp=!12 new-connection-mark=streaming-conn packet-mark=!hit-proxy passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=streaming-conn disabled=no dscp=!12 new-packet-mark=streaming passthrough=no
add action=mark-connection chain=prerouting comment=Download disabled=no dscp=!12 dst-address-list=!game_online layer7-protocol=big new-connection-mark=\
down-conn packet-mark=!hit-proxy passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=down-conn disabled=no dscp=!12 new-packet-mark=download packet-mark=!hit-proxy passthrough=no
add action=mark-connection chain=prerouting comment=Mid connection-bytes=128000-256000 connection-mark=!facebook-conn disabled=no dscp=!12 dst-address-list=\
!game_online dst-port=!80 in-interface=ether3 new-connection-mark=mid-conn packet-mark=!game_pkt passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mid-conn disabled=no dscp=!12 new-packet-mark=mid packet-mark=!hit-proxy passthrough=no
add action=mark-connection chain=prerouting comment=High connection-bytes=256000-4294967295 connection-mark=!facebook-conn disabled=no dscp=!12 \
dst-address-list=!game_online dst-port=80 new-connection-mark=high-conn packet-mark=!game_pkt passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=high-conn disabled=no dscp=!12 new-packet-mark=high packet-mark=!hit-proxy passthrough=no
add action=mark-connection chain=prerouting comment=Small connection-bytes=160000-256000 connection-mark=!facebook-conn disabled=no dscp=!12 dst-address-list=\
!game_online dst-port=80 new-connection-mark=small-conn packet-mark=!game_pkt passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=browse-conn disabled=no dscp=!12 new-packet-mark=browse packet-mark=!hit-proxy passthrough=no

Jasa setting mikrotik warnet

Jasa setting mikrotik warnet - begitu saja saya buat sebagai setting mikrotik, limit bandwidth yang saya gunakan dengan queue tree/queue simple.

Jasa setting mikrotik warnet  seluruh indonesia contact

Setting Mikrotik Warnet Azainet Rantau Parapat

Setting Mikrotik Warnet Azainet Rantau Parapat - setting-mikrotik-warnet-Rantau Parapat, beda lokasi beda selera pemilik warnetnya soal setting-mikrotik, berikut ini settingan-mikrotik sebuah warnet di Rantau Parapat, yang saya setting via remote dari Binjai.




Koneksi warnet yang di gunakan 3 line speedy, 1 mega untuk 15 unit komputer game, dan 2 mega untuk 15 unit komputer browsing dan download, tambah proxy external ubuntu. Berikut ini filter rule untuk menangkap ip game online kemudian di routing ke line speedy 1mbps.

/ip firewall filter
add action=add-dst-to-address-list address-list=ip-facebook address-list-timeout=0s chain=forward disabled=no dst-port=843,9339,8291 in-interface=ether5-HUB/SWITCH protocol=tcp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777,28900-28914 in-interface=ether5-HUB/SWITCH protocol=tcp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 in-interface=ether5-HUB/SWITCH protocol=tcp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 in-interface=ether5-HUB/SWITCH protocol=tcp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300 in-interface=ether5-HUB/SWITCH protocol=tcp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010,4300 in-interface=ether5-HUB/SWITCH protocol=udp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010 in-interface=ether5-HUB/SWITCH protocol=udp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 in-interface=ether5-HUB/SWITCH protocol=udp

add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=42051-42052,11100-11125,11440-11460in-interface=ether5-HUB/SWITCH protocol=udp

Layer 7 untuk limit download dan Streaming di mikrotiknya

/ip firewall layer7-protocol
add name=http-video regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"

add name=youtube regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=big regexp="^.*get.+\\.exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|msu|msi|nup|vdf|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*\$"

add name=streaming regexp="a.youtube.com|d.youtube.com|e.youtube.com|f.youtube.com|g.youtube.com|h.youtube.com|i.youtube.com|j.youtube.com|l.youtube.com|c.youtube.com|d.youtube.com|youtube|tube|dailymotion.com"

Mangle Routing mark-mikrotik untuk memisah jalur ke arah speedy 1m, sisanya yang 2mbps di routing-mark/ di alokasikan ke browsing dan download.

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Routing Game" disabled=no dst-address-list=game_online dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 new-routing-mark=game passthrough=no protocol=udp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=14000-14010 new-routing-mark=game passthrough=no protocol=udp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=14000-14010,28900-28914 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting comment="Lineage 2" disabled=no dst-address-list=game_online dst-port=7777-7778 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting disabled=no dst-address-list=game_online dst-port=2106 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting comment=9Dragon disabled=no dst-address-list=game_online dst-port=!80,8080 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

add action=mark-routing chain=prerouting comment="Yulgang Online" disabled=no dst-address-list=game_online dst-port=19000-19001 new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN

Mangle Hit Proxy External dengan DSCP=12

/ip firewall mangle 
add action=mark-packet chain=prerouting comment=Proxy content="X-Cache: HIT" disabled=no new-packet-mark=proxy-hit passthrough=no protocol=tcp

add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp
add action=mark-packet chain=forward disabled=no dscp=12 in-interface=ether4-Proxy new-packet-mark=proxy-hit out-interface=ether5-HUB/SWITCH passthrough=no protocol=tcp

Mangle untuk Ping

/ip firewall mangle 
add action=mark-packet chain=prerouting comment=ping disabled=no new-packet-mark=icmp passthrough=no protocol=icmp

Mangle Update Game di berikan prioritas di queue tree mikrotik

/ip firewall mangle 
add action=mark-connection chain=prerouting comment="Update Game" disabled=no dscp=!12 dst-address-list=game_online dst-port=80,21 new-connection-mark=update-conn packet-mark=!hit passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark=update-conn disabled=no dscp=!12 new-packet-mark=update passthrough=no

Mangle untuk content youtube di berikan prioritas di queue tree mikrotik

/ip firewall mangle 
add action=mark-connection chain=prerouting comment=Facebook disabled=no dscp=!12 dst-address-list=ip-facebook new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=apps.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=facebook.com/apps disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=app.facebook.com/pool-live disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=static.ak.connect.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=statics.poker.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.ninjasaga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.castle.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.static.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.static.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.empire.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.poker.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.castle.zynga.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.farmville.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.farmville.zgncdn.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=akamai.net disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=.channel.facebook.com disabled=no dscp=!12 new-connection-mark=facebook-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark=facebook-conn disabled=no dscp=!12 new-packet-mark=facebook packet-mark=!proxy-hit passthrough=no

Mangle untuk melimit streaming youtube

/ip firewall mangle 
add action=mark-connection chain=prerouting comment=Streaming disabled=no dscp=!12 layer7-protocol=streaming new-connection-mark=streaming-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=dailymotion.com disabled=no dscp=!12 new-connection-mark=streaming-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting content=mivo disabled=no new-connection-mark=streaming-conn packet-mark=!proxy-hit passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark=streaming-conn disabled=no new-packet-mark=streaming passthrough=no

Mangle untuk melimit ip per client, seperti yang beliau inginkan.

/ip firewall mangle 
add action=mark-connection chain=forward comment="LUAR KE DALAM" disabled=no dscp=!12 new-connection-mark=all.post_conn out-interface=ether5-HUB/SWITCH packet-mark=!proxy-hit passthrough=yes src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.10 new-packet-mark=IP10 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.11 new-packet-mark=IP11 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.12 new-packet-mark=IP12 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.13 new-packet-mark=IP13 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.14 new-packet-mark=IP14 packet-mark=!proxy-hit passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.15 new-packet-mark=IP15 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.16 new-packet-mark=IP16 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.17 new-packet-mark=IP17 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.18 new-packet-mark=IP18 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.19 new-packet-mark=IP19 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.20 new-packet-mark=IP20 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.21 new-packet-mark=IP21 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.22 new-packet-mark=IP22 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.23 new-packet-mark=IP23 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.24 new-packet-mark=IP24 passthrough=no protocol=tcp src-address-list=!game_online

add action=mark-packet chain=forward connection-mark=all.post_conn disabled=no dscp=!12 dst-address=192.168.88.25 new-packet-mark=IP25 passthrough=no protocol=tcp src-address-list=!game_online

Saya berikan queue tree tersendiri, dan begitupun rule, rule ini adalah hasil racikan yang saya kumpul dari berbagai sumber yang ada di internet.

Cara Mudah Blok Web Di Mikrotik

Jasa setting mikrotik - Cara Mudah Blok Web Di Mikrotik - cara mudah memblokir web dengan mikrotik menggunakan IP - FIREWALL - FILTER, beragam alasan kenapa filter rule dan memblok web di perlukan seorang administrator jaringan.

Kadang di suatu waktu mungkin kita di perlukan melakukan blokir web lewat router mikrotik, cara blokir web lewat router mikrotik bukan lah hal yang susah, misalnya ketika saya ingin memblok sebuah alamat web yang merupakan alamat web penyedia cheat game pointblank, saya ingin membloknya agar warnet terbebas dari cheat yang dapat menyebkan memory mengalami crash. Misalnya saja di jaringan warnet tidak boleh dibuka sebuah web, misalnya web yang ingin kita blok dengan mikrotik dengan alamat:  www.pekalongan-community.com/

Agar pelanggan warnet kita tidak menggunakan cheat atau mendownload cheat dari web pekalongan maka kita coba memblok web di mikrotik.

Cara mudah blog web di mikrotik, langkah memblok web di mikrotik adalah berikut:

Contoh alamat web yang akan kita blok di mikrotik adalahwww.pekalongan-community.com

Buka Menu

IP -> FIREWALL -> FILTER RULE 

Klik Tanda + (warna merah)

Chain :Forward
Protocol :tcp
tab ADVANCED




klik Content: isikan www.pekalongan-community.com <1>(web yang ingin di blok)
klik tab ACTION
Action : DROP




Klik Apply> -> OK

Selain cara mudah blok web di mikrotik diatas ada juga cara lain sebagai cara blok web dengan mikrotik yakni dengan memanfaatkan layer7, atau menangkap ip address dari content yang di buka, kemudian memindahkannya ke address-list kemudiaan kita lakukan blok ip tersebut di mikrotik sesuai keingina kita.

Untuk langkah-langkah cara blok web dengan mikrotik diatas silahkan di coba dan di tinggalkan komentar di bawah ini.Semoga cara mudah blog web di mikrotik ini bermanfaat.

Jasa Setting Mikrotik dan Jasa Setting Wireless / Hotspot Mikrotik Murah

IP Address Game Online Indonesia

Address-list IP Address Game Online Indonesia - Beberapa list ip address Game Online Indonesia di bawah ini saya ambil dari berbagai sumber, dan melakukan penambahan secara otomatis menggunakan filter-rule mikrotik untuk menangkap ip yang berasal dari port-port game online indonesia.


Menambah otomatis ip address game online indonesia di address-list mikrotik, tanpa harus repot dengan menggunakan menu /ip filter mikrotik.

Berikut ini beberapa ip address game online indonesia yang saya koleksi secara otomatis di address-list mikrotik.

/ip firewall address-list
add address=49.50.7.0/24 disabled=no list=game_online
add address=203.209.190.35 disabled=no list=game_online
add address=180.178.110.82 disabled=no list=game_online
add address=64.211.145.89 disabled=no list=game_online
add address=64.211.145.91 disabled=no list=game_online
add address=64.211.145.104 disabled=no list=game_online
add address=64.233.181.97 disabled=no list=game_online
add address=64.233.189.113 disabled=no list=game_online
add address=65.54.82.164 disabled=no list=game_online
add address=65.55.162.26 disabled=no list=game_online
add address=66.220.146.25 disabled=no list=game_online
add address=69.63.181.11 disabled=no list=game_online
add address=69.63.181.16 disabled=no list=game_online
add address=69.63.186.30 disabled=no list=game_online
add address=74.125.153.138 disabled=no list=game_online
add address=75.125.122.98 disabled=no list=game_online
add address=116.12.45.2 disabled=no list=game_online
add address=119.110.77.1 disabled=no list=game_online
add address=119.110.77.2 disabled=no list=game_online
add address=119.110.77.3 disabled=no list=game_online
add address=119.110.77.4 disabled=no list=game_online
add address=119.110.77.5 disabled=no list=game_online
add address=119.110.77.6 disabled=no list=game_online
add address=119.110.77.7 disabled=no list=game_online
add address=119.160.200.173 disabled=no list=game_online
add address=119.160.200.166 disabled=no list=game_online
add address=119.160.200.168 disabled=no list=game_online
add address=122.102.49.0/24 disabled=no list=game_online
add address=122.102.48.0/24 disabled=no list=game_online
add address=122.102.50.0/24 disabled=no list=game_online
add address=122.102.51.0/24 disabled=no list=game_online
add address=122.102.52.0/24 disabled=no list=game_online
add address=122.102.53.0/24 disabled=no list=game_online
add address=122.102.54.0/24 disabled=no list=game_online
add address=122.102.55.0/24 disabled=no list=game_online
add address=122.144.2.38 disabled=no list=game_online
add address=122.144.2.132 disabled=no list=game_online
add address=122.144.2.137 disabled=no list=game_online
add address=125.160.17.181 disabled=no list=game_online
add address=125.160.17.182 disabled=no list=game_online
add address=124.195.18.122 disabled=no list=game_online
add address=125.56.199.10 disabled=no list=game_online
add address=125.56.199.16 disabled=no list=game_online
add address=125.56.199.27 disabled=no list=game_online
add address=125.160.173.26 disabled=no list=game_online
add address=125.163.212.218 disabled=no list=game_online
add address=173.194.0.148 disabled=no list=game_online
add address=202.43.161.117 disabled=no list=game_online
add address=202.43.161.120 disabled=no list=game_online
add address=202.43.161.121 disabled=no list=game_online
add address=202.43.167.70 disabled=no list=game_online
add address=202.43.171.131 disabled=no list=game_online
add address=202.43.171.130 disabled=no list=game_online
add address=202.43.171.133 disabled=no list=game_online
add address=202.43.171.134 disabled=no list=game_online
add address=202.57.118.35 disabled=no list=game_online
add address=202.57.118.54 disabled=no list=game_online
add address=202.58.163.204 disabled=no list=game_online
add address=202.67.15.34 disabled=no list=game_online
add address=202.70.134.34 disabled=no list=game_online
add address=202.70.134.35 disabled=no list=game_online
add address=202.70.134.37 disabled=no list=game_online
add address=202.74.73.98 disabled=no list=game_online
add address=202.78.197.83 disabled=no list=game_online
add address=202.78.197.85 disabled=no list=game_online
add address=202.89.208.61 disabled=no list=game_online
add address=202.93.17.0/24 disabled=no list=game_online
add address=202.93.18.0/24 disabled=no list=game_online
add address=202.93.19.0/24 disabled=no list=game_online
add address=202.93.20.0/24 disabled=no list=game_online
add address=202.93.21.0/24 disabled=no list=game_online
add address=202.93.22.0/24 disabled=no list=game_online
add address=202.93.23.0/24 disabled=no list=game_online
add address=202.93.24.0/24 disabled=no list=game_online
add address=202.93.25.0/24 disabled=no list=game_online
add address=202.93.26.0/24 disabled=no list=game_online
add address=202.93.27.0/24 disabled=no list=game_online
add address=202.93.28.0/24 disabled=no list=game_online
add address=202.93.29.0/24 disabled=no list=game_online
add address=202.93.30.0/24 disabled=no list=game_online
add address=202.93.31.0/24 disabled=no list=game_online
add address=202.162.207.111 disabled=no list=game_online
add address=202.138.226.22 disabled=no list=game_online
add address=202.138.226.19 disabled=no list=game_online
add address=202.149.65.139 disabled=no list=game_online
add address=202.149.65.142 disabled=no list=game_online
add address=202.149.65.160 disabled=no list=game_online
add address=202.93.16.0/24 disabled=no list=game_online
add address=203.77.212.20 disabled=no list=game_online
add address=203.89.146.0/24 disabled=no list=game_online
add address=203.89.147.12 disabled=no list=game_online
add address=203.89.147.13 disabled=no list=game_online
add address=204.2.171.27 disabled=no list=game_online
add address=204.2.171.154 disabled=no list=game_online
add address=204.2.171.97 disabled=no list=game_online
add address=204.2.171.112 disabled=no list=game_online
add address=204.117.211.2 disabled=no list=game_online
add address=204.117.211.3 disabled=no list=game_online
add address=204.117.211.4 disabled=no list=game_online
add address=209.190.9.202 disabled=no list=game_online
add address=209.51.218.170 disabled=no list=game_online
add address=211.43.208.219 disabled=no list=game_online
add address=211.233.43.45 disabled=no list=game_online
add address=212.58.226.79 disabled=no list=game_online
add address=202.67.9.252 disabled=no list=game_online
add address=49.128.179.6 disabled=no list=game_online
add address=49.128.179.8 disabled=no list=game_online
add address=203.89.146.172 disabled=no list=game_online
add address=49.128.179.0/24 disabled=no list=game_online
add address=92.51.171.95 disabled=no list=game_online
add address=49.50.7.0/24 disabled=no list=game_online

List ip address game online tersebut diatas masih jauh dari sempurna, karena ketika saya mengcapture ip ini dari mikrotik, warnet yang menggunakan mikrotik tersebut tidak memiliki semua game online indonesia, sehingga hanya beberapa ip game saja yang ada, termasuk ip game pointblank, lostsaga, atlantica.

Untuk mengcapture/menangkap ip game online yang melintas di port-port tertentu coba gunakan rule filter rule berikut, dan tambahkan port game online yang ingin di koleksi ipnya.

/ip firewall filter
add action=add-dst-to-address-list address-list=FB-Game address-list-timeout=0s chain=forward disabled=no dst-port=\
843,9339,8291 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 in-interface=ether3 \
protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300 in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
14009-14010,4300 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
14009-14010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online address-list-timeout=1d chain=forward disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 in-interface=ether3 protocol=udp

IP Address Game Online Indonesia - jasa setting mikrotik ip list game online indonesia.

Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik

Jasa Setting Mikrotik Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik - Cara Memisahkan Browsing Dan Game 2 Line Speedy /isp di Mikrotik. Kasus ini saya terapkan di sebuah warnet di lubuk dalam, kab. siak. Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik memisahkan line 2 isp speedy dalam satu jasa setting mikrotik, yang mana tujuannya tentu sudah jelas agar, browsing tidak mengganggu koneksi game online, prinsip yang sama bisa di terapkan jika salah satu isp merupakan isp iix. Untuk memisahkan game online dan browsing pada mikrotik menggunakan 2 isp yang berbeda saya contohkan seperti di bawah ini. Isp yang di gunakan adalah speedy.
Modem speedy sebelumnya saya bridge, yang tujuannya agar dialing koneksi dari speedy di lakukan di mikrotik, bukan di modem seperti defaultnya settingan teknisi speedy. Dalam gambar bisa di lihat seperti ini, yang mana :

Speedy1 = pppoe-out1 dan speedy2 = pppoe-out2

Pppoe-out1 di alihkan / di routing untuk game online seperti pointblank berdasar port dan ipnya.
pppoe-out2 di arahkan untuk jalur browsing



pada menu IP -> ADDRESS bisa di lihat seperti gambar di bawah ini



Jika telah berhasil membuat seperti diatas, saya anggap anda telah berhasil melakukannya.

Ether3= LAN
ether5 = proxy external ubuntu.
Buat address-list IP lan yang akan di arahkan ke game online, contohnya bisa di lihat pada gambar




Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik

 Ipnya silahkan di sesuikan dengan kondisi jaringan yang ada, dalam kasus ini ip yang saya gunakan bisa terlihat seperti pada screenshoot diatas. Selanjutnya saya lakukan penangkapan ip game online yang kelak akan di namai game_online dan di masukkan kedalam address-list

/ip firewall filter
add action=add-dst-to-address-list address-list=FB-Game address-list-timeout=\
0s chain=forward disabled=no dst-port=843,9339,8291 in-interface=ether3 \
protocol=tcp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port="10402,11011-11\
041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,1900\
0" in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port="19101,22100,27\
780,28012,29000,29200,39100,39110,39220,39190,40000,49100,4300" \
in-interface=ether3 protocol=tcp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port=\
14009-14010,4300 in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port=14009-14010 \
in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port="1293,1479,6100\
-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010" \
in-interface=ether3 protocol=udp
add action=add-dst-to-address-list address-list=game_online \
address-list-timeout=1d chain=forward disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 in-interface=ether3 protocol=udp

Ip address-list telah di buat, langkah selanjutnya adalah mangle untuk port game onlinenya, agar bisa di routing. Berikut mangle game online yang saya buat.

add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port="1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12\
020-12080,30000,40000-40010" new-routing-mark=game passthrough=no \
protocol=udp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port=14000-14010 new-routing-mark=game passthrough=no \
protocol=udp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port=\
1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
new-routing-mark=game passthrough=no protocol=tcp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port="10402,11011-11041,12011,12110,13008,13413,15000-1500\
2,16402-16502,16666,18901-18909,19000" new-routing-mark=game passthrough=\
no protocol=tcp src-address-list=LAN
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
game_online dst-port=14000-14010 new-routing-mark=game passthrough=no \
protocol=tcp src-address-list=LAN

Ip LAN sudah di mangle menuju ke ip game online yang telah di masukkan ke ip-address-list. Langkah selanjutnya adalah routing. Untuk merouting ip game online ke line speedy1 yang saya set sebagai pppoe-out1

Gambaran route bisa di lihat seperti ini.



Dan scriptnya jika via terminal bisa di lihat seperti ini

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=game scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=game scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10

Nah kenapa ada routing mark game yang berwarna hijau, tujuan saya buat seperti itu, jikalau salah satu line yang ada terputus koneksinya, otomatis di pindah ke koneksi yang hidup.

Pada tahab ini sebenernya sudah selesai soal memisahkan jalur browsing dan game online 2line speedy/ isp dengan menggunakan mikrotik, untuk langkah selanjutnya anda bisa memberikan limit untuk jalur browsing anda, sehingga tidak ada yang di rugikan oleh client anda yang hobby browsing. Oh iya jangan lupa hit proxy nya anda hidupkan dan taruh mangle nya di bagian atas routing game online.

Silahkan di pikirkan dan di raba-raba cara pembuatannya tersebut. Mudah-mudahan cara memisahkan jalur game online dan jalur browsing 2 line speedy menggunakan mikrotik ini bermanfaat. Untuk ip list game online silahkan lihat disini -> http://www.mandailingnatal.com/2013/06/ip-address-game-online-indonesia.html

Silahkan di tambahi Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik  jikalau di rasa kurang lengkap. Teknik Cara Memisahkan Browsing Dan Game 2 Line Speedy Mikrotik ini bisa juga di gunakan untuk warnet game online yang menggunakan vpn, cara menggunakan vpn indonesia warnet game online di mikrotik

Cara Blok Camprog Dengan Mikrotik

Jasa setting mikrotik - Cara blok camprog dengan mikrotik - cara blok camprog menggunakan mikrotik - saat saya setting hotspot mikrotik salah satu kantor di samarinda, mereka meminta agar camprog di blok dengan mikrotik, tujuannya agar karyawan tidak membuang waktu dengan menonton video. Banyak yang tidak tau tentang camprog banyak juga yang tau.

Camprog merupakan salah satu aplikasi chating, namun sayang perangkat lunak ini sepertinya memiliki banyak usernya yang rela memerkan body seksinya disana. Sehingga demi kenyamanan tempat kerja, atau warnet yang anti pornoaksi, vitur firewall pada router-mikrotik dapat di manfaatkan untuk memblok aplikasi camprog ini.

Tentunya agar tidak bisa di gunakan semena-mena oleh pelanggan warnet, atau karyawan yang bekarja di kantor/perusahaan anda. Jadi camprog ini boleh juga di blok.

Ikuti langkah-langkah dalam gambar ini untuk memblok camprog di jaringan warnet dengan jasa setting mikrotik.

Klik IP -> Firewall -> Filter
Chain: Forward
Protocol: tcp
Dst-Port:7078,2778,2779
Action: Drop

Nah jika ingin cara mudahnya blok camprog dengan mikrotik, paste code berikut di new terminal mikrotik

/ip firewall filter
add action=drop chain=forward disabled=no dst-port=7078,2778,2779 protocol=tcp \
src-address-list=!COMP-BEBAS

Begitulah awal kisah cara blok camprog dengan mikrotik, bagi yang ingin di setting hotspot mikrotik, kami jasa setting mikrotik samarinda via remote siap membantu anda, beberapa client kami berasal dari sana di setting mikrotiknya via remote.

Jasa setting mikrotik jarak jauh /Jasa setting Hotspot Samarinda

Cara Blok Situs Di Router Mikrotik

Cara Blok Situs Di Router Mikrotik - cara memblok situs  web menggunakan router mikrotik, kadang ada saja alasan kita untuk memblok beberapa situs yang tidak pantas didalam jaringan, boleh jadi situs yang kita ingin blokir dengan mikrotik misalnya situs judi, atau porno, atau mungkin situs lain yang memang kita anggap harus di blokir dengan mikrotik.

Ada beberapa cara untuk memblok sebuah situs menggunakan router mikrotik, salah satunya menggunakan fitur yang ada di webproxy mikrotik, teknik ini berfungsi jika webproxy di enable, atau singkatnya webproxy mikrotik di gunakan sebagai proxy internet.Namun jika webproxy ini di disable maka jangan harap blok situs yang kita lakukan dapat berjalan dengan baik.
Cara kedua, memblok situs dengan proxy external, dengan menggunakan fitur acl di squid proxy external.

Cara ketiga menggunakan menu -IP -> firewall ->Filter mikrotik, nah cara ketiga ini yang akan kita gunakan untuk blok situs dengan router mikrotik.

Cara blok situs dengan router mikrotik tanpa layer 7 menggunakan ip -> firewall -> Filter, dalam kasus ini kita contohkan situs yang ingin kita blok

• Buka winbox, cara buka winbox terserah anda bagaimana.
• Klik Ip -> Firewall -> Filter 

• Klik tanda + yang berwarna merah
• Tab General - Chain : Forward 
• Tab Advanced - content : tube8
• Tab Action - action: drop

Mudakan ?!.. blok situs menggunakan mikrotik, jika anda ingin memblok sebuah port di mikrotik dengan teknik yang sama anda bisa lakukan juga, misalnya blok port yahoo messenger dengan mikrotik,  atau jika ingin menggunakan layer 7 dalam memblok Ym (yahoo messenger) bisa menggunakan cara memblok ym dengan layer7

Simple Firewall Untuk Mikrotik Anda

Mandailing Natal - Jasa setting mikrotik Cara set Simple Firewall di mikrotik untuk Firewall - firewall menjadi hal yang tak kalah penting didalam sebuah jaringan, terlebih jika jaringan kita terhubung ke jaringan internet.
Karena kemungkinan adanya kejahatan baik yang menyerang jaringan internet kita secara umum maupun menyerang komputer kita pribadi, apalagi dengan samakin banyaknya warnet di Indonesianya firewall menjadi hal yang penting untuk di terapkan didalam jaringan kita, tentu firewall disini yang saya maksud adalah firewall mikrotik.


Berikut fungsi simple firewall ini seperti kata adhielesmana@forummikrotik.com adalah berikut :

Fungsi: Memblok akses yang tidak di ijinkan yang datang dari arah publik. selain yang di allow. Semua akses masuk dari publik akan di drop. attacker flooder maupun port scanner yang mo nembus mikrotik anda dari luar dijamin klepek klepek..

Wan : Interface ke arah internet.
Lan : Interface ke arah local.
Ip Local : 192.168.0.0/16

Media : Mikrotik - Ip Firewall - Filter

Dan ini dia firewallnya, sesuaikan dengan kondisi jaringan anda :

/ip firwall filter 
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.0.0/16 action=accept comment="Allow semua akses internet to client" disabled=no

add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no

add chain=input in-interface=Wan protocol=udp src-port=123 action=accept comment="Allow NTP Traffic" disabled=no

add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no

add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no  

add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no 

add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidakdi ijinkan" disabled=no

Simple Firewall untuk mikrotik bentuk yang lain baca disini -> Setting simple firewall mikrotik,  Firewall Brutuce Force di mikrotik
Credit :adhielesmana #forummikrotik

Memisahkan Trafik Browsing Dan Game

Jasa Setting Mikrotik - Memisahkan Trafik Browsing Dan Game - Untuk memisahkan trafik browsing dan game pada mikrotik ini di tulis  oleh http://nebulagame.wordpress.com/2010/02/02/mikrotik-pisah-download-browse-dan-game-di-1-line/ . Dan semoga bermanfaat buat kita semua, trik pemisahan seperti ini juga bisa di gunakan untuk trafik lainnya. Seperti SMTP misalnya, atau tergantung mana yang ingin anda prioritaskan koneksinya.

UPDATE

Dari pada menggunakan bentuk ip seperti ini saya lebih suka menangkap ip game online berdasarkan portnya, karena rata-rata warnet sekarang tidak hanya menyediakan game point blank saja. Seperti di tulisan saya memisahkan bandwidth game dan browsing di 1mbps speedy

Contoh buat Point Blank, game lain sesuaikan aja port/ip nya, masih banyak port untuk point blank dan ipnya, silahkan cari di google untuk tambahaan ip game lain dan portnya,

/ip firewall mangle

add chain=game action=mark-connection new-connection-mark=Game \
passthrough=yes protocol=tcp dst-address=203.89.146.0/23 \
dst-port=39190 comment="Point Blank"

add chain=game action=mark-connection new-connection-mark=Game \
passthrough=yes protocol=udp dst-address=203.89.146.0/23\
dst-port=40000-40010

add chain=game action=mark-packet new-packet-mark=Game_pkt \
passthrough=no connection-mark=Game

add chain=prerouting action=jump jump-target=game

POKER

/ip firewall mangle

add chain=forward action=mark-connection \
new-connection-mark=Poker_con passthrough=yes \
protocol=tcp dst-address-list=LOAD POKER comment="POKER"

add chain=forward action=mark-connection \
new-connection-mark=Poker_con passthrough=yes \
protocol=tcp content=statics.poker.static.zynga.com

add chain=forward action=mark-packet new-packet-mark=Poker \
passthrough=no connection-mark=Poker_con

BROWSING

/ip firewall mangle
add chain=forward action=mark-connection new-connection-mark=http \
passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan \
packet-mark=!Game_pkt connection-mark=!Game \
connection-bytes=0-262146 comment="BROWSE"

add chain=forward action=mark-packet new-packet-mark=http_pkt\
passthrough=no protocol=tcp connection-mark=http

LIMIT DOWNLOAD

/ip firewall mangle
add chain=forward action=mark-connection new-connection-mark=Download \
passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan \
packet-mark=!Game_pkt connection-mark=!Poker_con \
connection-bytes=262146-4294967295 comment="LIMIT DOWNLOAD"

addchain=forward action=mark-packet new-packet-mark=Download_pkt \
passthrough=no packet-mark=!Game_pkt connection-mark=Download

UPLOAD

/ip firewall mangle 
add action=mark-packet chain=prerouting comment="" disabled=no in-interface=Lan \ new-packet-mark=icmp_pkt passthrough=no protocol=icmp src-address=192.168.0.0/24

add chain=prerouting action=mark-packet new-packet-mark=Upload \
passthrough=no protocol=tcp src-address=192.168.0.0/24 \
in-interface=Lan packet-mark=!icmp_pkt comment="UPLOAD"

QUEUE

/queue type

name="Download" kind=pcq pcq-rate=256000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000

name="Http" kind=pcq pcq-rate=1M pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000

name="Game" kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=src-address,dst-address,src-port, \
dst-port pcq-total-limit=2000

name="Upload" kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000

Queue Tree

/queue tree

name="Main Browse" parent=Lan limit-at=0 priority=8 max-limit=1M \
burst-limit=0 burst-threshold=0 burst-time=0s

name="Browse" parent=Main Browse packet-mark=http_pkt \
limit-at=0 queue=Http priority=8 max-limit=1M \
burst-limit=0 burst-threshold=0 burst-time=0s

name="Game" parent=global-total packet-mark=Game_pkt \
limit-at=0 queue=Game priority=1 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s

name="Poker" parent=global-out packet-mark=Poker limit-at=0 \
queue=Game priority=3 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s

name="Download" parent=global-out packet-mark=Download_pkt \
limit-at=0 queue=Download priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s

name="Main Upload" parent=global-in limit-at=0 priority=8 \
max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

name="Upload" parent=Main Upload packet-mark=Upload \
limit-at=0 queue=Upload priority=8 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s

HASILNYA

BROWSING 1Mbs bagi rata sekampung (baca: satu jaringan)
DOWNLOAD 256Kbps bagi rata sekampung
GAME seadanya bandwith sesuai kebutuhan sekampung
POKER seadanya bandwith sesuai kebutuhan sekampung
UPLOAD seadanya bandwith bagi rata sesuai kebutuhan sekampung

Membuat Bandwith Management UPTO Mikrotik

Jasa Setting Mikrotik - Membuat Bandwith Management UPTO Mikrotik,- Membuat bandwith management UPTO pada mikrotik bisa dilakukan dengan memanfaatkan queue - tree dan PCQ (Per Connection Queue) yang berfungsi membagi rata bandwith yang ada.


Misalnya saja kita punya bandwith 2MBPS untuk di share ke 10 User, ketika 10 user ini online dengan otomatis mikrotik membagi rata bandwith yang 2MBPS (2000kbps) kepada 10 clientnya, jadi masing masing client mendapat jatah bandwith 200kbps, dan jika hanya 1 user yang online, mikrotik dengan pcq nya memberikan bandwith full 2 MBPS ke pada user tersebut, dengan metode pcq ini bandwith di bagi secara adil kepada usernya yang online.



Cara membuat bandwith management UPTO pada mikrotik:

Kondisi jaringan :

1. lan :192.168.1.0/24
2. indosat : 124.195.12.29

Langkah pertama dalam membuat management bandwith upto di mikrotik :

• Tandai semua paket yang masuk dari interface lan (dari interface lan mikrotik - client)

/ip firewall mangle

add chain=forward src-address=192.168.1.0/24 \
action=mark-connection new-connection-mark=conn-lokal

add connection-mark=conn-lokal action=mark-packet\
new-packet-mark=packet-lokal chain=forward

• Buat Queue Tpye dengan jenis PCQ untuk paket yang di tandai masing-masing untuk source dan destination-nya di mikrotik

/queue type add name=lokal-dw kind=pcq pcq-classifier=dst-address
/queue type add name=lokal-up kind=pcq pcq-classifier=src-address

• Buat Queue Tree Untuk paket download dan upload pada mikrotik

/queue tree add name=lokal-download parent=lan max-limit=2M
/queue tree add parent=lokal-download\
queue=lokal-dw packet-mark=packet-lokal

/queue tree add name=lokal-upload parent=Eth1 max-limit=2M
/queue tree add parent=lokal-upload queue=lokal-up packet-mark=pct-icafe

Dengan ini di user dapat menikmati bandwith up-to jika pelanggan lain offline, semuanya mudah dengan mikrotik :D

Blokir Situs Jam Tertentu di Mikrotik

Cara memblokir situs facebook terkadang perlu di jam - jam tertentu, terlebih itu yang tak berhubungan dengan pekerjaan di kantor, atau di instansi pemerintah. Dan pada jam di luar kerja, di bebaskan untuk mengakses web yang di inginkan, seperti facebook dan yang lain lainnya.

Untuk itu kita perlu memberikan schedule untuk on/off firewall sesuai dengan jam yang di tentukan, pastinya jam pada router mikrotik harus sesuai dengan jam kantor untuk itu kita bisa menyesuaikannya menggunakan ntp server. Untuk set time di mikrotik lihat disini : set time routerboard mikrotik

Atau bisa set time mikrotik via terminal mikrotik seperti di bawah ini :

/system ntp client set primary-ntp=203.160.128.6 \
secondary-ntp=202.169.224.16 \ mode=unicast enabled=yes;

Buat rule firewall filter, dengan konsep memblokir port 80 (situs)  dalam kasus ini kita sebut saja facebook, sedangkan paket selain itu di perbolehkan, misalnya membuka email.

/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content="facebook" action=drop comment="Blokir Akses Facebook"; 

Buat Script untuk mengaktifkan firewall selama jam tertentu dan mematikannya pada jam tertentu. Disini akan ada 3 bagian script, yakni script enable firewall , script stop firewall , script disable firewall  khusus pada hari tertentu.

Script Enable Firewall :

/system script add name="fb-deny" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disabled=no}

Script Disable Firewall:

/system script add name="fb-allow" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disabled=yes}

Script Disable firewall pada Hari Tertentu misalnya enable firewall di hari kerja dan mendisablenya pada hari libur :

/system script add name="fb-holiday" policy=write,read,policy,test,sniff source={:if ([/system scheduler get [/system scheduler find on-event="fb-deny"] disabled] = true) do [/system scheduler set [/system scheduler find on-event="fb-deny"] disabled=no] else [/system scheduler set [/system scheduler find on-event="fb-deny"] disabled=yes]}

Buat schedule untuk menentukan kapan firewall tersebut akan diaktifkan atau dinon-aktifkan

Script Schedule Enable Firewall pada jam kerja yakni pada jam 08:00 pagi.

/system scheduler add name="fb-08:00" start-date=jan/01/1970 start-time=08:00:00 interval=1d on-event="fb-deny"

Script scedule disable firewall pada jam istirahat 12:00

/system scheduler add name="fb-12:00" start-date=jan/01/1970 start-time=12:00:00 interval=1d on-event="fb-allow"

Script Schedule mengaktifkan kembali firewall pada jam 13:00 setelah selesai jam istirahat.

/system scheduler add name="fb-13:00" start-date=jan/01/1970 start-time=13:00:00 interval=1d on-event="fb-deny"

Script schedule mendisable firewall di luar jam kerja, jam 17:00 sampai seterusnya.

/system scheduler add name="fb-17:00" start-date=jan/01/1970 start-time=17:00:00 interval=1d on-event="fb-allow"
Disable firewall pada hari libur sabtu - minggu. dan pastikan tanggal yang didefinisikan pada parameter "start-date"  scheduler adalah Hari Sabtu. Dan parameter "interval" diberi nilai 7d.

/system scheduler add name="fb-sabtu-minggu" start-date=aug/01/2009 start-time=00:00:00 interval=7d on-event="fb-holiday"
Mengaktifkan kembali firewall pada hari senin : 
/system scheduler add name="fb-senin" start-date=aug/03/2009 start-time=00:00:00 interval=7d on-event="fb-holiday"
source: lulukn.abatasa.com

Check Spammer Dari Mikrotik

Jasa setting mikrotik - Check Spammer Dari Mikrotik - Kesal, pusing, mau marah, dan segala macamnya bercampur aduk. Ketika koneksi internet yang menggunakan jasa telkom speedy terputus-putus. Telpon Layanan Customer Speedy di nomor 147. Salah satu jawabannya yang mengejutkan adalah " adanya serangan spammer dari komputer warnet ". Bagaimana mengetahuinya komputer mana di warnet tersebut yang melakukan spammer, sehingga firewall telkom speedy memberikan laporan bahwa dari ip public si warnet ada spammer. Caranya simpel dan mudah.

Buka Router Mikrotik anda, dan klik terminal lalu ketikkan beberapa perintah di bawah ini :

/ip firewall filter

add chain=forward action=add-src-to-address-list protocol=tcp\
address-list=asal-spammer address-list-timeout=0s dst-port=25 

add chain=forward action=add-src-to-address-list protocol=tcp\
address-list=asal-spammer address-list-timeout=0s dst-port=449 

add chain=forward action=add-src-to-address-list protocol=tcp\ 
address-list=asal-spammer address-list-timeout=0s dst-port=110 

add chain=input action=add-src-to-address-list protocol=tcp\ 
address-list=asal-spammer address-list-timeout=0s dst-port=25 

add chain=output action=add-src-to-address-list protocol=tcp\ 
address-list=spammer address-list-timeout=0s dst-port=25 

Port di atas masih bisa anda tambahi sesuai kebutuhan, berasal dari ip mana saja yang menuju ke port yang anda inginkan, untuk di handle sesuai kebutuhan anda.

Dan untuk melihat hasilny, silahkan klik IP -> FIRWALL ->> ADDRESS LIST
 Nah ip komputer lokal warnet yang melakukan spammer spammer yang di deteksi oleh telkom speedy dapat di lihat di bawah ini

Dan untuk Membloknya, posting selanjutnya akan saya tuliskan, sebenarnya untuk memblokir IP yang bernama spammer pada gambar di atas adalah dengan menambahkan rule baru pada filter rule dan mendrop berdasarkan ip list bernama spammer, bukan ip list bernama asal-spammer, kalau anda mendrop ip yang bernama asal-spammer maka koneksi ke arah ip tersebut akan terblok oleh mikrotik.

Aktifitas seperti ini juga sering, di jadikan tumpangan oleh para  penanam keylogger di warnet untuk mencuri chip zinga poker yang dimiliki oleh user warnet yang main di komputer tersebut.