Sumber : Forum Mikrotik I
NO PROXY SERVER
NO PROXY SERVER
KELUHAN : KALAU DI LIMIT PER IP JIKA SEDANG DOWNLOAD.. AKSES
BROWSINGNYA KALAH
SOLUSI : PISAHKAN AKSES DOWNLOAD LALU BATASI.. DAN AKSES BROWSING
DIBEBASKAN.
CARA 1
Ip firewall mangle
;;; Memisahkan Donw - Brows
add
chain=forward action=mark-connection new-connection-mark=con-down
passthrough=yes protocol=tcp in-interface=Eth1-Wan out-interface=Eth2-Lan
connection-bytes=262146-4294967295
add
chain=forward action=mark-packet new-packet-mark=pak-down passthrough=no
protocol=tcp in-interface=Eth1-Wan out-interface=Eth2-Lan
connection-mark=con-down
Queue Type
name="shape"
kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000
Queue Tree
name="Download"
parent=global-out packet-mark=pak-down limit-at=0 queue=shape priority=8
max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s
CARA2
1. Buat Conn Mark
WINBOX > IP > FIREWALL > MANGLE>
[+] ADD NEW
chain = Prerouting
protocol = TCP(6)
src Port = 21,80 ( umumnya download port 80 dan 21 ( http dan ftp ) )
in interface = ETHER 1
(masuk ke TAB advance)
connection bytes = 262146-4294967295 ( artinya batas file ter kecil yang terfilter 256kb)
(masuk TAB action)
Action = mark connection
New Connection Mark = Download
Passtrough = [V] <- centang
2. Buat Packet Mark
[+] ADD NEW
chain = Prerouting
in interface = ETHER 1
Connection Mark = Download
(masuk TAB action)
Action = mark packet
New Packet Mark = Download
3. Buat Queue Type
WINBOX > QUEUES > QUEUE TYPES
[+] ADD NEW
name = shape
kind = pcq
( pindah tab setting )
rate = 256000 <- kita batasi Download hanya di 256kbps...
limit dan total limit biarin tetep..
clasifier = src. Address [v] <-- centang
4.Buat Queue Tree
WINBOX > QUEUES > QUEUE TREE
[+] ADD NEW
name = Download
parent = global in
packet mark = Download
queue type = shape
max limit = 256000
WINBOX > IP > FIREWALL > MANGLE>
[+] ADD NEW
chain = Prerouting
protocol = TCP(6)
src Port = 21,80 ( umumnya download port 80 dan 21 ( http dan ftp ) )
in interface = ETHER 1
(masuk ke TAB advance)
connection bytes = 262146-4294967295 ( artinya batas file ter kecil yang terfilter 256kb)
(masuk TAB action)
Action = mark connection
New Connection Mark = Download
Passtrough = [V] <- centang
2. Buat Packet Mark
[+] ADD NEW
chain = Prerouting
in interface = ETHER 1
Connection Mark = Download
(masuk TAB action)
Action = mark packet
New Packet Mark = Download
3. Buat Queue Type
WINBOX > QUEUES > QUEUE TYPES
[+] ADD NEW
name = shape
kind = pcq
( pindah tab setting )
rate = 256000 <- kita batasi Download hanya di 256kbps...
limit dan total limit biarin tetep..
clasifier = src. Address [v] <-- centang
4.Buat Queue Tree
WINBOX > QUEUES > QUEUE TREE
[+] ADD NEW
name = Download
parent = global in
packet mark = Download
queue type = shape
max limit = 256000
Note :
-prerouting
adalah mangle dengan parameter berdasar sumber, jadi ketika anda menerapkan
rule saya, mangle tersebut hanya mengenali ip sumber ( src address ) yang masuk
dari interface publik.
-sedangkan
forward itu mangle dengan parameter berdasar sumber dan tujuan. jadi bisa
diterapkan untuk mengenali ip sumber ( src address ) dan tujuan ( dst address )
istilahnya
gampangnya:
-prerouting
itu from who ? <- dari mana = dari sumber
-forward
itu from who forward to who? <- darimana diteruskan kemana = dari sumber
diforward ( diteruskan ) ke tujuan
-postrouting
itu to who? <- kemana = ke tujuan
-global
in bisa digunakan apabila parameter yang akan kita filter adalah segala sesuatu
yang masuk ke mikrotik.
-global
out bisa kita gunakan apabila kita akan memfilter segala sesuatu yang keluar
dari mikrotik
0 comments:
Post a Comment