Saya kembali lagi…
Dengan hasil ngutak-ngatik Mikrotik RB450G, akhirnya dapat juga metode untuk memisahkan jalur untuk akses Poker (FB) dan games Point Blank (PB) supaya gak Cacad dan nge Lag…
Dengan Asumsi ISP ada 2 (Dalam riset ini pake FASNET dan SPEEDY)
Topologi
Internet ==> Router ==> Proxy (CentOS) ==> Hub==> Client
Secara logikal…. ip address dari dari FB dan PB di kumpulkan kedalam suatu list…
kemudian dari acuan List IP yang sudah di buat tadi digunakan untuk pengaturan Routing Jalur ISP mana yang akan digunakan untuk mengakses situs tersebut
Berikut Settingannya
/ip address
add address=192.168.5.2/24 broadcast=192.168.5.255 comment=IP-STAR disabled=\
no interface=ether2-IPSTAR network=192.168.5.0
add address=192.168.42.1/24 broadcast=192.168.42.255 comment=”Dari ^TELKOM^” \
disabled=no interface=ether3-LOCAL network=192.168.42.0
add address=192.168.41.1/24 broadcast=192.168.41.255 comment=Proxy disabled=\
no interface=ether4-AP-WIRELESS network=192.168.41.0
add address=10.8.1.38/30 broadcast=10.8.1.39 comment=”FASTNET” disabled=no \
interface=ether1-CSM network=10.8.1.36
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=3000KiB \
max-udp-packet-size=512 primary-dns=180.131.144.144 secondary-dns=\
180.131.145.145
/ip firewall filter
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=fbcdn.net disabled=no
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=facebook.com disabled=no
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=zynga.com disabled=no
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=playfish.com disabled=no
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=cloudfront.net disabled=no
add action=add-dst-to-address-list address-list=Facebook \
address-list-timeout=0s chain=forward comment=\
“ADD to address-list Facebook” content=gemscool.com disabled=no
/ip firewall mangle
add action=mark-connection chain=prerouting comment=”Pengaturan PB dan FB” \
disabled=no dst-address-list=Facebook new-connection-mark=\
mark-con-indonesia passthrough=yes
add action=mark-connection chain=prerouting comment=\
“Pengaturan Selain PB dan FB” disabled=no dst-address-list=!Facebook \
new-connection-mark=mark-con-internasional passthrough=yes
add action=mark-packet chain=prerouting comment=”Paket PB dan FB” \
connection-mark=mark-con-indonesia disabled=no new-packet-mark=indonesia \
passthrough=yes
add action=mark-routing chain=prerouting comment=\
“Routing PB dan FB ke 3G-CSM” connection-mark=mark-con-indonesia \
disabled=no dst-address-list=Facebook new-routing-mark=jalur1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=”Pakcet Selain PB dan FB” \
connection-mark=mark-con-internasional disabled=no new-packet-mark=\
international passthrough=yes
add action=mark-packet chain=prerouting comment=”Mark Packet HTTP Video” \
disabled=no in-interface=ether1-CSM layer7-protocol=http-video \
new-packet-mark=http-video-up passthrough=yes
add action=mark-connection chain=forward comment=”" disabled=no \
layer7-protocol=http-video new-connection-mark=video-stream passthrough=\
yes
add action=mark-packet chain=forward comment=”" connection-mark=video-stream \
disabled=no in-interface=ether5-LAN layer7-protocol=http-video \
new-packet-mark=http-video-down passthrough=yes
add action=mark-connection chain=prerouting comment=”Pengaturan Port PB” \
disabled=no dst-address-list=Facebook dst-port=40000-40010 \
new-connection-mark=gameport passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=”" disabled=no \
dst-address-list=Facebook dst-port=39100,39110,39220,39190,49100 \
new-connection-mark=gameport passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=”Pakcet Game” \
connection-mark=gameport disabled=no new-packet-mark=game passthrough=yes
add action=mark-routing chain=prerouting comment=”Routing PB Port ke 3G-CSM” \
connection-mark=gameport disabled=no dst-address-list=Facebook \
new-routing-mark=jalur1 passthrough=yes
add action=mark-connection chain=prerouting comment=\
“Pengaturan dropped Virus Conficker” disabled=no dst-port=445 \
new-connection-mark=conn-conficker passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=445-TCP disabled=no \
dst-port=445 new-connection-mark=conn-conficker passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment=135,137,138,139-TCP \
disabled=no dst-port=135,137,138,139 new-connection-mark=conn-conficker \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=135,137,138,139-UDP \
disabled=no dst-port=135,137,138,139 new-connection-mark=conn-conficker \
passthrough=yes protocol=udp
add action=mark-routing chain=prerouting comment=\
“Routing selain PB dan FB ke IPSTAR” connection-mark=\
mark-con-internasional disabled=no dst-address-list=!Facebook \
new-routing-mark=main passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=”" disabled=no out-interface=\
ether1-CSM
add action=masquerade chain=srcnat comment=”" disabled=no out-interface=\
ether2-IPSTAR
/ip route
add comment=”" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.5.100 routing-mark=main scope=30 target-scope=10
add comment=”" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.8.1.37 \
routing-mark=jalur1 scope=30 target-scope=10
/queue interface
set ether1-CSM queue=ethernet-default
set ether2-IPSTAR queue=ethernet-default
set ether3-LOCAL queue=ethernet-default
set ether4-AP-WIRELESS queue=ethernet-default
set ether5-LAN queue=ethernet-default
Tidak ada keluhan dari Para Pelanggan Warnet untuk masalah Cacad dan “ngelag” lagi…. (Wakakakak)
Karena 1 jalur ISP dengan BW 1 mbps digunakan Khusus untuk mengases FB dan PB
-
Tidak ada komentar:
Posting Komentar