##################>###

#############f###2##########2##########m2##n2##o2##p2##q2##r2##s2##t2##u2##v2
##w2##x2##y2##z2##{2##|
2##}2##~2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##
2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2#
#2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2
##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##2##
2##2##2##2## #5@
#######################bjbj22################## ####X##X###F
############################################################################
########################################################.######0######0######0#
#####0##<###03##l###.######F#####8#####*T######*T######*T######T######=X###
##Y##\####Z##0#########################################$#####R###H
###################################IZ######################W##^###=X######IZ###
###IZ####################################*T##############T############u#######
u#######u#######IZ##l##########*T##############T####################u##########
#############################################IZ############u#######u##########~#
##e##8############################################################################
k######*T#####8##

#####?
#3#########0######+##:##h#############Q########0###F######j##X##
##
#
#######
######
###
####k##################t###"##>

###########################################k##
#
#
###
#####################
#~##t###################u#######################################################IZ
######IZ######IZ##################.######.##?##pn############k###
###.######.######pn##############################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###T#u#t#o#r#i#a#l# #S#t#e#p# #b#y# #s#t#e#p# #s#e#t#t#i#n#g# #m#i#k#r#o#t#i#k##
#M#i#k#r#o#T#i#k# #R#o#u#t#e#r#O#S#"! #a#d#a#l#a#h# #s#i#s#t#e#m# #o#p#e#r#a#s#i#
#l#i#n#u#x# #y#a#n#g# #d#a#p#a#t# #d#i#g#u#n#a#k#a#n# #u#n#t#u#k#
#m#e#n#j#a#d#i#k#a#n# #k#o#m#p#u#t#e#r# #m#e#n#j#a#d#i# #r#o#u#t#e#r#
#n#e#t#w#o#r#k# #y#a#n#g# #h#a#n#d#a#l#,# #m#e#n#c#a#k#u#p# #b#e#r#b#a#g#a#i#
#f#i#t#u#r# #y#a#n#g# #d#i#b#u#a#t# #u#n#t#u#k# #i#p# #n#e#t#w#o#r#k# #d#a#n#
#j#a#r#i#n#g#a#n# #w#i#r#e#l#e#s#s#,# #c#o#c#o#k# #d#i#g#u#nakan oleh ISP dan
provider hostspot. ##Ada pun fitur2 nya sbb: ##* Firewall and NAT - stateful packet
filtering; Peer-to-Peer protocol filtering; source and destination NAT;
classification by source MAC, IP addresses (networks or a list of networks) and
address types, port range, IP protocols, protocol options (ICMP type, TCP flags and
MSS), interfaces, internal packet and connection marks, ToS (DSCP) byte, content,
matching sequence/frequency, packet size, time and more... ##* Routing - Static
routing; Equal cost multi-path routing; Policy based routing (classification done
in firewall); RIP v1 / v2, OSPF v2, BGP v4 ##* Data Rate Management - Hierarchical
HTB QoS system with bursts; per IP / protocol / subnet / port / firewall mark; PCQ,
RED, SFQ, FIFO queue; CIR, MIR, contention ratios, dynamic client rate equalizing
(PCQ), bursts, Peer-to-Peer protocol limitation ##* HotSpot - HotSpot Gateway with
RADIUS authentication and accounting; true Plug-and-Play access for network users;
data rate limitation; differentiated firewall; traffic quota; real-time status
information; walled-garden; customized HTML login pages; iPass support; SSL secure
authentication; advertisement support ##* Point-to-Point tunneling protocols PPTP, PPPoE and L2TP Access Concentrators and clients; PAP, CHAP, MSCHAPv1 and
MSCHAPv2 authentication protocols; RADIUS authentication and accounting; MPPE
encryption; compression for PPPoE; data rate limitation; differentiated firewall;
PPPoE dial on demand ##* Simple tunnels - IPIP tunnels, EoIP (Ethernet over IP) ##*
IPsec - IP security AH and ESP protocols; MODP Diffie-Hellman groups 1,2,5; MD5 and
SHA1 hashing algorithms; DES, 3DES, AES-128, AES-192, AES-256 encryption
algorithms; Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5 ##* Proxy - FTP and
HTTP caching proxy server; HTTPS proxy; transparent DNS and HTTP proxying; SOCKS
protocol support; DNS static entries; support for caching on a separate drive;
access control lists; caching lists; parent proxy support ##* DHCP - DHCP server
per interface; DHCP relay; DHCP client; multiple DHCP networks; static and dynamic
DHCP leases; RADIUS support ##* VRRP - VRRP protocol for high availability ##* UPnP
- Universal Plug-and-Play support ##* NTP - Network Time Protocol server and
client; synchronization with #GPS system ##* Monitoring/Accounting - IP traffic
accounting, firewall actions logging, statistics graphs accessible via HTTP ##*
SNMP - read-only access ##* M3P - MikroTik Packet Packer Protocol for Wireless
links and Ethernet ##* MNDP - MikroTik Neighbor Discovery Protocol; also supports
Cisco Discovery Protocol (CDP) ##* Tools - ping; traceroute; bandwidth test; ping
flood; telnet; SSH; packet sniffer; Dynamic DNS update tool ##Layer 2 connectivity
##* Wireless - IEEE802.11a/b/g wireless client and access point (AP) modes; Nstreme
and Nstreme2 proprietary protocols; Wireless Distribution System (WDS) support;
virtual AP; 40 and 104 bit WEP; WPA pre-shared key authentication; access control
list; authentication with RADIUS server; roaming (for wireless client); AP bridging
##* Bridge - spanning tree protocol; multiple bridge interfaces; bridge

firewalling, MAC ##* VLAN - IEEE802.1q Virtual LAN support on Ethernet and wireless
links; multiple VLANs; VLAN bridging ##* Synchronous - V.35, V.24, E1/T1, X.21, DS3
(T3) media types; sync-PPP, Cisco HDLC, Frame Relay line protocols; ANSI-617d (ANDI
or annex D) and Q933a (CCITT or annex A) Frame Relay LMI types ##* Asynchronous s*r*al PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication
protocols; RADIUS authentication and accounting; onboard s*r*al ports; modem pool
with up to 128 ports; dial on demand ##* ISDN - ISDN dial-in / dial-out; PAP, CHAP,
MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and
accounting; 128K bundle support; Cisco HDLC, x75i, x75ui, x75bui line protocols;
dial on demand ##* SDSL - Single-line DSL support; line termination and network
termination modes ###Instalasi dapat dilakukan pada Standard computer PC. #PC yang
akan dijadikan router mikrotikpun tidak memerlukan resource #yang cukup besar untuk
penggunaan standard, misalnya hanya sebagai gateway. #berikut spec minimal nya :
##* CPU and motherboard - bisa pake P1 ampe P4, AMD, cyrix asal yang bukan multiprosesor ##* RAM - minimum 32 MiB, maximum 1 GiB; 64 MiB atau lebih sangat
dianjurkan, kalau mau sekalian dibuat proxy , dianjurkan 1GB... perbandingannya,
15MB di memori ada 1GB di proxy.. ##* HDD minimal 128MB parallel ATA atau Compact
Flash, tidak dianjurkan menggunakan UFD, SCSI, apa lagi S-ATA ##*NIC 10/100 atau
100/1000 ###Untuk keperluan beban yang besar ( network yang kompleks, routing yang
rumit dll) disarankan untuk mempertimbangkan pemilihan resource PC yang memadai.
##Lebih lengkap bisa dilihat di # HYPERLINK "http://www.mikrotik.com./" \n
_blank##www.mikrotik.com.# ##Meskipun demikian Mikrotik bukanlah free software,
artinya kita harus membeli licensi terhadap segala fasiltas yang disediakan. Free
trial hanya untuk 24 jam saja. ##Kita bisa membeli software mikrotik dalam bentuk
CD yang diinstall pada Hard disk atau disk on module (DOM). Jika kita membeli DOM
tidak perlu install tetapi tinggal menancapkan DOM pada slot IDE PC kita.
##Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang dikonfigurasikan
untuk jaringan sederhana sebagai gateway server. ##1. Langkah pertama adalah
install Mikrotik RouterOS pada PC atau pasang DOM. ##2. Login Pada Mikrotik Routers
melalui console : #MikroTik v2.9.7 #Login: admin <enter> #Password: (kosongkan)
<enter> ##Sampai langkah ini kita sudah bisa masuk pada mesin Mikrotik. User
default adalah admin #dan tanpa password, tinggal ketik admin kemudian tekan tombol
enter. ##3. Untuk keamanan ganti password default #[admin@Mikrotik] > password #old
password: ***** #new password: ***** #retype new password: ***** #[admin@
Mikrotik]] > ##4. Mengganti nama Mikrotik Router, pada langkah ini nama server akan
diganti menjadi Andre-Network (nama ini sih bebas2 aja mo diganti)
#[admin@Mikrotik] > system identity set name=Andre-Network #[admin@Andre-Network] >
##5. Melihat interface pada Mikrotik Router #[admin@Andre-Network] > interface
print #Flags: X - disabled, D - dynamic, R - running ## NAME TYPE RX-RATE TX-RATE
MTU #0 R ether1 ether 0 0 1500 #1 R ether2 ether 0 0 1500 #[admin@Andre-Network] >
##6. Memberikan IP address pada interface Mikrotik. Misalkan ether1 akan kita
gunakan untuk koneksi ke Internet dengan IP 192.168.0.1 dan ether2 akan kita
gunakan untuk network local kita dengan IP 172.16.0.1 ##[admin@Andre-Network] > ip
address add address=192.168.0.1 #netmask=255.255.255.0 interface=ether1
#[admin@Andre-Network] > ip address add address=172.16.0.1 #netmask=255.255.255.0
interface=ether2 ##7. Melihat konfigurasi IP address yang sudah kita berikan
#[admin@Andre-Network] >ip address print #Flags: X - disabled, I - invalid, D dynamic ## ADDRESS NETWORK BROADCAST INTERFACE #0 192.168.0.1/24 192.168.0.0
192.168.0.63 ether1 #1 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2 #[admin@AndreNetwork] > ##8. Memberikan default Gateway, diasumsikan gateway untuk koneksi
internet adalah 192.168.0.254 #[admin@Andre-Network] > /ip route add
gateway=192.168.0.254 ##9. Melihat Tabel routing pada Mikrotik Routers
#[admin@Andre-Network] > ip route print #Flags: X - disabled, A - active, D dynamic, #C - connect, S - static, r - rip, b - bgp, o - ospf ## DST-ADDRESS
PREFSRC G GATEWAY DISTANCE INTERFACE #0 ADC 172.16.0.0/24 172.16.0.1 ether2 #1 ADC
192.168.0.0/26 192.168.0.1 ether1 #2 A S 0.0.0.0/0 r 192.168.0.254 ether1
#[admin@Andre-Network] > ##10. Tes Ping ke Gateway untuk memastikan konfigurasi
sudah benar #[admin@Andre-Network] > ping 192.168.0.254 #192.168.0.254 64 byte
ping: ttl=64 time<1 ms #192.168.0.254 64 byte ping: ttl=64 time<1 ms #2 packets

transmitted, 2 packets received, 0% packet loss #round-trip min/avg/max = 0/0.0/0

ms #[admin@Andre-Network] > ##11. Setup DNS pada Mikrotik Routers #[admin@AndreNetwork] > ip dns set primary-dns=192.168.0.10 allow-remoterequests=no
#[admin@Andre-Network] > ip dns set secondary-dns=192.168.0.11 allowremoterequests=no ##12. Melihat konfigurasi DNS #[admin@Andre-Network] > ip dns
print #primary-dns: 192.168.0.10 #secondary-dns: 192.168.0.11 #allow-remoterequests: no #cache-size: 2048KiB #cache-max-ttl: 1w #cache-used: 16KiB
#[admin@Andre-Network] > ##13. Tes untuk akses domain, misalnya dengan ping nama
domain #[admin@Andre-Network] > ping yahoo.com #216.109.112.135 64 byte
ping: ttl=48 time=250 ms #10 packets transmitted, 10 packets received, 0% packet
loss #round-trip min/avg/max = 571/571.0/571 ms #[admin@Andre-Network] > ##Jika
sudah berhasil reply berarti seting DNS sudah benar. ##14. Setup Masquerading, Jika
Mikrotik akan kita pergunakan sebagai gateway server maka agar client computer pada
network dapat terkoneksi ke internet perlu kita masquerading. #[admin@AndreNetwork]> ip firewall nat add action=masquerade outinterface= #ether1 chain:srcnat
#[admin@Andre-Network] > ##15. Melihat konfigurasi Masquerading #[admin@AndreNetwork]ip firewall nat print #Flags: X - disabled, I - invalid, D - dynamic #0
chain=srcnat out-interface=ether1 action=masquerade #[admin@Andre-Network] >
##Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local.
Dan jika berhasil berarti kita sudah berhasil melakukan instalasi Mikrotik Router
sebagai Gateway server. Setelah terkoneksi dengan jaringan Mikrotik dapat dimanage
menggunakan WinBox #yang bisa di download dari Mikrotik.com atau dari server
mikrotik kita. ##Misal Ip address server #mikrotik kita 192.168.0.1, via browser
buka # HYPERLINK "http://192.168.0.1/" \n _blank##http://192.168.0.1# dan download
WinBox dari situ. #Jika kita menginginkan client mendapatkan IP address secara
otomatis maka perlu kita setup dhcp server pada Mikrotik. Berikut langkahlangkahnya : ##1.Buat IP address pool #/ip pool add name=dhcp-pool
ranges=172.16.0.10-172.16.0.20 ##2. Tambahkan DHCP Network dan gatewaynya yang akan
didistribusikan ke client Pada contoh ini networknya adalah 172.16.0.0/24 dan
gatewaynya 172.16.0.1 #/ip dhcp-server network add address=172.16.0.0/24
gateway=172.16.0.1 ##3. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan
pada interface ether2 ) #/ip dhcp-server add interface=ether2 address-pool=dhcppool ##4. Lihat status DHCP server #[admin@Andre-Network]> ip dhcp-server print
#Flags: X - disabled, I - invalid ## NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME
ADD-ARP #0 X dhcp1 ether2 #Tanda X menyatakan bahwa DHCP server belum enable maka
perlu dienablekan terlebih dahulu pada langkah 5. ##5. Jangan Lupa dibuat enable
dulu dhcp servernya #/ip dhcp-server enable 0 ##kemudian cek kembali dhcp-server
seperti langkah 4, jika tanda X sudah tidak ada berarti sudah aktif. ##6. Tes Dari
client #c:\>ping # HYPERLINK "http://www.yahoo.com/" \n _blank##www.yahoo.com#
##untuk bandwith controller, bisa dengan sistem simple queue ataupun bisa dengan
mangle #[admin@Andre-Network] queue simple> add name=Komputer01 #interface=ether2
target-address=172.16.0.1/24 max-limit=65536/131072 #[admin@Andre-Network] queue
simple> add name=Komputer02 #interface=ether2 target-address=172.16.0.2/24 maxlimit=65536/131072 #dan seterusnya... ##lengkap nya ada disini ## HYPERLINK
"http://www.mikrotik.com/docs/ros/2.9/root/queue" \n
_blank##http://www.mikrotik.com/docs/ros/2.9/root/queue# ## HYPERLINK
"http://linux-ip.net/articles/Traffic.../overview.html" \n _blank##http://linuxip.net/articles/Traffic.../overview.html# ## HYPERLINK
"http://luxik.cdi.cz/~devik/qos/htb/" \n
_blank##http://luxik.cdi.cz/~devik/qos/htb/# ## HYPERLINK
"http://www.docum.org/docum.org/docs/" \n
_blank##http://www.docum.org/docum.org/docs/#2 ISP IN 1 ROUTER WITH LOADBALANCING#/
ip address#add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255
interface=Local comment="" \#disabled=no#add address=10.111.0.2/24
network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \#comment=""
disabled=no#add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255
interface=wlan1 \#comment="" disabled=no#/ ip firewall mangle#add chain=prerouting
in-interface=Local connection-state=new nth=1,1,0 \#action=mark-connection newconnection-mark=odd passthrough=yes comment="" \#disabled=no#add chain=prerouting

in-interface=Local connection-mark=odd action=mark-routing \#new-routing-mark=odd

passthrough=no comment="" disabled=no#add chain=prerouting in-interface=Local
connection-state=new nth=1,1,1 \#action=mark-connection new-connection-mark=even
passthrough=yes comment="" \#disabled=no#add chain=prerouting in-interface=Local
connection-mark=even action=mark-routing \#new-routing-mark=even passthrough=no
comment="" disabled=no#/ ip firewall nat#add chain=srcnat connection-mark=odd
action=src-nat to-addresses=10.111.0.2 \#to-ports=0-65535 comment=""
disabled=no#add chain=srcnat connection-mark=even action=src-nat toaddresses=10.112.0.2 \#to-ports=0-65535 comment="" disabled=no#/ ip route#add dstaddress=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
\#comment="" disabled=no#add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255
target-scope=10 routing-mark=even \#comment="" disabled=no#add dstaddress=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment=""
\#disabled=no##Mangle#/ ip address#add address=192.168.0.1/24 network=192.168.0.0
broadcast=192.168.0.255 interface=Local comment="" \#disabled=no#add
address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
\#comment="" disabled=no#add address=10.112.0.2/24 network=10.112.0.0
broadcast=10.112.0.255 interface=wlan1 \#comment="" disabled=no##router punya 2
upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24.#dan
interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.###/ ip
firewall mangle#add chain=prerouting in-interface=Local connection-state=new
nth=1,1,0 \#action=mark-connection new-connection-mark=odd passthrough=yes
comment="" \#disabled=no#add chain=prerouting in-interface=Local connectionmark=odd action=mark-routing \#new-routing-mark=odd passthrough=no comment=""
disabled=no#add chain=prerouting in-interface=Local connection-state=new
nth=1,1,1 \#action=mark-connection new-connection-mark=even passthrough=yes
comment="" \#disabled=no#add chain=prerouting in-interface=Local connectionmark=even action=mark-routing \#new-routing-mark=even passthrough=no comment=""
disabled=no##NAT#/ ip firewall nat#add chain=srcnat connection-mark=odd action=srcnat to-addresses=10.111.0.2 \#to-ports=0-65535 comment="" disabled=no#add
chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \#toports=0-65535 comment="" disabled=no##Routing#/ ip route#add dst-address=0.0.0.0/0
gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \#comment=""
disabled=no#add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
routing-mark=even \#comment="" disabled=no#add dst-address=0.0.0.0/0
gateway=10.112.0.1 scope=255 target-scope=10 comment="" \#disabled=no
comment="gateway for the router itself1. instal pake cd mikrotika. boot dg cd
mikrotikb. setelah bisa boot pake iso linux, pilih beberapa paket yang dibutuhkan.
(kalo bingung centang aja semua)c ikuti aja langkahnya tekan (Yes) (Yes)setelah
restart, login : admin pass : (kosong)trus copy paste aja tulisan berikut ;
DASAR_______________#system identity set name=warnet.beenet#user set admin
password=sukasukaluethernet____________________#interface ethernet enable
ether1#interface ethernet enable ether2#interface Ethernet set ether1
name=intranet#interface Ethernet set ether2 name=internetIP
ADDRESS_______________#ip address add interface=internet address=XXXXX (dari
ISP)#ip address add interface=intranet address=192.168.0.1/24
route_______________#ip route add gateway=XXXXX (dari ISP)dns___________#ip dns set
primary-dns=XXXXX (dari ISP) 2 secondary-dns=XXXXX (dari ISP)nat & filter firewall
standar_______________#ip firewall nat add action=masquerade chain=srcnat#ip
firewall filter add chain=input connection-state=invalid action=drop#ip firewall
filter add chain=input protocol=udp action=accept#ip firewall filter add
chain=input protocol=icmp action=accept#ip firewall filter add chain=input ininterface=intranet action=accept#ip firewall filter add chain=input ininterface=internet action=acceptdhcp
server______________________________________#ip dhcp-server setup#dhcp server
interface: intranet#dhcp address space: 192.168.0.0/24#gateway for dhcp network:
192.168.0.1#addresses to give out: 192.168.0.2-192.168.0.254#dns servers: XXXXX
(dari ISP),XXXXX (dari ISP)#lease time: 3dweb proxy_________________________#ip
web-proxy#set enabled=yes#set src-address=0.0.0.0#set port=8080#set

hostname=proxy-apaaja#set transparent-proxy=yes#set parent-proxy=0.0.0.0:0#set

cache-administrator=silahkan.pannggil.operator#set max-object-size=4096KiB#set
cache-drive=system#set max-cache-size=unlimited#set max-ram-cache-size=unlimited
bikinredirect port ke transparant proxy__________________________#/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080#/ip
firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect toports=8080#/ip firewall nat add chain=dstnat protocol=tcp dst-port=8080
action=redirect to-ports=8080PCQ ________________________#/ip firewall mangle add
chain=forward src-address=192.168.169.0/28 action=mark-connection new-connectionmark=client1-cm#/ip firewall mangle add connection-mark=client1-cm action=markpacket new-packet-mark=client1-pm chain=forward#/queue type add name=downsteam-pcq
kind=pcq pcq-classifier=dst-address#/queue type add name=upstream-pcq kind=pcq pcqclassifier=src-address#/queue tree add parent=intranet queue=downsteam-pcq packetmark=client1-pm#/queue tree add parent=internet queue=upstream-pcq packetmark=client1-pmsimpel queue______________________________#queue simple add
name=kbu-01 target-addresses=192.168.0.11#queue simple add name=kbu-02 targetaddresses=192.168.0.12#queue simple add name=kbu-03 targetaddresses=192.168.0.13#queue simple add name=kbu-04 targetaddresses=192.168.0.14#queue simple add name=kbu-05 targetaddresses=192.168.0.15#queue simple add name=kbu-06 targetaddresses=192.168.0.16#queue simple add name=kbu-07 targetaddresses=192.168.0.17#queue
simple add name=kbu-08 target-addresses=192.168.0.18#queue simple add name=kbu-09
target-addresses=192.168.0.19#queue simple add name=kbu-10 targetaddresses=192.168.0.20#queue simple add name=xbilling target-addresses=192.168.0.2
BLOX SPAM____________________________#/ip firewall filter add chain=forward dstport=135-139 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=135-139 protocol=udp action=drop#/ip firewall filter add chain=forward dstport=445 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=445 protocol=udp action=drop#/ip firewall filter add chain=forward dstport=593 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=4444 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=5554 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=9996 protocol=tcp action=drop#/ip firewall filter add chain=forward dstport=995-999 protocol=udp action=drop#/ip firewall filter add chain=forward dstport=53 protocol=tcp action=drop#/ip firewall filter add chain=forward dst-port=55
protocol=tcp action=drop# HYPERLINK "http://forum.mikrotik.com/viewtopic.php?
f=2&t=16586&start=0&hilit=ddos"##the best anti-ddos rule#/ip firewall filter#add
action=add-src-to-address-list address-list=black_list \#address-list-timeout=1d
chain=input comment="Add ddos to adress list" \#connection-limit=10,32 disabled=no
protocol=tcp#add action=log chain=input comment="Log ddos" connection-limit=3,32
disabled=\#no log-prefix="FILTER, DDOS DROPPED:" protocol=tcp src-addresslist=\#black_list#add action=tarpit chain=input comment="Tarpit ddos" connectionlimit=3,32 \#disabled=no protocol=tcp src-addresslist=black_list##[toor@extreme] /ip firewall connection tracking> export##
mar/13/2009 17:42:47 by RouterOS 3.20## software id = 4H1M-LTT###/ip firewall
connection tracking#set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-closetimeout=10s \#tcp-close-wait-timeout=10s tcp-established-timeout=1d \#tcp-fin-waittimeout=10s tcp-last-ack-timeout=10s \#tcp-syn-received-timeout=5s tcp-syn-senttimeout=5s tcp-syncookie=yes \#tcp-time-wait-timeout=10s udp-stream-timeout=3m udptimeout=10s#[toor@extreme] /ip firewall connection tracking>chain=forward
protocol=tcp#tcp-flags=syn,!fin,!rst,!psh,!ack,!urg,!ece,!cwr connectionlimit=20,32#limit=25,10 src-address-list=!Safe-List action=add-src-to-addresslist#address-list=tcp-syn-violators address-list-timeout=3hAnti DDoS di Mikrotik
Memang mencegah adalah lebih baik dari pada tidak sama sekali. begitu juga dengan
dijaringan asal-asalan di tempat saya mencari makan , dengan bandwith yang sangat
terbatas adalah sasaran empuk bagi para penjahat dan orang yang suka isegin di
dunia cyber, bandwith yang saadanya ini jika di serang dengan DDos (bagi yang tidak
mengerti DDos cari aja sendiri digoogle ya.. ). Apalagi yang nyerang mempunyai

bandwith yang melimpah bisa dikatan jaringan di tempat saya ini akan mati total.
Makanya kalau kamu tidak mempunyai bandwith sebesar punya mbah google, trus tibatiba akses internet kamu jadi lelet, lemot ping ke dns time out jangan langsung
salahkan ISP dimana kamu berlangganan, silahkan di chek dulu di jaringan lokal kamu
!!!!!, ehmTips cara mencegah bagaimana menghindari serangan DDos attach, di pasang
di Mikrotik router. biarpun tidak menjamin 100% tapi mencegah adalah jalan terbaik
dari pada tidak sama sekalikopi paste script dibawah ini:ip firewall filter add
chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list addresslist=DDOS address-list-timeout=15s comment=" disabled=no#ip firewall filter add
chain=input protocol=tcp dst-port=7331 src-address-list=knock action= add-src-toaddress-list address-list=DDOS address-list-timeout=15m comment=" disabled=noip
firewall filter add chain=input connection-state=established action=accept
comment=accept established connection packets disabled=no#ip firewall filter add
chain=input connection-state=related action=accept comment=accept related
connection packets disabled=no#ip firewall filter add chain=input connectionstate=invalid action=drop comment=drop Paket Invalid disabled=noip firewall
filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=Mendetek
serangan Port Scaner disabled=no#ip firewall filter add chain=input protocol=tcp
connection-limit=3,32 src-address-list=black_list action=tarpit comment=Bikin
kejutan ke ip penyerang disabled=no#ip firewall filter add chain=input
protocol=tcp connection-limit=10,32 action=add-src-to-address-list addresslist=black_list address-list-timeout=1d comment=Masukin ke karung Ip penyerang
disabled=noip firewall filter add chain=input protocol=icmp action=jump jumptarget=ICMP comment=jump chain ICMP disabled=no#ip firewall filter add
chain=input action=jump jump-target=services comment=jump chain service
disabled=noip firewall filter add chain=input dst-address-type=broadcast
action=accept comment=Allow Broadcast Traffic disabled=noip firewall filter add
chain=input action=log log-prefix=Filter: comment=Catat kegiatan penyerang
disabled=noip firewall filter add chain=input src-address=Subnet WAN action=accept
comment=List Ip yang boleh akses ke router#ip firewall filter add chain=input
src-address=Subnet Lan action=accept#ip firewall
f##################################################################################
###################################################################################
###################################################################################
########i#l#t#e#r# #a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#S#u#b#n#e#t# #D#M#Z# #a#c#t#i#o#n#=#a#c#c#e#p#t###i#p#
#f#i#r#e#w#a#l#l# #f#i#l#t#e#r# #a#d#d# #c#h#a#i#n#=#i#n#p#u#t#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## B#l#o#k# #S#e#m#u#a# #y#a#n#g#
#a#n#e#h#2#3 #d#i#s#a#b#l#e#d#=#n#o##i#p# #f#i#r#e#w#a#l#l# #f#i#l#t#e#r# #a#d#d#
#c#h#a#i#n#=#I#C#M#P# #p#r#o#t#o#c#o#l#=#i#c#m#p# #i#c#m#p##o#p#t#i#o#n#s#=#0#:#0#-#2#5#5# #l#i#m#i#t#=#5#,#5# #a#c#t#i#o#n#=#a#c#c#e#p#t#
#c#o#m#m#e#n#t#=## 0#:#0# #dan limit utk 5pac/s disabled=no#ip firewall filter add
chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=3:3 dan
limit utk 5pac/s disabled=no#ip firewall filter add chain=ICMP protocol=icmp icmpoptions=3:4 limit=5,5 action=accept comment=3:4 dan limit for 5pac/s
disabled=no#ip firewall filter add chain=ICMP protocol=icmp icmp-options=8:0-255
limit=5,5 action=accept comment=8:0 and limit utk 5pac/s disabled=no#ip firewall
filter add chain=ICMP protocol=icmp icmp-options=11:0-2#5#5# #l#i#m#i#t#=#5#,#5#
#a#c#t#i#o#n#=#a#c#c#e#p#t# #c#o#m#m#e#n#t#=## 1#1#:#0# #a#n#d# #l#i#m#i#t# #u#t#k#
#5#p#a#c#/#s## #d#i#s#a#b#l#e#d#=#n#o###i#p# #f#i#r#e#w#a#l#l# #f#i#l#t#e#r#
#a#d#d# #c#h#a#i#n#=#I#C#M#P# #p#r#o#t#o#c#o#l#=#i#c#m#p# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## B#l#o#k# #s#e#m#u#a# #y#a#n#g# #a#n#e#h#2#3
#d#i#s#a#b#l#e#d#=#n#o##i#p# #f#i#r#e#w#a#l#l# #f#i#l#t#e#r# #a#d#d#
#c#h#a#i#n#=#f#o#r#w#a#r#d# #p#r#o#t#o#c#o#l#=#i#c#m#p# #c#o#m#m#e#n#t#=##
P#e#r#b#o#l#e#h#k#a#n# #p#i#n#g##ip firewall filter add chain=forward protocol=udp
comment=Perbolehkan ke udp#ip firewall filter add chain=forward srcaddress=Subnet WAN action=accept comment=Akses hanya dari ip terdaftar#ip
firewall filter add chain=forward src-address=Subnet LAN
###################################################################################

###################################################################################
###################################################################################
#######a#c#t#i#o#n#=#a#c#c#e#p#t###i#p# #f#i#r#e#w#a#l#l# #f#i#l#t#e#r# #a#d#d#
#c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c#-#a#d#d#r#e#s#s#=#S#u#b#n#e#t# #D#M#Z#
#a#c#t#i#o#n#=#a#c#c#e#p#t###i#p# #f#i#r#e#w#a#l#l# #f#i#l#t#e#r# #a#d#d#
#c#h#a#i#n#=#f#o#r#w#a#r#d# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## b#l#o#k#
#s#e#m#u#a# #y#a#n#g# #a#n#e#h#2#3 #S#e#m#o#g#a# #b#e#r#m#a#n#f#a#a#t#,# #j#i#k#a#
#a#n#d#a# #m#e#n#g#a#l#a#m#i# #h#a#l# #s#e#p#e#r#t#i# #s#a#y#a# #d#i#a#t#a#s#
#j#a#n#g#a#n# #l#a#n#g#s#u#n#g# #s#a#l#a#h#k#a#n# ISP tempat anda berlangganan ..
1. bersihin dulu isi route nya , dari winbox pilih ip route, trus di delete deh tuh
gateway/route disitu, semuanya2. bersihin juga manglenya, caranya ip firewal mangle
print, kalo dari winbox pilih ip > firewall >mangle, abis itu delete2 semuanya tuh
3. bersihin juga nat nya, dari winbox, ip > firewall > nat , trus delete tuh isinya
4. selanjutnya ikutin langkah2 berikut ini ya slow down aja jangan sampe salah
ketik, sebaiknya pake tab biar auto completing #penjelasan singkatada 3 interface
1.lokal=192.168.100.254/24#2.isp=202.182.54.74/30#3.fastnet=118.137.79.0/24 (nah
nilai ini yang selalu di ubah2, hanya yg ini, yg lain kaga usah, ubahnya pake
winbox aja)/ip address (enter)#add address=192.168.100.254/24 interface=lokal
comment=ip trafik lan disabled=no#add address=202.182.54.74/30 interface=isp
comment=ip trafik indonesia disabled=no#add address=118.137.79.0/24
interface=fastnet comment=ip trafik luar disabled=no/ip firewall (enter)#add
chain=src-nat src-address=192.168.100.0/24 action=masquerade/ip firewall mangle
(enter)#add action=mark-connection chain=prerouting comment=" connection-state=new
\#disabled=no in-interface=Lokal new-connection-mark=fastnet \#dst-address-list=!
nice passthrough=yesadd action=mark-routing chain=prerouting comment=" connectionmark=fastnet \#disabled=no in-interface=Lokal new-routing-mark=fastnet
passthrough=no \#dst-address-list=!niceadd action=mark-connection chain=prerouting
comment=" connection-state=new \#disabled=no in-interface=Lokal new-connectionmark=isp \#passthrough=yesadd action=mark-routing chain=prerouting comment="
connection-mark=isp \#disabled=no in-interface=Lokal new-routing-mark=isp
passthrough=no/ip
route (enter)#add dst-address=0.0.0.0/0 gateway=118.137.79.1 scope=255 targetscope=10 comment=gateway traffic internasional disabled=no#add dstaddress=0.0.0.0/0 gateway=202.182.54.73 scope=255 target-scope=10 comment=gateway
traffic IIX mark=nice2 disabled=nountuk simple queue nya ga usah diapa2in ya..awas
loh..jangan lupa nyobainnya ntar malam aja, sambil ngopi n ngudut djarum super ya#
HYPERLINK "http://pangeranbalang.wordpress.com/2008/05/16/memisahkan-bandwithlokal-dan-internasional/"##Memisahkan bandwith lokal dan internasional menggunakan
Mikrotik#Mei 16, 2008Versi 3Perubahan dari versi sebelumnyaProses mangle
berdasarkan address-listPemisahan traffic Indonesia dan overseas lebih akurat
Berikut adalah skenario jaringan dengan Mikrotik sebagai router#Gambar 1. skenario
jaringanPenjelasan :Mikrotik router dengan 2 network interface card (NIC) ether1
dan ether3, dimana ether1 adalah ethernet yang terhubung langsugn ke ISP dan ether3
adalah ethernet yang terhubung langsung dengan jaringan 192.168.2.0/24Bandwith dari
ISP misalnya 256 Kbps internasional dan 1024 Kbps lokal IIX.Kompuer 192.168.2.4
akan diberi alokasi bandwith 128 Kbps internasional dan 256 Kbps lokal IIX.
Pengaturan IP address listMulai Mikrotik RouterOs versi 2.9, dikenal dengan vitur
yang disebut IP address list. Fitur ini adalah pengelompokan IP address tertentu
dan setiap IP address tersebut bisa kita namai. Kelompok ini bisa digunakan sebagai
parameter dalam mangle, firewall filter, NAT, maupun queue.Mikrotik Indonesia telah
menyediakan daftar IP address yang diavertise di OpenIXP dan IIX, yang bisa
didownload dengan bebas di URL : # HYPERLINK
"http://ixp.mikrotik.co.id/download/nice.rsc"##http://www.mikrotik.co.id/getfile.ph
p?nf=nice.rsc#File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia
setiap pagi sekitar pukul 05.30, dan meruapakan data yang telah dioptimasi untuk
menghilangkan duplikat entry dan tumpang tindih subnet. Saat ini jumlah pada baris
pada script tersebut berkisar 430 baris.Contoh# Script created by: Valens Riyadi @
www.mikrotik.co.id# Generated at 26 April 2007 05:30:02 WIB ... 431 lines/ip
firewall address-listadd list=nice address="1.2.3.4"rem [find list=nice]add

list=nice address="125.162.0.0/16"add list=nice address="125.163.0.0/16"add

list=nice address="152.118.0.0/16"add list=nice address="125.160.0.0/16"add
list=nice address="125.161.0.0/16"add list=nice address="125.164.0.0/16"..dst...
Simpanlah file tersebut ke komputer anda dengan nama nice.rsc, lalu lakukan FTP ke
router Mikrotik, dan uploadlah file tersebut di router. Contoh di bawah ini adalah
proses upload MS DOS-Promt.C:\>dir nice.*ftp 192.168.0.1admin********asciiput
nice.rscbye Volume in drive C has no label. Volume Serial Number is 5418-6EEF
Directory of C:\04/26/2007 06:42p
17,523 nice.rsc
1
File(s)
17,523 bytes
0 Dir(s) 47,038,779,392 bytes freeC:\>
Connected to 192.168.0.1.220 R&D FTP server (MikroTik 2.9.39) readyUser
(192.168.0.1:(none)):331 Password required for adminPassword:230 User admin logged
inftp>200 Type set to Aftp>200 PORT command successful150 Opening ASCII mode data
connection for '/nice.rsc'226 ASCII transfer completeftp: 17523 bytes sent in
0.00Seconds 17523000.00Kbytes/sec.ftp>221 ClosingC:\>Setelah file di upload,
import-lah file tersebut.[admin@MikroTik] > import nice.rscOpening script file
nice.rscScript file loaded and executed successfullyPastikan bahwa proses import
telah berlangsung dengan sukses, dengan mengecek Address-List pada menu IP
Firewall.#Pengaturan MangleBerikut adalah perintah untuk melakukan konfigurasi
mangle yang bisa dilakukan lewat tampilan text pada MikrotikOs atau terminal pada
Winbox./ip firewall mangleadd chain=forward src-address-list=nice action=markconnection new-connection-mark=mark-con-indonesia passtrough=yes comment=mark all
indonesia source connection traffic disabled=noadd chain=forward src-addresslist=nice action=mark-connection new-connection-mark=mark-con-indonesia
passtrough=yes comment=mark all indonesia destination connection traffic
disabled=noadd chain=forward src-address-list=!nice action=mark-connection newconnection-mark=mark-con-overseas passtrough=yes comment=mark all overseas source
connection traffic disabled=noadd chain=forward src-address-list=!nice
action=mark-connection new-connection-mark=mark-con-overseas passtrough=yes
comment=mark all overseas destination connection traffic disabled=noadd
chain=prerouting connection-mark=mark-con-indonesia action=mark-packet new-packetmark=indonesia passtrough=yes comment=mark all indonesia traffic disabled=noadd
chain=prerouting connection-mark=mark-con-overseas action=mark-packet new-packetmark=overseas passtrough=yes comment=mark all overseas traffic disabled=noMembuat
simple queueLangkah selanjutnya adalah mengatur bandwith melalui simple queue,
untuk mengatur bandwith internasional 128 Kbps dan bandwith lokal IIX 256 Kbps pada
komputer dengan IP 192.168.2.4 dapat dilakukan dengan perintah sebagai berikut.
queue simpleadd name=kom1-indonesia target-address=192.168.2.4/32 dstaddress=0.0.0.0/0 interface=all parent=none packet-marks=indonesia direction=both
priority=8 queue=default/default limit-at=0/0 max-limit=256000/256000 totalqueue=default disabled=noadd name=kom1-overeas target-address=192.168.2.4/32 dstaddress=0.0.0.0/0 interface=all parent=none packet-marks=overseas direction=both
priority=8 queue=default/default limit-at=0/0 max-limit=128000/128000 totalqueue=default disabled=no]Script di atas berarti hanya komputer dengan IP
192.168.2.4 saja yang dibatasi bandwithnya 128 Kbps internasional (overseas) dan
256 Kbps lokal IIX (Indonesia), sedangkan yang lainnya tidak dibatasi.Pengecekan
akhirSetelah selesai, lakukanlah pengecekan dengan melakukan akses ke situs lokal
maupun ke situs internasional, dan perhatikanlah counter baik pada firewall mangle
maupun pada simple queue.Anda juga dapat mengembangkan queue type menggunakan pcq
sehingga trafik pada setiap client dapat tersebar secara merata.Selamat mencoba,
semoga membantu yach???# HYPERLINK "http://degeul.byethost7.com/?p=35"##Memblokir
Situs dengan MikrotikRouterOS#Untuk memblokir suatu situs dengan MikrotikRouterOS
maka langkahnya adalah:1. Aktifkan webproxynya#[gungun@smanelaeuy] > ip web-proxy
[enter]#[gungun@smanelaeuy] ip web-proxy> set enabled=yes max-ram-cache-size=none
max-cache-size=1GB transparent-proxy=yes [enter]#* sesuaikan dengan Hardware Anda!
2. Setelah aktif kemudian lakukan perintah#[gungun@smanelaeuy] ip web-proxy > acc
[enter]#[gungun@smanelaeuy] ip web-proxy access> add action=deny comment=porn
situs url=*sex* [enter]#*untuk yang berbau sex#ato klo tau
alamatnya#[gungun@smanelaeuy] ip web-proxy access> add action=deny comment=porn
situs url=www.17tahun.com [enter]# HYPERLINK "http://degeul.byethost7.com/?

p=18"##Memanipulasi ToS ICMP & DNS di MikroTik#Tujuan :#o Memperkecil delay ping
dari sisi klien ke arah Internet.#o Mempercepat resolving hostname ke ip address.
Asumsi : Klien-klien berada pada subnet 10.10.10.0/28#1. Memanipulasi Type of
Service untuk ICMP Packet :#> ip firewall mangle add chain=prerouting srcaddress=10.10.10.0/28 protocol=icmp action=mark-connection new-connectionmark=ICMP-CM passthrough=yes#> ip firewall mangle add chain=prerouting connectionmark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes#> ip
firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos newtos=min-delay#2. Memanipulasi Type of Service untuk DNS Resolving :#> ip firewall
mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes#> ip firewall
mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes#> ip firewall
mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packetmark=DNS-PM passthrough=yes#> ip firewall mangle add chain=prerouting packetmark=DNS-PM action=change-tos new-tos=min-delay#3. Menambahkan Queue Type
:##################################################################################
###################################################################################
###################################################################################
#########># #q#u#e#u#e# #t#y#p#e# #a#d#d# #n#a#m#e#=## P#F#I#F#O#-#6#4#3
#k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o#-#l#i#m#i#t#=#6#4###4#.#
#M#e#n#g#a#l#o#k#a#s#i#k#a#n# #B#a#n#d#w#i#d#t#h# #u#n#t#u#k# #I#C#M#P#
#P#a#c#k#e#t# #:###># #q#u#e#u#e# #t#r#e#e# #a#d#d# #n#a#m#e#=#I#C#M#P#
#p#a#r#e#n#t#=#I#N#T#E#R#N#E#T# #p#a#c#k#e#t#-#m#a#r#k#=#I#C#M#P#-#P#M#
#p#r#i#o#r#i#t#y#=#1# #l#i#m#i#t#-#a#t#=#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#
#q#u#e#u#e#=#P#F#I#F#O#-#6#4###5#.# #M#e#n#g#a#l#o#k#a#s#i#k#a#n#
#B#a#n#d#w#i#d#t#h# #u#n#tuk DNS Resolving :#> queue tree add name=DNS
parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000
queue=PFIFO-64#6. Selamat Mencoba n Good Luck!!!# HYPERLINK
"http://degeul.byethost7.com/?p=19"##Queue dengan SRC-NAT dan WEB-PROXY#Pada
penggunaan queue (bandwidth limiter), penentuan CHAIN pada MENGLE sangat menentukan
jalannya sebuah rule. Jika kita memasang SRC-NAT dan WEB-PROXY pada mesin yang
sama, sering kali agak sulit untuk membuat rule QUEUE yang sempurna. Penjelasan
detail mengenai pemilihan CHAIN, dapat dilihat pada manual Mikrotik di sini.
Percobaan yang dilakukan menggunakan sebuah PC dengan Mikrotik RouterOS versi
2.9.28. Pada mesin tersebut, digunakan 2 buah interface, satu untuk gateway yang
dinamai PUBLIC dan satu lagi untuk jaringan lokal yang dinamai
LAN.#[admin@instaler] > in pr#Flags: X - disabled, D - dynamic, R - running## NAME
TYPE
RX-RATE TX-RATE MTU#0 R public ether 0 0 1500#1 R lan wlan 0 0 1500Dan berikut ini
adalah IP Address yang digunakan. Subnet 192.168.0.0/24 adalah subnet gateway untuk
mesin ini.#[admin@instaler] > ip ad pr#Flags: X - disabled, I - invalid, D dynamic## ADDRESS NETWORK BROADCAST INTERFACE#0 192.168.0.217/24 192.168.0.0
192.168.0.255 public#1 172.21.1.1/24 172.21.1.0 172.21.1.255 lanFitur web-proxy
dengan transparan juga diaktifkan.#[admin@instaler] > ip web-proxy pr#enabled:
yes#src-address: 0.0.0.0#port: 3128#hostname: proxy#transparent-proxy:
yes#parent-proxy: 0.0.0.0:0#cache-administrator: webmaster#max-object-size:
4096KiB#cache-drive: system#max-cache-size: none#max-ram-cache-size:
unlimited#status: running#reserved-for-cache: 0KiB#reserved-for-ram-cache:
154624KiBFungsi MASQUERADE diaktifkan, juga satu buah rule REDIRECTING untuk
membelokkan traffic HTTP menuju ke WEB-PROXY#[admin@instaler] ip firewall nat>
pr#Flags: X - disabled, I - invalid, D - dynamic#0 chain=srcnat outinterface=public#src-address=172.21.1.0/24 action=masquerade#1 chain=dstnat ininterface=lan src-address=172.21.1.0/24#protocol=tcp dst-port=80 action=redirect
to-ports=3128Berikut ini adalah langkah terpenting dalam proses ini, yaitu
pembuatan MANGLE. Kita akan membutuhkan 2 buah PACKET-MARK. Satu untuk paket data
upstream, yang pada contoh ini kita sebut test-up. Dan satu lagi untuk paket data
downstream, yang pada contoh ini kita sebut test-down.Untuk paket data upstream,
proses pembuatan manglenya cukup sederhana. Kita bisa langsung melakukannya dengan

1 buah rule, cukup dengan menggunakan parameter SRC-ADDRESS dan IN-INTERFACE. Di

sini kita menggunakan chain prerouting. Paket data untuk upstream ini kita namai
test-up.Namun, untuk paket data downstream, kita membutuhkan beberapa buah rule.
Karena kita menggunakan translasi IP/masquerade, kita membutuhkan Connection Mark.
Pada contoh ini, kita namai test-conn.Kemudian, kita harus membuat juga 2 buah
rule. Rule yang pertama, untuk paket data downstream non HTTP yang langsung dari
internet (tidak melewati proxy). Kita menggunakan chain forward, karena data
mengalir melalui router.Rule yang kedua, untuk paket data yang berasal dari WEBPROXY. Kita menggunakan chain output, karena arus data berasal dari aplikasi
internal di dalam router ke mesin di luar router.Paket data untuk downstream pada
kedua rule ini kita namai test-down.Jangan lupa, parameter passthrough hanya
diaktifkan untuk connection mark saja.#[admin@instaler] > ip firewall mangle
print#Flags: X - disabled, I - invalid, D - dynamic#0 ;;; UP
TRAFFIC#chain=prerouting in-interface=lan#src-address=172.21.1.0/24 action=markpacket#new-packet-mark=test-up passthrough=no1 ;;; CONN-MARK#chain=forward srcaddress=172.21.1.0/24#action=mark-connection#new-connection-mark=test-conn
passthrough=yes2 ;;; DOWN-DIRECT CONNECTION#chain=forward ininterface=public#connection-mark=test-conn action=mark-packet#new-packet-mark=testdown passthrough=no3 ;;; DOWN-VIA PROXY#chain=output out-interface=lan#dstaddress=172.21.1.0/24 action=mark-packet#new-packet-mark=test-down passthrough=no
Untuk tahap terakhir, tinggal mengkonfigurasi queue. Di sini kita menggunakan queue
tree. Satu buah rule untuk data dowstream, dan satu lagi untuk upstream. Yang
penting di sini, adalah pemilihan parent. Untuk downstream, kita menggunakan parent
lan, sesuai dengan interface yang mengarah ke jaringan lokal, dan untuk upstream,
kita menggunakan parent global-in.#[admin@instaler] > queue tree pr#Flags: X disabled, I - invalid#0 name=downstream parent=lan packet-mark=test-down#limitat=32000 queue=default priority=8#max-limit=32000 burst-limit=0#burst-threshold=0
burst-time=0s1 name=upstream parent=global-in#packet-mark=test-up limitat=32000#queue=default priority=8#max-limit=32000 burst-limit=0#burst-threshold=0
burst-time=0sVariasi lainnya, untuk bandwidth management, dimungkinkan juga kita
menggunakan tipe queue PCQ, yang bisa secara otomatis membagi trafik per client.#
HYPERLINK "http://degeul.byethost7.com/?p=17"##Blocking Virus di Firewall Mikrotik#
1;;; BLOCK SPAMMERS OR INFECTED USERS/ ip firewall filter#chain=forward
protocol=tcp dst-port=25 src-address-list=spammer#action=drop2;;; Detect and addlist SMTP virus or spammers#chain=forward protocol=tcp dst-port=25 connectionlimit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-addresslist#address-list=spammer address-list-timeout=1d/ip firewall nat chain=srcnat outinterface=your interface which provides internet src-address=network 1?
action=masqueradeyou need to add chains for each subnet you have ,for the head
office subnet you need to add this/ip firewall nat chain=srcnat out-interface=your
interface which provides internet action=masquerade/ ip firewall mangle#add
chain=prerouting dst-address=202.168.47.17 protocol=udp dst-port=5060-5080
\#action=mark-connection new-connection-mark=voip-con passthrough=yes \#comment=
disabled=no#add chain=prerouting dst-address=202.168.47.17 protocol=udp \#dstport=19000-20000 action=mark-connection new-connection-mark=voip-con
\#passthrough=yes comment= disabled=no#add chain=prerouting connection-mark=voipcon action=mark-packet \#new-packet-mark=voip passthrough=no comment=
disabled=no#add chain=prerouting protocol=tcp dst-port=22-23 action=mark-connection
\#new-connection-mark=sshtelnet-con passthrough=yes comment= disabled=no#add
chain=prerouting connection-mark=sshtelnet-con action=mark-packet \#new-packetmark=sshtelnet passthrough=no comment= disabled=no#add chain=prerouting p2p=allp2p action=mark-connection \#new-connection-mark=p2p-con passthrough=yes comment=
disabled=no#add chain=prerouting connection-mark=p2p-con action=mark-packet \#newpacket-mark=p2p passthrough=no comment= disabled=no#add chain=prerouting
action=mark-connection new-connection-mark=everything-con \#passthrough=yes
comment= disabled=no#add chain=prerouting connection-mark=everything-con
action=mark-packet \#new-packet-mark=everything passthrough=yes comment=
disabled=no# HYPERLINK "http://wungkal.com/category/visual-basic-60/"###Setting
Mikrotik RouterOS PPPoE Client Sebagai Internet Gateway Telkom SpeedyKmareen nyoba

- nyoba gimana seeh dial speedy melalui mikrotik dan apa keuntungannya dibandingkan
dengan dial melalui modem adsl nya, kalo mencoba sesuatu harus ada keuntungannya
donk, masa kita mencoba sesuatu dengan sia sia, maka waktu dan tenaga kita akan
terbuang dengan sia - sia juga, betul tidak..?Langkah pertama sebelum langkah kedua
kita jalankan alangkah baiknya langkah pertama kita lakuin dulu, khan gak mungkin
langkah ketiga dulu baru ke dua :D. untuk modem ADSL yang saya gunakan JK Network,
dan mikrotiknya saya gunakan versi 2.9.xx (belakangnya diumpetin).topology yang
digunakan sbb :(INTERNET) [Modem adsl] - [Mikrotik] -[Client]diasumsikan client
dapat berkomunikasi dengan radio tanpa halangan atau settingan IP address dan Nat
nya sudah jalan..!pertama - tama kita fungsikan modem sebagai bridge bukan sebagai
router sebab fungsi router akan di handle oleh mikrotik. pilih menu WAN kemudian
klik tombol add#(Klik Untuk memperbesar)kemudian isi VPI dan VCI dengan 8 dan 81#
setelah itu pilih menu bridging dan masukkan nama service nya setelah semua
dilakuakan klik tombol save#reboot modem maka modem saat ini sudah berfungsi
sebagai bridge.Langkah keduaLangkah yang kedua baru kita konfigurasi / setting
mikrotiknya sebagai modemnya .masuk sebagai admin ke winbox mikrotik lalu pilih
menu PPP.#setelah itu akan keluar window PPP klik gambar + di window tersebut dan
pilih PPPoE client#Isikan nama service lalu pilih interface yang terhubung langsung
ke modem.##setelah itu pilih tab Dial Out isikan username yang diberikan telkom
beseta passwordnya, biarkan field yang lainnya bernilai default#lalu tahap akhir
klik tombol OK maka secara otomatis mikrotik akan DIAL ke telkom. END SETTING keunggulannya menggunakan mikrotik sebagai modem ketimbang modem ADSL biasa :Proses
dial nya lebih cepat dibandingkan dengan menggunakan modem adsl biasa, biasanya
mikrotik mendapatkan status connected dalam waktu kurang dari 15 detik, jika modem
biasanya membutuhkan waktu relatif lama sekitar 2 - 4 menit.Modem akan lebih stabil
karena yang bertindak sebagai modem adalah PC yang mempunyai resource cukup tinggi
dan kemampuan yang handal untuk bekerja 24 jam sehari.Administrator dapat meremote
mikrotiknya dan mengkonfigurasi firewal, simple queque, load balancing, dll dari
jaringan external tanpa harus melakukan port forwarding.Modem akan lebih awet
karena tidak bekerja terlalu berat, ditandainya tidak terlalu panas nya modem
ketika jaringan internet dalam keadaan UP.Setting Mikrotik RouterOS PPPoE Client
Sebagai Internet Gateway Telkom SpeedyKita mulai setup dari modem adsl nya sebagai
brigding protocol mode. Settingnya dapat anda temukan dari manual masing-masing
modem. Contoh setting bridging protocol pada modem TECOM AR1031 pada menu Advance
setup > WAN.Ikuti petunjuk gambar dibawah ini kemudian lakukan save/reboot.##
Selesai setting modem sebagai bridging yang tidak menyimpan password dan user ID
anda di modem, bagi anda yang ingin mencoba mengganti IP address default modem bisa
di konfigurasi terlebih dahulu melalui PC client.Caranya : kita ubah terlebih
dahulu IP modem pada Advance Setup > LAN IP Address contoh 192.168.100.1 lakukan
save/reboot. Kemudian lakukan pengubahan selanjutnya di IP client PC ke
192.168.100.2 selesai. Silahkan anda coba ketik di web browser anda IP modem
(192.168.100.1). Berhasil?Kita lanjut ke CPU Mikrotik RouterOS nya.Tentukan IP
Address masing-masing LAN card anda, misal LAN connector dari modem 202.202.202.202
(public), dan 192.168.100.1 ke jaringan lokal anda (lokal). Lakukan perintah ini
terlebih dahulu jika anda ingin menspesifikasikan nama ethernet card
anda./interface
ethernet set ether1 name=public/interface ethernet set ether2 name=lokalPastikan
kembali dalam menentukan nama dan alur kabel tersebut, kemudian kita lanjut ke
setting IP Address./ip address add address=202.x.x.x/24 interface=public/ip address
add address=192.168.100.1/24 interface=lokal/ip address> printPastikan LAN card
anda tidak dalam posisi disabled. Selanjutnya anda bisa memasukkan entry PPPoE
Client./interface pppoe-client add name=pppoe-user-mike user=mike password=123
interface=public service-name=internet disabled=noSebetulnya perintah diatas dapat
anda lakukan di winbox, jika ingin lebih mudah sambil cek koneksi jaringan anda ke
mikrotik. Menentukan Gateway dan Routingnya dilanjutkan ke masquerading/ip route
add gateway=125.168.125.1 (IP Gateway Telkom Speedy anda)/ip route printIP gateway
diatas belum tentu sama, lihat terlebih dahulu ip PPPoE client anda. Jika anda
belum yakin 100% ip client anda dan gateway nya, lakukan login dan dialing melalui
modem anda terlebih dahulu bukan pada mode bridging seperti diatas. Pada menu

Device Info akan tampil informasi Default Gateway dan IP client pppoe anda. Ok?
Selanjutnya masquerading, untuk penerusan perintah dari routing yang diteruskan ke
nat firewall mikrotik untuk proses routing ke semua client yang terkoneksi/ip
firewall nat add chain=srcnat action=masqueradeSelesai.. tahap routing sudah
terlaksanakan. Coba lakukan ping ke mikrotik dan gateway nya. Jika anda ingin
sharing ke komputer client jangan lupa masukkan ip gateway pada settingan Network
Connection (windows) sesuai dengan IP lokal pada mikrotik anda.Banyak sekali
settingan mikrotik yang dapat anda pelajari dari berbagai sumber. Jika terkesan
terlalu rumit dengan sistem pengetikan anda bisa melakukannya dengan winbox mode,
setiap tutorial yang anda butuhkan pun dapat anda copy dan paste ke winbox nya
mikrotik.Setting DNS dan Web Proxy TransparantInput DNS dan web-proxy pun terasa
lebih mudah di winbox mode, masukkan primary, secondary dan allow remote request
nya, atau dengan perintah di terminal winbox./ip dns set primarydns=203.130.206.250/ip dns set primary-dns=202.134.2.5/ip dns allow-remoterequest=yes/ip web-proxy set enabled=yes port=8080 hostname=proxy.koe transparentproxy=yes/ip firewall nat add in-interface=lokal dst-port=80 protocol=tcp
action=redirect to-ports=8080 chain=dstnat dst-address=!192.168.100.1/24# HYPERLINK
"http://ujungbatu-city.blogspot.com/2009/05/setting-mikrotik-sdsl-speedybandwith.html"##Setting MIKROTIK SDSL SPEEDY BANDWITH MANAGEMENT# Sebelumnya saya
gambarkan dulu skema jaringannya:##LAN > Mikrotik RouterOS > Modem ADSL >
INTERNET##Untuk LAN, kita pake kelas C, dengan network 192.168.0.0/24. Untuk
Mikrotik RouterOS, kita perlu dua ethernet card. Satu (ether1 192.168.1.2/24)
untuk sambungan ke Modem ADSL dan satu lagi (ether2 192.168.0.1/24) untuk
sambungan ke LAN. Untuk Modem ADSL, IP kita set 192.168.1.1/24.##Sebelum
mengetikkan apapun, pastikan Anda telah berada pada root menu dengan mengetikkan
/##Set IP untuk masingethernet card##ip address add address=192.168.1.2/24
interface=ether1##ip address add address=192.168.0.1/24 interface=ether2##Untuk
menampilkan hasil perintah di atas ketikkan perintah berikut:##ip address
print##Kemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke komputer
yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP Anda sudah benar##ping
192.168.1.1##ping 192.168.0.10##Menambahkan Routing##ip route add
gateway=192.168.1.1##Setting DNS##ip dns set primary-dns=202.134.1.10 allow-remoterequests=yes##ip dns set secondary-dns=202.134.0.155 allow-remoterequests=yes##Karena koneksi ini menggunakan Speedy dari Telkom, maka DNS yg aq
pake ya punya Telkom. Silahkan sesuaikan dengan DNS provider Anda.##Setelah itu
coba Anda lakukan ping ke yahoo.com misalnya:##ping yahoo.com##Jika hasilnya
sukses, maka settingan DNS sudah benar##Source NAT (Network Address Translation) /
Masquerading##Agar semua komputer yg ada di LAN bisa terhubung ke internet juga,
maka Anda perlu menambahkan NAT (Masquerade) pada Mikrotik.##ip firewall nat add
chain=srcnat action=masquerade out-interface=ether1##Sekarang coba lakukan ping ke
yahoo.com dari komputer yang ada di LAN##ping yahoo.com##Jika hasilnya sukses, maka
setting masquerade sudah benar##DHCP (DynamicHost Configuration Protocol)##Karena
alasan supaya praktis, temenku pengin pake DHCP Server. Biar klo tiap ada klien
yang konek, dia ga perlu setting IP secara manual. Tinggal obtain aja dari DHCP
Server, beres dah. Untungnya Mikrotik ini juga ada fitur DHCP Servernya. Jadi ya ga
ada masalah..##Membuat IP Address Pool##ip pool add name=dhcp-pool
ranges=192.168.0.2-192.168.0.254##Menambahkan DHCP Network##ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 dnsserver=202.134.1.10,202.134.0.155##Menambahkan Server DHCP##ip dhcp-server add
name=DHCP_LAN disabled=no interface=ether2 address-pool=dhcp-pool##Sekarang coba
lakukan testing dari komputer klien, untuk me-request IP Address dari Server DHCP.
Jika sukses, maka sekali lagi, settingannya udah bener##Bandwidth Control##Agar
semua komputer klien pada LAN tidak saling berebut bandwidth, maka perlu dilakukan
yg namanya bandwidth management atau bandwidth control##Model yg saya gunakan
adalah queue trees. Untuk lebih jelas apa itu, silahkan merujuk ke situsnya
Mikrotik##Kondisinya seperti ini:##Koneksi Speedy kan katanya speednya sampe 384/64
Kbps (Download/Upload), nah kondisi itu sangat jarang tercapai. Jadi kita harus
cari estimasi ratanya. Maka saya ambil minimalnya untuk download bisa dapet
sekitar 300 Kbps dan untuk upload aq alokasikan 50 Kbps. Sedangkan untuk yg

maksimumnya, untuk download kira 380 Kbps dan upload 60 Kbps.##Lalu, jumlah
komputer klien yang ada saat ini adalah 10 buah. Jadi harus disiapkan bandwidth itu
untuk dibagikan kepada 10 klien tersebut.##Perhitungan untuk masing klien seperti
ini:##Minimal Download: 300 / 10 * 1024 = 30720 bps##Maximal Download: 380 / 10 *
1024 = 38912 bps##Minimal Upload: 50 / 10 * 1024 = 5120 bps##Maximal Upload: 60 /
10 * 1024 = 6144 bps##Selanjutnya kita mulai konfigurasinya:##Tandai semua paket yg
asalnya dari LAN##ip firewall mangle add src-address=192.168.0.0/24 action=markconnection new-connection-mark=Clients-con chain=prerouting##ip firewall mangle add
connection-mark=Clients-con action=mark-packet new-packet-mark=Clients
chain=prerouting##Menambahkan rule yg akan membatasi kecepatan download dan
upload##queue tree add name=Clients-Download parent=ether2 packet-mark=Clients
limit-at=30720 max-limit=38912##queue tree add name=Clients-Upload parent=ether1
packet-mark=Clients limit-at=5120 max-limit=6144##Sekarang coba lakukan test
download dari beberapa klien, mestinya sekarang tiap2 klien akan berbagi
bandwidthnya. Jika jumlah klien yg online tidak sampai 10, maka sisa bandwidth yang
nganggur itu akan dibagikan kepada klien yg online.##Graphing##Mikrotik ini juga
dilengkapi dengan fungsi monitoring traffic layaknya MRTG biasa. Jadi kita bisa
melihat berapa banyak paket yg dilewatkan pada PC Mikrotik kita.##tool graphing set
store-every=5min##Berikutnya yang akan kita monitor adalah paket yg lewat semua
interface yg ada di PC Mikrotik kita, klo di komputerku ada ether1 dan
ether2.##tool graphing interface add-interface=all store-on-disk=yes##Sekarang coba
arahkan browser anda ke IP Router Mikrotik. Klo aq di
sini:##http://192.168.0.1/graphs/##Nanti akan ada pilihan interface apa aja yg ada
di router Anda. Coba klik salah satu, maka Anda akan bisa melihat grafik dari
paket2 yg lewat pada interface tersebut.##Dari tutorial diatas saya cuma sampai
mengambil langkah pada setting penambahan NAT ( masquerade ) saja. Karena menurut
saya DHCP yang sifatnya berubah ubah jadi nanti saat mau limit BW nya terkadang ip
tidak sama. CMIIW. dan untuk setting limit saya melakukannya pada remote winbox
yang lebih mudah, nah pertanyaan untuk saya sendiri. Kapan graph tool nya kamu
install nak ? hehehhee ok semoga berguna semuanya. # HYPERLINK
"http://sum14rdi.blogspot.com/2009/02/membatasi-inetan-dikantordengan.html"##Membatasi inetan di kantor........dengan mikrotik..# Lanjut ah,
sharing cara membatasi inetan dikantor....lagi-lagi dengan mikrotik. Kantor saya
gak terlalu gede sih, denga jumlah PC dalam jaringan LAN ada sekitar 65 buah. Saya
memakai ip range 192.168.0.1/24, dengan gateway saya taruh di 192.168.0.1 ya itu
mikrotik sebagai gatewayya. Dari range IP tersebut ternyata sama boss tidak
diijinkan semuanya dapat mengakses inet....hehe...hehe...dan agak parahnya IP yang
boleh inetan itu acak alias tidak berurutan, sebagai tambahan saya memakai DHCP
untuk pengaturan IP (biar gak pusing nyatetin IP klo ada perubahan cpu atau ada
tambahan cpu). Kayaknya cukup untuk alasan pembatasan inetnya, kita lanjut ke
settingnya...#Oh....ya semua setting dilakukan menggunakan winbox.exe soalnya bisanya itu je...Login ke mikrotik menggunakan winbox.masuk ke menu /ip firewall
address-listklik add (tanda plus)isikan name dengan yg unik, misalkan INET lalu
isikan ip dengan ip yang punya akses inetan.ulangi langkah 4 sehingga semua ip yang
punya akses inetan tercatat dengan nama address-list yang sama.selanjutnya kita
mengubah setting masquerade kita, yang awalnya src-address diisi dengan full range
ip client. Diganti dengan cara mengosongkan src-address di tab general dan pindah
ke tab advanced kemudian mengisikan src-address list dengan list ip yang baru kita
buat.langkah 6 akan mengakibatkan ip-ip diluar ip adress-list tidak akan
dimasquerade dan sudah tentu tidak akan bisa inetan....sesuai dengan kemauan kita
khan ???untuk lebih memastikan lagi, sebaiknya dibuatkan rule difilter rule dengan
chain forward, lalu in-interface=interface yang mengarah ke client, kemudian ke tab
advanced pada bagian src-address list= ip list yang baru dibuat,
kemudian beri tanda seru (pentung) disamping kirinya dan untuk action=drop. rule
ini ditaruh dipaling atas.langkah ke 8 akan berakibat semua ip diluar list tidak
akan diforward/diteruskan permintaannya.# HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/lock-ip-dan-mac-address-client-di.html"##Lock
IP dan MAC address client di Mikrotik....# Mungkin anda pernah mengalami, ada
client nakal yang coba-coba memakai ip komputer admin untuk mendapatkan akses inet

tanpa batas........wuih suuuuuebelnya....bukan apa-apa sich, tapi yang kena marah

oleh atasan tentu yang mengatur akses inetnya (baca: saya).Bagi anda yang
menggunakan Mikrotik sebagai pengatur (gateway/router/web-proxy) akses ditempat
anda, mungkin ini ada sedikit cara untuk mengatasi agar ip-ip yang mempunyai akses
inet tidak bisa saling dipertukarkan...#Kita langsung ke TKP aja, yuk.....Login ke
Mikrotik menggunakan winbox (maaf bagi CLI mania....saya bisanya GUI..hehehehe).
Pastikan semua client sudah ON semua, karena kita akan merekam mac-address
menggunakan IP SCAN yang ada diwinbox.Masuk ke menu IP-->Firewall kebagian tab
address-list#Isikan nama sesuai keinginan anda asal mudah diingat, kemudian IP
client. Prosedur ini dilakukan untuk semua client dengan nama address-list yang
sama. Jika semua client sudah dimasukan ke dalam address-list selanjutnya menuju
tab: NAT#Gambar diatas adalah merubah rule/script dari nat-masquerade yang sudah
ada, dimana biasanya di bagian general untuk src-address diisikan range ip client.
Untuk kali ini dirubah, sehingga hanya client yang ada di address-list saja yang
akan dimasquerade.Langkah selanjutnya adalah merekam mac-address dari client kita,
untuk itu kita menggunakan tools ip-scan. menuju menu tools dan pilih ip-scan#
Interface dipilih interface yang ada dimikrotik yang mengarah ke LAN, untuk address
range silahkan disesuaikan dengan ip-range client anda. Setelah itu silahkan klik
start, dan tunggu beberapa saat. Setelah semua ip berhasil ditampilkan, biarkan
tool ip-scan (tidak usah di close), kemudian menuju menu IP-->ARP#Maka didalam ARP
list akan muncul ip dan mac-address dari client. Selanjutnya adalah membuat agar
arp-list menjadi static dengan cara meng-klik kanan setiap pasangan ip dan macaddress tersebut dan pilih option make statik. Ini dilakukan untuk semua ip yang
muncul. Setelah semua menjadi statik selanjutnya menuju menu INTERFACES#Pilih
interface yang menuju klien, klik kiri dua kali sehingga muncul gambar seperti
diatas. Kemudian pada option ARP dipilih reply-onlySelesai# HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/mengamankan-web-proxy-kita.html"##Mengamankan
web-proxy kita.....# Setelah kita berhasil menggabungkan smoothwall dengan
mikrotik. Apabila koneksi kita menggunakan speedy yang memiliki bandwidth uploadnya
yang kecil, sudah selayaknya agar kita mengamankan web-proxy ini supaya hanya
client lokal kita saja yang menggunakannya. Apabila ada client dari luar (dari WAN)
ikut juga menikmati web-proxy ini maka dijamin koneksi inet kita akan loyo
dikarenakan Bandwidth upload kita habis terpakai oleh client luar ini....jadi
berhati-hati lah!!!Langkah pengamanan ini sebenarnya tidak hanya diperuntukan bagi
pemakai yang menggunakan koneksi speedy (dengan mengeset modem sebagai bridge
modem), tetapi juga koneksi yang lainnya, dengan menyesuaikan parameter "ininterface" disesuaikan dengan jenis koneksi WAN-nya.Kita lanjut ke tujuan utama
kita:Login ke Winbox kemudian masuk ke menu IP-->Firewall-->Filter#Ikuti optionoption diatas,untuk jenis koneksi selain speedy tinggal menyesuaikan "ininterface", dimana interface yang digunakan adalah interface mikrotik yang mengarah
ke WAN/internet, kemudian pindah ke tab action, diisikan drop.Langkah ke-2 diulang
untuk port-port:3128,808Selesai# HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/setting-vpn-di-mikrotik-memakaipptp.html"##Setting VPN di mikrotik memakai PPtP...# Pengantar..Sebenernya agak
males untuk menulis masalah setting VPN ini, dikarenakan banyak yang sudah
mengulasnya secara mendalam. Kemudian atas permintaan seorang teman dan adanya
ketersediaan waktu akhirnya saya tulis juga. Namun VPN yang akan saya setting hanya
menggunakan satu jenis yaitu PPtP (Point to Point tuneling protocol)#Asumsi..
Jaringan inet anda dengan menggunakan gateway/router mikrotik sudah berjalan dengan
baik dan juga memiliki ip public.IP pool untuk VPN : 192.168.15.1-192.168.15.50IP
Mikrotik yang mengarah ke LAN :192.168.0.245Action...silahkan login ke mikrotik
anda dengan menggunakan winbox...kemudian kita masuk ke modul Ip-->Pool#untuk nama
bisa diberikan sesuai dengan keinginan anda, yang penting mudah diingatuntuk
address dimasukan : 192.168.15.1-192.168.15.50 dan next pool=none lalu klik OK
Selanjutnya kita masuk ke modul PPP ke tab profiles, lalu klik tanda plus..#Untuk
nama silahkan cari yang unik, kemudian local address diisikan dengan ip mikrotik
yang mengarah ke LAN dan DNS server diberi ip yang sama (dengan catatan pada
setting DNS di mikrotik pada option allow remote request di ceklist) lalu klik OK
Selanjutnya kita pindah ke tab secrets masih pada modul PPP, kemudian diklik tanda

plus-nya#Pada bagian ini untuk memberikan akses/username untuk menggunakan atau

login ke VPN kita, silahkan berikan username dan password yang unik. Untuk service
silahkan klik pptp dan profile diisi dengan profile yang sudah dibuat tadi..lalu
diklik OKSetelah bagian ini selesai kemudian kita masuk ke TAB interface dan klik
pada bagian PPTP Server#Silahkan diikuti semua option diatas kemudian klik OK, maka
telah selesai setting VPN kitaTes koneksi dengan menggunakan windows XP########
Selesai....#Selamat mencoba # HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/setting-linksys-ag241-danmikrotik.html"##Setting Linksys AG241 dan Mikrotik untuk akses speedy# Pengantar...
Kenapa yang digunakan adalah Linksys AG241 tidak yang lain? jawabnya simpel,
dikantor saya pakenya ini. Kenapa harus ada mikrotik juga, pake linksys AG 241 juga
sudah cukup klo cuma mau share internet? jawabnya simpel juga, karena pengaturan
yang "agak" ruwet untuk kebutuhan share internet dikantor dan hal ini tidak dapat
dipenuhi oleh sebuah linksys AG241.#Untuk kali ini linksys AG241 difungsikan
sebagai bridge, sedangkan dial dilakukan oleh mikrotik. Beberapa hal yang
menguntungkan jika dial dengan mikrotik :Kita dapat memanage mikrotiknya secara
langsung. Jika yang dial modem maka kita harus mengeset modem agar memforward ip
dari speedy ke ip mikrotik.Kerja modem tidak terlalu berat sehingga akan berdampak
pada penurunan suhu modem (pernah mengalami modem panas ??) dan secara tidak
langsung akan berdampak pada umur pemakaian dari modem itu sendiri.konfigurasi
filter yang lebih banyak jika menggunakan mikrotikdisamping keuntungan, juga ada
beberepa kerugiannya:dibutuhkan biaya tambahan untuk pc yang akan diinstall
mikrotik.dibutuhkan keahlian tambahan dalam mengkonfigurasi mikrotik.dengan ada
adanya tambahan device tentunya akan bertambah konsumsi listriknya, dengan kata
lain ...tambahan biaya lagi :DKebutuhan....account speedy yang masih aktif....modem
linksys AG241Pc yang sudah terinstall dengan mikrotik dan modul ppp juga sudah
terinstall...kabel utp yang sudah dipatch straight untuk koneksi dari modem ke
mikrotik.Sebuah PC untuk mengkonfigure modem linksys AG241Asumsi..##Topologi
jaringan :|Inet|----|Modem|----|Mikrotik|----|switch|----|Client|Ip modem (standar)
:192.168.1.1/255.255.255.0Ip mikrotik yang mengarah ke modem :
192.168.1.2/255.255.255.0Ip mikrotik yang mengarah ke switch :
192.168.0.1/255.255.255.0Dimikrotik ada minimal 2 buah Lancard, 1 yang mengarah ke
modem kita namakan WAN dan 1 lagi yang mengarah ke switch kita namakan LAN
#action..##modem AG241.Modem AG241 dihubungkan dengan PC menggunakan kabel UTP yang
sudah disiapkanIP PC dirubah disesuaikan dengan IP modem, misalkan menjadi :
192.168.1.3/255.255.255.0Modem dihidupkan dengan memasang adaptor ke sumber
listrik, dan keluaran adaptor disambungkan ke modem.Silahkan buka browser
kesayangan anda, kemudian isikan 192.168.1.1 di url browser anda, maka akan muncul
dialog untuk memasukan username dan password untuk masuk ke dalam menu configurasi
modem. Pada keadaan standar isikan username dan password dengan adminmasuk ke tab
setup##Setting gambar diatas untuk daerah jakarta tepatnya daerah bekasi, untuk
daerah lainnya tinggal menyesuaikan VPI dan VCI saja#MikrotikPC dihubungkan ke
switch yang terhubung dengan mikrotik (lihat topologi diatas) dan rubah kembali ip
PC disesuaikan dengan IP yang ada, misalkan :192.168.0.3/255.255.255.0Login kedalam
mikrotik menggunakan winboxklik menu ppp, klik tanda plus pilih pppoe client#Pada
tab general ini yang diisi hanya bagian interface, dipilih WANpindah ke tab dial
out#Pada tab dial out, yang diisi hanyalah username dan password saja. isikan
username dan password dari account speedy anda.Dial on demand, jika anda
menginginkan mikrotik untuk dial ke speedy jika ada permintaan dari client untuk
akses ke internet (cocok untuk account non unlimited) silahkan untuk diceklist.
jika menginginkan agar mikrotik selalul terhubung dengan internet silahkan jangan
diceklist bagian ini.add default route, pada mikrotik akan ditambahkan default
route yang telah disetting oleh speedyUntuk Use peer DNS saya tidak begitu
mengetahui jadi biarkan tidak diceklistuntuk bagian allow silahkan di checklist
semuanya lalu klik OKKlik menu IP-->firewall pilih tab NAT#Pilih chain :srcnat,
src.address:192.168.0.0/24, out.interface=pppoe-out2, kemudian pindah ke tab action
#untuk action silahkan pilih: masquerade# HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/remote-mikrotik-bagi-pengguna-ippublic.html"##Remote Mikrotik bagi pengguna ip public dynamis....# Pengantar...Bagi

anda sekalian pengguna ISP Tel**m aka Speeda,

yang berlangganan paket opis atau paket lainnya yang diberikan IP dinamis dan
menggunakan Mikrotik sebagai routernya ( jadi modem ADSL diconfigure sebagai
"Bridge Mode only" dan dial dilakukan oleh mikrotik) dan berhasrat untuk meremote
mikrotiknya dari jaringan internet, tentunya akan kesulitan. Dikarenakan IP yang
berubah jika modem/mikrotiknya direstart.#Dengan bantuan sebuah website (#
HYPERLINK "http://www.changeip.com/"##disini# websitenya) kita dapat meremote
mikrotik kita tanpa perlu memikirkan berapa ip account speda kita.....#Action...
Sebelum action dilakukan diasumsikan bahwa tidak ada masalah dalam hal koneksi
internetnya dimana yang dial adalah mikrotik..#Selanjutnya silahkan buat account di
website tadi, buat sebuah subdomain yang ditawarkan diwebsite tersebut dan aktifkan
service dns-nya.#Untuk mengetesnya silahkan ping subdomain yang baru anda buat
tadi...klo berhasil akan ada reply dari ip account speda anda#Setelah account
dibuat (berarti anda telah memiliki username dan password untuk website tersebut)
kita beralih ke mikrotik....#Mikrotik...#Login ke Mikrotik anda melalui
winbox...#Masuk kemenu /System/Scripts...#Klik add....dan masukan script ini
:#Untuk mikrotik v2.9.xx:log info "DDNS: Begin"#:global ddns-user
"YOURUSERID"#:global ddns-pass "YOURPASSWORD"#:global ddns-host "*1"#:global ddnsinterface "EXACTINTERFACENAME"##:global ddns-ip [ /ip address get [/ip address find
interface=$ddns-interface] address ]##:if ([ :typeof $ddns-lastip ] = nil ) do={
:global ddns-lastip 0.0.0.0/0 }##:if ([ :typeof $ddns-ip ] = nil ) do={##:log info
("DDNS: No ip address present on " . $ddns-interface . ", please check.")##}
else={##:if ($ddns-ip != $ddns-lastip) do={##:log info "DDNS: Sending UPDATE!"#:log
info [ /tool dns-update name=$ddns-host address=[:pick $ddns-ip 0 [:find $ddns-ip
"/"] ] key-name=$ddns-user key=$ddns-pass ]#:global ddns-lastip $ddns-ip##}
else={##:log info "DDNS: No change"##}##}##:log info "DDNS: End"Untuk Mikrotik
v3.x.x# Define User Variables#:global ddnsuser "CHANGEIPUSERID"#:global ddnspass
"CHANGEIPPASSWORD"#:global ddnshost "FREEHOSTNAME.TOUPDATE.TLD"### Define Global
Variables#:global ddnsip#:global ddnslastip#:if ([ :typeof $ddnslastip ] = nil )
do={ :global ddnslastip "0" }##:global ddnsinterface#:global ddnssystem ("mt-" .
[/system package get system version] )### Define Local Variables#:local int### Loop
thru interfaces and look for ones containing## default gateways without routingmarks#:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={#:if
([:typeof [/ip route get $int routing-mark ]] != str ) do={# :global ddnsinterface
[/ip route get $int interface]#}#}### Grab the current IP address on that
interface.#:global ddnsip [ /ip address get [/ip address find
interface=$ddnsinterface ] address ]### Did we get an IP address to compare?#:if ([
:typeof $ddnsip ] = nil ) do={#:log info ("DDNS: No ip address present on " .
$ddnsinterface . ", please check.")#} else={##:if ($ddnsip != $ddnslastip)
do={##:log info "DDNS: Sending UPDATE!"#:log info [ :put [/tool dns-update
name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser
key=$ddnspass ] ]#:global ddnslastip $ddnsip##} else={#:log info "DDNS: No update
required."#}##}### End of scriptKemudian beri nama script sesuai dengan keinginan
anda, lalu klik OK#Setelah script dibuat selanjutnya kita membuat scheduller, agar
secara periodik mikrotik kita mengupdate subdomain yang dibuat di website
"tersebut".#Masih di winbox, masuk ke menu /system/scheduler :#Klik add...#beri
nama schedulernya....#atur tanggal dimulainya scheduler....#atur jamnya....#atur
periodenya...mau setiap menit..setiap jam atau setiap hari....#Pada bagian On
Event, tuliskan nama script yang anda buat tadi.##Selesai,#selamat mencoba.#
HYPERLINK "http://sum14rdi.blogspot.com/2009/01/menggabungkan-smoothwall-dgnmikrotik.html"#### HYPERLINK "http://sum14rdi.blogspot.com/2009/01/menggabungkansmoothwall-dgn-mikrotik.html"#### HYPERLINK
"http://sum14rdi.blogspot.com/2009/01/menggabungkan-smoothwall-dgnmikrotik.html"##Menggabungkan Smoothwall dgn Mikrotik# PengantarTidak bisa
dipungkiri jika keberadaan webproxy (jika diconfigure dengan baik, dan ini bagi
beberapa orang merupakan keasikan tersendiri atau juga merupakan beban tersendiri
dikarenakan banyaknya parameter yang terdapat didalam squid webproxy yang dapat
diconfigure. Perbedaan configure ini akan memberikan efek yang berbeda pula.)#Untuk
rekan-rekan yang tidak ingin ambil pusing dengan configure-configure tersebut,

kecuali anda ingin "bermain-main" dengan parameter yang ada disquid, anda dapat
menggunakan smoothwall atau ipcop. Memang Smoothwall atau IPCOP sesungguhnya
merupakan operating sistem berbasis linux yang dikhususkan sebagai Gateway
internet. Gateway ini menjembatani antara LAN dengan Internet. Namun kali ini saya
akan menggabungkan kemampuan dari Mikrotik dengan kemampuan webproxy dari
smoothwall. Smoothwall yang saya gunakan merupakan versi freeware atau versi
community.#Satu hal kenapa saya lebih memilih Smoothwall dibandingkan IPCOP adalah
Dikarenakan hardware ditempat saya rata-rata sudah pakai P4, maka kernel 2.6
menjadi pilihan saya. Hal ini hanya dipenuhi oleh smoothwall sedangkan IPCOP masih
berkutat pada kernel 2.4.#Mikrotik digunakan sebagai gateway dan bandwidth
management dikarenakan dihal tersebut mikrotik mempunyai nilai lebihnya.##Skema
Jaringan| Inet Cloud |-------| Modem |-----| Mikrotik |------| Switch |-------| LAN
|#-----------------------------------------|
#-----------------------------------------|
#-----------------------------------------|#-----------------------------------|
Smoothwall |AsumsiMikrotik telah terinstall dan berjalan dengan baik.Client LAN
telah sukses berinternetan.Mikrotik dan Smoothwall terletak di mesin yang berbeda.
Untuk kasus saya,menggunakan koneksi speda (koneksi yang lain juga gpp, sama saja
pada intinya).Smoothwall diletakan sejajar mikrotik dikarenakan dari uji coba saya
dengan skema yang diatas lebih cocok buat saya, dibandingkan dengan skema dimana
smoothwall berada sejajar client.Ada baiknya untuk komputer yang akan digunakan
sebagai webproxy memiliki spesifikasi, memory minimum 256 MB lebih dari itu lebih
baik dianjurkan untuk memakai 1 GB. untuk Processor tidak terlalu signifikan. Untuk
hardisk sebaiknya memakai SATA atau SCSI, dikarenakan untuk squid webproxy kekuatan
dan kecepatan dari hardisk sangat menentukan "efek speed" dari browsing client.
jikalau tidak ada SATA atau SCSI maka apa boleh buat memakai hardisk PATA.Topologi
pada smoothwall adalah green + red, jadi diperlukan 2 buah lancard di dalam mesin
yang akan diinstall smoothwallPeralatan TempurSmoothwall CD, dapat didonlot #
HYPERLINK "http://downloads.sourceforge.net/smoothwall/smoothwall-express-3.0i386.iso"##disini## HYPERLINK
"http://downloads.sourceforge.net/smoothwall/smoothwall-express-3.0-i386.iso"####
putty, dapat didonlot # HYPERLINK
"http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe"##disini#Winscp, dapat
didonlot # HYPERLINK "http://winscp.net/download/winscp418.exe"##disini#advproxy,
dapat didonlot# HYPERLINK "http://www.advproxy.net/download/swe3-32-advproxy3.0.0.tar.gz"## disini#urlfilter, dapat didonlot # HYPERLINK
"http://www.urlfilter.net/download/swe3-32-urlfilter-1.5.3.tar.gz"##disini#
calamaris webproxy report, dapat didonlot # HYPERLINK
"http://calamaris.advproxy.net/download/swe3-32-calamaris-2.1.1.tar.gz"##disini#
Kopi/teh dan cemilan, silahkan cari ditoko terdekat :D#Action##Setelah ISO
smoothwall didonlot kemudian di burning ke cd dengan program burning kesayangan
anda. Untuk putty, winscp, advproxy, urlfilter dan calamaris dapat disimpan
dikomputer lain yang nantinya meremote smoothwall. Karena paket-paket ini akan
diinstall melalui komputer remote.#Atur Bios Komputer yang akan diinstall
Smoothwall agar dapat booting awal langsung dari CDROM, kemudian masukan cd
Smoothwallnya.#Tampilan awal Installasi Smoothwall :#Setelah di ENTER maka akan
muncul :#Lalu#Tekan OK, lalu tekan enter dua kali sehingga akan muncul...#Jika anda
sebelumnya pernah menginstall smoothwall dan menyimpan backup config-nya kedalam
floopydisk, maka ketika tampilan dibawah ini muncul masukan floopy disk backup dan
tekan yes.#Jika untuk pertama kali menginstall smoothwall maka cukup tekan tombol
No.#kemudian pilih keyboard mapping dan isikan nama dari smoothwall anda
(hostname). Tahap selanjutnya adalah memilih "security policy" dikarenakan
smoothwall kita nantinya berada didalam "zona aman" mikrotik maka kita biarkan
security policy berada di open#kemudian masuk ke pemilihan topologi smoothwall#
pilih green + red#Kemudian muncul tampilan konfirmasi untuk mengubah config network
#klik OK, lakukan probe untuk mendeteksi secara otomatis kartu jaringan anda#
#Setelah semua kartu jaringan terdeteksi, kemudian kita berikan IP-nya#Untuk kasus
saya ini IP untuk GREEN dan RED diisikan IP dalam satu subnet, jadi misalkan untuk
GREEN diberikan 192.168.10.2/255.255.255.0 (dengan asumsi untuk kartu jaringan

dimikrotik yang mengarah ke smoothwall diberikan ip 192.168.10.1) maka untuk RED

diberikan IP 192.168.10.3/255.255.255.0 dengan pilihan secara
statik.##Kemudian ....#Isikan DNS dan default gatewaynya, untuk default gateway
isikan ip mikrotik yang mengarah ke smoothwall (dalam kasus saya adalah
192.168.10.1). Untuk DNS bisa memakai IP mikrotik dengan catatan option "allow
remote request"-nya di checklist/dipilih atau bisa memakai DNS yang diberikan oleh
ISP.#Untuk selanjutnya akan muncul screen...#Dikarenakan akan menggunakan addons
advproxy dkk, maka untuk section ini langsung saja klik finished.#Isikan password
yang anda inginkan untuk mengakses smoothwall melalui web browser (user: admin)#
Isikan password yang anda inginkan untuk mengakses smoothwall melalui terminal
(user:
root).#Installasi telah selesai, Klik OK untuk reboot.#silahkan antara mikrotik
dan smoothwall saling dihubungkan dengan kabel jaringan secara cross, untuk
mengetesnya silahkan saling ping dari kedua sisi, apakah sudah ada reply atau
belum.#Setelah semua saling reply, saatnya.....##Configuring Smoothwall.....##Untuk
selanjutnya kita dapat mengconfigure smoothwall melalui web browser, dengan
mengetik#ip_smoothwall:81 di browser, sehingga akan muncul dibrowser anda seperti
ini.##Setelah masuk ke configure smoothwall, langsung aja masuk ke tab service->remote access..#ceklist bagian ssh, kemudian save...#Kemudian masuk ke tab
maintenance --> updates#untuk mengupdates smoothwall agar segala bugs yang ada
dapat ditambal melalui updates ini..#Jika koneksi keinternet anda tidak bermasalah
maka akan terdapat updates-updates yang berasal dari websitenya smoothwall. Yang
perlu diingat adalah setiap kali melakukan updates maka Mods-mods atau addons yang
telah kita pasang wajib di uninstall dan install lagi, jika tidak dilakukan maka
addons tidak dapat berjalan sebagaimana mestinya. Setelah semua updates didonlot
kemudian diinstall dan kemudian smoothwall akan meminta reboot..#untuk mengetahui
apakah updates-updates tadi telah terinstall dapat dilihat di tab yang sama, maka
akan muncul selain updates terbaru dari website smootwall (jika ada yang baru dan
kita belum menginstallnya..) juga updates-updates yang telah terinstall oleh
kita.##Installing Addons...##untuk menginstall addons (setelah kita donlot semua
addons yang diperlukan) kita memerlukan peralatan tempur putty untuk menjalankan
terminal smoothwall secara remote dari komputer lainnya dan juga winscp untuk
memindahkan file-file addons dari komputer remote ke komputer smoothwall.##Install
advproxy#Gunakan winscp untuk memindahkan file advproxy ke smoothwall (biasanya
ditaruh difolder /tmp).#login melalui ssh dengan user root, untuk windows bisa
menggunakan putty dengan port ssh 222#uncompress advproxytar xzf swe3-nn-advproxyversion.tar.gzmasuk ke direktory hasil uncompress tadi dan jalankan:./install
setelah selesai install, melalui browser masuk ke smoothwall dan di tab service
sudah web-proxy.###untuk option yang diceklist silahkan melihat gambar diatas,
untuk proxyport bisa memakai 8080 atau 3128 (port standar untuk webproxy, walaupun
memakai yang lainnya juga gpp. Akan tetapi demi kelancaran dan keamanan lebih baik
memakai satu diantara dua port tadi) memory cache size (MB) = 8#Minimal object size
(KB) = 0#Hardisk cache size (MB) = 10000 ( hardisk yang saya pake 80 GB
SATA)#Maximum object size (KB) = 128000#memory replacement policy = heap GDSF#cache
replacement policy = heap LFUDAuntuk option yang lain dibiarkan standard bawaan
smoothwall aja#buat file di /var/smoothwall/proxy/store_url_rewrite.pl#dan isikan
dengan :#!/usr/bin/perl##$|=1;#while (<>) {#@X = split;#$url = $X[0];#$url
=~s@^http://(.*?)/get_video\?
(.*)video_id=(.*?)&.*@squid://videos.youtube.INTERNAL/ID=$3@;#$url =~s@^http://
(.*?)/get_video\?(.*)video_id=(.*?)$@squid://videos.youtube.INTERNAL/ID=$3@;#$url
=~s@^http://(.*?)/videodownload\?(.*)docid=(.*?)
$@squid://videos.google.INTERNAL/ID=$3@;#$url =~s@^http://(.*?)/videodownload\?
(.*)docid=(.*?)&.*@squid://videos.google.INTERNAL/ID=$3@;#$url =~s@^http://
(.*?)/albums\?&.*@squid://images.photobucket.INTERNAL/ID=$3@;##print "$url\n"; }
#$url =~s@^http://(.*?)/albums\?$@squid://images.photobucket.INTERNAL/ID=$3@;#$url
=~s@^http://(.*?)/albums\?&.*@squid://videos.photobucket.INTERNAL/ID=$3@;#$url
=~s@^http://(.*?)/albums\?$@squid://videos.photobucket.INTERNAL/ID=$3@;#print
"$url\n"; }ubah kepemilikan file ke 755##edit file
/var/smoothwall/proxy/advanced/acls/include.acldan tambahkan ini#acl

store_rewrite_list url_regex ^http://(.*?)/get_video\?#acl store_rewrite_list

url_regex ^http://(.*?)/videodownload\?#acl store_rewrite_list url_regex
^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\?#acl store_rewrite_list
url_regex ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\?### The keyword for
all youtube video files are "get_video?", "videodownload?" and "videoplaybeck?id"##
The "\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\?" is only for pictures and other
videos##acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|
videoplayback\?id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\? \/ads\?##acl
store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Zaz]*##acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|
ico|flv)$##acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[09]\.google\.com doubleclick\.net###add this line before cache deny##acl QUERY2
urlpath_regex get_video\? videoplayback\? \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|
flv)\?##cache allow QUERY2##cache allow store_rewrite_list_web_CDN##cache deny url
that has cgi-bin and ? this is the default for below squid 2.7 version##acl QUERY
urlpath_regex cgi-bin \?##cache deny QUERY###storeurl_access allow
store_rewrite_list##this is not related to youtube video its only for CDN
pictures##storeurl_access allow store_rewrite_list_web_CDN##storeurl_access allow
store_rewrite_list_web store_rewrite_list_path##storeurl_access deny
all##rewrite_program path is base on windows so use use your own
path##storeurl_rewrite_program
/var/smoothwall/proxy/google_cache.pl##storeurl_rewrite_children
1##storeurl_rewrite_concurrency 10###http_access allow manager localhost#cache
allow store_rewrite_list#cache allow all#storeurl_access allow
store_rewrite_list#storeurl_access deny all#storeurl_rewrite_program
/var/smoothwall/proxy/store_url_rewrite.pl#storeurl_rewrite_children
1#storeurl_rewrite_concurrency 10##acl file_terlarang url_regex -i
hot_indonesia.exe#acl file_terlarang url_regex -i hotsurprise_id.exe#acl
file_terlarang url_regex -i best-mp3-download.exe#acl file_terlarang url_regex -i
R32.exe#acl file_terlarang url_regex -i rb32.exe#acl file_terlarang url_regex -i
mp3.exe#acl file_terlarang url_regex -i HOTSEX.exe#acl file_terlarang url_regex -i
Browser_Plugin.exe#acl file_terlarang url_regex -i DDialer.exe#acl file_terlarang
url_regex -i od-teen#acl file_terlarang url_regex -i URLDownload.exe#acl
file_terlarang url_regex -i od-stnd67.exe#acl file_terlarang url_regex -i
Download_Plugin.exe#acl file_terlarang url_regex -i od-teen52.exe#acl
file_terlarang url_regex -i malaysex#acl file_terlarang url_regex -i edita.html#acl
file_terlarang url_regex -i info.exe#acl file_terlarang url_regex -i run.exe#acl
file_terlarang url_regex -i Lovers2Go#acl file_terlarang url_regex -i
GlobalDialer#acl file_terlarang url_regex -i WebDialer#acl file_terlarang url_regex
-i britneynude#acl file_terlarang url_regex -i download.exe#acl file_terlarang
url_regex -i backup.exe#acl file_terlarang url_regex -i GnoOS2003#acl
file_terlarang url_regex -i wintrim.exe#acl file_terlarang url_regex -i
MPREXE.EXE#acl file_terlarang url_regex -i exengd.EXE#acl file_terlarang url_regex
-i xxxvideo.exe#acl file_terlarang url_regex -i Save.exe#acl file_terlarang
url_regex -i ATLBROWSER.DLL#acl file_terlarang url_regex -i NawaL_rm#acl
file_terlarang url_regex -i Socks32.dll#acl file_terlarang url_regex -i
Sc32Lnch.exe#acl file_terlarang url_regex -i dat0.exe#http_access deny
file_terlarang###youtube's videos#refresh_pattern -i (get_video\?|videodownload\?|
videoplayback\?) 161280 50000% 525948 override-expire ignore-reload##and for
pictures#refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)(\?|$) 161280
3000% 525948 override-expire reload-into-ims#refresh_pattern ^http://
(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignoreprivate#refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 overrideexpire ignore-no-cache ignore-private#refresh_pattern
^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\? 43200 90% 999999
override-expire ignore-no-cache ignore-private#refresh_pattern
^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\? 43200 90% 999999 overrideexpire ignore-no-cache ignore-private#refresh_pattern -i (/cgi-bin/|\?) 0 0%
0#refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-

into-ims override-lastmod#refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|

wma) 43200 90% 129600 reload-into-ims override-lastmod#refresh_pattern -i \.(zip|
rar|tgz|bin|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims overridelastmod#refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440
reload-into-ims override-lastmod#refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080
90% 43200 override-expire#refresh_pattern -i \.(jpe|tif)$ 10080 90% 43200 overrideexpire#refresh_pattern -i \.(mpe|wmv|wav|au|mid)$ 10080 90% 43200 overrideexpire#refresh_pattern -i \.(arj|lha|lzh)$ 10080 90% 43200 overrideexpire#refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 90% 43200 overrideexpire#refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 90% 43200 overrideexpire#refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-intoims#refresh_pattern ^http://*.google.*/.* 720 90% 4320 reload-into-ims overridelastmod#refresh_pattern ^http://*korea.*/.* 720 90% 4320 reload-into-ims overridelastmod#refresh_pattern ^http://*.akamai.*/.* 720 90% 4320 reload-into-ims
override-lastmod#refresh_pattern ^http://*.windowsmedia.*/.* 720 90% 4320 reloadinto-ims override-lastmod#refresh_pattern ^http://*.googlesyndication.*/.* 720 90%
4320 reload-into-ims override-lastmod#refresh_pattern ^http://*.plasa.*/.* 720 90%
4320 reload-into-ims override-lastmod#refresh_pattern ^http://*.telkom.*/.* 720 90%
4320 reload-into-ims override-lastmod#refresh_pattern ^http://*.friendster.com/.*
720 90% 10080 reload-into-ims override-lastmod#refresh_pattern
^http://*.facebook.com/.* 720 90% 10080 reload-into-ims overridelastmod#refresh_pattern ^http://*.blogspot.*/.* 720 90% 10080#refresh_pattern
^http://*.wikipedia.*/.* 720
90% 10080#refresh_pattern ^http://*.wordpress.*/.* 720 90% 10080#refresh_pattern
^http://*.bhinneka.*/.* 720 90% 10080#refresh_pattern ^http://*.okezone.*/.* 720
90% 10080#refresh_pattern ^http://*.multiplay.*/.* 720 90% 10080#refresh_pattern
^http://*.blogger.*/.* 720 90% 10080#refresh_pattern ^gopher: 1440 0%
1440#refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims overrideexpire#refresh_pattern ^http://www.detiksport.com/.* 180 35% 4320 override-expire
override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.kompas.com/.* 180 35% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.detiknews.com/.* 180 35% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.photobucket.com/.* 180 100% 4320 override-expire override-lastmod
ignore-reload reload-into-ims#refresh_pattern ^http://www.detikhot.com/.* 180 35%
4320 override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.kapanlagi.com/.* 180 35% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.okezone.com/.* 180 35% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.indowebster.com/.* 180 100% 4320 override-expire override-lastmod
ignore-reload reload-into-ims#refresh_pattern ^http://www.telkomspeedy.com/.* 180
100% 4320 override-expire override-lastmod ignore-reload reload-intoims#refresh_pattern ^http://www.imagevenue.com/.* 180 100% 4320 override-expire
override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.flickr.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.imageshack.us/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.usercash.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.googlesyndication.com/.* 180
100% 4320 override-expire override-lastmod ignore-reload reload-intoims#refresh_pattern ^http://www.co.cc/.* 180 35% 4320 override-expire overridelastmod ignore-reload reload-into-ims#refresh_pattern ^http://www.21cineplex.com/.*
180 35% 4320 override-expire override-lastmod ignore-reload reload-intoims#refresh_pattern ^http://www.saatchi-gallery.co.uk/.* 180 100% 4320 overrideexpire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.onemanga.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.jobsdb.com/.* 180 35% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.imeem.com/.* 180 100% 4320 override-expire override-lastmod ignore-

reload reload-into-ims#refresh_pattern ^http://www.download.com/.* 180 100% 4320

override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.amazon.com/.* 180 35% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.friendster-layouts.com/.* 180
100% 4320 override-expire override-lastmod ignore-reload reload-intoims#refresh_pattern ^http://www.geocities.com/.* 180 100% 4320 override-expire
override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.redtube.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.files.wordpress.com/.* 180 100%
4320 override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://indonetwork.co.id/.* 180 35% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://gudanglagu.com/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://megaupload.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.karir.com/.* 180 35% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.myspace.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.multiply.com/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.rapidshare.com/.* 180 100% 4320 override-expire override-lastmod
ignore-reload reload-into-ims#refresh_pattern ^http://www.4shared.com/.* 180 100%
4320 override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.ziddu.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.kaskus.com/.* 180 35% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://www.kaskus.us/.* 180 35% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://www.friendster.com/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://mail.yahoo.com/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://login.yahoo.com/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://mail.yahoo.co.id/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://mail.google.com/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://*.yahoo.*/.* 180 100% 4320 override-expire override-lastmod ignore-reload
reload-into-ims#refresh_pattern ^http://*.yahoo.com/.* 180 100% 4320 overrideexpire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://*.yahoo.co.id/.* 180 100% 4320 override-expire override-lastmod ignorereload reload-into-ims#refresh_pattern ^http://*.akamai.net/.* 180 100% 4320
override-expire override-lastmod ignore-reload reload-into-ims#refresh_pattern
^http://*.yimg.*/.* 180 100% 4320 override-expire override-lastmod ignore-reload
reload-into-ims#refresh_pattern ^http://*.gmail.*/.* 180 100% 4320 override-expire
override-lastmod ignore-reload reload-into-ims#refresh_pattern ^http://*.detik.*/.*
180 35% 4320 override-expire override-lastmod ignore-reload reload-intoims#refresh_pattern . 0 20% 4320###opsi zph#zph_mode tos#zph_local 0x30#zph_parent
0#zph_option 136###opsi yg lain#quick_abort_min 0#quick_abort_max 0#quick_abort_pct
100#ie_refresh off#client_lifetime 2 hours##ipcache_size 4096##ipcache_low
90##ipcache_high 95#maximum_object_size_in_memory 64 KBdari browser masuk ke tab
web proxy lalu klik save and restart##Install Urlfilter#Dengan cara yang sama,
pindahkan file urlfilter hasil donlot ke folder /tmp dengan menggunakan winscp,
lalu uncompress#login melalui ssh dengan user root, untuk windows bisa menggunakan
putty dengan port ssh 222#uncompress urlfiltertar -xzf sw3-nn-urlfilterversion.tar.gzmasuk kedirektory hasil uncompress dan jalankan./installsetelah
selesai install, melalui browser masuk ke smoothwall dan di tab service dibagian
service sudah terdapat option url filter.###Untuk update blacklist-nya bisa #
HYPERLINK "http://www.shallalist.de/Downloads/shallalist.tar.gz"##disini##
HYPERLINK "http://www.shallalist.de/Downloads/shallalist.tar.gz"####setelah semua
option yang diinginkan untuk difilter kemudian di save.#untuk menggabungkan dengan
advproxy (dibagian paling bawah tab web-proxy terdapat option url filter) silahkan

diceklist dan klik save and restart web-proxy nya.##Install calamaris webproxy
reporting#Dengan cara yang sama, pindahkan file urlfilter hasil donlot ke folder
/tmp dengan menggunakan winscp, lalu uncompress#login melalui ssh dengan user root,
untuk windows bisa menggunakan putty dengan port ssh 222#uncompress urlfiltertar
-xzf sw3-nn-calamaris-version.tar.gzmasuk kedirektory hasil uncompress dan jalankan
./installSetelah berhasil install maka di tab logs (dilihat melalui browser) akan
terdapat tab proxy report.##sedikit tuning......#edit file /etc/rc.d/rc.firewall.up
dengan...# set network tweaks#echo 49152 > /proc/sys/fs/file-max#echo 262144 >
/proc/sys/net/core/rmem_default#echo 262144 > /proc/sys/net/core/rmem_max#echo
262144 > /proc/sys/net/core/wmem_default#echo 262144 >
/proc/sys/net/core/wmem_max#echo 4096 87380 8388608 >
/proc/sys/net/ipv4/tcp_rmem#echo 4096 65536 8388608 >
/proc/sys/net/ipv4/tcp_wmem#echo 4096 4096 4096 > /proc/sys/net/ipv4/tcp_mem#echo 1
> /proc/sys/net/ipv4/tcp_low_latency#echo 4000 >
/proc/sys/net/core/netdev_max_backlog#echo 1024 65000 >
/proc/sys/net/ipv4/ip_local_port_range#echo 16384 >
/proc/sys/net/ipv4/tcp_max_syn_backloglalu reboot smoothwall-nya..##Untuk mengetest
silahkan di browser client di isikan proxy secara manual dan dicoba untuk
browsing..##Transparent proxy....##Masukan rule ini melalui terminal mikrotik :/ip
firewall nat#add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80
\#in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\#192.168.10.2
to-ports=8080ini untuk membuat agar client tidak perlu memasukan secara manual
setting port proxy kedalam browsernya (transparent) dan memaksa semua trafik http
(port 80) untuk di dst-nat ke ip smoothwall (192.168.10.2 itu ip smoothwall,
silahkan sesuaikan dengan jaringan anda)# HYPERLINK
"http://yulian.firdaus.or.id/2007/09/07/load-balance-speedy/"##Load Balancing Dual
DSL Speedy di Satu Router#Jumat, 7 September 2007M#24 Syaban 1428H# HYPERLINK
"http://www.recoverybull.com/"##data recovery# # HYPERLINK
"http://www.datingsingles.no/"##Dating# # HYPERLINK
"http://store.lauraashley.com/"##Laura Ashley# # HYPERLINK
"http://www.memorystock.com/"##HP Compaq RAM Memory Upgrade# # HYPERLINK
"http://www.infiniteadvice.com/"##Psychic# #####Banyak pertanyaan dari teman-teman,
terutama para operator warnet, admin jaringan sekolah/kampus dan korporasi tentang
load
balancing dua atau lebih koneksi internet. Cara praktikal sebenarnya banyak
dijumpai jika kita cari di internet, namun banyak yang merasa kesulitan pada saat
diintegrasikan. Penyebab utamanya adalah karena kurang mengerti konsep jaringan,
baik di layer 2 atau di layer 3 protokol TCP/IP. Dan umumnya dual koneksi, atau
multihome lebih banyak diimplementasikan dalam protokol BGP. Protokol routing kelas
ISP ke atas, bukan protokol yang dioprek-oprek di warnet atau jaringan kecil.
Berikut beberapa konsep dasar yang sering memusingkan:1. Unicast#Protokol dalam
trafik internet yang terbanyak adalah TCP, sebuah komunikasi antar host di internet
(praktiknya adalah client-server, misal browser anda adalah client maka google
adalah server). Trafik ini bersifat dua arah, client melakukan inisiasi koneksi dan
server akan membalas inisiasi koneksi tersebut, dan terjadilah TCP session (SYN dan
ACK).2. Destination-address#Dalam jaringan IP kita mengenal router, sebuah
persimpangan antara network address dengan network address yang lainnya. Makin
menjauh dari pengguna persimpangan itu sangat banyak, router-lah yang mengatur
semua trafik tersebut. Jika dianalogikan dengan persimpangan di jalan, maka rambu
penunjuk jalan adalah routing table. Penunjuk jalan atau routing table mengabaikan
anda datang dari mana, cukup dengan anda mau ke mana dan anda akan diarahkan ke
jalan tepat. Karena konsep inilah saat kita memasang table routing cukup dengan dua
parameter, yaitu network address dan gateway saja.3. Source-address#Source-address
adalah alamat IP kita saat melakukan koneksi, saat paket menuju ke internet paket
akan melewati router-router ISP, upstream provider, backbone internet dst hingga
sampai ke tujuan (SYN). Selanjutnya server akan membalas koneksi (ACK) sebaliknya
hingga kembali ke komputer kita. Saat server membalas koneksi namun ada gangguan
saat menuju network kita (atau ISPnya) maka komputer kita sama sekali tidak akan
mendeteksi adanya koneksi. Seolah-olah putus total, walaupun kemungkinan besar

putusnya koneksi hanya satu arah.4. Default gateway#Saat sebuah router mempunyai
beberapa interface (seperti persimpangan, ada simpang tiga, simpang empat dan
simpang lima) maka tabel routing otomatis akan bertambah, namun default router atau
default gateway hanya bisa satu. Fungsinya adalah mengarahkan paket ke network
address yang tidak ada dalam tabel routing (network address 0.0.0.0/0).5. Dua
koneksi#Permasalahan umumnya muncul di sini, saat sebuah router mempunyai dua
koneksi ke internet (sama atau berbeda ISP-nya). Default gateway di router tetap
hanya bisa satu, ditambah pun yang bekerja tetap hanya satu. Jadi misal router NAT
anda terhubung ke ISP A melalui interface A dan gateway A dan ke ISP B melalui
interface B dan gateway B, dan default gateway ke ISP A, maka trafik downlink hanya
akan datang dari ISP A saja. Begitu juga sebaliknya jika dipasang default gateway
ke ISP B.Bagaimana menyelesaikan permasalahan tersebut?#Konsep utamanya adalah
source-address routing. Source-address routing ibaratnya anda dicegat di
persimpangan oleh polisi dan polisi menanyakan anda dari mana? dan anda akan
ditunjukkan ke jalur yang tepat.Pada router NAT (atau router pada umumnya), sourceaddress secara default tidak dibaca, tidak dipertimbangkan. Jadi pada kasus di atas
karena default gateway ke ISP A maka NAT akan meneruskan paket sebagai paket yang
pergi dari IP address interface A (yang otomatis akan mendapat downlink dari ISP A
ke interface A dan diteruskan ke jaringan dalam).Dalam jaringan yang lebih besar
(bukan NAT), source-address yang melewati network lain disebut sebagai transit (dihandle dengan protokol BGP oleh ISP). Contoh praktis misalnya anda membeli
bandwidth yang turun dari satelit melalui DVB, namun koneksi uplink menggunakan
jalur terestrial (dial-up, leased-line atau fixed-wireless). Dalam kasus ini paket
inisiasi koneksi harus menjadi source-address network downlink DVB, agar bandwidth
downlink dari internet mengarah DVB receiver, bukan ke jalur terestrial.Di
lingkungan Linux, pengaturan source-address bisa dilakukan oleh iproute2. Iproute2
akan bekerja sebelum diteruskan ke table routing. Misal kita mengatur dua segmen
LAN internal agar satu segmen menjadi source-address A dan satu segmen lainnya
menjadi source-address B, agar kedua koneksi ke ISP terutilisasi bersamaan.
Penerapan utilisasi dua koneksi tersebut bisa mengambil tiga konsep, yaitu roundrobin, loadbalance atau failover. 6. Round-robin#Misalkan anda mempunyai tiga
koneksi internet di satu router NAT, koneksi pertama di sebut Batman, koneksi kedua
disebut Baskin dan koneksi ketiga disebut Williams, maka konsep round-robin adalah
sang Robin akan selalu berpindah-pindah secara berurutan mengambil source-address
(bukan random). Misal ada satu TCP session dari komputer di jaringan internal, maka
koneksi TCP tersebut tetap di source-address pertama hingga sesi TCP selesai
(menjadi Batman & Robin). Saat TCP session Batman & Robin tersebut belum selesai,
ada ada request koneksi baru dari jaringan, maka sang Robin akan mengambil sourceaddress koneksi berikutnya, menjadi Baskin & Robin. Dan seterusnya sang Robin akan
me-round-round setiap koneksi tanpa memperhatikan penuh atau tidaknya salah satu
koneksi.Pasti anda sedang pusing membaca kalimat di atas, atau sedang tertawa
terbahak-bahak.7. Loadbalance#Konsep loadbalance mirip dengan konsep round-robin di
atas, hanya saja sang Robin dipaksa melihat utilisasi ketiga koneksi tersebut di
atas. Misalkan koneksi Batman & Robin serta Baskin & Robin sudah penuh, maka
koneksi yang dipilih yang lebih kosong, dan koneksi yang diambil menjadi Robin
Williams. Request koneksi berikutnya kembali sang Robin harus melihat dulu
utilisasi koneksi yang ada, apakah ia harus menjadi Batman & Robin, Baskin & Robin
atau Robin Williams, agar semua utilisasi koneksi seimbang, balance.8.
Failover#Konsep fail-over bisa disebut sebagai backup otomatis. Misalkan kapasitas
link terbesar adalah link Batman, dan link Baskin lebih kecil. Kedua koneksi
tersebut terpasang online, namun koneksi tetap di satu link Batman & Robin,
sehingga pada saat link Batman jatuh koneksi akan berpindah otomatis ke link
Baskin, menjadi Baskin & Robin hingga link Batman up kembali.*makan es krim
Haagendaz dulu*Tools NAT yang mempunyai ketiga fitur di atas adalah Packet Firewall
(PF) di lingkungan BSD, disebut dengan nat pool. Saya belum menemukan implementasi
yang bagus (dan cukup mudah) di Linux dengan iproute2. *Uraian panjang di atas
hanyalah kata sambutan sodara-sodara* Berikut contoh implementasi load balance dua
koneksi sesuai judul di atas. Dijalankan di mesin OpenBSD sebagai NAT router dengan
dua koneksi DSL Telkom, interface ethernet sk0 dan sk1. 1. Aktifkan forwarding

di /etc/sysctl.confnet.inet.ip.forwarding=12. Pastikan konfigurasi interface dan

default routing kosong, hanya filename saja# /etc/hosts.sk0# /etc/hosts.sk1#
/etc/hostname.sk0# /etc/hostname.sk1# /etc/mygateScript koneksi DSL Speedy, pppoe0
untuk koneksi pertama dan pppoe1 untuk koneksi kedua. Sesuaikan interface, username
dan passwordnya. Jangan lupa, gunakan indent tab.# /etc/ppp/ppp.confdefault:
set log Phase Chat LCP IPCP CCP tun command
set redial 15 0
set
reconnect 15 10000pppoe0:
set device "!/usr/sbin/pppoe -i sk0"
disable acfcomp protocomp
deny acfcomp
set mtu max 1492
set
mru max 1492
set crtscts off
set speed sync
enable lqr
set lqrperiod 5
set cd 5
set dial
set login
set timeout
0
set authname blahblahblah@telkom.net
set authkey asaljangandejek
add! default HISADDR
enable dns
enable mssfixuppppoe1:
set
device "!/usr/sbin/pppoe -i sk1"
disable acfcomp protocomp
deny
acfcomp
set mtu max 1492
set mru max 1492
set crtscts off
set speed sync
enable lqr
set lqrperiod 5
set cd 5
set
dial
set login
set timeout 0
set authname
blahblahblah2@telkom.net
set authkey vikingboneksamasaja
add! default
HISADDR
enable dns
enable mssfixup3. Aktifkan interface sk0 dan sk1#
ifconfig sk0 up# ifconfig sk1 up4. Jalankan PPPoE, Point to Point Protocol over
Ethernet.# ppp -ddial pppoe0# ppp -ddial pppoe15. Jika koneksi Speedy berhasil, IP
address dari Speedy akan di-binding di interface tunneling tun0 dan tun1# ifconfig
tun0: flags=8051 mtu 1492
groups: tun egress
inet 125.xxx.xxx.113 -->
125.163.72.1 netmask 0xfffffffftun1: flags=8051 mtu 1492
groups: tun
inet 125.xxx.xxx.114 --> 125.163.72.1 netmask 0xffffffff6. Dan default gateway akan
aktif# netstat -nr |moreRouting tablesInternet:Destination
Gateway
Flags
Refs
Use
Mtu Interfacedefault
125.163.72.1
UGS
7
17529
tun07. Serta konfigurasi resolver DNS pun akan terisi# cat
/etc/resolv.conflookup file bindnameserver 202.134.2.5nameserver 203.130.196.58.
Aktifkan Packet Firewall pf# /etc/rc.confpf=YES9. Script Packet Firewall NAT dan
balancing dengan round-robin (ganti round-robin dengan loadbalance jika lebih
sesuai dengan kebutuhan anda). Baris yang di-indent masih termasuk baris di
atasnya. Entah kenapa tag <pre> malah menghilangkan karakter backslash (\).#
/etc/pf.conflan_net = "10.0.0.0/8"int_if = "vr0"ext_if1 = "tun0"ext_if2 = "tun1"
ext_gw1 = "125.163.72.1"ext_gw2 = "125.163.72.1"# scrub allscrub in all# nat
outgoing connections on each internet interfacenat on $ext_if1 from $lan_net to any
-> ($ext_if1)nat on $ext_if2 from $lan_net to any -> ($ext_if2)# pass all outgoing
packets on internal interfacepass out on $int_if from any to $lan_net# pass in
quick any packets
destined for the gateway itselfpass in quick on $int_if from $lan_net to $int_if#
load balance outgoing tcp traffic from internal network.pass in on $int_if route-to
\
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from
$lan_net to any flags S/SA modulate state# load balance outgoing udp and icmp
traffic from internal networkpass in on $int_if route-to \
{ ($ext_if1
$ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net
to any keep state# general "pass out" rules for external interfacespass out on
$ext_if1 proto tcp from any to any flags S/SA modulate statepass out on $ext_if1
proto { udp, icmp } from any to any keep statepass out on $ext_if2 proto tcp from
any to any flags S/SA modulate statepass out on $ext_if2 proto { udp, icmp } from
any to any keep state10. Aktifkan script yang diperlukan di /etc/rc.local agar
setiap reboot langsung bekerja.ifconfig sk0 upifconfig sk1 up# aktifkan speedyppp
-ddial pppoe0ppp -ddial pppoe1PF akan langsung bekerja membaca /etc/pf.conf.#Jika
harus me-restart koneksi DSL Speedy, pastikan pppoe dimatikan dulu# pkill pppJika
tidak, maka ppp akan membuat tunneling baru menjadi tun2, tun3 dan seterusnya.11.
Untuk memantau fungsi nat pool round-robin di atas bekerja atau tidak, bisa
menggunakan tools pftop yang bisa diambil di # HYPERLINK
"http://www.eee.metu.edu.tr/~canacar/pftop/"##http://www.eee.metu.edu.tr/~canacar/p
ftop/#Jika anda mengoptimasikan koneksi jaringan juga dengan menggunakan proxy,
misalnya Squid, maka proxy Squid jangan dipasang juga di mesin router NAT tersebut,
sebab saat Squid mengakses halaman web ke internet; oleh PF dianggap bukan sebagai

koneksi NAT, jadi tidak akan di-balance, dan akan stay mengambil interface utama
dan default gateway pertama. Simpanlah mesin proxy/squid di belakang router NAT,
agar koneksi proxy ke internet menjadi trafik NAT yang akan di-balance oleh script
PF di atas.Memisahkan Bandwidth Lokal dan International menggunakan MikrotikFrom
SpeedyWikiJump to: # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/Memisahkan_Bandwidth_L
okal_dan_International_menggunakan_Mikrotik" \l "column-one"##navigation#, #
HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/Memisahkan_Bandwidth_L
okal_dan_International_menggunakan_Mikrotik" \l "searchInput"##search# Written by
harijanto@datautama.net.id ## HYPERLINK
"http://www.zimbio.com/go/http:/www.datautama.net.id/"##http://www.datautama.net.id
##Wednesday, 08 November 2006Versi 3 Perubahan dari versi sebelumnya: Proses mangle
berdasarkan address-list Pemisahan traffic Indonesia dan overseas lebih akurat
Semakin berkembangnya konten Internet lokal di Indonesia telah memberikan peluang
bisnis baru dalam industri Internet di Indonesia. Saat ini banyak # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Internet_Service_Provider&action=edit"##Internet Service ## HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Internet_Service_Provider&action=edit"##Provider# (# HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=ISP&action=edit"##ISP#) yang menawarkan paket bandwidth lokal atau #
HYPERLINK "http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=IIX&action=edit"##IIX# yang lebih besar dibandingkan bandwidth Internet
Internasional, hal ini seiring dengan semakin banyaknya pengelola # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/RT/RW-net"##RT/RW-net#
yang mampu menyediakan layanan koneksi Internet yang lebih terjangkau bagi
lingkungan sekitarnya. Permasalahan umum yang terjadi pada jaringan # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/RT/RW-net"##RT/RW-net#
adalah masalah pengaturan bandwidth. Pada umumnya pengelola # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/RT/RW-net"##RT/RW-net#
akan kesulitan pada saat ingin memisahkan antara traffic lokal dengan traffic
internasional karena umumnya jaringan # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/RT/RW-net"##RT/RW-net#
hanya menggunakan static routing, berbeda dengan # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=ISP&action=edit"##ISP# yang mampu membangun jaringan yang lebih komplek
menggunakan protocol routing # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=BGP&action=edit"##BGP# sehingga # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=ISP&action=edit"##ISP# dapat dengan mudah memisahkan antara traffic local dan
internasional. Untuk memisahkan traffic lokal dengan traffic internasional tersebut
# HYPERLINK "http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/RT/RWnet"##RT/RW-net# dapat dengan mudah menggunakan # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=PC_Router&action=edit"##PC Router# + # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Sistem_Operasi&action=edit"##Sistem Operasi# # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Mikrotik&action=edit"##Mikrotik#, # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Mikrotik&action=edit"##Mikrotik# sebenarnya adalah linux yang sudah di buat
sedemikian rupa oleh pengembangnya sehingga sangat mudah diinstall dan di konfigur
dengan banyak sekali fitur dan fungsi. Untuk lebih lanjut mengenai mikrotik dapat
dilihat pada situs webnya # HYPERLINK
"http://www.zimbio.com/go/http:/www.mikrotik.com/"##http://www.mikrotik.com# atau #
HYPERLINK
"http://www.zimbio.com/go/http:/www.mikrotik.co.id/"##http://www.mikrotik.co.id#

Berikut adalah sekenario jaringan dengan # HYPERLINK

"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Mikrotik&action=edit"##Mikrotik# sebagai # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Router&action=edit"##router# ##Gambar 1. Skenario Jaringan #Penjelasan:
Mikrotik Router dengan 2 Network Interface Card (NIC) Ether1 dan Ether3, dimana
Ether1 adalah Ethernet yang terhubung langsung ke ISP dan Ether3 adalah Ethernet
yang terhubung langsung dengan jaringan 192.168.2.0/24 Bandwidth dari ISP misalnya
256Kbps internasional dan 1024Kbps lokal IIX Komputer 192.168.2.4 akan diberi
alokasi bandwidth 128Kbps internasional dan 256Kbps lokal IIX #Untuk memisahkan
antara traffic lokal # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=IIX&action=edit"##IIX# dengan traffic internasional caranya adalah dengan
menandai paket data yang menuju atau berasal dari jaringan lokal # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=IIX&action=edit"##IIX# menggunakan mangle. Pertanyaannya bagaimana caranya
Mikrotik bisa mengetahui paket tersebut menuju atau berasal dari jairngan lokal #
HYPERLINK "http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=IIX&action=edit"##IIX#? Jawabannya adalah dengan mengambil data dari #
HYPERLINK
"http://www.zimbio.com/go/http:/lg.mohonmaaf.com/"##http://lg.mohonmaaf.com# karena
# HYPERLINK
"http://www.zimbio.com/go/http:/lg.mohonmaaf.com/"##http://lg.mohonmaaf.com# sudah
tidak aktif maka data dapat diambil dari: # HYPERLINK
"http://www.zimbio.com/go/http:/203.89.24.3/cgibin/lg.cgi"##http://203.89.24.3/cgi-bin/lg.cgi#Pilih Query dengan men-cek-list #
HYPERLINK "http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=BGP&action=edit"##BGP# dan klik Submit ##Gambar 2. Hasil Query # HYPERLINK
"http://www.zimbio.com/go/http:/lg.mohonmaaf.com/"##http://lg.mohonmaaf.com# untuk
perintah show ip bgp Fungsi dari # HYPERLINK
"http://www.zimbio.com/go/http:/lg.mohonmaaf.com/"##http://lg.mohonmaaf.com# adalah
sebagai fasilitas looking glass jaringan lokal yang dikelola oleh PT. IDC , terima
kasih kepada Bapak Johar Alam yang telah menyediakan layanan tersebut. Dari hasil
query tersebut selanjutnya simpan sebagai text files untuk selanjutnya dapat diolah
dengan menggunakan spreadsheet contohnya Ms. Excel untuk mendapatkan semua alamat
Network yang diadvertise oleh router-router BGP ISP lokal Indonesia pada #
HYPERLINK "http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=BGP&action=edit"##BGP# router IDC atau # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=National_Inter_Connection_Exchange&action=edit"##National Inter Connection
Exchange# (NICE). Pada penjelasan versi-2 dokumen ini saya menggunakan teknik
langsung memasukkan daftar ip blok ke /ip firewall mangle, dengan teknik ini saya
harus memasukkan dua kali daftar ip yang didapat dari router NICE ke /ip firewall
mangle. Cara lain yang lebih baik adalah dengan memasukkan daftar ip blok dari
router NICE ke /ip firewall address-list dengan demikian maka pada /ip firewall
mangle hanya terdapat beberapa baris saja dan pemisahan traffic Indonesia dan
overseas dapat lebih akurat karena mangle dapat dilakukan berdasarkan address-list
saja. Lebih jelasnya adalah sbb: Selanjutnya buat script berikut untuk dapat
diimport oleh router # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Mikrotik&action=edit"##Mikrotik# / ip firewall address-list#add list=nice
address=58.65.240.0/23 comment="" disabled=no#add list=nice address=58.65.242.0/23
comment="" disabled=no#add list=nice address=58.65.244.0/23 comment=""
disabled=no#add list=nice address=58.65.246.0/23 comment="" disabled=no#add
list=nice address=58.145.174.0/24 comment="" disabled=no#add list=nice
address=58.147.184.0/24 comment="" disabled=no#add list=nice
address=58.147.185.0/24 comment="" disabled=no#dstuntuk mendapatkan script diatas
dapat melalui # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?

title=URL&action=edit"##URL#
berikut: # HYPERLINK
"http://www.zimbio.com/go/http:/www.datautama.net.id/harijanto/mikrotik/datautamanice.php"##http://www.datautama.net.id/harijanto/mikrotik/datautama-nice.php#URL
diatas secara online akan melakukan query ke router # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=NICE&action=edit"##NICE# dari # HYPERLINK
"http://www.zimbio.com/go/http:/lg.mohonmaaf.com/"##http://lg.mohonmaaf.com#
CATATAN: Karena lg.mohonmaaf.com tidak dapat diakses maka utk daftar # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=Ip_local&action=edit"##ip local# dapat di ambil dari # HYPERLINK
"http://www.zimbio.com/go/http:/ixp.mikrotik.co.id/download/nice.rsc"##http://ixp.m
ikrotik.co.id/download/nice.rsc#atau dari # HYPERLINK
"http://www.zimbio.com/go/http:/www.datautama.net.id/harijanto/mikrotik/datautamanice.php"##http://www.datautama.net.id/harijanto/mikrotik/datautama-nice.php#yang
datanya dari looking glass DatautamaNet dari hasil URL diatas copy lalu paste ke
mikrotik dengan menggunakan aplikasi putty.exe ssh ke ipmikrotik tersebut, caranya
setelah di copy teks hasil proses URL diatas lalu klik kanan mouse pada jendela ssh
putty yang sedang meremote mikrotik tersebut. Cara ini agak kurang praktis tetapi
karena jika script diatas dijadikan .rsc ternyata akan bermasalah karena ada
beberapa baris ip blok yang saling overlap sebagai contoh: \... add
address=222.124.64.0/23 list="nice"#[datautama@router-01-jkt] > /ip firewall
address-list \#\... add address=222.124.64.0/21 list="nice"#address ranges may not
overlapdimana 222.124.64.0/21 adalah supernet dari 222.124.64.0/23 artinya diantara
dua blok ip tersebut saling overlap, sehingga pada saat proses import menggunakan
file .rsc akan selalu berhenti pada saat menemui situasi seperti ini. Sampai saat
ini saya belum menemukan cara yang praktis utk mengatasi hal tersebut diatas. Kalau
saja kita bisa membuat address-list dari table prefix # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=BGP&action=edit"##BGP# yang dijalankan di mikrotik maka kita bisa mendapatkan
address-list dengan lebih sempurna. Selanjutnya pada /ip firewall mangle perlu
dilakukan konfigurasi sbb: / ip firewall mangle#add chain=forward src-addresslist=nice action=mark-connection \# new-connection-mark=mark-con-indonesia
passthrough=yes comment="mark all \# indonesia source connection traffic"
disabled=no#add chain=forward dst-address-list=nice action=mark-connection \# newconnection-mark=mark-con-indonesia passthrough=yes comment="mark all \# indonesia
destination connection traffic" disabled=no#add chain=forward src-address-list=!
nice action=mark-connection \# new-connection-mark=mark-con-overseas
passthrough=yes comment="mark all \# overseas source connection traffic"
disabled=no#add chain=forward dst-address-list=!nice action=mark-connection \#
new-connection-mark=mark-con-overseas passthrough=yes comment="mark all \#
overseas destination connection traffic" disabled=no#add chain=prerouting
connection-mark=mark-con-indonesia action=mark-packet \# new-packet-mark=indonesia
passthrough=yes comment="mark all indonesia \# traffic" disabled=no#add
chain=prerouting connection-mark=mark-con-overseas action=mark-packet \# newpacket-mark=overseas passthrough=yes comment="mark all overseas \# traffic"
disabled=noLangkah selanjutnya adalah mengatur bandwidth melalui queue simple,
untuk mengatur bandwidth internasional 128Kbps dan bandwidth lokal # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php?
title=IIX&action=edit"##IIX# 256Kbps pada komputer dengan IP 192.168.2.4 dapat
dilakukan dengan contoh script sbb: / queue simple#add name="harijant-indonesia"
target-addresses=192.168.2.4/32 \# dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=indonesia \# direction=both priority=8 queue=default/default limitat=0/0 \# max-limit=256000/256000 total-queue=default disabled=no#add
name="harijanto-overseas" target-addresses=192.168.2.4/32 \# dst-address=0.0.0.0/0
interface=all parent=none packet-marks=overseas \# direction=both priority=8
queue=default/default limit-at=0/0 \# max-limit=128000/128000 total-queue=default
disabled=noScript diatas berarti hanya komputer dengan IP 192.168.2.4 saja yang di
batasi bandwidthnya 128Kbps internasional (overseas) dan 256Kbps lokal IIX

(indonesia) sedangkan yang lainnya tidak dibatasi. Hasil dari script tersebut
adalah sbb: ##Gambar 3. simple queue untuk komputer 192.168.2.4 #Dengan demikian
maka komputer 192.168.2.4 hanya dapat mendownload atau mengupload sebesar 128Kbps
untuk internasional dan 256Kbps untuk lokal IIX. Untuk mengujinya dapat menggunakan
bandwidthmeter sbb: ##Gambar 4. Hasil bandwidth meter komputer 192.168.2.4 ke lokal
ISP ##Gambar 5. Hasil bandwidth meter ke ISP internasional Dengan demikian berarti
Mikrotik telah berhasil mengatur pemakaian bandwidth internasional dan lokal IIX
sesuai dengan yang diharapkan pada komputer 192.168.2.4. Pada penjelasan versi-3
ini proses mangle terhadap traffic overseas dapat lebih akurat karena menggunakan
address-list dimana arti dari src-address=!nice adalah source address bukan nice
dan dst-address=!nice adalah destination address bukan nice. Sehingga demikian
traffic overseas tidak akan salah identifikasi, sebelumnya pada penjelasan versi2 traffic overseas bisa salah indentifikasi karena traffic overseas di
definisikan sbb add connection-mark=mark-con-indonesia action=mark-packet newpacket-mark=indonesia chain=prerouting comment="mark indonesia" add packet-mark=!
indonesia action=mark-packet new-packet-mark=overseas chain=prerouting
comment="mark all overseas traffic" packet-mark=!indonesia artinya packetmark=bukan paket Indonesia, padahal bukan paket Indonesia bisa saja paket
lainnya yang telah didefinisikan sebelumnya sehingga dapat menimbulkan salah
identifikasi. Adapun teknik diatas telah di test pada router mikrotik yang
menjalankan NAT , jika router mikrotik tidak menjalankan NAT coba rubah
chain=prerouting menjadi chain=forward. Untuk lebih lanjut mengenai pengaturan
bandwidth pada Mikrotik dapat dilihat pada manual mikrotik yang dapat didownload
pada # HYPERLINK
"http://www.zimbio.com/go/http:/www.mikrotik.com/docs/ros/2.9/RouterOS_Reference_Ma
nual_v2.9.pdf"##http://www.mikrotik.com/docs/ros/2.9/RouterOS_Reference_Manual_v2.9
.pdf##Script diatas dapat diimplementasikan pada Mikrotik Versi 2.9.27 , untuk
versi mikrotik sebelumnya kemungkinan ada perbedaan perintah. Load Balancing
Sederhana Pakai MikrotikFrom SpeedyWikiJump to: # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/Load_Balancing_Sederha
na_Pakai_Mikrotik" \l "column-one"##navigation#, # HYPERLINK
"http://www.zimbio.com/go/http:/125.160.17.21/wiki/index.php/Load_Balancing_Sederha
na_Pakai_Mikrotik" \l "searchInput"##search# Sumber abdi_wae # HYPERLINK
"http://www.zimbio.com/go/http:/opensource.telkomspeedy.com/forum/viewtopic.php?
pid=17386"##http://opensource.telkomspeedy.com/forum/viewtopic.php?pid=17386#
mungkin bisa di load balancing aja pak - biar gampang : modem1 ---#
+--- eth0 mikrotik --- eth2 LAN#
+--- eth1#modem2 ---manualnya ada
disini : # HYPERLINK
"http://www.zimbio.com/go/http:/www.mikrotik.com/testdocs/ros/2.9/ip/route.php"##ht
tp://www.mikrotik.com/testdocs/ros/2.9/ip/route.php# # Load Balancing over Multiple
GatewaysFrom MikroTik WikiJump to: # HYPERLINK
"http://www.zimbio.com/go/http:/wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple
_Gateways" \l "column-one"##navigation#, # HYPERLINK
"http://www.zimbio.com/go/http:/wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple
_Gateways" \l "searchInput"##search# The typical situation where you got one router
and want to connect to two ISPs: #Of course, you want to do load balancing! There
are several ways how to do it. Depending on the particular situation, you may find
one best suited for you. Policy Routing based on Client IP Address If you have a
number of hosts, you may group them by IP addresses. Then, depending on the source
IP address, send the traffic out through Gateway #1 or #2. This is not really the
best approach, giving you perfect load balancing, but it's easy to implement, and
gives you some control too. Let us assume we use for our workstations IP addresses
from network 192.168.100.0/24. The IP addresses are assigned as follows:
192.168.100.1-127 are used for Group A workstations 192.168.100.128-253 are used
for Group B workstations 192.168.100.254 is used for the router. All workstations
have IP configuration with the IP address from the relevant group, they all have
network mask 255.255.255.0, and 192.168.100.254 is the default gateway for them. We
will talk about DNS servers later. Now, when we have workstations divided into
groups, we can refer to them using subnet addressing: Group A is 192.168.100.0/25,

i.e., addresses 192.168.100.0-127 Group B is 192.168.100.128/25, i.e., addresses

192.168.100.128-255 If you do not understand this, take the TCP/IP Basics
course,#or, look for some resources about subnetting on the Internet!We need to add
two IP Firewall Mangle rules to mark the packets originated from Group A or Group B
workstations. For Group A, specify Chain prerouting and Src. Address
192.168.100.0/25 Action mark routing and New Routing Mark GroupA. #It is a good
practice to add a comment as well. Your mangle rules might be interesting for
someone else and for yourself as well after some time. For Group B, specify Chain
prerouting and Src. Address 192.168.100.128/25 Action mark routing and New Routing
Mark GroupB #All IP traffic coming from workstations is marked with the routing
marks GroupA or GroupB. We can use these marks in the routing table. #Next, we
should specify two default routes (destination
0.0.0.0/0) with appropriate routing marks and gateways: #This thing is not going
to work, unless you do masquerading for your LAN! The simplest way to do it is by
adding one NAT rule for Src. Address 192.168.100.0/24 and Action masquerade: Test
the setup by tracing the route to some IP address on the Internet! From a
workstation of Group A, it should go like this: C:\>tracert -d 8.8.8.8##Tracing
route to 8.8.8.8 over a maximum of 30 hops##1
2 ms
2 ms
2 ms
192.168.100.254#2
10 ms
4 ms
3 ms 10.1.0.1#...From a workstation of
Group B, it should go like this: C:\>tracert -d 8.8.8.8##Tracing route to 8.8.8.8
over a maximum of 30 hops##1
2 ms
2 ms
2 ms 192.168.100.254#2
10 ms
4 ms
3 ms 10.5.8.1#...You can specify the DNS server for workstations quite
freely, jArticles Load Balancing dan Fail Over [Group] pada Mikrotik#PendingWritten
on Aug-19-08 3:08pm/19/2008 8:08 GMT - Not yet published to a wikizine From:#
HYPERLINK "http://mellasaeblog.blogspot.com/2008/08/load-balancing-dan-fail-overgroup-pada.html" \n _blank##mellasaeblog.blogspot.com# # HYPERLINK
"http://www.zimbio.com/go/http:/jaylangkung.com/?p=100"##Load Balancing dan Fail
Over [Group] pada Mikrotik#April 27th, 2008 by admin Load Balancing dan Fail Over
[Group]#2 Speedy [atau lebih ]#dibawah ini akan di bahas tekhnik load balance dan
tekhnik fail over pada mikrotik routerTutorial bisa di Download # HYPERLINK
"http://www.zimbio.com/go/http:/rapidshare.com/files/110739968/Load_Balancing_dan_F
ail_Over.pdf"##Disini#Seumpama kita mempunyai address seperti ini :##IP Modem satu
adalah 192.168.110.1 dengan interface Wanatas dan IP Modem yang satunya adalah
192.168.120.1 dengan interface Wantengah sedangkan IP dari LAN 172.10.12.1
Sebelum kita menuju pengkonfigurasian Load Balancing kita susun dulu blok2 IP yang
akan digroup#Masuk ke IP >> Firewall#Dan pilih tab Addess Lists dan AddSeperti
contoh diatas saya bikin Group A dan Bdan dibawah adalah tampilan ketika tombol add
di klik, dan isikan Name dengan nama group anda yang pertama, dan seterusnya.#Jika
sudah menentuka blok IP berdasarkan group maka kita lanjut ke sesi berikutnya yaitu
:Konfigurasi MangleTetap pada Window Firewall tapi pindah ke Tab Mangel yang
seperti saya lingkari berwarna merah tersebut, setelah itu klik tombol Add yang
saya lingkari dengan warna biru.##Maka akan muncul Window seperti dibawah ini :##
Chain pilih prerouting kemudian pilih tab Advance#Jika sudah pilih#Src Address List
, jika kombo box belum muncul maka klik tombol panah yang sejajar dengan text box
dar src Address List hingga menjadi menghadap ke bawah#Jika sudah maka pilih group
A, dan begitu nanti untuk yang B. jika sudah di pilih group maka pindah ke tab
Action##Jika sudah pilih Tab Action maka akan muncul Window seperti di bawah ini :#
Pilih action menjadi mark routing dan isikan New Routing Mark sesuai nama dari
Group IP , seperti diatas kami memberi nama mrA.CTT : untuk Mangle yang group B
ulangi intruksi diatas lagi dengan nama yang berbeda dan pilih group yang berbeda
juga ^^OK Sudah selesai Lanjut ke bagian Routing ,Masuk ke menu#IP >> Route :
maka akan muncul Window Route Listpilih Add#dan akan muncul Window dibawah ini :#
isikan gatheway dengan IP modem pertama , yaitu 192.168.110.1 kemudian agar Fail
Over maka Chek Gateway pilih ping dan Mark pilih mrA untuk Group A, begitupun nanti
untuk menambahkan gatheway untuk group B dan ketika menekan tombol Apply, pastikan
interface benar tertuju ke WANatas yaitu modem Pertama, dan begitupun untuk group
B.#Nah agar kedua gatheway ini berjalan lancar , maka perlu ditambahkan gatheway
priority.Caranya : sama seperti add gatheway seperti diatas, tetapi kita akan
mengisikan lebih dari satu gatheway pada satu list. Seperti gambar di bawah ini :

##agar dapat menambahkan lebih dari satu gatheway, klik panah yang mengarah kebawah
yang sejajar dengan text box dari Gathway. Jika sudah Setelah tekan Tombol Apply
pastikan Interfacenya benar seperti urutan dari pengisian Gatheway.#Jika sudah
tekan OKSetelah kembali ke Route List periksa, jika salah satu List berwarna Biru,
maka Link dari modem tersebut sedang bermasalah atau tidak terkoneksi dengan
Internet. Periksa kembali jalur Internet dari jalur ke modem tersebut.OkSegini ajah
untuk LoadBalance mikrotik dari sayaSemoga BerhasilSyamsy (Samson RtRwNet)
[Jaylangkung.com]#rtrwnetmalang@yahoo.com# HYPERLINK
"http://soekry.wordpress.com/setting-mikrotik-sdsl-speedy-bandwith-management/"
#Setting MIKROTIK SDSL SPEEDY BANDWITHMANAGEMENT#Sebelumnya saya gambarkan dulu
skema jaringannya:LAN > Mikrotik RouterOS > Modem ADSL > INTERNETUntuk LAN, kita
pake kelas C, dengan network 192.168.0.0/24. Untuk Mikrotik RouterOS, kita perlu
dua ethernet card. Satu (ether1 192.168.1.2/24) untuk sambungan ke Modem ADSL dan
satu lagi (ether2 192.168.0.1/24) untuk sambungan ke LAN. Untuk Modem ADSL, IP
kita set 192.168.1.1/24.Sebelum mengetikkan apapun, pastikan Anda telah berada pada
root menu dengan mengetikkan /Set IP untuk masingethernet cardip address add
address=192.168.1.2/24 interface=ether1ip address add address=192.168.0.1/24
interface=ether2Untuk menampilkan hasil perintah di atas ketikkan perintah berikut:
ip address printKemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke
komputer yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP Anda sudah
benarping 192.168.1.1ping 192.168.0.10Menambahkan Routingip route add
gateway=192.168.1.1Setting DNSip dns set primary-dns=202.134.1.10 allow-remoterequests=yesip dns set secondary-dns=202.134.0.155 allow-remote-requests=yesKarena
koneksi ini menggunakan Speedy dari Telkom, maka DNS yg aq pake ya punya Telkom.
Silahkan sesuaikan dengan DNS provider Anda.Setelah itu coba Anda lakukan ping ke
yahoo.com misalnya:ping yahoo.comJika hasilnya sukses, maka settingan DNS sudah
benarSource NAT (Network Address Translation) / MasqueradingAgar semua komputer yg
ada di LAN bisa terhubung ke internet juga, maka Anda perlu menambahkan NAT
(Masquerade) pada Mikrotik.ip firewall nat add chain=srcnat action=masquerade outinterface=ether1Sekarang coba lakukan ping ke yahoo.com dari komputer yang ada di
LANping yahoo.comJika hasilnya sukses, maka setting masquerade sudah benarDHCP
(DynamicHost Configuration Protocol)Karena alasan supaya praktis, temenku pengin
pake DHCP Server. Biar klo tiap ada klien yang konek, dia ga perlu setting IP
secara manual. Tinggal obtain aja dari DHCP Server, beres dah. Untungnya Mikrotik
ini juga ada fitur DHCP Servernya. Jadi ya ga ada masalah..Membuat IP Address Pool
ip pool add name=dhcp-pool ranges=192.168.0.2-192.168.0.254Menambahkan DHCP Network
ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 dnsserver=202.134.1.10,202.134.0.155Menambahkan Server DHCPip dhcp-server add
name=DHCP_LAN disabled=no interface=ether2 address-pool=dhcp-poolSekarang coba
lakukan testing dari komputer klien, untuk me-request IP Address dari Server DHCP.
Jika sukses, maka sekali lagi, settingannya udah benerBandwidth ControlAgar semua
komputer klien pada LAN tidak saling berebut bandwidth, maka perlu dilakukan yg
namanya bandwidth management atau bandwidth controlModel yg saya gunakan adalah
queue trees. Untuk lebih jelas apa itu, silahkan merujuk ke situsnya Mikrotik
Kondisinya seperti ini:Koneksi Speedy kan katanya speednya sampe 384/64 Kbps
(Download/Upload), nah kondisi itu sangat jarang tercapai. Jadi kita harus cari
estimasi ratanya. Maka saya ambil minimalnya untuk download bisa dapet sekitar 300
Kbps dan untuk upload aq alokasikan 50 Kbps. Sedangkan untuk yg maksimumnya, untuk
download kira 380 Kbps dan upload 60 Kbps.Lalu, jumlah komputer klien yang ada
saat ini adalah 10 buah. Jadi harus disiapkan bandwidth itu untuk dibagikan kepada
10 klien tersebut.Perhitungan untuk masing klien seperti ini:Minimal Download: 300
/ 10 * 1024 = 30720 bpsMaximal Download: 380 / 10 * 1024 = 38912 bpsMinimal Upload:
50 / 10 * 1024 = 5120 bpsMaximal Upload: 60 / 10 * 1024 = 6144 bpsSelanjutnya kita
mulai konfigurasinya:Tandai semua paket yg asalnya dari LANip firewall mangle add
src-address=192.168.0.0/24 action=mark-connection new-connection-mark=Clients-con
chain=preroutingip firewall mangle add connection-mark=Clients-con action=markpacket new-packet-mark=Clients chain=preroutingMenambahkan rule yg akan membatasi
kecepatan download dan uploadqueue tree add name=Clients-Download parent=ether2
packet-mark=Clients limit-at=30720 max-limit=38912queue tree add name=Clients-

Upload parent=ether1 packet-mark=Clients limit-at=5120 max-limit=6144Sekarang coba

lakukan test download dari beberapa klien, mestinya sekarang tiap2 klien akan
berbagi bandwidthnya. Jika jumlah klien yg online tidak sampai 10, maka sisa
bandwidth yang nganggur itu akan dibagikan kepada klien yg online.GraphingMikrotik
ini juga dilengkapi dengan fungsi monitoring traffic layaknya MRTG biasa. Jadi kita
bisa melihat berapa banyak paket yg dilewatkan pada PC Mikrotik kita.tool graphing
set store-every=5minBerikutnya yang akan kita monitor adalah paket yg lewat semua
interface yg ada di PC Mikrotik kita, klo di komputerku ada ether1 dan ether2.tool
graphing interface add-interface=all store-on-disk=yesSekarang coba arahkan browser
anda ke IP Router Mikrotik. Klo aq di sini:http://192.168.0.1/graphs/Nanti akan ada
pilihan interface apa aja yg ada di router Anda. Coba klik salah satu, maka Anda
akan bisa melihat grafik dari paket2 yg lewat pada interface tersebut.Dari tutorial
diatas saya cuma sampai mengambil langkah pada setting penambahan NAT
( masquerade ) saja. Karena menurut saya DHCP yang sifatnya berubah ubah jadi nanti
saat mau limit BW nya terkadang ip tidak sama. CMIIW. dan untuk setting limit saya
melakukannya pada remote winbox
yang lebih mudah, nah pertanyaan untuk saya sendiri. Kapan graph tool nya kamu
install nak ? hehehhee ok semoga berguna semuanya. cara nge-remote dari IP publik
tersebut ke mikrotik serper kita menggunakan winbox dari jaringan luar.Langkah awal
nya adalah dengan tersenyum, bercanda dulu dengan rekan-rekan, berguyon ria sampe
ketawa keras hingga akhirnya teriak dengan kencang sebanyak 100 kali INI SANGAT
MUDAHHHHHHHHHH hehehehe#Sekarang kita akan menuliskan cara remote serper mikrotik
dari luar, caranya cukup mudah, karena konsepnya adalah meneruskan dari IP publik
ke server mikrotik kita di rumah, maka yang harus di setting adalah
modemnya.#Internet -> Modem -> Mikrotik -> HUB/swicth -> Client#Disini kita akan
membahas dengan menggunakan modem sanex, karena udah di coba pada 3buah modem yang
berbeda, dan semuanya sukses abis.. hehehhe,Buka browse pada modemnya,#
INCLUDEPICTURE "http://i258.photobucket.com/albums/hh261/tukijay/1-19.jpg" \*
MERGEFORMATINET ###Buka pada device info -> WANDisini kita akan mengetahuin IP
publik yang kita dapetkan dari speedy, catet pada notepad, ato cukup di inget2
aja.## INCLUDEPICTURE "http://i258.photobucket.com/albums/hh261/tukijay/221.jpg" \* MERGEFORMATINET ###Setelah itu pilih menu Advance Setup -> NAT ->
Virtual server -> add# INCLUDEPICTURE
"http://i258.photobucket.com/albums/hh261/tukijay/3-21.jpg" \* MERGEFORMATINET ###
Isikan pada modemcustom server : miketek (atau terserah nama kesukaan anda)#Server
IP Address : ini isikan IP address di LAN card pc yang di install mikrotik yang
mengarah ke modem#Isikan External port start : 80 dan pada external port end : 8291
dan pada protokol : TCP/UDP (kedua-duanya) kmudian save/apply## INCLUDEPICTURE
"http://i258.photobucket.com/albums/hh261/tukijay/4-19.jpg" \* MERGEFORMATINET
##### INCLUDEPICTURE "http://i258.photobucket.com/albums/hh261/tukijay/4-11.jpg" \* MERGEFORMATINET ##### INCLUDEPICTURE
"http://i258.photobucket.com/albums/hh261/tukijay/5-15.jpg" \* MERGEFORMATINET ###
usahakan me-reboot modem anda.. Selesai dehh Mudah bukan???. hehehehhehehee.#
INCLUDEPICTURE "http://i258.photobucket.com/albums/hh261/tukijay/6-14.jpg" \*
MERGEFORMATINET ####Sekarang coba anda bawa winbox andalan ke luar jaringan anda,
login dengan menggunakan IP publik yang telah kita ingat tadi.taraaaaaaaaaaaaa
bisa masuk khan??? Bisa kita remote dari jauhh.. ditinggal kemana2 serper masih
aman dehh.. hehehheheh# HYPERLINK "http://achim.web.id/2009/05/port-forward-pakemodem-sanex-logo-speedy-remote-mikrotik-di-belakang-modem.achim" \o "Permanent Link
to Port Forward pake Modem Sanex logo Speedy (Remote Mikrotik di Belakang Modem)"
#Port Forward pake Modem Sanex logo Speedy (Remote Mikrotik di Belakang Modem)#
hmmm. sebenernya ini bukan niat gw jadiin nih topik jadi postingan pertama #
INCLUDEPICTURE "http://achim.web.id/wp-includes/images/smilies/icon_smile.gif" \*
MERGEFORMATINET ###. berhubung temen gw ada yang minta and di tagih malem ini.
mesti deh jadinya.Ok kita langsung ke permasalahan.Pada topik ini kita akan
meremote Mikrotik yang berada di belakang Modem (Mode Routing). Untuk kasus ini
kita gunain Modem Sanex logo Speedy.# INCLUDEPICTURE "http://achim.web.id/wpcontent/uploads/2009/05/image055-300x225.jpg" \* MERGEFORMATINET ###modem sanex
logo speedyKalo kita mo pake modem sanex pertama kali harus di aktifin dulu kompi

yang kita pake akses ke mode obtain an IP address automatically# INCLUDEPICTURE

"http://achim.web.id/wp-content/uploads/2009/05/1.jpg" \* MERGEFORMATINET ###nah
nanti tinggal akses deh ke modemnya.disini sy anggap kita telah bisa mengakses
modem untuk mengganti ip supaya statik tinggal masuk ke menu LAN => masukkan IP
dan Netmask yang di inginkan (misalkan 192.168.1.1/24) => klik Apply Changes =>
klik Commit/Reboot# INCLUDEPICTURE "http://achim.web.id/wpcontent/uploads/2009/05/2.jpg" \* MERGEFORMATINET ###Tunggu beberapa saat untuk
dapat mengakses modem kembali dan sebagai catatan jangan lupa mengganti IP
Address komputer anda karena tadinya modem secara default di setting DHCP !!!Ok
sekarang langsung masuk ke menu Advance => Virtual Serve.Untuk menambah server yang
akan di forward klik add# INCLUDEPICTURE "http://achim.web.id/wpcontent/uploads/2009/05/3.jpg" \* MERGEFORMATINET ###di atas gw udah confirm kalo
kita mo remote mikrotik yang berada di belakang modem (mode routing)tadi sudah di
perintahin klik add kan??? nah sekarang tinggal diisi,Misalkan :Custom Service :
MikrotikProtocol : TCP/UDPWAN Port : 8291 (Port Modem yang dibuka untuk koneksi
dari luar/Internet)Server Host Port : 8291 (Port Mikrotik yang akan kita remote,
note : port 8291 di pakai untuk winbox)Server IP Address : 192.168.1.2 (IP yang
dimiliki Mikrotik untuk koneksi ke Modem)Klik OK# INCLUDEPICTURE
"http://achim.web.id/wp-content/uploads/2009/05/5.jpg" \* MERGEFORMATINET ###Klik
Commit/Reboot untuk menyelesaikan settingan.# INCLUDEPICTURE
"http://achim.web.id/wp-content/uploads/2009/05/6.jpg" \* MERGEFORMATINET ###Klik
Reboot untuk merestart modem.# INCLUDEPICTURE "http://achim.web.id/wpcontent/uploads/2009/05/7.jpg" \* MERGEFORMATINET ###Selesai . # INCLUDEPICTURE
"http://achim.web.id/wp-includes/images/smilies/icon_biggrin.gif" \*
MERGEFORMATINET ###Nah tahap selanjutnya kita menguji hasil setting dengan meremote
mikrotik dari luar jaringan.Jalankan winbox kalo belum punya donlot dari router
anda atau dari # HYPERLINK "http://achim.web.id/wpcontent/uploads/2009/05/winbox.exe" \o "winbox" \t "_blank" #sini#Masukkan IP
Publik dari modem, Isi username dengan user yang terdapat pada mikrotik dan
password.# HYPERLINK "http://achim.web.id/wp-content/uploads/2009/05/winboxlogin.jpg" ## INCLUDEPICTURE "http://achim.web.id/wpcontent/uploads/2009/05/winbox-login.jpg" \* MERGEFORMATINET ####Klik connect
tara.. Sukses bozzz.# HYPERLINK "http://achim.web.id/wpcontent/uploads/2009/05/sukses-login.jpg" ## INCLUDEPICTURE
"http://achim.web.id/wp-content/uploads/2009/05/sukses-login.jpg" \*
MERGEFORMATINET ####Setting Firewall MikrotikUntuk mengamankan router mikrotik dari
traffic virus dan excess ping dapat digunakan skrip firewall berikut. Pertama buat
address-list "network anda" yang berisi alamat IP radio, IP LAN dan IP WAN atau IP
lainnya yang dapat dipercaya ##Dalam contoh berikut alamat IP Wireless anda adalah
= 10.17.17.0/16, IP LAN = 192.168.17.0/24 dan IP WAN = 202.159.155.0/24 dan IP
trusted zone lainnya jika anda sedang meremote dari network luar =
202.154.42.10/24##Untuk membuat address-list dapat menggunakan contoh skrip seperti
berikut ini tinggal disesuaikan dengan konfigurasi jaringan Anda. ##Buat skrip
berikut menggunakan notepad kemudian copy-paste ke mikrotik teminal anda ##/ ip
firewall address-list#add list=ournetwork address=202.159.48.155.0/21
comment="CentroTECH Network" \#disabled=no#add list=ournetwork
address=10.17.17.0/16 comment="IP Wireless" disabled=no#add list=ournetwork
address=192.168.17.0/24 comment="LAN Network" disabled=no###Selanjutnya copy-paste
skrip berikut pada mikrotik terminal anda##/ ip firewall filter#add chain=forward
connection-state=established action=accept comment="allow \#established
connections" disabled=no#add chain=forward connection-state=related action=accept
comment="allow \#related connections" disabled=no#add chain=virus protocol=udp dstport=135-139 action=drop comment="Drop \#Messenger Worm" disabled=no#add
chain=forward connection-state=invalid action=drop comment="drop invalid
\#connections" disabled=no#add chain=virus protocol=tcp dst-port=135-139
action=drop comment="Drop \#Blaster Worm" disabled=no#add chain=virus protocol=tcp
dst-port=1433-1434 action=drop comment="Worm" \#disabled=no#add chain=virus
protocol=tcp dst-port=445 action=drop comment="Drop Blaster \#Worm" disabled=no#add
chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster \#Worm"

disabled=no#add chain=virus protocol=tcp dst-port=593 action=drop

comment="________" \#disabled=no#add chain=virus protocol=tcp dst-port=1024-1030
action=drop comment="________" \#disabled=no#add chain=virus protocol=tcp dstport=1080 action=drop comment="Drop MyDoom" \#disabled=no#add chain=virus
protocol=tcp dst-port=1214 action=drop comment="________" \#disabled=no#add
chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"
\#disabled=no#add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm
server" \#disabled=no#add chain=virus protocol=tcp dst-port=1368 action=drop
comment="screen cast" \#disabled=no#add chain=virus protocol=tcp dst-port=1373
action=drop comment="hromgrafx" \#disabled=no#add chain=virus protocol=tcp dstport=1377 action=drop comment="cichlid" \#disabled=no#add chain=virus protocol=tcp
dst-port=2745 action=drop comment="Bagle Virus" \#disabled=no#add chain=virus
protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \#disabled=no#add
chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle"
\#disabled=no#add chain=virus protocol=tcp dst-port=2745 action=drop
comment="Drop \#Beagle.C-K" disabled=no#add chain=virus protocol=tcp dst-port=3127
action=drop comment="Drop MyDoom" \#disabled=no#add chain=virus protocol=tcp dstport=3410 action=drop comment="Drop Backdoor \#OptixPro" disabled=no#add
chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" \#disabled=no#add
chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" \#disabled=no#add
chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"
\#disabled=no#add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop
Beagle.B" \#disabled=no#add chain=virus protocol=tcp dst-port=9898 action=drop
comment="Drop \#Dabber.A-B" disabled=no#add chain=virus protocol=tcp dst-port=10000
action=drop comment="Drop \#Dumaru.Y, sebaiknya di didisable karena juga sering
digunakan utk vpn atau \#webmin" disabled=yes#add
chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop \#MyDoom.B"
disabled=no#add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop
NetBus" \#disabled=no#add chain=virus protocol=tcp dst-port=17300 action=drop
comment="Drop Kuang2" \#disabled=no#add chain=virus protocol=tcp dst-port=27374
action=drop comment="Drop \#SubSeven" disabled=no#add chain=virus protocol=tcp dstport=65506 action=drop comment="Drop PhatBot, \#Agobot, Gaobot" disabled=no#add
chain=forward action=jump jump-target=virus comment="jump to the virus \#chain"
disabled=no#add chain=input connection-state=established action=accept
comment="Accept \#established connections" disabled=no#add chain=input connectionstate=related action=accept comment="Accept related \#connections" disabled=no#add
chain=input connection-state=invalid action=drop comment="Drop invalid
\#connections" disabled=no#add chain=input protocol=udp action=accept comment="UDP"
disabled=no#add chain=input protocol=icmp limit=50/5s,2 action=accept
comment="Allow \#limited pings" disabled=no#add chain=input protocol=icmp
action=drop comment="Drop excess pings" \#disabled=no#add chain=input protocol=tcp
dst-port=21 src-address-list=network anda \#action=accept comment="FTP"
disabled=no#add chain=input protocol=tcp dst-port=22 src-address-list=network
anda \#action=accept comment="SSH for secure shell" disabled=no#add chain=input
protocol=tcp dst-port=23 src-address-list=network anda \#action=accept
comment="Telnet" disabled=no#add chain=input protocol=tcp dst-port=80 src-addresslist=network anda \#action=accept comment="Web" disabled=no#add chain=input
protocol=tcp dst-port=8291 src-address-list=network anda \#action=accept
comment="winbox" disabled=no#add chain=input protocol=tcp dst-port=1723
action=accept comment="pptp-server" \#disabled=no#add chain=input src-addresslist=ournetwork action=accept comment="From \#Datautama network" disabled=no#add
chain=input action=log log-prefix="DROP INPUT" comment="Log everything \#else"
disabled=no#add chain=input action=drop comment="Drop everything else"
disabled=no#add chain=virus protocol=tcp action=drop dst-port=54283
comment="SubSeven, SubSeven 2.1 Gold"add chain=virus protocol=tcp action=drop dstport=54320 comment="Back Orifice 2000"add chain=virus protocol=tcp action=drop dstport=54321 comment="Back Orifice 2000, School Bus"add chain=virus protocol=tcp
action=drop dst-port=55165 comment="File Manager trojan, File Manager trojan, WM
Trojan Generator"add chain=virus protocol=tcp action=drop dst-port=55166

comment="WM Trojan Generator"add chain=virus protocol=tcp action=drop dstport=57341 comment="NetRaider"add chain=virus protocol=tcp action=drop dstport=58339 comment="Butt Funnel"add chain=virus protocol=tcp action=drop dstport=60000 comment="Deep Throat, Foreplay, Sockets des Troie"add chain=virus
protocol=tcp action=drop dst-port=60001 comment="Trinity"add chain=virus
protocol=tcp action=drop dst-port=60068 comment="Xzip 6000068"add chain=virus
protocol=tcp action=drop dst-port=60411 comment="Connection"add chain=virus
protocol=tcp action=drop dst-port=61348 comment="Bunker-Hill"add chain=virus
protocol=tcp action=drop dst-port=61466 comment="TeleCommando"add chain=virus
protocol=tcp action=drop dst-port=61603 comment="Bunker-Hill"add chain=virus
protocol=tcp action=drop dst-port=63485 comment="Bunker-Hill"add chain=virus
protocol=tcp action=drop dst-port=64101 comment="Taskman"add chain=virus
protocol=tcp action=drop dst-port=65000 comment="Devil, Sockets des Troie,
Stacheldraht"add chain=virus protocol=tcp action=drop dst-port=65390
comment="Eclypse"add chain=virus protocol=tcp action=drop dst-port=65421
comment="Jade"add chain=virus protocol=tcp action=drop dst-port=65432 comment="The
Traitor th3tr41t0r"add chain=virus protocol=udp action=drop dst-port=65432
comment="The Traitor th3tr41t0r"add chain=virus protocol=tcp action=drop dstport=65534 comment="sbin initd"add chain=virus protocol=tcp action=drop dstport=65535 comment="RC1 trojan"add chain=forward action=jump jump-target=virus
comment="jump to the virus chain"virus protocol=tcp action=drop dst-port=6400
comment="The Thing"add chain=virus protocol=tcp action=drop dst-port=6661
comment="TEMan, Weia-Meia"add chain=virus protocol=tcp action=drop dst-port=6666
comment="Dark Connection Inside, NetBus worm"add chain=virus protocol=tcp
action=drop dst-port=6667 comment="Dark FTP, ScheduleAgent, SubSeven, Subseven
2.1.4 DefCon 8, Trinity, WinSatan"add chain=virus protocol=tcp action=drop dstport=6669 comment="Host Control, Vampire"add chain=virus protocol=tcp action=drop
dst-port=6670 comment="BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame"add
chain=virus protocol=tcp action=drop dst-port=6711 comment="BackDoor-G, SubSeven,
VP Killer"add chain=virus protocol=tcp action=drop dst-port=6712 comment="Funny
trojan, SubSeven"add chain=virus protocol=tcp action=drop dst-port=6713
comment="SubSeven"add chain=virus protocol=tcp action=drop dst-port=6723
comment="Mstream"add chain=virus protocol=tcp action=drop dst-port=6771
comment="Deep Throat, Foreplay"add chain=virus protocol=tcp action=drop dstport=6776 comment="2000 Cracks, BackDoor-G, SubSeven, VP Killer"add chain=virus
protocol=udp action=drop dst-port=6838 comment="Mstream"add chain=virus
protocol=tcp action=drop dst-port=6883 comment="Delta Source DarkStar"add
chain=virus protocol=tcp action=drop dst-port=6912 comment="Shit Heep"add
chain=virus protocol=tcp action=drop dst-port=6939 comment="Indoctrination"add
chain=virus protocol=tcp action=drop dst-port=6969-6970 comment="GateCrasher, IRC
3, Net Controller, Priority"add chain=virus protocol=tcp action=drop dst-port=7000
comment="Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1
Gold"add chain=virus protocol=tcp action=drop dst-port=7001 comment="Freak88,
Freak2k"add chain=virus protocol=tcp action=drop dst-port=7215 comment="SubSeven,
SubSeven 2.1 Gold"add chain=virus protocol=tcp action=drop dst-port=7300-7308
comment="NetMonitor"add chain=virus protocol=tcp action=drop dst-port=7424
comment="Host Control"add chain=virus protocol=udp action=drop dst-port=7424
comment="Host Control"add chain=virus protocol=tcp action=drop dst-port=7597
comment="Qaz"add chain=virus protocol=tcp action=drop dst-port=7626
comment="Glacier"add chain=virus protocol=tcp action=drop dst-port=7777
comment="God Message, Tini"add chain=virus protocol=tcp action=drop dst-port=7789
comment="Back Door Setup, ICKiller"add chain=virus protocol=tcp action=drop dstport=7891 comment="The ReVeNgEr"add chain=virus protocol=tcp action=drop dstport=7983 comment="Mstream"add chain=virus protocol=tcp action=drop dst-port=8787
comment="Back Orifice 2000"add chain=virus protocol=tcp action=drop dst-port=8988
comment="BacHack"add chain=virus protocol=tcp action=drop dst-port=8989
comment="Rcon, Recon, Xcon"add chain=virus protocol=tcp action=drop dst-port=9000
comment="Netministrator"add chain=virus protocol=udp action=drop dst-port=9325
comment="Mstream"add chain=virus protocol=tcp action=drop dst-port=9400

comment="InCommand"add chain=virus protocol=tcp action=drop dst-port=9872-9875

comment="Portal of Doom"add chain=virus protocol=tcp action=drop dst-port=9876
comment="Cyber Attacker, Rux"add chain=virus protocol=tcp action=drop dst-port=9878
comment="TransScout"add chain=virus protocol=tcp action=drop dst-port=9989
comment="Ini-Killer"add chain=virus protocol=tcp action=drop dst-port=9999
comment="The Prayer"add chain=virus protocol=tcp action=drop dst-port=10000-10005
comment="OpwinTRojan"add chain=virus protocol=udp action=drop dst-port=10067
comment="Portal of Doom"add chain=virus protocol=tcp action=drop dst-port=1008510086 comment="Syphillis"add chain=virus protocol=tcp action=drop dst-port=10100
comment="Control Total, Gift trojan"add chain=virus protocol=tcp action=drop dstport=10101 comment="BrainSpy, Silencer"add chain=virus protocol=udp action=drop
dst-port=10167 comment="Portal of Doom"add chain=virus protocol=tcp action=drop
dst-port=10520 comment="Acid Shivers"add chain=virus protocol=tcp action=drop dstport=10528 comment="Host Control"add chain=virus protocol=tcp action=drop dstport=10607 comment="Coma"add chain=virus protocol=udp action=drop dst-port=10666
comment="Ambush"add chain=virus protocol=tcp action=drop dst-port=11000
comment="Senna Spy Trojan Generator"add chain=virus protocol=tcp action=drop dstport=11050-11051 comment="Host Control"add chain=virus protocol=tcp action=drop
dst-port=11223 comment="Progenic trojan, Secret Agent"add chain=virus protocol=tcp
action=drop dst-port=12076 comment="Gjamer"add chain=virus protocol=tcp action=drop
dst-port=12223 comment="Hack99 KeyLogger"add chain=virus protocol=tcp action=drop
dst-port=12345 comment="Ashley, cron crontab, Fat Bitch trojan, GabanBus,
icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates,
Whack Job, X-bill"add chain=virus protocol=tcp action=drop dst-port=12346
comment="Fat Bitch trojan, GabanBus, NetBus, X-bill"add chain=virus protocol=tcp
action=drop dst-port=12349 comment="BioNet"add chain=virus protocol=tcp action=drop
dst-port=12361-12363 comment="Whack-a-mole"add chain=virus protocol=udp action=drop
dst-port=12623 comment="DUN Control"add chain=virus protocol=tcp action=drop dstport=12624 comment="ButtMan"add chain=virus protocol=tcp action=drop dst-port=12631
comment="Whack Job"add chain=virus protocol=tcp action=drop dst-port=12754
comment="Mstream"add chain=virus protocol=tcp action=drop dst-port=13000
comment="Senna Spy Trojan Generator, Senna Spy Trojan Generator"add chain=virus
protocol=tcp action=drop dst-port=13010 comment="Hacker Brasil HBR"add chain=virus
protocol=tcp action=drop dst-port=13013-13014 comment="PsychWard"add chain=virus
protocol=tcp action=drop dst-port=13223 comment="Hack99 KeyLogger"add chain=virus
protocol=tcp action=drop dst-port=13473 comment="Chupacabra"add chain=virus
protocol=tcp action=drop dst-port=14500-14503 comment="PC Invader"add chain=virus
protocol=tcp action=drop dst-port=15000 comment="NetDemon"add chain=virus
protocol=tcp action=drop dst-port=15092 comment="Host Control"add chain=virus
protocol=tcp action=drop dst-port=15104 comment="Mstream"add chain=virus
protocol=tcp action=drop dst-port=15382 comment="SubZero"add chain=virus
protocol=tcp action=drop dst-port=15858 comment="CDK"add chain=virus protocol=tcp
action=drop dst-port=16484 comment="Mosucker"add chain=virus protocol=tcp
action=drop dst-port=16660 comment="Stacheldraht"add chain=virus protocol=tcp
action=drop dst-port=16772 comment="ICQ Revenge"add chain=virus protocol=tcp
action=drop dst-port=16959 comment="SubSeven, Subseven 2.1.4 DefCon 8"add
chain=virus protocol=tcp action=drop dst-port=16969 comment="Priority"add
chain=virus protocol=tcp action=drop dst-port=17166 comment="Mosaic"add chain=virus
protocol=tcp action=drop dst-port=17300 comment="Kuang2 the virus"add chain=virus
protocol=tcp action=drop dst-port=17449 comment="Kid Terror"add chain=virus
protocol=tcp action=drop dst-port=17499-17500 comment="CrazzyNet"add chain=virus
protocol=tcp action=drop dst-port=17569 comment="Infector"add chain=virus
protocol=tcp action=drop dst-port=17593 comment="Audiodoor"add chain=virus
protocol=tcp action=drop dst-port=17777 comment="Nephron"add chain=virus
protocol=udp action=drop dst-port=18753 comment="Shaft"add chain=virus protocol=tcp
action=drop dst-port=19864 comment="ICQ Revenge"add chain=virus protocol=tcp
action=drop dst-port=20000 comment="Millenium"add chain=virus protocol=tcp
action=drop dst-port=20001 comment="Millenium, Millenium Lm"add chain=virus
protocol=tcp action=drop dst-port=20002 comment="AcidkoR"add chain=virus

protocol=tcp action=drop dst-port=20005 comment="Mosucker"add chain=virus

protocol=tcp action=drop dst-port=20023 comment="VP Killer"add chain=virus
protocol=tcp action=drop dst-port=20034 comment="NetBus 2.0 Pro, NetBus 2.0 Pro
Hidden, NetRex, Whack Job"add chain=virus protocol=tcp action=drop dst-port=20203
comment="Chupacabra"add chain=virus protocol=tcp action=drop dst-port=20331
comment="BLA trojan"add chain=virus protocol=tcp action=drop dst-port=20432
comment="Shaft"add chain=virus protocol=udp action=drop dst-port=20433
comment="Shaft"add chain=virus protocol=tcp action=drop dst-port=21544
comment="GirlFriend, Kid Terror"add chain=virus protocol=tcp action=drop dstport=21554 comment="Exploiter, Kid Terror, Schwindler, Winsp00fer"add chain=virus
protocol=tcp action=drop dst-port=22222 comment="Donald Dick, Prosiak, Ruler, RUX
The TIc.K"add chain=virus protocol=tcp action=drop dst-port=23005-23006
comment="NetTrash"add chain=virus protocol=tcp action=drop dst-port=23023
comment="Logged"add chain=virus protocol=tcp action=drop dst-port=23032
comment="Amanda"add chain=virus protocol=tcp action=drop dst-port=23432
comment="Asylum"add chain=virus protocol=tcp action=drop dst-port=23456
comment="Evil FTP, Ugly FTP, Whack Job"add chain=virus protocol=tcp action=drop
dst-port=23476 comment="Donald Dick"add chain=virus protocol=udp action=drop dstport=23476 comment="Donald Dick"add chain=virus protocol=tcp action=drop dstport=23477 comment="Donald Dick"add chain=virus protocol=tcp action=drop dstport=23777 comment="InetSpy"add chain=virus protocol=tcp action=drop dst-port=24000
comment="Infector"add chain=virus protocol=tcp action=drop dst-port=25685-25982
comment="Moonpie"add chain=virus protocol=udp action=drop dst-port=26274
comment="Delta Source"add chain=virus protocol=tcp action=drop dst-port=26681
comment="Voice Spy"add chain=virus protocol=tcp action=drop dst-port=27374
comment="Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4
DefCon 8, SubSeven Muie, Ttfloader"add chain=virus protocol=udp action=drop dstport=27444 comment="Trinoo"add chain=virus protocol=tcp action=drop dst-port=27573
comment="SubSeven"add chain=virus protocol=tcp action=drop dst-port=27665
comment="Trinoo"add chain=virus protocol=tcp action=drop dst-port=28678
comment="Exploit"eradd chain=virus protocol=tcp action=drop dst-port=29104
comment="NetTrojan"add chain=virus protocol=tcp action=drop dst-port=29369
comment="ovasOn"add chain=virus protocol=tcp action=drop dst-port=29891
comment="The Unexplained"add chain=virus protocol=tcp action=drop dst-port=30000
comment="Infector"add chain=virus protocol=tcp action=drop dst-port=30001
comment="ErrOr32"add chain=virus protocol=tcp action=drop dst-port=30003
comment="Lamers Death"add chain=virus protocol=tcp action=drop dst-port=30029
comment="AOL trojan"add chain=virus protocol=tcp action=drop dst-port=30100-30133
comment="NetSphere"add chain=virus protocol=udp action=drop dst-port=30103
comment="NetSphere"add chain=virus protocol=tcp action=drop dst-port=30303
comment="Sockets des Troie"add chain=virus protocol=tcp action=drop dst-port=30947
comment="Intruse"add chain=virus protocol=tcp action=drop dst-port=30999
comment="Kuang2"add chain=virus protocol=tcp action=drop dst-port=31335
comment="Trinoo"add chain=virus protocol=tcp action=drop dst-port=31336 comment="Bo
Whack, Butt Funnel"add chain=virus protocol=tcp action=drop dst-port=31337
comment="Back Fire, Back Orifice 1.20 patches, Back Orifice Lm, Back Orifice
russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron crontab,
Freak88, Freak2k, icmp_pipe.c, Sockdmini"add chain=virus protocol=udp action=drop
dst-port=31337 comment="Back Orifice, Deep BO"add chain=virus protocol=tcp
action=drop dst-port=31338 comment="Back Orifice, Butt Funnel, NetSpy DK"add
chain=virus protocol=udp action=drop dst-port=31338 comment="Deep BO"add
chain=virus protocol=tcp action=drop dst-port=31339 comment="NetSpy DK"add
chain=virus protocol=tcp action=drop dst-port=31666 comment="BOWhack"add
chain=virus protocol=tcp action=drop dst-port=31785-31792 comment="Hack a Tack"add
chain=virus protocol=udp action=drop dst-port=31791-31792 comment="Hack a Tack"add
chain=virus protocol=tcp action=drop dst-port=32001 comment="Donald Dick"add
chain=virus protocol=tcp action=drop dst-port=32100 comment="Peanut Brittle,
Project nEXT"add chain=virus protocol=tcp action=drop dst-port=32418 comment="Acid
Battery"add chain=virus protocol=tcp action=drop dst-port=33270 comment="Trinity"

add chain=virus protocol=tcp action=drop dst-port=33333 comment="Blakharaz,

Prosiak"add chain=virus protocol=tcp action=drop dst-port=33577-33777 comment="Son
of PsychWard"add chain=virus protocol=tcp action=drop dst-port=33911
comment="Spirit 2000, Spirit 2001"add chain=virus protocol=tcp action=drop dstport=34324 comment="Big Gluck, TN"add chain=virus protocol=tcp action=drop dstport=34444 comment="Donald Dick"add chain=virus protocol=udp action=drop dstport=34555-35555 comment="Trinoo for Windows"add chain=virus protocol=tcp
action=drop dst-port=37237 comment="Mantis"add chain=virus protocol=tcp action=drop
dst-port=37651 comment="Yet Another Trojan YAT"add chain=virus protocol=tcp
action=drop dst-port=40412 comment="The Spy"add chain=virus protocol=tcp
action=drop dst-port=40421 comment="Agent 40421, Masters Paradise"add chain=virus
protocol=tcp action=drop dst-port=40422-40426 comment="Masters Paradise"add
chain=virus protocol=tcp action=drop dst-port=41337 comment="Storm"add chain=virus
protocol=tcp action=drop dst-port=41666 comment="Remote Boot Tool RBT, Remote Boot
Tool RBT"add chain=virus protocol=tcp action=drop dst-port=44444 comment="Prosiak"
add chain=virus protocol=tcp action=drop dst-port=44575 comment="Exploiter"add
chain=virus protocol=udp action=drop dst-port=47262 comment="Delta Source"add
chain=virus protocol=tcp action=drop dst-port=49301 comment="OnLine KeyLogger"add
chain=virus protocol=tcp action=drop dst-port=50130 comment="Enterprise"add
chain=virus protocol=tcp action=drop dst-port=50505 comment="Sockets des Troie"add
chain=virus protocol=tcp action=drop dst-port=50766 comment="Fore, Schwindler"add
chain=virus protocol=tcp action=drop dst-port=51966 comment="Cafeini"add
chain=virus protocol=tcp action=drop dst-port=52317 comment="Acid Battery 2000"add
chain=virus protocol=tcp action=drop dst-port=53001 comment="Remote Windows
Shutdown RWS"/ip firewall filteradd chain=virus protocol=udp action=drop dst-port=1
comment="Sockets des Troie"add chain=virus protocol=tcp action=drop dst-port=2
comment="Death"add chain=virus protocol=tcp action=drop dst-port=20 comment="Senna
Spy FTP server"add chain=virus protocol=tcp action=drop dst-port=21 comment="Back
Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan,
Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen,
Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash"add chain=virus
protocol=tcp action=drop dst-port=22 comment="Shaft"add chain=virus protocol=tcp
action=drop dst-port=23 comment="Fire HacKer, Tiny Telnet Server TTS, Truva Atl"add
chain=virus protocol=tcp action=drop dst-port=25 comment="Ajan, Antigen, Barok,
Email Password Sender EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love
you, Kuang2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi,
NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC,
WinSpy"add chain=virus protocol=tcp action=drop dst-port=30 comment="Agent 40421"
add chain=virus protocol=tcp action=drop dst-port=31 comment="Agent 31, Hackers
Paradise, Masters Paradise"add chain=virus protocol=tcp action=drop dst-port=41
comment="Deep Throat, Foreplay"add chain=virus protocol=tcp action=drop dst-port=48
comment="DRAT"add chain=virus protocol=tcp action=drop
dst-port=50 comment="DRAT"add chain=virus protocol=tcp action=drop dst-port=58
comment="DMSetup"add chain=virus protocol=tcp action=drop dst-port=59
comment="DMSetup"add chain=virus protocol=tcp action=drop dst-port=79 comment="CDK,
Firehotcker"add chain=virus protocol=tcp action=drop dst-port=80 comment="711
trojan, Seven Eleven, AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI
Backdoor, Executor, God Message, God Message Creator, Hooker, IISworm, MTX, NCX,
Reverse WWW Tunnel Backdoor, RingZero, Seeker, WAN Remote, Web Server CT,
WebDownloader"add chain=virus protocol=tcp action=drop dst-port=81
comment="RemoConChubo"add chain=virus protocol=tcp action=drop dst-port=99
comment="Hidden Port, NCX"add chain=virus protocol=tcp action=drop dst-port=110
comment="ProMail trojan"add chain=virus protocol=tcp action=drop dst-port=113
comment="Invisible Identd Deamon, Kazimas"add chain=virus protocol=tcp action=drop
dst-port=119 comment="Happy99"add chain=virus protocol=tcp action=drop dst-port=121
comment="Attack Bot, God Message, JammerKillah"add chain=virus protocol=tcp
action=drop dst-port=123 comment="Net Controller"add chain=virus protocol=tcp
action=drop dst-port=133 comment="Farnaz"add chain=virus protocol=tcp action=drop
dst-port=135-139 comment="Blaster worm"add chain=virus protocol=udp action=drop

dst-port=135-139 comment="messenger wormadd chain=virus protocol=tcp action=drop

dst-port=142 comment="NetTaxi"add chain=virus protocol=tcp action=drop dst-port=146
comment="Infector"add chain=virus protocol=udp action=drop dst-port=146
comment="Infector"add chain=virus protocol=tcp action=drop dst-port=170 comment="Atrojan"add chain=virus protocol=tcp action=drop dst-port=334 comment="Backage"add
chain=virus protocol=tcp action=drop dst-port=411 comment="Backage"add chain=virus
protocol=tcp action=drop dst-port=420 comment="Breach, Incognito"add chain=virus
protocol=tcp action=drop dst-port=421 comment="TCP Wrappers trojan"add chain=virus
protocol=tcp action=drop dst-port=445 comment="Blaster wormadd chain=virus
protocol=udp action=drop dst-port=445 comment="Blaster wormadd chain=virus
protocol=tcp action=drop dst-port=455 comment="Fatal Connections"add chain=virus
protocol=tcp action=drop dst-port=456 comment="Hackers Paradise"add chain=virus
protocol=tcp action=drop dst-port=513 comment="Grlogin"add chain=virus protocol=tcp
action=drop dst-port=514 comment="RPC Backdoor"add chain=virus protocol=tcp
action=drop dst-port=531 comment="Net666, Rasmin"add chain=virus protocol=tcp
action=drop dst-port=555 comment="711 trojan, Seven Eleven, Ini-Killer, Net
Administrator, Phase Zero, Phase-0, Stealth Spy"add chain=virus protocol=tcp
action=drop dst-port=605 comment="Secret Service"add chain=virus protocol=tcp
action=drop dst-port=666 comment="Attack FTP, Back Construction, BLA trojan, Cain &
Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3rz Therippers"add
chain=virus protocol=tcp action=drop dst-port=667 comment="SniperNet"add
chain=virus protocol=tcp action=drop dst-port=669 comment="DP trojan"add
chain=virus protocol=tcp action=drop dst-port=692 comment="GayOL"add chain=virus
protocol=tcp action=drop dst-port=777 comment="AimSpy, Undetected"add chain=virus
protocol=tcp action=drop dst-port=808 comment="WinHole"add chain=virus protocol=tcp
action=drop dst-port=911 comment="Dark Shadow"add chain=virus protocol=tcp
action=drop dst-port=999 comment="Deep Throat, Foreplay, WinSatan"add chain=virus
protocol=tcp action=drop dst-port=1000 comment="Der Spaeher, Direct Connection"add
chain=virus protocol=tcp action=drop dst-port=1001 comment="Der Spaeher, Le
Guardien, Silencer, WebEx"add chain=virus protocol=tcp action=drop dst-port=10101016 comment="Doly Trojan"add chain=virus protocol=tcp action=drop dst-port=1020
comment="Vampire"add chain=virus protocol=tcp action=drop dst-port=1024
comment="Jade, Latinus, NetSpy"add chain=virus protocol=tcp action=drop dstport=1025 comment="Remote Storm"add chain=virus protocol=udp action=drop dstport=1025 comment="Remote Storm"add chain=virus protocol=tcp action=drop dstport=1035 comment="Multidropper"add chain=virus protocol=tcp action=drop dstport=1042 comment="BLA trojan"add chain=virus protocol=tcp action=drop dstport=1045 comment="Rasmin"add chain=virus protocol=tcp action=drop dst-port=1049
comment="sbin initd"add chain=virus protocol=tcp action=drop dst-port=1050
comment="MiniCommand"add chain=virus protocol=tcp action=drop dst-port=1053
comment="The Thief"add chain=virus protocol=tcp action=drop dst-port=1054
comment="AckCmd"add chain=virus protocol=tcp action=drop dst-port=1080-1083
comment="WinHole"add chain=virus protocol=tcp action=drop dst-port=1090
comment="Xtreme"add chain=virus protocol=tcp action=drop dst-port=1095-1098
comment="Remote Administration Tool RAT"add chain=virus protocol=tcp action=drop
dst-port=1099 comment="Blood Fest Evolution, Remote Administration Tool RAT"add
chain=virus protocol=tcp action=drop dst-port=1150-1151 comment="Orion"add
chain=virus protocol=tcp action=drop dst-port=1170 comment="Psyber Stream Server
PSS, Streaming Audio Server, Voice"add chain=virus protocol=udp action=drop dstport=1200-1201 comment="NoBackO"add chain=virus protocol=tcp action=drop dstport=1207 comment="SoftWAR"add chain=virus protocol=tcp action=drop dst-port=1208
comment="Infector"add chain=virus protocol=tcp action=drop dst-port=1212
comment="Kaos"add chain=virus protocol=tcp action=drop dst-port=1234
comment="SubSeven Java client, Ultors Trojan"add chain=virus protocol=tcp
action=drop dst-port=1243 comment="BackDoor-G, SubSeven, SubSeven Apocalypse,
Tiles"add chain=virus protocol=tcp action=drop dst-port=1245 comment="VooDoo Doll"
add chain=virus protocol=tcp action=drop dst-port=1255 comment="Scarab"add
chain=virus protocol=tcp action=drop dst-port=1256 comment="Project nEXT"add
chain=virus protocol=tcp action=drop dst-port=1269 comment="Matrix"add chain=virus

protocol=tcp action=drop dst-port=1272 comment="The Matrix"add chain=virus

protocol=tcp action=drop dst-port=1313 comment="NETrojan"add chain=virus
protocol=tcp action=drop dst-port=1338 comment="Millenium Worm"add chain=virus
protocol=tcp action=drop dst-port=1349 comment="Bo dll"add chain=virus protocol=tcp
action=drop dst-port=1394 comment="GoFriller, Backdoor G-1"add chain=virus
protocol=tcp action=drop dst-port=1441 comment="Remote Storm"add chain=virus
protocol=tcp action=drop dst-port=1492 comment="FTP99CMP"add chain=virus
protocol=tcp action=drop dst-port=1524 comment="Trinoo"add chain=virus protocol=tcp
action=drop dst-port=1568 comment="Remote Hack"add chain=virus protocol=tcp
action=drop dst-port=1600 comment="Direct Connection, Shivka-Burka"add chain=virus
protocol=tcp action=drop dst-port=1703 comment="Exploiter"add chain=virus
protocol=tcp action=drop dst-port=1777 comment="Scarab"add chain=virus protocol=tcp
action=drop dst-port=1807 comment="SpySender"add chain=virus protocol=tcp
action=drop dst-port=1966 comment="Fake FTP"add chain=virus protocol=tcp
action=drop dst-port=1967 comment="WM FTP Server"add chain=virus protocol=tcp
action=drop dst-port=1969 comment="OpC BO"add chain=virus protocol=tcp action=drop
dst-port=1981 comment="Bowl, Shockrave"add chain=virus protocol=tcp action=drop
dst-port=1999 comment="Back Door, SubSeven, TransScout"add chain=virus protocol=tcp
action=drop dst-port=2000 comment="Der Spaeher, Insane Network, Last 2000, Remote
Explorer 2000, Senna Spy Trojan Generator"add chain=virus protocol=tcp action=drop
dst-port=2001 comment="Der Spaeher, Trojan Cow"add chain=virus protocol=tcp
action=drop dst-port=2023 comment="Ripper Pro"add chain=virus protocol=tcp
action=drop dst-port=2080 comment="WinHole"add chain=virus protocol=tcp action=drop
dst-port=2115 comment="Bugs"add chain=virus protocol=udp action=drop dst-port=2130
comment="Mini Backlash"add chain=virus protocol=tcp action=drop dst-port=2140
comment="The Invasor"add chain=virus protocol=udp action=drop dst-port=2140
comment="Deep Throat, Foreplay"add chain=virus protocol=tcp action=drop dstport=2155 comment="Illusion Mailer"add chain=virus protocol=tcp action=drop dstport=2255 comment="Nirvana"add chain=virus protocol=tcp action=drop dst-port=2283
comment="Hvl RAT"add chain=virus protocol=tcp action=drop dst-port=2300
comment="Xplorer"add chain=virus protocol=tcp action=drop dst-port=2311
comment="Studio 54"add chain=virus protocol=tcp action=drop dst-port=2330-2339
comment="Contact"add chain=virus protocol=udp action=drop dst-port=2339
comment="Voice Spy"add chain=virus protocol=tcp action=drop dst-port=2345
comment="Doly Trojan"add chain=virus protocol=tcp action=drop dst-port=2565
comment="Striker trojan"add chain=virus protocol=tcp action=drop dst-port=2583
comment="WinCrash"add chain=virus protocol=tcp action=drop dst-port=2600
comment="Digital RootBeer"add chain=virus protocol=tcp action=drop dst-port=2716
comment="The Prayer"add chain=virus protocol=tcp action=drop dst-port=2773-2774
comment="SubSeven, SubSeven 2.1 Gold"add chain=virus protocol=tcp action=drop dstport=2801 comment="Phineas Phucker"add chain=virus protocol=udp action=drop dstport=2989 comment="Remote Administration Tool RAT"add chain=virus protocol=tcp
action=drop dst-port=3000 comment="Remote Shut"add chain=virus protocol=tcp
action=drop dst-port=3024 comment="WinCrash"add chain=virus protocol=tcp
action=drop dst-port=3031 comment="Microspy"add chain=virus protocol=tcp
action=drop dst-port=3128 comment="Reverse WWW Tunnel Backdoor, RingZero"add
chain=virus protocol=tcp action=drop dst-port=3129 comment="Masters Paradise"add
chain=virus protocol=tcp action=drop dst-port=3150 comment="The Invasor"add
chain=virus protocol=udp action=drop dst-port=3150 comment="Deep Throat, Foreplay,
Mini Backlash"add
chain=virus protocol=tcp action=drop dst-port=3456 comment="Terror trojan"add
chain=virus protocol=tcp action=drop dst-port=3459 comment="Eclipse 2000,
Sanctuary"add chain=virus protocol=tcp action=drop dst-port=3700 comment="Portal of
Doom"add chain=virus protocol=tcp action=drop dst-port=3777 comment="PsychWard"add
chain=virus protocol=tcp action=drop dst-port=3791-3801 comment="Total Solar
Eclypse"add chain=virus protocol=tcp action=drop dst-port=4000 comment="SkyDance"
add chain=virus protocol=tcp action=drop dst-port=4092 comment="WinCrash"add
chain=virus protocol=tcp action=drop dst-port=4242 comment="Virtual Hacking Machine
VHM"add chain=virus protocol=tcp action=drop dst-port=4321 comment="BoBo"add

chain=virus protocol=tcp action=drop dst-port=4444 comment="Prosiak, Swift Remote"

add chain=virus protocol=tcp action=drop dst-port=4567 comment="File Nail"add
chain=virus protocol=tcp action=drop dst-port=4590 comment="ICQ Trojan"add
chain=virus protocol=tcp action=drop dst-port=4950 comment="ICQ Trogen Lm"add
chain=virus protocol=tcp action=drop dst-port=5000 comment="Back Door Setup,
Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie"add chain=virus protocol=tcp
action=drop dst-port=5001 comment="Back Door Setup, Sockets des Troie"add
chain=virus protocol=tcp action=drop dst-port=5002 comment="cd00r, Shaft"add
chain=virus protocol=tcp action=drop dst-port=5010 comment="Solo"add chain=virus
protocol=tcp action=drop dst-port=5011 comment="One of the Last Trojans OOTLT, One
of the Last Trojans OOTLT, modified"add chain=virus protocol=tcp action=drop dstport=5025 comment="WM Remote KeyLogger"add chain=virus protocol=tcp action=drop
dst-port=5031-5032 comment="Net Metropolitan"add chain=virus protocol=tcp
action=drop dst-port=5321 comment="Firehotcker"add chain=virus protocol=tcp
action=drop dst-port=5333 comment="Backage, NetDemon"add chain=virus protocol=tcp
action=drop dst-port=5343 comment="wCrat WC Remote Administration Tool"add
chain=virus protocol=tcp action=drop dst-port=5400-5402 comment="Back Construction,
Blade Runner"add chain=virus protocol=tcp action=drop dst-port=5512
comment="Illusion Mailer"add chain=virus protocol=tcp action=drop dst-port=5534
comment="The Flu"add chain=virus protocol=tcp action=drop dst-port=5550
comment="Xtcp"add chain=virus protocol=tcp action=drop dst-port=5555
comment="ServeMe"add chain=virus protocol=tcp action=drop dst-port=5556-5557
comment="BO Facil"add chain=virus protocol=tcp action=drop dst-port=5569
comment="Robo-Hack"add chain=virus protocol=tcp action=drop dst-port=5637-5638
comment="PC Crasher"add chain=virus protocol=tcp action=drop dst-port=5742
comment="WinCrash"add chain=virus protocol=tcp action=drop dst-port=5760
comment="Portmap Remote Root Linux Exploit"add chain=virus protocol=tcp action=drop
dst-port=5880-5889 comment="Y3K RAT"add chain=virus protocol=tcp action=drop dstport=6000 comment="The Thing"add chain=virus protocol=tcp action=drop dst-port=6006
comment="Bad Blood"add chain=virus protocol=tcp action=drop dst-port=6272
comment="Secret Service"###dengan firewall list diatas anda dapat membatasi port2
yg sering digunakan oleh virus tetapi perlu diperhatikan banyak juga aplikasi2 atau
service yg menggunakan port tersebut..dan server anda hanya bisa diremote dari
allow list address dan network anda sendiri untuk menghindari adanya deface pada
router mikrotik anda # HYPERLINK "http://aribowo21.wordpress.com/2009/01/18/dropvirus-conficker-pake-firewall-mikrotik/" \o "Permanent Link to Drop virus conficker
pake firewallmikrotik" #Drop virus conficker pake firewallmikrotik#buat mangle
yang menuju ke situs2 yg dituju conficker..#in interface adalah yang menghadap ke
jaringan kitaadmin@mikrotik> ip firewall mangle add chain=prerouting ininterface=ether-download dst-address-list=jaringan-kita content=loadadv.-exe
action=add-dst-to-address-list address-list=worm-dst time=02-00,00 dst-address-list
kasih tanda seru>>>maksudnya agar content tsb hanya di cek kalau destinationnya
bukan address-list ournetworkbuat firewall ruleadmin@mikrotik> ip firewall filter
add chain=forward dst-address-list=worm-dst action=dropsetelah rule ini diterapkan
maka di tab address-list akan tercapture address untuk download worm ini.#contoh#
INCLUDEPICTURE "http://aribowo21.files.wordpress.com/2009/01/hasil-addresslist1.png?w=300&h=55" \* MERGEFORMATINET #### HYPERLINK
"http://antoni.web.id/membuat-dhcp-internet-gateway-server-di-mikrotik.html" \o
"Permanent Link to Membuat DHCP & Internet Gateway Server di Mikrotik" #Membuat
DHCP & Internet Gateway Server di Mikrotik#Posted by antoni as # HYPERLINK
"http://antoni.web.id/category/mikrotik" \o "View all posts in Mikrotik" #Mikrotik#
Untuk membuat DHCP Server diperlukan langkah-langkah sebagai berikut :1. Membuat
address pool dan menentukan IP Range#2. Mengaktifkan DHCP server.#Sedangkan untuk
membuat Internet Gateway Server, inti langkahnya adalah melakukan masquerading yang
akan melewatkan paket-paket data ke user.Berikut ini adalah gambaran dari network
dan servernya :1. Mikrotik di install pada CPU dengan 2 ethernet card, 1 interface
utk koneksi ke internet, 1 interface utk konek ke lokal.2. IP address :#- gateway
(mis: ADSL modem) : 192.168.100.100#- DNS : 192.168.100.110#- interface utk
internet : 192.168.100.1#- interface utk lokal : 192.168.0.1Untuk memulainya, kita

lihat interface yang ada pada Mikrotik Router[admin@Mikrotik] > interface

print#Flags: X - disabled, D - dynamic, R - running## NAME TYPE RX-RATE TX-RATE
MTU#0 R ether1 ether 0 0 1500#1 R ether2 ether 0 0 1500[admin@Mikrotik] >kemudian
set IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk
koneksi ke Internet dengan IP 192.168.100.1 dan ether2 akan kita gunakan untuk
network local kita dengan IP 192.168.0.1[admin@mikrotik] > ip address add
address=192.168.100.1 netmask=255.255.255.0 interface=ether1[admin@mikrotik] > ip
address add address=192.168.0.1 netmask=255.255.255.0 interface=ether2
[admin@mikrotik] >ip address print#Flags: X - disabled, I - invalid, D - dynamic##
ADDRESS NETWORK BROADCAST INTERFACE#0 192.168.100.1/24 192.168.100.0
192.168.100.255 ether1#1 192.168.0.1/24 192.168.0.0 192.168.0.255
ether2#[admin@mikrotik] >Setelah selesai Barulah kita bisa melakukan setup DHCP
server pada Mikrotik.1. Membuat address pool/ip pool add name=dhcp-pool
ranges=192.168.0.2-192.168.0.100#/ip dhcp-server network add address=192.168.0.0/24
gateway=192.168.0.1#2. Tentukan interface yang dipergunakan dan aktifkan DHCP
Server./ip dhcp-server add interface=ether2 address-pool=dhcp-pool enable 0
[admin@mikrotik] > ip dhcp-server print#Flags: X - disabled, I - invalid## NAME
INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP#0 dhcp1 ether2#sampai tahap ini,
DHCP server telah selesai untuk dipergunakan dan sudah bisa di test dari user.
Langkah Selanjutnya adalah membuat internet gateway, Misalnya IP ADSL Modem sebagai
gateway untuk koneksi internet adalah 192.168.100.100 dan DNS Servernya
192.168.100.110, maka lakukan setting default gateway dengan perintah berikut :
[admin@mikrotik] > /ip route add gateway=192.168.100.1003. Melihat Tabel routing
pada Mikrotik Routers[admin@mikrotik] > ip route printFlags: X - disabled, A active, D - dynamic,#C - connect, S - static, r - rip, b - bgp, o - ospf## DSTADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE#0 ADC 192.168.0.0/24 192.168.0.1
ether2#1 ADC 192.168.100.0/24 192.168.100.1 ether1#2 A S 0.0.0.0/0 r
192.168.100.100 ether1#[admin@mikrotik] >Lanjutkan dengan Setup DNS[admin@mikrotik]
> ip dns set primary-dns=192.168.100.110 allow-remoterequests=no[admin@mikrotik] >
ip dns print#primary-dns: 192.168.100.110#secondary-dns: 0.0.0.0#allow-remoterequests: no#cache-size: 2048KiB#cache-max-ttl: 1w#cache-used:
16KiB#[admin@mikrotik] >4. Tes untuk akses domain, misalnya dengan ping nama domain
[admin@mikrotik] > ping yahoo.com216.109.112.135 64 byte ping: ttl=48 time=250
ms#10 packets transmitted, 10 packets received, 0% packet loss#round-trip
min/avg/max = 571/571.0/571 ms[admin@mikrotik] >Jika sudah berhasil reply berarti
seting DNS sudah benar.5. Setup Masquerading, ini adalah langkah utama untuk
menjadikan Mikrotik sebagai gateway server[admin@mikrotik] > ip firewall nat add
action=masquerade outinterface=ether1chain: srcnat[admin@mikrotik] >
[admin@mikrotik] ip firewall nat print#Flags: X - disabled, I - invalid, D dynamic#0 chain=srcnat out-interface=ether1 action=masquerade#[admin@mikrotik]
>#Selesai, tinggal test koneksi dari user. seharusnya dengan cara ini user sudah
bisa terhubung ke internet.Cara ini memang cara yang paling mudah untuk membuat
user dapat terhubung ke internet, namun tingkat keamanannya masih rendah dan
diperlukan pengaturan firewall. Mudah-mudahan saya bisa membahasnya dilain waktu.
Source from # HYPERLINK "http://www.vavai.com" ##http://www.vavai.com## HYPERLINK
"http://yoyok.wordpress.com/" \o "Yoyok Riawan" #Yoyok Riawan#*Seorang Pemulung/
[copy & paste] yang Berusaha Memanfaatkan Limbah* Nb: Tulislah pada Nisanmu,..
Sebelum kau mati # HYPERLINK "http://yoyok.wordpress.com/2007/06/02/create-dotadimesin-mikrotik/" #Create Dota dimesinMikrotik## HYPERLINK
"http://yoyok.wordpress.com/2007/06/27/tutorial-step-by-step-seting-mikrotik/"
#Tutorial Step By Step SetingMikroTik# Instalasi, Konfigurasi dan Optimasi
MikrotikRouterOS
####################################################################TOKET Terbitan Online Kecoak ElektronikDefending the classical hackers mind since 1995
Publisher : http://www.kecoak-elektronik.netContact
: staff@kecoakelektronik.net####################################################################
Subject
: Instalasi, Konfigurasi dan Optimasi MikrotikRouter OSWriter
: r0t0r
of Kecoak ElektronikContact
: rotor@kecoak-elektronik.netStyle
: Unicode
Transformation

Format (UTF-8)[1] Kecoak Elektronik LicenseKecoak Elektronik secara aktif

mendukung Blue Ribbon Campaign.Kami akan berusaha untuk menerbitkan semua informasi
yang kami anggappatut diketahui, baik dokumen teks, artikel majalah, atau surat
kabar.Seluruh kredit akan diberikan kepada sang pengarang.Kecoak Elektronik tidak
bertanggung jawab atas tindakan orang lain.Informasi yang disajikan di situs ini
adalah untuk tujuan pendidikandan informasionil belaka. Jika Anda memutuskan untuk
mengejawantahkandalam bentuk apapun informasi yang tersimpan di situs ini, Anda
melakukan atas keputusan sendiri, dan tidak seorangpun selain Andabertanggung jawab
atas tindakan tersebut.Dipersilahkan untuk mengambil sebagian atau seluruh dari isi
artikelyang kami terbitkan dengan tetap mencantumkan kredit atas pengarangdan
Kecoak Elektronik sebagai penerbit online. Artikel yang dikutipatau diambil tidak
dapat dipergunakan untuk kepentingan komersil.[2] Intro
##################################################################M#i#k#r#o#T#i#k#
#R#o#u#t#e#r#O#S#"!,# #m#e#r#u#p#a#k#a#n# #s#y#s#t#e#m# #o#p#e#r#a#s#i# #L#i#n#u#x#
#b#a#s#e# #y#a#n#g# #d#i#p#e#r#u#n#t#u#k##k#a#n# #s#e#b#a#g#a#i# #n#e#t#w#o#r#k#
#r#o#u#t#e#r#.# #D#i#d#e#s#a#i#n# #u#n#t#u#k# #m#e#m#b#e#r#i#k#a#n#
#k#e#m#u#d#a#h#a#n# #b#a#g#i##p#e#n#g#g#u#n#a#n#y#a#.#
#A#d#m#i#n#i#s#t#r#a#s#i#n#y#a# #b#i#s#a# #d#i#l#a#k#u#k#a#n# #m#e#l#a#l#u#i#
#W#i#n#d#o#w#s# #a#p#p#l#i#c#a#t#i#o#n##(#W#i#n#B#o#x#)#.# #W#e#b#b#r#o#w#s#e#r#
#s#e#r#t#a# #v#i#a# #R#e#m#o#t#e# #S#h#e#l#l# (telnet dan SSH). Selainitu instalasi
dapat dilakukan pada Standard computer PC. PC yang akandijadi kan router
mikrotikpun tidak memerlukan resource yang cukup besaruntuk penggunaan standard,
misalnya hanya sebagai gateway. Untuk keperluanbeban yang besar ( network yang
kompleks, routing yang rumit dll)disarankan untuk mempertimbangkan pemilihan
resource PC yang memadai.Fasilitas pada mikrotik antara lain sebagai berikut :Protokoll routing RIP, OSPF, BGP.- Statefull firewall- HotSpot for Plug-and-Play
access- remote winbox GUI adminLebih lengkap bisa dilihat di www.mikrotik.com.
Meskipun demikian Mikrotik bukanlah free software, artinya kita harusmembeli
licensi terhadap segala fasiltas yang disediakan. Free trialhanya untuk 24 jam
saja. Kita bisa membeli software mikrotik dalambentuk CD yang diinstall pada Hard
disk atau disk on module (DOM).Jika kita membeli DOM tidak perlu install tetapi
tinggal menancapkanDOM pada slot IDE PC kita. Instalasi Mikrotik ada beberapa
cara :1. Instalasi melalui NetInstall via jaringan2. Instalasi melalui Floppy disk
3. Instalasi melalui CD-ROM.Kali ini kita akan membahasnya instalasi melalui CDROM. Untuk percobaanini silahkan download ISOnya di
http://adminpreman.web.id/downloadLangkah-langkah berikut adalah dasar-dasar setup
mikrotik yangdikonfigurasikan untuk jaringan sederhana sebagai PC Router/Gateway,
Web Proxy, DNS Server, DHCP, Firewall serta Bandwidth Management.Konfigurasi ini
dapat dimanfaatkan untuk membangun jaringan padaInternet Cafe atau untuk Testing
pada Laboratorium Pribadi. [2.1] Topologi JaringanTopologi jaringan ini di
anggap koneksi Internetnya melalui MODEMxDSL (ADSL atau SDSL). Dengan catatan
konfigurasi IP Publiknyaditanam didalam MODEM, artinya perlu pula dipilih MODEM
yang memilikifasilitas seperti Routing, Firewall, dan lain-lain. Semakin lengkap
semakin bagus, namun biasanya harga semakin mahal, yang patutdipertimbangkan
pilihlah MODEM yang memiliki fasilitas Firewall yangbagus. Untuk MODEM SDSL,
biasanya, IP dibawah NAT, artinya IP nya bukan IPPublik langsung. Dan umumnya untuk
MODEM ADSL, IP Publiknya langsungditanam di MODEM itu sendiri.Saat ini kita anggap
IP Publiknya di tanam di MODEM, dimana InterfacePPPoE nya sudah di konfigurasikan
dan sudah bisa DIAL ke server RASnya.Agar memudahkan konfigurasi, perlu dirancang
topologi jaringan yangdikonfigurasi. Sebagai contoh, skema dibawah ini:(a) Skema
Jaringan
_(o+
____|
|
/
| Telpon
|
_/
-(
+[_] Splitter
|
|
+-+
+|
| Modem xDSL
+*-+
(1)|
++
|
|
|
(3)
|
| +|+
|
++
| |. . . . . |
| a|
|
|
+|-|-|-|-+
+|=====|
|
| | | |
|
|
|
| | | |
|
|+
+-|-|-|[client 1]
|
|b
+-|-|[client 2]
|
|
+-|-[client 3]
LJ
+[client n]
(2)Keterangan skema(1) = Modem
xDSL (Ip Address : 192.168.1.1/24)(2) = Mikrotik Box dengan 2 ethernet card yaitu a

(publik) dan b (local)(3) = Switch

Untuk sambungan ke Client. Asumsi Client
Jumlahnya 20 Client
Range Ip Address : 192.168.0.0/27
Alokasi Ip Client =
192.168.0.1-192.168.0.30
Ip Net ID
: 192.168.0.0/27
Ip Broadcast : 192.168.0.31/27(b) Alokasi IP Address[*] Mikrotik Box
Keterangan
Skema
a = ethernet card 1 (Publik) -> Ip Address : 192.168.1.2/24
b =
ethernet card 2 (Local) -> Ip Address : 192.168.0.30/27
Gateway
:
192.168.1.1 (ke Modem)[*] Client
Client 1 - Client n, Ip Address : 192.168.0.n
. n (1-30)
Contoh:
Client 6
Ip Address : 192.168.0.6/27
Gateway
:
192.168.0.30 (ke Mikrotik Box)CATATAN :Angka dibelakang Ip address ( /27) sama
dengan nilai netmasknyauntuk angka (/27) nilainya sama dengan 255.255.255.224.
Untuk Sub Netmask blok ip address Local kelas C, dapat diuraikansebagai berikut :
Subnetmask kelas C-255.255.255.0
= 24 -> 254 mesin
..
.128 = 25 ->
128 mesin
..
.192 = 26 -> 64 mesin
..
.224 = 27 -> 32 mesin
..
.240 = 28 -> 16 mesin
..
.248 = 29 ->
8 mesin
..
.252 = 30 ->
4
mesin
..
.254 = 31 ->
2 mesin
..
.255 = 32 ->
1 mesin[2.2]
Persiapan- Untuk PC Router Siapkan PC, minimal Pentium I, RAM 64, HD 500Matau pake
flash memory 64 - Sebagai Web proxy, Siapkan PC, minimalPentium III 450Mhz, RAM 256
Mb, HD 20 Gb. Melihat berapa minimumRAM dan HD yang dibutuhkan untuk Cache
Silahkan lihathttp://adminpreman.web.id/download/Rumus%20Web%20Proxy%20Mikrotik.xls
- Siapkan minimal 2 ethernet card, 1 ke arah luar/Internet dan 1 lagi ke Network
local Burn Source CD Mikrotik OS masukan ke CDROM.- Versi mikrotik yang digunakan
adalah Mikrotik RouterOS versi 2.9.27[3] Installasi Mikrotik RouterSetelah desain
skema jaringan serta perangkat yang dibutuhkan telahdisiapkan, sekarang saatnya
kita mulai proses instalasi ini.[3.1] Booting melalui CD-ROM
Atur di BIOS agar,
supaya boot lewat CD-ROM, kemudian tunggu beberapa
saat di monitor akan muncul
proses Instalasi.-ISOLINUX 2.08 2003-12-12 Copyrigth (C)
1994-2003 H. Peter AnvinLoading linuxLoading initrd.rgz.Ready
Uncompressing Linux Ok, booting the kernel[3.2] Memilih
paket software
Setelah proses booting akan muncul menu pilihan software yang
mau di install, pilih sesuai kebutuhan yang akan direncanakan.
Paket yang
tersedia di Mikrotik
advanced-tools-2.9.27.npk
arlan-2.9.27.npk
dhcp2.9.27.npk
gps-2.9.27.npk
hotspot-2.9.27.npk
hotspot-fix-2.9.27.npk
isdn2.9.27.npk
lcd-2.9.27.npk
ntp-2.9.27.npk
ppp-2.9.27.npk
radiolan-2.9.27.npk
routerboard-2.9.27.npk
routing-2.9.27.npk
routing-test-2.9.27.npk
rstpbridge-test-2.9.27.npk
security-2.9.27.npk
synchronous-2.9.27.npk
system2.9.27.npk
telephony-2.9.27.npk
ups-2.9.27.npk
user-manager-2.9.27.npk
webproxy-2.9.27.npk
webproxy-test-2.9.27.npk
wireless-2.9.27.npk
wirelesslegacy-2.9.27.npk
Welcome to Mikrotik Router
Software InstallationMove around menu using p and n or arrow keys, select with
spacebar.Select all with a, minimum with m. Press i to install locally or
r toinstall remote router or q to cancel and reboot. [X] system
[ ] lcd
[ ] telephony [ ] ppp
[ ] ntp
[ ] ups [ ] dhcp
[ ] radiolan
[ ] user-manager [X]
andvanced-tools
[ ] routerboard
[X] web-proxy [ ] arlan
[ ] routing
[ ] webproxy-test [ ] gps
[ ] routing-test
[ ] wireless [ ] hotspot
[ ] rstp-bridge-test
[ ] wireless-legacy [
] hotspot
[X] security [ ] isdn
[ ] synchronous
Umumnya Paket Mikrotik untuk Warnet, Kantor atau SOHO
adalah :a. SYSTEM
: Paket ini merupakan paket dasar, berisi Kernel dari
Mikrotikb. DHCP
: Paket yang berisi fasilitas sebagai DHCP Server, DHCP
client, pastikan memilih paket ini jika Anda menginginkan
agar
Client diberikan IP address otomatis dari DHCP Serverc. SECURITY
: Paket
ini berisikan fasilitas yang mengutamakan Keamanan
jaringan,
seperti Remote Mesin dengan SSH, Remote via MAC
Address d.
WEB-PROXY
: Jika Anda memilih paket ini, maka Mikrotik Box anda telah
dapat menjalan service sebagai Web proxy yang akan menyimpan
cache agar traffik ke Internet dapat di reduksi serta browsing
untuk Web dapat dipercepat.e. ADVANCED TOOLS
: Paket yang berisi Tool didalam
melakukan Admnistrasi jaringan,
seperti Bandwidth meter,

Scanning, Nslookup, dan lain sebagainya.[3.3] Instalasi Paketketik i

setelah selesai memilih software, lalu akan muncul menu
pilihan seperti ini :
- Do you want to keep old configuration ? [y/n] ketik Y
- continue ? [y/n] ketik
Y
Setelah itu proses installasi system dimulai, disini kita tidak
perlu membuat
partisi hardsik karena secara otomatis mikrotik akan
membuat partisi sendiri.
-wireless-legacy (depens on system):Provides support for
Cisco Aironet cards and for PrismlI and Atheros wirelessstation and AP.Do you want
to keep old configuraion? [y/n]:yWarning: all data on the disk will be erased!
Continue? [y/n]:yCreating partition.Formatting diskInstalling
system-2.9.27 [##################
]Proses
installasiContinue? [y/n]:yCreating partition..
Formatting disk.Installed system-2.9.27Installed advanced-tools-2.9.27
Installed dhcp-2.9.27Installed security-2.9.27installed web-proxy-2.9.27Software
installed.Press ENTER to rebootCATATAN :Proses Installasi
normalnya tidak sampai 15 menit, jika lebih berarti gagal,ulangike step awal.
Setelah proses installasi selesai maka kita akan diminta untukmerestart system,
tekan enter untuk merestart system.[3.5] Proses Check system diskSetelah komputer
booting kembali ke system mikrotik, akan ada pilihan untukmelakukan check system
disk, tekan y.-Loading system with initrdUncompressing
Linux Ok, booting the kernel.Starting.It is recomended to check your disk drive
for error,but it may take while (~1min for 1Gb).It can be done later with /system
check-disk.Do you want to do it now? [y/n][3.6] Proses
Instalasi SelesaiSetelah proses instalasi selesai, maka akan muncul menu login
dalam modusterminal, kondisi sistem saat ini dalam keadaan default.
Mikrotik
login = admin
Password = (kosong, enter saja)Mikrotik
2.9.27Mikrotik Login: MMM
MMM
KKK
TTTTTTTTTTT
KKK MMMM
MMMM
KKK
TTTTTTTTTTT
KKK MMM MMMM
MMM III KKK KKK RRRRRR
OOOOOO
TTT
III KKK KKK MMM MM MMM III
KKKKK
RRR RRR OOO OOO
TTT
III KKKKK MMM
MMM III KKK KKK
RRRRRR
OOO OOO
TTT
III KKK KKK MMM
MMM III KKK KKK RRR RRR
OOOOOO
TTT
III KKK KKK MikroTik RouterOS 2.9.27 (c) 1999-2005
http://www.mikrotik.com/Terminal vt102 detected, using multiline input mode
[admin@Mikrotikl] > -CATATAN :Konfigurasi Standar untuk
mikrotik ada 2 modus, yaitu modus teks danmodus GUI. Modus Gui ada 2 juga, yaitu
Via Browser serta Via Winbox.Untuk sekarang saya akan bahas via Teks. Karena cepat
serta lebih memahamiterhadap sistem operasi ini.[4] Perintah DasarPerintah
mikrotik sebenarnya hampir sama dengan perintah yang ada dilinux,sebab pada
dasarnya mikrotik ini merupakan kernel Linux, hasil pengolahankembali Linux dari
Distribusi Debian. Pemakaian perintah shellnya sama,seperti penghematan perintah,
cukup menggunakan tombol TAB di keyboardmaka perintah yang panjang, tidak perlu
lagi diketikkan, hanya ketikkanawal nama perintahnya, nanti secara otomatis Shell
akan menampilkan sendiriperintah yang berkenaan. Misalnya perintah IP ADDRESS di
mikrotik. Cukuphanya mengetikkan IP ADD spasi tekan tombol TAB, maka otomatis shell
akan mengenali dan menterjemahkan sebagai perintah IP ADDRESS. Baiklah kita
lanjutkan pengenalan perintah ini.Setelah login, cek kondisi interface atau
ethernet card.[4.1] Melihat kondisi interface pada Mikrotik Router
[admin@Mikrotik] > interface print
Flags: X - disabled, D - dynamic, R - running
#
NAME
TYPE
RX-RATE
TX-RATE
MTU 0 R
ether1
ether
0
0
1500 1 R
ether2
ether
0
0
1500
[admin@Mikrotik]>Jika interfacenya ada tanda X (disabled) setelah nomor (0,1), maka
periksa lagietherned cardnya, seharusnya R (running).a. Mengganti nama interface
[admin@Mikrotik] > interface(enter)b. Untuk mengganti nama Interface ether1 menjadi
Public (atau terserah namanya), maka
[admin@Mikrotik] interface> set 0
name=Publicc. Begitu juga untuk ether2, misalkan namanya diganti menjadi Local,
maka
[admin@Mikrotik] interface> set 1 name=Locald. atau langsung saja dari
posisi root direktori, memakai tanda /, tanpa tanda kutip
[admin@Mikrotik] >
/interface set 0 name=Public e. Cek lagi apakah nama interface sudah diganti.
[admin@Mikrotik] > /interface print
Flags: X - disabled, D - dynamic, R - running

#
NAME
TYPE
RX-RATE
TX-RATE
MTU
0 R
Local
ether
0
0
1500
1 R
Public
ether
0
0
1500 [4.2]
Mengganti password defaultUntuk keamanan ganti password default
[admin@Mikrotik]
> password
old password: *****
new password: *****
retype new password:
*****
[admin@ Mikrotik]]>[4.3] Mengganti nama hostnameMengganti nama Mikrotik
Router untuk memudahkan konfigurasi, pada langkah ini
nama server akan diganti
menjadi routerku
[admin@Mikrotik] > system identity set name=routerku
[admin@routerku]>[5] Setting IP Address, Gateway, Masqureade dan Name Server
[5.1] IP AddressBentuk Perintah konfigurasi
ip address add address ={ip
address/netmask} interface={nama interface}a. Memberikan IP address pada interface
Mikrotik. Misalkan Public akan kita gunakan untuk
koneksi ke Internet dengan IP
192.168.1.2 dan Local akan kita gunakan untuk network LAN
kita dengan IP
192.168.0.30 (Lihat topologi)
[admin@routerku] > ip address add
address=192.168.1.2
netmask=255.255.255.0 interface=Public comment=IP ke
Internet
[admin@routerku] > ip address add address=192.168.0.30
netmask=255.255.255.224 interface=Local comment = IP ke LANb. Melihat konfigurasi
IP address yang sudah kita berikan
[admin@routerku] >ip address print
Flags:
X - disabled, I - invalid, D - dynamic
#
ADDRESS
NETWORK
BROADCAST
INTERFACE
0
;;; IP Address ke Internet
192.168.0.30/27
192.168.0.0
192.168.0.31
Local
1
;;; IP Address ke LAN
192.168.1.2/24
192.168.0.0
192.168.1.255
Public
[admin@routerku]>
[5.2] Gateway Bentuk Perintah Konfigurasi
ip route add gateway={ip gateway}a.
Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah
192.168.1.1
[admin@routerku] > /ip route add gateway=192.168.1.1b. Melihat Tabel
routing pada Mikrotik Routers
[admin@routerku] > ip route print
Flags: X disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o
- ospf
#
DST-ADDRESS
PREFSRC
G GATEWAY
DISTANCE
INTERFACE
0 ADC 192.168.0.0/24
192.168.0.30
Local
1 ADC
192.168.0.0/27 192.168.1.2
Public
2 A S 0.0.0.0/0
r 192.168.1.1
Public
[admin@routerku]>c. Tes Ping ke Gateway untuk
memastikan konfigurasi sudah benar
[admin@routerku] > ping 192.168.1.1
192.168.1.1 64 byte ping: ttl=64 time<1 ms
192.168.1.1 64 byte ping: ttl=64
time<1 ms
2 packets transmitted, 2 packets received, 0% packet loss
roundtrip min/avg/max = 0/0.0/0 ms
[admin@routerku]>[5.3] NAT (Network Address
Translation)Bentuk Perintah Konfigurasi
ip firewall nat add chain=srcnat
action=masquerade out-inteface={ethernet
yang langsung terhubung ke Internet atau
Public}a. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway
server maka agar
client computer pada network dapat terkoneksi ke internet perlu
kita masquerading.
[admin@routerku] > ip firewall nat add chain=scrnat outinterface=Public action=masquerade
[admin@routerku]>b. Melihat konfigurasi
Masquerading
[admin@routerku] ip firewall nat print
Flags: X - disabled, I invalid, D - dynamic
0
chain=srcnat out-interface=Public action=masquerade
[admin@routerku]>[5.4] Name server Bentuk Perintah Konfigurasi
ip dns set
primary-dns={dns utama} secondary-dns={dns ke dua}a. Setup DNS pada Mikrotik
Routers, misalkan DNS dengan Ip Addressnya
Primary = 202.134.0.155, Secondary =
202.134.2.5
[admin@routerku] > ip dns set primary-dns=202.134.0.155 allowremoterequests=no
[admin@routerku] > ip dns set secondary-dns=202.134.2.5 allowremoterequests=nob. Melihat konfigurasi DNS
[admin@routerku] > ip dns print
primary-dns: 202.134.0.155
secondary-dns: 202.134.2.5
allow-remote-requests:
no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@routerku]>c. Tes untuk akses domain, misalnya dengan ping nama domain
[admin@routerku] > ping yahoo.com
216.109.112.135 64 byte ping: ttl=48 time=250
ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip
min/avg/max = 571/571.0/571 ms
[admin@routerku]>Jika sudah berhasil reply
berarti seting DNS sudah benar.Setelah langkah ini bisa dilakukan pemeriksaan untuk
koneksi dari jaringan local. Dan jikaberhasil berarti kita sudah berhasil melakukan
instalasi Mikrotik Router sebagai Gatewayserver. Setelah terkoneksi dengan jaringan
Mikrotik dapat dimanage menggunakan WinBox yangbisa di download dari Mikrotik.com

atau dari server mikrotik kita. Misal Ip address servermikrotik kita 192.168.0.30,
via browser buka http://192.168.0.30. Di Browser akan ditampilkandalam bentuk web
dengan beberapa menu, cari tulisan Download dan download WinBox dari situ.Simpan
di local harddisk. Jalankan Winbox, masukkan Ip address, username dan password.
[7] DHCP ServerDHCP merupakan singkatan dari Dynamic Host Configuration Protocol,
yaitu suatu program yangmemungkinkan pengaturan IP Address di dalam sebuah jaringan
dilakukan terpusat di server,sehingga PC Client tidak perlu melakukan konfigurasi
IP Addres. DHCP memudahkan administratoruntuk melakukan pengalamatan ip address
untuk client.Bentuk perintah konfigurasiip dhcp-server setupdhcp server interface =
{ interface yang digunakan }dhcp server space = { network yang akan di dhcp }
gateway for dhcp network = { ip gateway }address to give out = { range ip address }
dns servers = { name server }lease time = { waktu sewa yang diberikan }Jika kita
menginginkan client mendapatkan IP address secara otomatis maka perlu kita setup
dhcp server pada Mikrotik. Berikut langkah-langkahnya :a. Tambahkan IP address pool
/ip pool add name=dhcp-pool ranges=192.168.0.1-192.168.0.30b. Tambahkan DHCP
Network dan gatewaynya yang akan didistribusikan ke client.
Pada contoh ini
networknya adalah 192.168.0.0/27 dan gatewaynya 122.168.0.30
/ip dhcp-server
network add address=192.168.0.0/27 gateway=192.168.0.30 dns-server=192.168.0.30
comment=" c. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada
interface Local )
/ip dhcp-server add interface=local address-pool=dhcp-poold.
Lihat status DHCP server
[admin@routerku] > ip dhcp-server print
Flags: X disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0dhcp1 LocalTanda X menyatakan bahwa DHCP server belum enable maka perlu
dienablekan terlebihdahulu pada langkah e.e. Jangan Lupa dibuat enable dulu dhcp
servernya
/ip dhcp-server enable 0kemudian cek kembali dhcp-server seperti
langkah 4, jika tanda X sudah tidak ada berartisudah aktiff. Tes Dari client
Misalnya :D:>ping www.yahoo.com[8] Transparent Proxy ServerProxy server merupakan
program yang dapat mempercepat akses ke suatu webyang sudah diakses oleh komputer
lain, karena sudah di simpan didalamcaching server.Transparent proxy menguntungkan
dalam management client,karena system administrator tidak perlu lagi melakukan
setup proxy disetiap browser komputer client karena redirection dilakukan otomatis
di sisiserver.Bentuk perintah konfigurasi :a. Setting web proxy :- ip proxy set
enable=yes port={ port yang mau digunakan } maximal-client-connections=1000
maximal-server-connections=1000- ip proxy direct add src-address={ network yang
akan di NAT} action=allow- ip web-proxy set parent-proxy={proxy parent/optional}
hostname={ nama host untuk proxy/optional} port={port yang mau digunakan} srcaddress={ address yang akan digunakan untuk koneksi
ke parent
proxy/default 0.0.0.0} transparent-proxy=yes max-object-size={ ukuran maximal
file yang akan disimpan sebagai cache/default 4096 in Kilobytes} max-cache-size=
{ ukuran maximal hardisk yang akan
dipakai sebagai penyimpan
file cache/unlimited
| none | 12 in megabytes} cacheadministrator={ email administrator yang akan digunakan
apabila proxy error, status akan dikirim
ke email tersebut}
enable==yesContoh konfigurasi-a. Web proxy setting/ ip web-proxyset
enabled=yes src-address=0.0.0.0 port=8080
hostname=proxy.routerku.co.id
transparent-proxy=yes
parent-proxy=0.0.0.0:0 cacheadministrator=support@routerku.co.id
max-object-size=131072KiB cachedrive=system max-cache-size=unlimited
max-ram-cache-size=unlimitedNat Redirect,
perlu ditambahkan yaitu rule REDIRECTING untuk membelokkantraffic HTTP menuju ke
WEB-PROXY.b. Setting firewall untuk Transparant Proxy
Bentuk perintah konfigurasi
:
ip firewall nat add chain=dstnat
protocol=tcp
dst-port=80
action=redirect
to-ports={ port proxy }Perintahnya:/ ip firewall natadd
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment="
disabled=noadd chain=dstnat protocol=tcp dst-port=3128 action=redirect toports=8080 comment=" disabled=noadd chain=dstnat protocol=tcp dst-port=8000
action=redirect to-ports=8080perintah diatas
dimaksudkan, agar semua trafik yang menuju Port 80,3128,8000dibelokkan menuju port
8080 yaitu portnya Web-Proxy.CATATAN:Perintah/ip web-proxy print { untuk melihat
hasil konfigurasi web-proxy}/ip web-proxy monitor { untuk monitoring kerja web-

proxy}[9] Bandwidth ManagementQoS memegang peranan sangat penting dalam hal

memberikan pelayananyang baik pada client. Untuk itu kita memerlukan bandwidth
managementuntuk mengatur tiap data yang lewat, sehingga pembagian bandwidth menjadi
adil. Dalam hal ini Mikrotik RouterOs juga menyertakan packet softwareuntuk
memanagement bandwidth.Bentuk perintah konfigurasi:queue simple add name={ nama }
target-addresses={ ip address yang dituju }interface={ interface yang digunakan
untuk melewati data }max-limit={ out/in }Dibawah ini terdapat konfigurasi Trafik
shaping atau bandwidth managementdengan metode Simple Queue, sesuai namanya, Jenis
Queue ini memangsederhana, namun memiliki kelemahan, kadangkala terjadi kebocoran
bandwidthatau bandwidthnya tidak secara real di monitor. Pemakaian untuk 10 Client,
Queue jenis ini tidak masalah.Diasumsikan Client ada sebanyak 15 client, dan
masing-masing client diberijatah bandwidth minimum sebanyak 8kbps, dan maksimum
48kbps. SedangkanBandwidth totalnya sebanyak 192kbps. Untuk upstream tidak diberi
rule,berarti masing-masing client dapat menggunakan bandwidth uptream secara
maksimum. Perhatikan perintah priority, range priority di Mikrotik sebanyakdelapan.
Berarti dari 1 sampai 8, priority 1 adalah priority tertinggi,sedangkan priority 8
merupakan priority terendah.Berikut Contoh kongirufasinya.
/ queue simpleadd name=trafikshaping targetaddresses=192.168.0.0/27 dst-address=0.0.0.0/0
interface=all parent=none
priority=1 queue=default/default
limit-at=0/64000 max-limit=0/192000 totalqueue=default disabled=noadd name=01#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#2#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#3#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#4#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#0#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#5#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#6#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#6#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#

#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#7#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#8#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 0#9#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#9#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#0#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#0#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#1#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#2#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#3#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#4#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o##a#d#d# #n#a#m#e#=## 1#5#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0## # # # #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#t#r#a#f#i#k#s#h#a#p#i#n#g# #p#r#i#o#r#i#t#y#=#1#
#q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t## # # # #l#i#m#i#t#-#a#t#=#0#/#8#0#0#0#
#m#a#x#-#l#i#m#i#t#=#0#/#4#8#0#0#0# #t#o#t#a#l-queue=default disabled=no Perintah
diatas karena dalam bentuk command line, bisa juga di copypaste, selanjutnya di
paste saja ke consol mikrotiknya. ingat lihatdulu path atau direktory aktif.

Silahkan dipaste saja, kalau posisidirektorynya di Root.Terminal vt102 detected, using multiline input mode[admin@mikrotik] >
Pilihan lain metode bandwidth manajemen ini, kalau seandainya
inginbandwidth tersebut dibagi sama rata oleh Mikrotik, seperti bandwidth256kbps
downstream dan 256kbps upstream. Sedangkan client yang akanmengakses sebanyak 10
client, maka otomatis masing-masing clientmendapat jatah bandwidth upstream dan
downstream sebanyak 256kbpsdibagi 10. Jadi masing-masing dapat 25,6kbps. Andaikata
hanya 2 Clientyang mengakses maka masing-masing dapat 128kbps.Untuk itu dipakai
type PCQ (Per Connection Queue), yang bisa secaraotomatis membagi trafik per
client. Tentang jenis queue di mikrotikini dapat dibaca pada manualnya di
http://www.mikrotik.com/testdocs/ros/2.9/root/queue.php. Sebelumnya perlu dibuat
aturan di bagian MANGLE. Seperti :/ip firewall mangle add
chain=forward src-address=192.168.0.0/27
action=mark-connection new-connectionmark=users-con/ip firewall mangle add connection-mark=users-con action=mark-packet
new-packet-mark=users chain=forward-Karena type PCQ belum
ada, maka perlu ditambah, ada 2 type PCQ ini.Pertama diberi nama pcq-download, yang
akan mengatur semua trafikmelalui alamat tujuan/destination address. Trafik ini
melewatiinterface Local. Sehingga semua traffik download/downstream yangdatang dari
jaringan 192.168.0.0/27 akan dibagi secara otomatis.Tipe PCQ kedua, dinamakan pcqupload, untuk mengatur semua trafik upstreamyang berasal dari alamat asal/source
address. Trafik ini melewatiinterface public. Sehingga semua traffik
upload/upstream yang berasaldari jaringan 192.168.0.0/27 akan dibagi secara
otomatis.Perintah:-/queue type add name=pcq-download
kind=pcq pcq-classifier=dst-address/queue type add name=pcq-upload kind=pcq pcqclassifier=src-address-Setelah aturan untuk PCQ dan Mangle
ditambahkan, sekarang untuk aturanpembagian trafiknya. Queue yang dipakai adalah
Queue Tree, Yaitu:-/queue tree add parent=Local queue=pcqdownload packet-mark=users/queue tree add parent=Public queue=pcq-upload packetmark=users-Perintah diatas mengasumsikan, kalau bandwidth
yang diterima dari providerInternet berflukstuasi atau berubah-rubah. Jika kita
yakin bahwa bandwidthyang diterima, misalkan dapat 256kbs downstream, dan 256kbps
upstream, makaada lagi aturannya, seperti :Untuk trafik downstreamnya :
/queue tree add name=Download parent=Local maxlimit=256k/queue tree add parent=Download queue=pcq-download packet-mark=users
-Dan trafik upstreamnya :/queue
tree add name=Upload parent=Public max-limit=256k/queue tree add parent=Upload
queue=pcq-upload packet-mark=users[10] Monitor MRTG via
WebFasilitas ini diperlukan untuk monitoring trafik dalam bentuk grafik, dapat
dilihat dengan menggunakan browser. MRTG (The Multi Router Traffic Grapher)telah
dibuild sedemikian rupa, sehingga memudahkan kita memakainya. Telahtersedia dipaket
dasarnya.Contoh konfigurasinya-/ tool graphingset storeevery=5min/ tool graphing interfaceadd interface=all allow-address=0.0.0.0/0 storeon-disk=yes disabled=noPerintah diatas akan menampilkan
grafik dari trafik yang melewati interfacejaringan baik berupa Interface Public dan
Interface Local, yang direndersetiap 5 menit sekali. Juga dapat diatur Alamat apa
saja yang dapat mengaksesMRTG ini, pada parameter allow-address.[11] Keamanan di
MikrotikSetelah beberapa Konfigurasi diatas telah disiapkan, tentu tidak lupa kita
perhatikan keamanan dari Mesin gateway Mikrotik ini, ada beberapa fasilitasyang
dipergunakan. Dalam hal ini akan dibahas tentang Firewallnya. FasilitasFirewall ini
secara pringsip serupa dengan IP TABLES di Gnu/Linux hanya sajabeberapa perintah
telah di sederhanakan namun berdaya guna.Di Mikrotik perintah firewall ini terdapat
dalam modus IP, yaitu [admin@routerku] > /ip firewallTerdapat beberapa packet
filter seperti mangle, nat, dan filter.-[admin@routerku] ip
firewall> ?Firewall allows IP packet filtering on per packet basis... go up to ip
mangle/ The packet marking managementnat/ Network Address Translation
connection/ Active connectionsfilter/ Firewall filtersaddress-list/ serviceport/ Service port managementexport Untuk kali ini kita
akan lihat konfigurasi pada ip firewall filternya.Karena Luasnya parameter dari
firewall filter ini untuk pembahasan FirewallFilter selengkapnya dapat dilihat pada

manual mikrotik, dihttp://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php

Konfigurasi dibawah ini dapat memblokir beberapa Trojan, Virus, Backdooryang telah
dikenali sebelumnya baik Nomor Port yang dipakai serta Protokolnya.Juga telah di
konfigurasikan untuk menahan Flooding dari Jaringan Publik danjaringan Lokal. Serta
pemberian rule untuk Access control agar, Rentangjaringan tertentu saja yang bisa
melakukan Remote atau mengakses servicetertentu terhadap Mesin Mikrotik kita.Contoh
Aplikasi Filternya/ ip firewall filteradd chain=input
connection-state=invalid action=drop comment=Drop Invalid
connections
disabled=noadd chain=input src-address=!192.168.0.0/27 protocol=tcp src-port=102465535
dst-port=8080 action=drop comment=Block to Proxy disabled=noadd
chain=input protocol=udp dst-port=12667 action=drop comment=Trinoo
disabled=no
add chain=input protocol=udp dst-port=27665 action=drop comment=Trinoo
disabled=noadd chain=input protocol=udp dst-port=31335 action=drop comment=Trinoo
disabled=noadd chain=input protocol=udp dst-port=27444 action=drop comment=Trinoo
disabled=noadd chain=input protocol=udp dst-port=34555 action=drop comment=Trinoo
disabled=noadd chain=input protocol=udp dst-port=35555 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=27444 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=27665 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=31335 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=31846 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=34555 action=drop comment=Trinoo
disabled=noadd chain=input protocol=tcp dst-port=35555 action=drop
comment=Trinoo
disabled=noadd chain=input connection-state=established
action=accept comment=Allow
Established connections disabled=noadd chain=input
protocol=udp action=accept comment=Allow UDP disabled=noadd chain=input
protocol=icmp action=accept comment=Allow ICMP disabled=noadd chain=input srcaddress=192.168.0.0/27 action=accept comment=Allow access
to router from known
network disabled=noadd chain=input action=drop comment=Drop anything else
disabled=noadd chain=forward protocol=tcp connection-state=invalid action=drop
comment=drop invalid connections disabled=noadd chain=forward connectionstate=established action=accept comment=allow
already established connections
disabled=noadd chain=forward connection-state=related action=accept comment=allow
related connections disabled=noadd chain=forward src-address=0.0.0.0/8 action=drop
comment=" disabled=noadd chain=forward dst-address=0.0.0.0/8 action=drop
comment=" disabled=noadd chain=forward src-address=127.0.0.0/8 action=drop
comment=" disabled=noadd chain=forward dst-address=127.0.0.0/8 action=drop
comment=" disabled=noadd chain=forward src-address=224.0.0.0/3 action=drop
comment=" disabled=noadd chain=forward dst-address=224.0.0.0/3 action=drop
comment=" disabled=noadd chain=forward protocol=tcp action=jump jump-target=tcp
comment="
disabled=noadd chain=forward protocol=udp action=jump jump-target=udp
comment="
disabled=noadd chain=forward protocol=icmp action=jump jumptarget=icmp comment="
disabled=noadd chain=tcp protocol=tcp dst-port=69
action=drop comment=deny TFTP
disabled=noadd chain=tcp protocol=tcp dstport=111 action=drop comment=deny RPC
portmapper disabled=noadd chain=tcp
protocol=tcp dst-port=135 action=drop comment=deny RPC
portmapper disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=deny NBT
disabled=noadd chain=tcp protocol=tcp dst-port=445 action=drop comment=deny cifs
disabled=noadd chain=tcp protocol=tcp dst-port=2049 action=drop comment=deny NFS
disabled=noadd chain=tcp protocol=tcp dst-port=12345-12346 action=drop
comment=deny
NetBus disabled=noadd chain=tcp protocol=tcp dst-port=20034
action=drop comment=deny NetBus
disabled=noadd chain=tcp protocol=tcp dstport=3133 action=drop comment=deny
BackOriffice disabled=noadd chain=tcp
protocol=tcp dst-port=67-68 action=drop comment=deny DHCP
disabled=noadd
chain=udp protocol=udp dst-port=69 action=drop comment=deny TFTP
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=deny PRC
portmapper disabled=noadd chain=udp protocol=udp dst-port=135 action=drop
comment=deny PRC
portmapper disabled=noadd chain=udp protocol=udp dstport=137-139 action=drop comment=deny NBT
disabled=noadd chain=udp
protocol=udp dst-port=2049 action=drop comment=deny NFS
disabled=noadd

chain=udp protocol=udp dst-port=3133 action=drop comment=deny

BackOriffice
disabled=noadd chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-addresslist
address-list=port scanners address-list-timeout=2w comment=Port
scanners to list disabled=noadd chain=input protocol=tcp tcp-flags=fin,!syn,!
rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners
address-list-timeout=2w comment=NMAP FIN Stealth scan disabled=noadd chain=input
protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port
scanners address-list-timeout=2w comment=SYN/FIN
scan disabled=noadd
chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w comment=SYN/RST
scan
disabled=noadd chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list=port scanners
address-listtimeout=2w comment=FIN/PSH/URG scan disabled=noadd chain=input protocol=tcp tcpflags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list=port
scanners
address-list-timeout=2w comment=ALL/ALL scan disabled=noadd
chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-srcto-address-list address-list=port scanners
address-list-timeout=2w
comment=NMAP NULL scan disabled=noadd chain=input src-address-list=port
scanners action=drop comment=dropping
port scanners disabled=noadd chain=icmp
protocol=icmp icmp-options=0:0 action=accept comment=drop
invalid connections
disabled=noadd chain=icmp protocol=icmp icmp-options=3:0 action=accept
comment=allow
established connections disabled=noadd chain=icmp protocol=icmp
icmp-options=3:1 action=accept comment=allow
already established connections
disabled=noadd chain=icmp protocol=icmp icmp-options=4:0 action=accept
comment=allow
source quench disabled=noadd chain=icmp protocol=icmp icmpoptions=8:0 action=accept comment=allow
echo request disabled=noadd chain=icmp
protocol=icmp icmp-options=11:0 action=accept comment=allow
time exceed
disabled=noadd chain=icmp protocol=icmp icmp-options=12:0 action=accept
comment=allow
parameter bad disabled=noadd chain=icmp action=drop
comment=deny all other types disabled=noadd chain=tcp protocol=tcp dst-port=25
action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=noadd
chain=tcp protocol=udp dst-port=25 action=reject
reject-with=icmp-networkunreachable comment=Smtp disabled=noadd chain=tcp protocol=tcp dst-port=110
action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=noadd
chain=tcp protocol=udp dst-port=110 action=reject
reject-with=icmp-networkunreachable comment=Smtp disabled=noadd chain=tcp protocol=udp dst-port=110
action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
[11.1] Service dan Melihat Service yang Aktif dengan
PortScannerUntuk memastikan Service apa saja yang aktif di Mesin mikrotik, perlu
kitapindai terhadap port tertentu, seandainya ada service yang tidak dibutuhkan,
sebaiknya dimatikan saja.Untuk menonaktifkan dan mengaktifkan servise, perintah
adalah :Kita periksa dahulu service apa saja yang aktif[admin@routerku] > ip service[admin@routerku] ip service> printFlags: X - disabled,
I - invalid #
NAME
PORT ADDRESS
CERTIFICATE 0 X telnet
23
0.0.0.0/0 1
ftp
21
0.0.0.0/0 2
www
80
0.0.0.0/0 3
ssh
22
0.0.0.0/0 4
www-ssl
443
0.0.0.0/0
none[admin@routerku] ip service>-Misalkan service FTP
akan dinonaktifkan, yaitu di daftar diatas terletak padanomor 1 (lihat bagian
Flags) maka :[admin@routerku] ip service> set 1
disabled=yesPerlu kita periksa lagi,
[admin@routerku] ip service> printFlags: X - disabled, I
- invalid #
NAME
PORT ADDRESS
CERTIFICATE 0 X telnet
23
0.0.0.0/0 1 X ftp
21
0.0.0.0/0 2
www
80
0.0.0.0/0 3
ssh
22
0.0.0.0/0 4
www-ssl
443
0.0.0.0/0
none[admin@router.dprd.provinsi] ip service>Sekarang
service FTP telah dinonaktifkan.Dengan memakai tool nmap kita dapat mencek port apa
saja yang aktif pada mesingateway yang telah dikonfigurasikan.Perintah : nmap -vv

-sS -sV -P0 192.168.0.30Hasil :-Starting Nmap 4.20

( http://insecure.org ) at 2007-04-04 19:55 SE Asia Standard TimeInitiating ARP
Ping Scan at 19:55Scanning 192.168.0.30 [1 port]Completed ARP Ping Scan at 19:55,
0.31s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 19:55
Completed Parallel DNS resolution of 1 host. at 19:55, 0.05s elapsedInitiating SYN
Stealth Scan at 19:55Scanning 192.168.0.30 [1697 ports]Discovered open port 22/tcp
on 192.168.0.30Discovered open port 53/tcp on 192.168.0.30Discovered open port
80/tcp on 192.168.0.30Discovered open port 21/tcp on 192.168.0.30Discovered open
port 3986/tcp on 192.168.0.30Discovered open port 2000/tcp on 192.168.0.30
Discovered open port 8080/tcp on 192.168.0.30Discovered open port 3128/tcp on
192.168.0.30Completed SYN Stealth Scan at 19:55, 7.42s elapsed (1697 total ports)
Initiating Service scan at 19:55Scanning 8 services on 192.168.0.30Completed
Service scan at 19:57, 113.80s elapsed (8 services on 1 host)Host 192.168.0.30
appears to be up good.Interesting ports on 192.168.0.30:Not shown: 1689 closed
portsPORT
STATE SERVICE
VERSION21/tcp
open ftp
MikroTik
router ftpd 2.9.2722/tcp
open ssh
OpenSSH 2.3.0 mikrotik 2.9.27
(protocol 1.99)53/tcp
open domain?80/tcp
open http
MikroTik router
http config2000/tcp open callbook?3128/tcp open http-proxy
Squid webproxy
2.5.STABLE113986/tcp open mapper-ws_ethd?8080/tcp open http-proxy
Squid
webproxy 2.5.STABLE112 services unrecognized despite returning data. If you know
the service/version,please submit the following fingerprints at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :==============NEXT SERVICE
FINGERPRINT (SUBMIT INDIVIDUALLY)==============SF-Port53TCP:V=4.20%I=7%D=4/4%Time=4613A03C%P=i686-pc-windows-windows%r(D
###################################################################################
###################################################
##############################################################S#F#:#N#S#V#e#r#s#i#o
#n#B#i#n#d#R#e#q#,#E#,## x#0#c#x#0#6##8#1#x#8#4#3 )#%#r#(#D#N#S#S#t#a#t#u#s#R#
#S#F#:#e#q#u#e#s#t#,#E#,## x#0#c#x#9#0##8#4#3 )#;#
#=#=#=#=#=#=#=#=#=#=#=#=#=#=#N#E#X#T# #S#E#R#V#I#C#E# #F#I#N#G#E#R#P#R#I#N#T#
#(#S#U#B#M#I#T# #I#N#D#I#V#I#D#U#A#L#L#Y#)#=#=#=#=#=#=#=#=#=#=#=#=#=#=##S#F##P#o#r#t#2#0#0#0#-#T#C#P#:#V#=#4#.#2#0#%#I#=#7#%#D#=#4#/#4#
%#T#i#m#e#=#4#6#1#3#A#0#3#7#%#P#=#i#6#8#6#-#p#c#-#w#i#n#d#o#w#s#-#w#i#n#d#o#w#s#
%#r##S#F#:#(#N#U#L#L#,#4#,## x#0#1#3 )#%#r#(#G#e#n#e#r#i#c#L#i#n#e#s#,#4#,##
x#0#1#3 )#%#r#(#G#e#t#R#e#q#u#e#s#t#,#1#8#,## #S#F#:#x#0#1##0#2#d#?
#x#e#4#{#x#9#d#x#0#2##1#a#x#c#c#x#8#b#x#d#1#V#x#b#2#F#x#f#f#9#x#b#0#3 )#%#r#(#
#S#F#:#H#T#T#P#O#p#t#i#o#n#s#,#1#8#,## x#0#1##0#2#d#?
#x#e#4#{#x#9#d#x#0#2##1#a#x#c#c#x#8#b#x#d#1#V#x##S#F#:#b#2#F#x#f#f#9#x#b#0#3 )#
%#r#(#R#T#S#P#R#e#q#u#e#s#t#,#1#8#,## x#0#1##0#2#d#?#x#e#4#{#x#9#d#x#0#2#x#
#S#F#:#1#a#x#c#c#x#8#b#x#d#1#V#x#b#2#F#x#f#f#9#x#b#0#3 )#
%#r#(#R#P#C#C#h#e#c#k#,#1#8#,## x#0#1##0#2#d#?#
#S#F#:#x#e#4#{#x#9#d#x#0#2##1#a#x#c#c#x#8#b#x#d#1#V#x#b#2#F#x#f#f#9#x#b#0#3 )#
%#r#(#D#N#S#V#e#r#s#i#o#n#B#i#n#d#R#e#q#,#1#8#,## #S#F#:#x#0#1##0#2#d#?
#x#e#4#{#x#9#d#x#0#2##1#a#x#c#c#x#8#b#x#d#1#V#x#b#2#F#x#f#f#9#x#b#0#3 )#%#r#(#
#S#F#:#D#N#S#S#t#a#t#u#s#R#e#q#u#e#s#t#,#4#,## x#0#1#3 )#%#r#(#H#e#l#p#,#4#,##
x#0#1#3 )#%#r#(#X#1#1#P#r#o#b#e#,#4#,## #S#F#:#x#0#1#3 )#
%#r#(#F#o#u#r#O#h#F#o#u#r#R#e#q#u#e#s#t#,#1#8#,##
x#0#1##0#2#x#b#9##1#5#&#x#f#1#A#
#S#F#:#]#+#x#1#1#n#x#f#6##9#b#x#a#0#,#x#b#0#x#e#1#x#a#5#3 )#
%#r#(#L#P#D#S#t#r#i#n#g#,#4#,## x#0#1#3 )#%#r#(#L#D#A#P#
#S#F#:#B#i#n#d#R#e#q#,#4#,## x#0#1#3 )#%#r#(#L#A#N#D#e#s#k#-#R#C#,#1#8#,##
x#0#1##0#2#x#b#9##1#5#&#
#S#F#:#x#f#1#A#]#+#x#1#1#n#x#f#6##9#b#x#a#0#,#x#b#0#x#e#1#x#a#5#3 )#
%#r#(#T#e#r#m#i#n#a#l#S#e#r#v#e#r#,#4#,## x#0#1##S#F#:#0#3 )#%#r#(#N#C#P#,#1#8#,##
x#0#1##0#2#x#b#9##1#5#&#x#f#1#A#]#+#x#1#1#n#x#f#6##9#b#x#a#0#,#
#S#F#:#x#b#0#x#e#1#x#a#5#3 )#%#r#(#N#o#t#e#s#R#P#C#,#1#8#,##
x#0#1##0#2#x#b#9##1#5#&#x#f#1#A#]#+#x#1#
#S#F#:#1#n#x#f#6##9#b#x#a#0#,#x#b#0#x#e#1#x#a#5#3 )#
%#r#(#N#e#s#s#u#s#T#P#v#1#0#,#4#,## x#0#1#3 )#;##M#A#C# #A#d#d#r#e#s#s#:#

#0#0#:#9#0#:#4#C#:#9#1#:#7#7#:#0#2# #(#E#p#i#g#r#a#m#)##S#e#r#v#i#c#e# #I#n#f#o#:#

#H#o#s#t#:# #r#o#u#t#e#r#k#u#;# #D#e#v#i#c#e#:# #r#o#u#t#e#r###S#e#r#v#i#c#e#
#d#e#t#e#c#t#i#o#n# #p#e#r#f#o#r#m#e#d#.# #P#l#e#a#s#e# #r#e#p#o#r#t# #a#n#y#
#i#n#c#o#r#r#e#c#t# #r#e#s#u#l#t#s# #a#t#
#h#t#t#p#:#/#/#i#n#s#e#c#u#r#e#.#o#r#g#/#n#m#a#p#/#s#u#b#m#i#t#/# #.###N#m#a#p#
#f#i#n#i#s#h#e#d#:# #1# #I#P# #a#d#d#r#e#s#s# #(#1# #h#o#s#t# #u#p#)# #s#c#anned in
123.031 seconds
Raw packets sent: 1706 (75.062KB) | Rcvd: 1722
(79.450KB)Dari hasil scanning tersebut dapat kita ambil
kesimpulan, bahwa service danport yang aktif adalah FTP dalam versi MikroTik router
ftpd 2.9.27. UntukSSH dengan versi OpenSSH 2.3.0 mikrotik 2.9.27 (protocol 1.99).
Serta Webproxy memakai Squid dalam versi Squid webproxy 2.5.STABLE11.Tentu saja
pihak vendor mikrotik telah melakukan patch terhadap Hole atauVulnerabilities dari
Versi Protocol diatas.[11.2] Tool administrasi JaringanSecara praktis terdapat
beberapa tool yang dapat dimanfaatkan dalam melakukan troubleshooting jaringan,
seperti tool ping, traceroute, SSH, dll.Beberapa tool yang sering digunakan
nantinya dalam administrasi sehari-hariadalah :o Telneto SSHo Tracerouteo Sniffera.
TelnetPerintah remote mesin ini hampir sama penggunaan dengan telnet yang adadi
Linux atau Windows.[admin@routerku] > system telnet ?Perintah diatas untuk melihat
sekilias paramater apa saja yang ada. Misalnyamesin remote dengan ip address
192.168.0.21 dan port 23. Maka[admin@routerku] > system telnet 192.168.0.21
Penggunaan telnet sebaiknya dibatasi untuk kondisi tertentu dengan alasankeamanan,
seperti kita ketahui, packet data yang dikirim melalui telnetbelum di enskripsi.
Agar lebih amannya kita pergunakan SSH.b. SSHSama dengan telnet perintah ini juga
diperlukan dalam remote mesin, sertapringsipnya sama juga parameternya dengan
perintah di Linux dan Windows.[admin@routerku] > system ssh 192.168.0.21Parameter
SSH diatas, sedikit perbedaan dengan telnet. Jika lihat helpnyamemiliki parameter
tambahan yaitu user.[admin@routerku] > system ssh ?The
SSH feature can be used with various SSH Telnet clients to securely connectto and
administrate the router<address> user User nameport Port number
[admin@routerku] >Misalkan kita akan melakukan remote
pada suatu mesin dengan sistemoperasinya Linux, yang memiliki Account, username
Root dan Password123456 pada Address 66.213.7.30. Maka perintahnya,
[admin@routerku] > system ssh 66.213.7.30 user=root
root@66.213.7.30s password:-c. TracerouteMengetahui hops
atau router apa saja yang dilewati suatu packet sampai packetitu terkirim ke
tujuan, lazimnya kita menggunakan traceroute. Dengan tool inidapat di analisa
kemana saja route dari jalannya packet.Misalkan ingin mengetahui jalannya packet
yang menuju server yahoo, maka:-[admin@routerku] > tool
traceroute yahoo.com ADDRESS STATUS
1 63.219.6.nnn
00:00:00 00:00:00
00:00:00
2 222.124.4.nnn
00:00:00 00:00:00 00:00:00
3 192.168.34.41
00:00:00 00:00:00 00:00:00
4 61.94.1.253
00:00:00 00:00:00 00:00:00
5
203.208.143.173 00:00:00 00:00:00 00:00:00
6 203.208.182.5
00:00:00 00:00:00
00:00:00
7 203.208.182.114 00:00:00 00:00:00 00:00:00
8 203.208.168.118
00:00:00 00:00:00 00:00:00
9 203.208.168.134 timeout 00:00:00 00:00:00 10
216.115.101.34 00:00:00 timeout timeout 11 216.115.101.129 timeout timeout
00:00:00 12 216.115.108.1
timeout timeout 00:00:00 13 216.109.120.249
00:00:00 00:00:00 00:00:00 14 216.109.112.135 00:00:00 timeout timeout
d. SnifferKita dapat menangkap dan menyadap packet-packet
yang berjalandi jaringan kita, tool ini telah disediakan oleh Mikrotik yang berguna
dalam menganalisa trafik.-[admin@routerku] > tool sniffer
Packet sniffering.. go up to toolstart Start/reset snifferingstop Stop
snifferingsave Save currently sniffed packetspacket/ Sniffed packets management
protocol/ Protocol managementhost/ Host managementconnection/ Connection
managementprint get get value of propertyset edit edit value of property
export -Untuk memulai proses sniffing dapat menggunakan
perintah Start, sedangkanmenghentikannya dapat menggunaka perintah Stop.
[admin@routerku] > tool sniffer startProses sniffing sedang dikerjakan, tunggu saja
beberapa lama, kemudianketikkan perintah stop jika ingin menghentikannya. Melihat
hasil packetyang ditangkap dapat menggunakan perintah print, untuk mengeksportnya

dalam bentuk file dapat digunakan perintah export. [12] KesimpulanUntuk pemakaian
jaringan berskala Kecil-menengah produk dari Latvia ini,dapat menjadi pilihan, saya
disini bukan untuk mempromosikan Produk ini.Namun sebagai gambaran, bagaimana
memanfaatkan produk ini untuk berbagaikeperluan, lagipula sebagai alternatif dari
produk sejenis yang harganyacenderung mahal.Dengan Mikrotik yang saat ini sedang
populernya diterapkan pada berbagaiISP Wireless, Warnet-warnet serta beberapa
Perusahaan. Maka AdministrasiSistem Jaringan dapat lebih mudah dan sederhana. Yang
jelas untuk sekedarmemanfaatkan fasilitas Routing saja, PC TUA anda dapat
digunakan.Mudah-mudahan paparan diatas dapat membantu pembaca dalam memahami, apa
dan bagaimana mikrotik ini.[13] ReferensiArtikel ini merupakan kompilasi dari
berbagai sumber1. Web Blog
- http://dhanis.web.id
- http://okawardhana.web.id
- http://harrychanputra.web.id2. Website
- http://www.cgd.co.id
http://www.ilmukomputer.org
- http://www.mikrotik.com
http://www.mikrotik.co.id
- http://forum.mikrotik.comoO Using no way as a way,
Using no limitations as a limitation OoSalam dan terimakasih,r0t0r <rotor@kecoakelektronik.net>Copyleft Unreserved by Law 1995 - 2007
Kecoak Elektronik Indonesiahttp://www.kecoak-elektronik.net.L.A.M.P.I.R.A.N.Daftar
Port dan Protocol berbagai jenis Trojan, Backdoor, Virus.daftar ini dapat saja
tidak berlaku, atau dapat pula perlu ditambahseiring perkembangan Malware tersebut.
Update terus Filter Rulemesin mikrotik anda.2000 Cracks 6776 TCPAcid Battery 32418
TCPAcid Battery 2000 52317 TCPAcid Shivers 10520 TCPAgent 31 31 TCPAgent 40421
40421 TCPAim Spy 777 TCPAjan 25 TCPAmbush 10666 UDPAntiGen 25 TCPAOL Trojan 30029
TCPAttack FTP 666 TCPBack Construction 666/5400/5401 TCPBack Door Setup
5000/5001/7789 TCPBack Orifice 31337/31338 UDPBack Orifice 2000 8787/54320/54321
TCPBack Orifice DLL 1349 UDPBackDoor 1999 TCPBackDoor-G 1243/6776 TCPBackDoor-QE
10452 TCPBackDoor-QO 3332 TCPBackDoor-QR 12973/12975 TCPBackFire 31337 UDPBaron
Night 31337 TCPBig Gluck (TN) 34324 TCPBioNet 12349 TCPBla 1042/20331 TCPBlack
Construction 21 TCPBlade Runner 21/5400-5402 TCPBO client 31337 TCPBO Facil
5556/5557/31337 TCPBo Wack 31336 TCPBoBo 4321 TCPBOWhack 31666 TCPBrainSpy 10101
TCPBubbel 5000 TCPBugBear 36794 TCPBugs 2115 TCPBunker-Hill 61348/61603/63485 TCP
Cain e Abel 666 TCPChargen 9 UDPChupacabra 20203 TCPComa 10607 TCPCyber Attacker
9876 TCPDark Shadow 911 TCPDeath 2 TCPDeep Back Orifice 31338 UDPDeep Throat
41/2140/3150/6771 TCPDeep Throat v2 2140/3150/6670/6711/60000 TCPDeep Throat v3
6674 TCPDeepBO 31337 UDPDeepThroat 999 TCPDelta Source 26274 UDPDelta Source 47262
UDPDer Spacher 3 1000/1001/2000/2001 TCPDevil 65000 TCPDigital RootBeer 2600 TCP
DMsetup 58/59 TCPDNS 53 TCPDoly Trojan 21/1010-1012/1015
TCPDonald Dick 23476/23477 TCPDRAT 48/50 TCPDUN Control 12623 UDPEclipse 2000 3459
TCPEclypse 3801 UDPEmail Password Sender 25 TCPEvil FTP 23456 TCPExecuter 80 TCP
File Nail 4567 TCPFirehotcker 79/5321 TCPFore 21/50766 TCPFTP - Trojan 21 TCP
FTP99cmp 1492 TCPGaban Bus 12345/12346 TCPGate Crasher 6969/6970 TCPGirlFriend
21554 TCPGjamer 12076 TCPHack 99 KeyLogger 12223 TCPHack a Tack
31780/31785/31787-31789 TCPHack a Tack 31791/31792 UDPHackCity Ripper Pro 2023
TCPHackers Paradise 31/456 TCPHackOffice 8897 TCPHaebu Coceda 25 TCPHappy 99 25/119
TCPHidden Port 99 TCPHooker 80 TCPHost Control 6669/11050 TCPHVL Rat5 2283 TCP
icKiller 7789 TCPICQ (ICQ.com - community, people search and messaging service!)
1027/1029/1032 TCPICQ Revenge 16772/19864 TCPICQ Trojan 4590 TCPIllusion Mailer
2155/5512 TCPInCommand 9400 TCPIndoctrination 6939 TCPInfector 146 TCPInfector 146
UDPiNi-Killer 555/9989 TCPInsane Network 2000 TCPInvisible FTP 21 TCPIRC-3 6969 TCP
JammerKillah 121 TCPKazimas 113/7000 TCPKuang2 25/17300/30999 TCPLarva 21 TCPLogged
20203 TCPMasters Paradise 31/3129/40421-40423/40425-40426 TCPMavericks Matrix 1269
TCPMillenium 20000-20001 TCPMiniCommand 1050 TCPMosucker 16484 TCPNephron 17777 TCP
Net Administrator 21/555 TCPNet Controller 123 TCPNetbios datagram (DoS Attack) 138
TCPNetbios name (DoS Attack) 137 TCPNetbios session (DoS Attack) 139 TCPNetBus
12345-12346 TCPNetBus Pro 20034 TCPNetMetropolitan 5031 TCPNetMonitor 73007301/7306-7308 TCPNetRaider 57341 TCPNETrojan 1313 TCPNetSphere 30100-30103 TCP
NetSpy 1024/1033/31338-31339 TCPNewApt 25 TCPNoBackO 1200-1201 UDPOne of the Last
Trojan (OOTLT) 5011 TCPOpC BO 1969 TCPPC Crasher 5637-5638 TCPPhase Zero 555 TCP
Phineas Phucker 2801 TCPPie Bill Gates 12345 TCPPortal of Doom 3700/9872-9875 TCP
Portal of Doom 10067/10167 UDPPriority 6969/16969 TCPProgenic 11223 TCPProMail

Trojan 25/110 TCPProsiak 22222/33333 TCPPsyber Stream Server 1024/1170/1509/4000

TCPRasmin 531/1045 TCPRAT 1095/1097-1099/2989 TCPRC 65535 TCPRcon 8989 TCPRemote
Grab 7000 TCPRemote Windows Shutdown 53001 TCPRingZero 80/3128/8080 TCPRobo-Hack
5569 TCPSatanz backDoor 666 TCPScheduleAgent 6667 TCPSchool Bus 54321 TCPSchwindler
21554/50766 TCPSecret Agent 11223 TCPSecret Service 605/6272 TCPSenna Spy FTP
Server 21/11000/13000 TCPServeMe 5555 TCPServeU 666 TCPShadow Phyre 666 TCPShit
Heep 6912 TCPShockRave 1981 TCPShtirlitz 25 TCPSivka-Burka 1600 TCPSK Silencer 1001
TCPSocket25 30303 TCPSockets de Troie 5000-5001/30303/50505 TCPSoftWAR 1207 TCP
Spirit 2001a 33911 TCPSpySender 1807 TCPStealth 25 TCPStealth Spy 555 TCPStreaming
Audio trojan 1170 TCPStriker 2565 TCPSubSeven 1243/2773/67116713/6776/7000/7215/27374/27573/54283 TCPSubSeven Apocalypse 1243 TCPSyphillis
10086 TCPTapiras 25 TCPTCP Wrappers 421 TCPTeleCommando 61466 TCPTerminator 25 TCP
Terror Trojan 3456 TCPThe Invasor 2140/3150 TCPThe Prayer 2716/9999 TCPThe Spy
40412 TCPThe Thing 6000/6400 TCPThe Traitor 65432 TCPThe Traitor 65432 UDPThe
Trojan Cow 2001 TCPThe Unexplained 29891 UDPTiny Telnet Server 23/34324 TCP
TransScout 1999-2005/9878 TCPTrinoo 34555/35555 UDPTruva Atl 23 TCPUgly FTP 23456
TCPUltors Trojan 1234 TCPVampire 1020 TCPVampyre 6669 TCPVirtual Hacking Machine
4242 TCPVoice 1024/1170/4000 TCPVoodoo Doll 1245 TCPWack-a-mole 12361-12362 TCPWeb
Ex 21/1001 TCPWhackJob 12631/23456 TCPWinCrash 21/2583/3024/4092/5714/5741-5742 TCP
WinGate (socks-proxy) 1080 TCPWinHole 1080/1082 TCPWinNuke 135/139 TCPWinPC 25 TCP
WinSatan 999 TCPWinSpy 25 TCPX-bill 12345-12346 TCPXplorer 2300 TCPXtcp 5550 TCP
Xtreme 1090 TCPYAT 37651########## Pembatasan Brute Force
#################################/ ip firewall filteradd chain=input protocol=tcp
dst-port=22 connection-limit=1,32
action=add-src-to-address-list addresslist=ssh_logins
address-list-timeout=2m comment=" disabled=noadd chain=input
protocol=tcp dst-port=22 src-address-list=!ssh_logins
action=accept comment="
disabled=noadd chain=forward src-address=192.168.1.10 protocol=tcp src-port=21
content=password incorrect action=add-dst-to-address-list
addresslist=ftp_logins address-list-timeout=1m comment=" disabled=noadd chain=forward
src-address-list=ftp_logins action=drop comment=" disabled=no
########################################################################Pemblokiran
beberapa URL tertentu dapat dilakukan pada mikrotik.Jika paket web-proxy telah
terinstall dan web-proxynya juga telahdikonfigurasi, maka perintah dibawah ini
dapat disertakan.Update terus URL dibawah ini, sesuai dengan kebutuhan Anda.###
Blok URL Tertentu untuk Web Proxy Access list.
Cari Sendiri URL yang akan diblok
######/ip web-proxy accessadd url=ds.eyeblaster.com action=deny comment="
disabled=noadd url=duolaimi.net action=deny comment=" disabled=noadd url=dutchsex.com action=deny comment=" disabled=noadd url=dvdbank.org action=deny
comment=" disabled=noadd url=eager-sex.com action=deny comment=" disabled=noadd
url=eases.net action=deny comment=" disabled=noadd url=easyantispy.com
action=deny comment=" disabled=noadd url=easycategories.com action=deny
comment=" disabled=noadd url=easy-search.net action=deny comment=" disabled=no
add url=ecosrioplatenses.org action=deny comment=" disabled=noadd
url=ecstasyporn.net action=deny comment=" disabled=noadd url=ehgbestbuy.hitbox.com action=deny comment=" disabled=noadd url=ehg-dig.hitbox.com
action=deny comment=" disabled=noadd url=ehg-espn.hitbox.com action=deny
comment=" disabled=noadd url=ehg-intel.hitbox.com action=deny comment="
disabled=noadd url=ehg-macromedia.hitbox.com action=deny comment=" disabled=no
################################################################Entri ini ditulis
oleh # HYPERLINK "http://yoyok.wordpress.com/author/yoyok/" \o "View all posts by
Yoyok Riawan" #Yoyok Riawan# dan dikirimkan oleh Juni 2, 2007 at 11:53 pm dan
disimpan di bawah # HYPERLINK "http://id.wordpress.com/tag/mikrotik/" \o "Lihat
seluruh tulisan dalam Mikrotik" #Mikrotik#, # HYPERLINK
"http://id.wordpress.com/tag/networking/" \o "Lihat seluruh tulisan dalam
Networking" #Networking#, # HYPERLINK "http://id.wordpress.com/tag/security/" \o
"Lihat seluruh tulisan dalam Security" #Security#. Tandai # HYPERLINK
"http://yoyok.wordpress.com/2007/06/02/instalasi-konfigurasi-dan-optimasimikrotikrouter-os/" \o "Permalink to Instalasi, Konfigurasi dan Optimasi
MikrotikRouterOS" #permalink#. Telusuri setiap komentar di sini dengan # HYPERLINK

"http://yoyok.wordpress.com/2007/06/02/instalasi-konfigurasi-dan-optimasimikrotikrouter-os/feed/" \o "Comments RSS to Instalasi, Konfigurasi dan Optimasi

MikrotikRouterOS" #RSS feed kiriman ini#. # HYPERLINK
"http://yoyok.wordpress.com/2007/06/02/instalasi-konfigurasi-dan-optimasimikrotikrouter-os/" \l "respond" \o "Tulis komen" #Tulis komen# atau tinggalkan
trackback: # HYPERLINK "http://yoyok.wordpress.com/2007/06/02/instalasikonfigurasi-dan-optimasi-mikrotikrouter-os/trackback/" \o "URL Trackback untuk
tulisan anda" #URL Trackback#. # HYPERLINK
"http://yoyok.wordpress.com/2007/06/02/create-dota-dimesin-mikrotik/" #Create Dota
dimesinMikrotik## HYPERLINK "http://yoyok.wordpress.com/2007/06/27/tutorial-stepby-step-seting-mikrotik/" #Tutorial Step By Step SetingMikroTik# Tulisan Terakhir
# HYPERLINK "http://yoyok.wordpress.com/2009/01/11/integrasi-driver-sata-windows2000xp2003/" #Integrasi driver SATA windows2000/XP/2003 ## HYPERLINK
"http://yoyok.wordpress.com/2008/03/02/prosedur-instalasi-wireless-lan/" #Prosedur
Instalasi WirelessLAN ## HYPERLINK "http://yoyok.wordpress.com/2008/02/28/5-caramelatih-berpikir-kreatif/" #5 Cara Melatih BerpikirKreatif ## HYPERLINK
"http://yoyok.wordpress.com/2008/02/28/free-ccna-tutorials-interactive-ccna-coursefree-training-courses/" #Free CCNA tutorials: Interactive CCNA course. Free
trainingcourses ## HYPERLINK "http://yoyok.wordpress.com/2008/02/28/compensationbenefits-strategi-kiat-praktis-negosiasi-gaji-remunerasi-kompensasi-lainnya/"
#Compensation & Benefits Strategi, kiat praktis negosiasi gaji, remunerasi &
kompensasilainnya ## HYPERLINK "http://yoyok.wordpress.com/2008/02/28/resumecenter-cara-terbaik-membuat-resume/" #Resume Center Cara terbaik membuatresume #
# HYPERLINK "http://yoyok.wordpress.com/2008/02/28/work-life-referensi-tentangdunia-kerja-pada-umumnya/" #Work Life Referensi tentang dunia kerja padaumumnya
## HYPERLINK "http://yoyok.wordpress.com/2008/02/28/test/" #Job Interviews Kiat
dan strategi menghadapi wawancarakerja ## HYPERLINK
"http://yoyok.wordpress.com/2007/09/14/penghitungan-subneting/"
#PenghitunganSubneting ## HYPERLINK "http://yoyok.wordpress.com/2007/09/03/setupfile-server-dengan-samba/" #Setup file server denganSAMBA ## HYPERLINK
"http://yoyok.wordpress.com/2007/09/03/instalasi-webmin-suse-101/" #Instalasi
Webmin SUSE10.1 ## HYPERLINK "http://yoyok.wordpress.com/2007/09/03/mempercantikfont-di-fedora-core-6/" #Mempercantik Font di Fedora Core6 ## HYPERLINK
"http://yoyok.wordpress.com/2007/09/03/centos-50-live-cd/" #CentOS 5.0 liveCD ##
HYPERLINK "http://yoyok.wordpress.com/2007/09/03/mac-os/" #MacOS ## HYPERLINK
"http://yoyok.wordpress.com/2007/09/03/microsoft-windows/" #MicrosoftWindows #
Tulisan Teratas# HYPERLINK "http://yoyok.wordpress.com/2007/06/27/tutorial-step-bystep-seting-mikrotik/" #Tutorial Step By Step Seting MikroTik## HYPERLINK
"http://yoyok.wordpress.com/2007/08/21/mikrotik-crack-download/" #Mikrotik crack
download ## HYPERLINK "http://yoyok.wordpress.com/2007/08/21/tutorial-mikrotik-vpnpoint-to-point-tunnel-protocol-pptp/" #Tutorial Mikrotik VPN : Point to Point
Tunnel Protocol (PPTP)## HYPERLINK "http://yoyok.wordpress.com/2007/06/27/mikrotikweb-proxy-setting-for-transparant-proxy/"
#Mikrotik Web Proxy Setting for Transparant proxy## HYPERLINK
"http://yoyok.wordpress.com/2007/06/27/hotspot-mikrotik/" #Hotspot Mikrotik##
HYPERLINK "http://yoyok.wordpress.com/2007/08/21/download-manual-mikrotik-ebooklengkap/" #Download manual mikrotik - ebook lengkap## HYPERLINK
"http://yoyok.wordpress.com/2008/02/28/resume-center-cara-terbaik-membuat-resume/"
#Resume Center - Cara terbaik membuat resume## HYPERLINK
"http://yoyok.wordpress.com/2007/08/21/mikrotik-dhcp-server/" #Mikrotik DHCP
Server## HYPERLINK "http://yoyok.wordpress.com/2007/07/13/perintah-dasar-linux-dansering-dipergunakan/" #Perintah Dasar Linux dan sering dipergunakan## HYPERLINK
"http://yoyok.wordpress.com/2007/07/13/setting-microtik/" #SETTING MICROTIK##
HYPERLINK "http://yoyok.wordpress.com/2007/06/02/contoh-desain-jaringan-internetuntuk-pelanggan-isp/" #Contoh Desain Jaringan Internet untuk Pelanggan ISP##
HYPERLINK "http://yoyok.wordpress.com/2007/09/14/penghitungan-subneting/"
#Penghitungan Subneting## HYPERLINK "http://id.wordpress.com/" #Blog pada
WordPress.com#. | # HYPERLINK "http://www.plaintxt.org/themes/sandbox/" \o "Sandbox
theme for WordPress (0.6.1)" #Sandbox# # HYPERLINK

"http://jagsblog.wordpress.com/2007/05/02/tutorial-setting-mikrotik-routeros-pppoeclient-sebagai-gateway-telkom-speedy/" \o "Tautan Tetap ke \"Tutorial Setting

Mikrotik RouterOS PPPoE Client Sebagai Gateway TelkomSpeedy\"" #Tutorial Setting
Mikrotik RouterOS PPPoE Client Sebagai Gateway TelkomSpeedy#Sebetulnya saya
sendiri masih kurang begitu menguasai mikrotik, disini saya mencoba untuk berbagi
pengalaman aja. Semoga bermanfaat.Kita mulai setup dari modem adsl nya sebagai
brigding protocol mode. Settingnya dapat anda temukan dari manual masing-masing
modem. Contoh setting bridging protocol pada modem TECOM AR1031 pada menu Advance
setup > WAN. Ikuti petunjuk gambar dibawah ini kemudian lakukan save/reboot.#
HYPERLINK "http://jagsblog.wordpress.com/2007/05/02/tutorial-setting-mikrotikrouteros-pppoe-client-sebagai-gateway-telkom-speedy/bridging-protocol-on-tecomar1031/" \o "bridging protocol on tecom ar1031" ## INCLUDEPICTURE
"http://jagsblog.files.wordpress.com/2007/05/bridge.jpg" \* MERGEFORMATINET ####
Selesai setting modem sebagai bridging yang tidak menyimpan password dan user ID
anda di modem, bagi anda yang ingin mencoba mengganti IP address default modem bisa
di konfigurasi terlebih dahulu melalui PC client. Caranya : kita ubah terlebih
dahulu IP modem pada Advance Setup > LAN IP Address contoh 10.10.10.1 lakukan
save/reboot. Kemudian lakukan pengubahan selanjutnya di IP client PC ke 10.10.10.2
selesai. Silahkan anda coba ketik di web browser anda IP modem (10.10.10.1).
Berhasil?#Kita lanjut ke CPU Mikrotik RouterOS nya.Tentukan IP Address masingmasing LAN card anda, misal LAN connector dari modem 10.10.10.2 (public), dan
192.168.1.1 ke jaringan lokal anda (lokal). Lakukan perintah ini terlebih dahulu
jika anda ingin menspesifikasikan nama ethernet card anda.interface ethernet set
ether1 name=public#interface ethernet set ether2 name=lokalPastikan kembali dalam
menentukan nama dan alur kabel tersebut, kemudian kita lanjut ke setting IP
Address./ip address add address=10.10.10.2/24 interface=public#/ip address add
address=192.168.1.1/24 interface=lokal#/ip address> printPastikan LAN card anda
tidak dalam posisi disabled.Selanjutnya anda bisa memasukkan entry PPPoE
Client./interface pppoe-client add name=pppoe-user-mike user=mike password=123
interface=public service-name=internet disabled=noSebetulnya perintah diatas dapat
anda lakukan di winbox, jika ingin lebih mudah sambil cek koneksi jaringan anda ke
mikrotik.Menentukan Gateway dan Routingnya dilanjutkan ke masquerading /ip route
add gateway=125.168.125.1 (IP Gateway Telkom Speedy anda)#/ip route printIP gateway
diatas belum tentu sama, lihat terlebih dahulu ip pppoe client anda. Jika anda
belum yakin 100% ip client anda dan gateway nya, lakukan login dan dialing melalui
modem anda terlebih dahulu bukan pada mode bridging seperti diatas. Pada menu
Device Info akan tampil informasi Default Gateway dan IP client pppoe anda. Ok?
#Selanjutnya masquerading, untuk penerusan perintah dari routing yang diteruskan ke
nat firewall mikrotik untuk proses routing ke semua client yang terkoneksi/ip
firewall nat add chain=srcnat action=masqueradeSelesai.. tahap routing sudah
terlaksanakan. Coba lakukan ping ke mikrotik dan gateway nya. Jika anda ingin
sharing ke komputer client jangan lupa masukkan ip gateway pada settingan Network
Connection (windows) sesuai dengan IP lokal pada mikrotik anda.Banyak sekali
settingan mikrotik yang dapat anda pelajari dari berbagai sumber. Jika terkesan
terlalu rumit dengan sistem pengetikan anda bisa melakukannya dengan winbox mode,
setiap tutorial yang anda butuhkan pun dapat anda copy dan paste ke winbox nya
mikrotik.Setting DNS dan Web Proxy TransparantInput DNS dan web-proxy pun terasa
lebih mudah di winbox mode, masukkan primary, secondary dan allow remote request
nya, atau dengan perintah di terminal winbox./ip dns set primarydns=203.130.206.250#/ip dns set primary-dns=202.134.2.5#/ip dns allow-remoterequest=yes/ip web-proxy set enabled=yes port=8080 hostname=proxy.koe transpa#rentproxy=yes#/ip firewall nat add in-interface=lokal dst-port=80 protocol=tcp
action=redirect to-ports=8080 chain=dstnat dst-address=!192.168.1.1/24Link-link
firewall pada
mikrotik#http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php#http://wiki.mikroti
k.com/wiki/FirewallSemoga membantu.Jangan lupa untuk menset IP gateway client anda
ke 192.168.1.1 agar terkoneksi ke server mikrotik anda dan tidak lupa saya ucapkan
terima kasih untuk kadhol yang dahulu berkenan memberikan tutor step by step
setup mikrotik router newbie buat saya.Kita mulai setup dari modem adsl nya sebagai

brigding protocol mode. Settingnya dapat anda temukan dari manual masing-masing
modem. Contoh setting bridging protocol pada modem TECOM AR1031 pada menu Advance
setup > WAN. Ikuti petunjuk gambar dibawah ini kemudian lakukan
save/reboot.#(http://jagsblog.files.wordpress.com/2007/05/bridge.jpg)###Selesai
setting modem sebagai bridging yang tidak menyimpan password dan user ID anda di
modem, bagi anda yang ingin mencoba mengganti IP address default modem bisa di
konfigurasi terlebih dahulu melalui PC client. Caranya : kita ubah terlebih dahulu
IP modem pada Advance Setup > LAN IP Address contoh 10.10.10.1 lakukan save/reboot.
Kemudian lakukan pengubahan selanjutnya di IP client PC ke 10.10.10.2 selesai.
Silahkan anda coba ketik di web browser anda IP modem (10.10.10.1). Berhasil?#Kita
lanjut ke CPU Mikrotik RouterOS nya.##Tentukan IP Address masing-masing LAN card
anda, misal LAN connector dari modem 10.10.10.2 (public), dan 192.168.1.1 ke
jaringan lokal anda (lokal). Lakukan perintah ini terlebih dahulu jika anda ingin
menspesifikasikan nama ethernet card anda.## interface ethernet set ether1
name=public# interface ethernet set ether2 name=lokal##Pastikan kembali dalam
menentukan nama dan alur kabel tersebut, kemudian kita lanjut ke setting IP
Address.## /ip address add address=10.10.10.2/24 interface=public# /ip
address add address=192.168.1.1/24 interface=lokal# /ip address> print##Pastikan
LAN card anda tidak dalam posisi disabled.##Selanjutnya anda bisa memasukkan entry
PPPoE Client.## /interface pppoe-client add name=pppoe-user-mike user=mike
password=123 interface=public service-name=internet disabled=no##Sebetulnya
perintah diatas dapat anda lakukan di winbox, jika ingin lebih mudah sambil cek
koneksi jaringan anda ke mikrotik.##Menentukan Gateway dan Routingnya dilanjutkan
ke masquerading## /ip route add gateway=125.168.125.1 (IP Gateway Telkom Speedy
anda)# /ip route print##IP gateway diatas belum tentu sama, lihat terlebih
dahulu ip pppoe client anda. Jika anda belum yakin 100% ip client anda dan gateway
nya, lakukan login dan dialing melalui modem anda terlebih dahulu bukan pada mode
bridging seperti diatas. Pada menu Device Info akan tampil informasi Default
Gateway dan IP client pppoe anda. Ok?#Selanjutnya masquerading, untuk penerusan
perintah dari routing yang diteruskan ke nat firewall mikrotik untuk proses routing
ke semua client yang terkoneksi## /ip firewall nat add chain=srcnat
action=masquerade##Selesai.. tahap routing sudah terlaksanakan. Coba lakukan ping
ke mikrotik dan gateway nya. Jika anda ingin sharing ke komputer client jangan lupa
masukkan ip gateway pada settingan Network Connection (windows) sesuai dengan IP
lokal pada mikrotik anda.##Banyak sekali settingan mikrotik yang dapat anda
pelajari dari berbagai sumber. Jika terkesan terlalu rumit dengan sistem pengetikan
anda bisa melakukannya dengan winbox mode, setiap tutorial yang anda butuhkan pun
dapat anda copy dan paste ke winbox nya mikrotik.##Setting DNS dan Web Proxy
Transparant##Input DNS dan web-proxy pun terasa lebih mudah di winbox mode,
masukkan primary, secondary dan allow remote request nya, atau dengan perintah di
terminal winbox.## /ip dns set primary-dns=203.130.206.250# /ip dns set
primary-dns=202.134.2.5# /ip dns allow-remote-request=yes## /ip web-proxy set
enabled=yes port=8080 hostname=proxy.koe transpa# rent-proxy=yes# /ip
firewall nat add in-interface=lokal dst-port=80 protocol=tcp action=redirect toports=8080 chain=dstnat dst-address=!192.168.1.1/24Ada beberapa macam modem speedy
yang sering saya temui antara lain Sanex dan Aztech. Untuk setting kedua modem ini
ternyata nggak susah susah amat, cukup dengan ketelitian dan sharing
tentunya.#langkah-langkah untuk setting modem speedy Sanex antara lain :#1. Setelah
anda mmemasang splitter dengan baik dan benar , satu keluaran splitter untuk line
telpon, satu lagi untuk ke modem speedy.#2. Pastikan Line telpon anda sudah di
aktifkan oleh pihak speedy /Telkom. hal ini ditandai dengan
hidupnya lampu link di modem anda.3. Colokan kabel Straight dari modem ke port lan
pc anda. lalu atur alamat komputer /IP address dengan cara klik start menu, control
panel -> klik network connection lalu klik 2x pada gambar komputer. pilih
Properties lalu klik pada Internet Protocol/TCP IP lalu pilih properties yang ada
dibawanya. Pilih use the following IP address dan masukkan alamat ini
192.168.1.5dan subnet mask akan terisi sendiri secara otomatis ketika anda mengklik
default gateway, masukkan alamat default gateway menjadi 192.168.1.1 dan Preffered
DNS 192.168.1.1 lalu alternative DNS 202.134.0.155 setelah itu klik Ok dan ok.

Setelah itu kita masuk ke setting modem adsl nya: buka internet explorer atau
browser lainnya, ketikkan alamat 192.168.1.1 karena biasanya itu adalah IP default
untuk modem Sanex atau kamu bisa melihat di buku panduannya. Masukkan username
dengan admin lalu password admin, atau lihat lagi buku panduaanya. setelah itu,
kamu akan dibawa menuju halaman setting modem. Pilih menu WAN, klik pada kolom
select yang ada di Current ATM VC Table. isi VPI=8 VCI =81 dan di channel mode
terdapat beberapa pilihan: 1483 Bridge : pilih ini jika kamu ingin dial up speedy
melalui komputer kamu, yang bearti kamu menjadikan modem adsl sebagai jembatan.PPoE
: Jika kamu memilih ini kamu akan di minta untuk memasukkan username dan password
speedy, berarti kamu harus dial up melalui modem. di Connections type terdapat
pilihan antara lain : Continues : yang artinya modem akan melakukan dial up secara
otomatis ketika dihidupkan. Connect On Demand : modem akan melakukan dial hanya
jika diperlukan. Manual : kamu harus mendial up modem melalui menu Status -> WAN
klik connect.Untuk sekedar saran, jika kamu berlangganan speedy paket personal
sebaiknya pilih channel mode 1483 Bridge, atau bisa juga PPoE dengan Connection
type Manual agar speedy kamu nggak meledak bayarnya hee....setelah selesai pilih
tombol modify yang ada dibawah dan klik Commit/Reboot dan modem speedy akan
merestart sendiri.#kalo modemnya tidak kamu Restart, biasanya modem akan kembali ke
setting default (setting awal) ketika kamu mematikan dan mmenghidupkan modem.
#Sampai disini, setting nya udah selesai jika kamu memilih channel mode PPoE
tinggal mengkoneksikannya dengan internet. Untuk mengkoneksikannya dengan Channel
mode PPoE, silahkan klik menu Status lalu Connect.Jika kamu memilih channel mode
1483 Bridge maka kamu harus membuat dial up speedy dikomputer kamu dan caranya :
Masuk ke Control Panel, lalu Network Connection, disamping window terdapat Create
a New Connection, klik next dan pilih connect to the internet lalu pilih Setup My
Connection a Manually lalu pilih opsi yang di tengah yang artinya koneksi yang
selalu meminta username dan password. lalu buat Nama koneksi seperti Speedy, klik
next dan masukkan Username dan Password speedy kamu, masukkan password yang sama
pada Confirmasi Password, klik next dan beri check pada Add Shortcut untuk membuat
shortcut speedy di desktop komputer kamu. lalu Finish dan selesai. kamu bisa
mendial up speedy kamu sekarang.Untuk modem merk lainnya saya rasa settingnya tidak
jauh beda, selamat mencoba...selamat berinternet ria...# HYPERLINK
"http://folderblog.blogspot.com/2008/09/block-ip-yg-mencoba-login-mikrotik.html"
#Block ip yg mencoba login mikrotik# Kesel juga klo ada yg coba2 login di router,
apalagi dengan menggunakan BRUTE FORCE. Saya sendiri pernah mengalami hal ini, di
router mikrotik OS yg pernah saya setting tercatat 300an kali user mencoba coba
login via ftp :P Trus karena jengkel, akirnya saya mencoba untuk memblock ip yg
coba coba login tersebut.##CODE ###/ ip firewall filter#add chain=input ininterface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist
action=drop### accept 10 incorrect logins per minute#/ ip firewall filter#add
chain=output action=accept protocol=tcp content="530 Login incorrect" dstlimit=1/1m,9,dst-address/1m###add to blacklist#add chain=output action=add-dst-toaddress-list protocol=tcp content="530 Login incorrect" address-list=blacklist
address-list-timeout=23h#####Maksud dari kode diatas adalah jika dalam 1 menit
berusaha 10 kali login ( dst-limit=1/1m,9 di login nya yg kesepuluh masuk daftar
hitam dan dibanned selama 23jam, address-list=blacklist address-listtimeout=23h).###untuk memberi range port edit bagian###CODE ##/ ip firewall
filter#add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-addresslist=ftp_blacklist action=drop####menjadi##CODE ##/ ip firewall filter#add
chain=input in-interface=ether1 protocol=tcp dst-port=21-23 src-addresslist=ftp_blacklist action=drop####isi sesuai port yang anda aplikasikan pada
settingan router anda, port di atas berlaku untuk settingan standart ftp, ssh dan
telnet.# HYPERLINK "http://folderblog.blogspot.com/2008/12/save-file-web-proxycache-mikrotik.html" #Save file web proxy cache mikrotik#Tips untuk mempercepat
browsing dan access download video pada komputer client menggunakan web-proxy
server # HYPERLINK "http://folderblog.blogspot.com/search/label/mikrotik"
#mikrotik#.##Salah satu fungsi dari webproxy adalah untuk menyimpan pages beserta
content dari hasil browsing pada memory cache web proxy, sehingga saat client
melakukan request >1 pada halaman yang sama, request tersebut akan diambilkan dari

memory cache oleh server tanpa harus meload dari network luar (internet) sehingga
access internet terasa lebih cepat. Untuk menyimpan file-file seperti video,
gambar, dan file lain yang diinginkan seperti *.exe *.zip dll kita bisa menggunakan
script dibawah ini pada server mikrotik.#/ ip web-proxy cache##add url=":\\.flv\
$.zip\$.exe\$ .jpg\$ .gif\$ .bmp\$ .tiff\$.png\$" action=allow comment="Simpan
Cache File" disabled=no##add url="http*youtube*get_video*" action=allow
comment="Simpan Cache Pages" disabled=no# HYPERLINK
"http://folderblog.blogspot.com/2008/11/block-ip-dan-port-camfrog-messenger.html"
#Block ip dan port camfrog messenger#Untuk blocking software ini anda bisa block ip
dan domain berikut menggunakan # HYPERLINK
"http://folderblog.blogspot.com/2008/09/cara-setting-squid-web-proxy-di-linux.html"
#squid# maupun # HYPERLINK "http://folderblog.blogspot.com/2008/09/contoh-iptableslinux.html" #iptables#:#- login.camfrog.com#- 66.77.107.71#- 63.236.61.148#74.55.217.80#Untuk port yang di block adalah port 2778, 6005 dan 2112.#Berikut
adalah contoh blocking paket out/floward menggunakan server mikrotik dan
linux.##MIKROTIK/ip firewall filter add chain=forward dst-address=66.77.107.71
action=drop disable=no#/ip firewall filter add chain=forward dstaddress=63.236.61.148 action=drop disable=no#/ip firewall filter add chain=forward
dst-address=74.55.217.80 action=drop disable=no#LINUX/sbin/iptables -A OUTGOING -d
66.77.107.71 -j DROP#/sbin/iptables -A OUTGOING -d 63.236.61.148 -j
DROP#/sbin/iptables -A OUTGOING -d 74.55.217.80 -j DROP# HYPERLINK
"http://www.jasakom.com/forum/viewtopic.php?
f=129&t=10569&sid=642c4c74116b67d3c76cd2cfa2a82c63" \l "p83448" #FTP Brute Force di
Mikrotik#[xco@rouTer] ip firewall filter> add chain=input protocol=tcp dst-port=21
src-address-list=ftp_blacklist action=drop#[xco@rouTer] ip firewall filter> add
chain=output protocol=tcp content="530 Login Incorrect" dst-limit=1/1m,9,dstaddress/1m action=accept#[xco@rouTer] ip firewall filter> add chain=output
protocol=tcp content="530 Login Incorrect" address-list=ftp_blacklist address-listtimeout=3h action=add-dst-to-address-list/ip firewall filter add chain=output
protocol=tcp content="530 Login Incorrect" address-list=ftp_blacklist address-listtimeout=3h action=add-dst-to-address-list#/ip firewall filter add chain=output
protocol=tcp content="530 Login Incorrect" dst-limit=1/1m,9,dst-address/1m
action=accept#/ip firewall filter add chain=input protocol=tcp dst-port=21 srcaddress-list=ftp_blacklist action=droppreventing SSH brute force/ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop
\#comment="drop ssh brute forcers" disabled=no##/ip firewall filter add chain=input
protocol=tcp dst-port=22 connection-state=new \#src-address-list=ssh_stage3
action=add-src-to-address-list address-list=ssh_blacklist \#address-listtimeout=10d comment="" disabled=no##/ip firewall filter add chain=input
protocol=tcp dst-port=22 connection-state=new \#src-address-list=ssh_stage2
action=add-src-to-address-list address-list=ssh_stage3 \#address-list-timeout=1m
comment="" disabled=no##/ip firewall filter add chain=input protocol=tcp dstport=22 connection-state=new src-address-list=ssh_stage1 \#action=add-src-toaddress-list address-list=ssh_stage2 address-list-timeout=1m comment=""
disabled=no##/ip firewall filter add chain=input protocol=tcp dst-port=22
connection-state=new action=add-src-to-address-list \#address-list=ssh_stage1
address-list-timeout=1m comment="" disabled=nomembangun web server di jaringan
speedy dibelakang mikrotikrule jaringan saya untuk web server ialahModem Linksys
AG241 -> Mikrotik -> Web Server (windows[WAMP]).dengan konfigurasi IP ialah.1.0.0.1
[modem] -> 1.0.0.2 [ether1] [mikrotik] 192.168.1.200 [ether2] -> 192.168.1.200
[webserver]1. pertama kita set Port Forwarding di Modem LinkSys untuk semua port 0
65535.a. masuk ke ip setup modem (1.0.0.1)b. masuk ke Applications and Gaming
kemudian pilih tab Port Range Forwarding.c. isi nama aplikasi dalam contoh ini saya
kasih nama All Ports kemudian masukkan Range 0 65535.d. masukan ip router
mikrotik di box sebelah dalam contoh ini ip mikrotik saya yaitu 1.0.0.2e. enable
kan rule ini.# INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/07/Screenshot-7_24_2009-7_37_29-PM.png" \* MERGEFORMATINET ###
2. setting src-nat dan dst-nat mikrotik.a. rule NAT mikrotik0 ;;;
WEBSERVER#chain=dstnat action=dst-nat to-addresses=192.168.1.200 to-

ports=80#protocol=tcp
dst-address=1.0.0.2 dst-port=121 chain=srcnat action=src-nat toaddresses=192.168.1.1 to-ports=0-65535#protocol=tcp dst-address=192.168.1.200 dstport=80b. dalam contoh diatas saya sett untuk membuka jalur web server pada port 12
silahkan ganti dst-port di rule no 0 jika anda menginginkan membuka web server pada
port 2711 misalnya.c. di rule no 0 to-address silahkan anda isi dengan ip lokal
webserver anda, dalam contoh yaitu 192.168.1.200.d. dst-address di rule no 0 itu
anda isi dengan ip lokal mikrotik anda [pada Lan Card 1]e. pada rule no 1 to
-addresses anda isi dengan ip lokal mikrotik anda [pada Lan Card 2] dan dst-address
di rule no 1 isi dengan ip lokal web server anda.# INCLUDEPICTURE
"http://ray16.info/%7Eme/wp-content/uploads/2009/07/Screenshot-7_24_2009-7_51_18PM.png" \* MERGEFORMATINET #### INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/07/Screenshot-7_24_2009-7_52_18-PM.png" \* MERGEFORMATINET ###
# INCLUDEPICTURE "http://ray16.info/%7Eme/wp-content/uploads/2009/07/Screenshot7_24_2009-7_52_57-PM.png" \* MERGEFORMATINET ###wokeh jika anda mengikuti settingan
diatas sama persis silahkan kunjungi http://ip-public-speedy-anda/ pada port 12
atau http://ip-public-speedy-anda:12/dengan cara ini anda bisa mempunyai webserver
dalam jumlah yang banyak sesuai port aja dalam 1 ip public.*info jika anda ingin
membuka port 80 untuk webserver harap ganti port services www mikrotik di IP >
Services ke port lain selain 80.*ps sebagai info keamanan agaknya anda lebih
bijaksana membuka port apakah memang diperlukan pembukaan port dari range 0 65535
atau tidak karena saya baru buka port 15 menit eh udah di bruteforce SSH mikrotik
saya. entah darimana :p.mikrotik script dan scheduler disable user siang enable
user malamdi warnet saya ada operator yang kalo malem suka download dan dia minta
akses exclusive ke mikrotik warnet sayaberikan akses hanya untuk tertentu saja.
yaitu akses untuk membuka bandwith (simple queue) untuk beberapa client biasanya
untuk download dan main game DoTA.untuk groups dan policy nya ialah dengan user
budi dan groups budi:# INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/08/ffff.PNG" \* MERGEFORMATINET #### HYPERLINK
"http://ray16.info/%7Eme/?p=235" \l "viewSource" \o "view source" #view source##
HYPERLINK "http://ray16.info/%7Eme/?p=235" \l "printSource" \o "print" #print##
HYPERLINK "http://ray16.info/%7Eme/?p=235" \l "about" \o "?" #?#1.[ray16@deenet] >
user print2.Flags: X - disabled3.# NAME
GROUP ADDRESS4.0 ;;; system default user
5.ray16 full 0.0.0.0/06.1 X
budi budi 0.0.0.0/0yang saya sett
adalah scheduler agara. pagi hari jam 8 user budi di nonaktifkan agar tidak ada
interepsi dari pihak luar atau agar budi hanya bisa akses winbox pada malam hari
aja.b. jam 11 malam user budi akan aktif.1. script untuk disable dan enable#
HYPERLINK "http://ray16.info/%7Eme/?p=235" \l "viewSource" \o "view source" #view
source## HYPERLINK "http://ray16.info/%7Eme/?p=235" \l "printSource" \o "print"
#print## HYPERLINK "http://ray16.info/%7Eme/?p=235" \l "about" \o "?" #?#1.
[ray16@deenet] /system script add name=budi-siang source=/user disable 1;2.
[ray16@deenet] /system script add name=budi-malem source=/user enable 1;#
INCLUDEPICTURE "http://ray16.info/%7Eme/wp-content/uploads/2009/08/Screenshot8_17_2009-5_53_49-PM.png" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://ray16.info/%7Eme/wp-content/uploads/2009/08/Screenshot-8_17_2009-5_55_57PM.png" \* MERGEFORMATINET ###2. buat scheduler# HYPERLINK "http://ray16.info/
%7Eme/?p=235" \l "viewSource" \o "view source" #view source## HYPERLINK
"http://ray16.info/%7Eme/?p=235" \l "printSource" \o "print" #print## HYPERLINK
"http://ray16.info/%7Eme/?p=235" \l "about" \o "?" #?#1.[ray16@deenet] /system
scheduler> add name=budi-siang on-event=budi_siang start-date=aug/17/2009 starttime=06:00:00 interval=1d2.[ray16@deenet] /system scheduler> add name=budi-malem
on-event=budi_malem start-date=aug/17/2009 start-time=23:00:00 interval=1d#
INCLUDEPICTURE "http://ray16.info/%7Eme/wp-content/uploads/2009/08/Screenshot8_17_2009-6_04_37-PM.png" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://ray16.info/%7Eme/wp-content/uploads/2009/08/Screenshot-8_17_2009-6_03_35PM.png" \* MERGEFORMATINET ###Good Luck!ip and mac filtering di mikrotikkemarin
saya setting mikrotik untuk 30 pintu kost an di daerah depok, mereka minta install

mikrotik + speedy 3Mbps, karena tidak puas dengan ISP yang sudah ada, katanya
lemotuntuk install mereka minta agar kost an yang tidak patungan gak dapet
internet tapi masih bisa konek ke jaringan dan satu subnet dengan mereka.kalo gini
mikrotik nya saya set agar hanya reply ke IP / Pintu yang sudah terautentikasi
bayar di server # INCLUDEPICTURE "http://ray16.info/%7Eme/wpincludes/images/smilies/icon_biggrin.gif" \* MERGEFORMATINET ###setiap pintu
mempunyai 1 komputer dan 1 ip, jadi berurutan mulai dari ip172.16.0.2
172.16.0.255 (mereka random ip) pada subnet mask 255.255.255.0ip mikrotik di
172.16.0.7 (interface ether1 atau LAN) subnet mask 255.255.255.0.Flags: D
dynamic, X disabled, R running, S slave##
NAME TYPE MTU#0 R
SPEEDY ether 1500#1 R
LAN ether 1500#2 X
OnBoard ether 1500#3 X
Speedy pppoe-out sebenernya untuk
menfilter ip sangat simple hanya mengaktifkan arp-reply only di interface, dan kita
add ip dan mac address yang diperbolehkan untuk connect di IP > ARP.1. aktifkan
arp-reply only[admin@mikrotik] interface ethernet set LAN arp=reply-onlyatau rubah
lewat winbox di Interface.# INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/07/arp.jpg" \* MERGEFORMATINET ###setelah itu arp akan aktif
dan semua koneksi yang menuju LAN akan di deny / drop terkecuali kita add IP yang
kita perbolehkan2. add IP address dan MAC address yang diperbolehkan
[admin@mikrotik] ip arp add address=172.16.0.8 interface=LAN macaddress:00:00:00:00:00:00atau via winbox di IP > ARP# INCLUDEPICTURE
"http://ray16.info/%7Eme/wp-content/uploads/2009/07/Screenshot-7_22_2009-5_41_27PM.jpg" \* MERGEFORMATINET #### INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/07/Screenshot-7_22_2009-5_41_53-PM.jpg" \* MERGEFORMATINET ###
done, sampe sini untuk ip 172.16.0.8 dan MAC address bla bla bla bisa terkoneksi ke
mikrotik dan mendapat reply koneksi namun jika IP tersebut Mac Address nya diganti
in case pake laptop maka koneksi tidak akan terbentuk alias untuk MAC address itu
aja.karena waktu itu ada 30 komputer maka saya secara massal ngeliat MAC address
mereka lewat NetScan, dengan Scan Range 172.16.0.1 172.16.0.255 dan meng enable
kan Mac Address scan#. contoh:# INCLUDEPICTURE "http://ray16.info/%7Eme/wpcontent/uploads/2009/07/Screenshot-7_22_2009-5_45_37-PM.jpg" \* MERGEFORMATINET ###
MAC Address nya dari dash (-) di convert ke titik dua (:).*ps: Jika Anda setting
seperti ini dari winbox atau remote comp maka Langkah awalnya yaitu nge Add
komputer Anda dulu ke dalam Arp, baru mengaktifkan Arpreply only, Agar comp anda
tidak terkena filter Securing New RouterOs Router (MIKROTIK) byWhite_Heaven_Angels
Dokumen ini dirancang untuk perangkat RouterOs tapi yang tidak mempunyai
konfigurasi, konfigurasi yang dijelaskan dalam tutorial ini dapat bekerja untuk
router sudah dikonfigurasi tetapi harus hati-hati semoga yang diambil konfigurasi
ini tidak mempengaruhi perangkat.Harap membaca dan memahami seluruh dokumen sebelum
mendaftar ke perangkat ini, kegagalan untuk melakukan hal ini dapat menyebabkan
Anda tidak dapat mengakses perangkat.Maksud dari dokumen ini untuk mengambil
langkah-langkah yang diperlukan untuk mengamankan akses ke perangkat RouterOs
sambil mempertahankan kemampuan untuk perangkat lain untuk berkomunikasi dan
menggunakan layanan tertentu. Tutorial ini bekerja pada konsep hanya cukup-akses,
yaitu layanan atau orang yang membutuhkan akses ke router ada hanya-cukup
istimewa pada router untuk melakukan pekerjaan mereka dan tidak ada lagi. Tidak
ada alasan lain bahwa hanya akses router dari BGP pada perangkat untuk memiliki
akses penuh dan juga pengguna yang masuk ke dalam memantau sambungan nirkabel harus
mempunyai akses tulis atau kemampuan untuk reboot / shutdown etc etc Dengan ini
dalam pikiran Anda harus melihat area lain pada jaringan Anda dan bagaimana mereka
asses setup / dikonfigurasi mereka mungkin memerlukan perhatian untuk sepenuhnya
aman jaringan anda secara keseluruhan.The users going to pick dancing pigs over
security every time. Bruce Schneier1. Configuring Packages & Hardening Services
Selalu gunakan installasi minimal :Advanced-ToolsNtpSecuritySystemIni adalah paket
untuk menginstal sistem dasar di mana Anda dapat menyimpan jam dalam sinkro dengan
sumber eksternal, sebuah suite alat canggih yang memungkinkan pemantauan, pelaporan

dan memungkinkan Anda untuk berbicara dengan router aman.Anda harus berpikir
tentang peranan yang tepat akan memiliki router sebelum anda mulai mengaktifkan
lagi paket pada router, its a simple nirkabel pemancar maka mengapa perlu
diaktifkan DHCP atau tidak? Jika router adalah menjadi Ethernet berbasis firewall
maka mengapa tidak perlu nirkabel diaktifkan. Hanya memungkinkan paket router perlu
untuk melakukan pekerjaannya, jadi yang kita fikirkan adalah keadaan cukup aman
pada router kita.Secara default router bisa diakses mengguanakan :TelnetSSHHTTP
WinboxFTPMac-TelnetUntuk itu maka gunakanlah 1 cara dengan cara menonaktifkan
semuanya dan gunakan salah satu
cara saja untuk masuk ke sebuah router, itu adalah cara yang aman./ip services
print maka akan memunculkanFlags: X disabled, I invalid # NAME PORT ADDRESS
CERTIFICATE0 telnet 23 0.0.0.0/0 1 ftp 21 0.0.0.0/02 www 80 0.0.0.0/03 ssh 22
0.0.0.0/04 X www-ssl 443 0.0.0.0/0noneuntuk menonaktifkan gunakan perintah/ip
service disable <name>Anda telah mengkonfigurasi layanan yang Anda sukai sekarang
saatnya untuk melihat cara lain untuk antarmuka dengan router, pertama adalah atas
SNMP yang digunakan oleh banyak program untuk memonitor perangkat (Ie The Dude).
SNMP dimatikan secara default dan jika anda memiliki cara lain monitoring perangkat
ini aman untuk meninggalkan dinonaktifkan. Saya lebih suka menggunakan The Dude
untuk memonitor jaringan, jadi saya akan pergi ke depan dan memungkinkan akses dan
membantu mengatur beberapa bidang./snmp set enabled=yes location=The Matrix
contact=neo@zion.org SNMP di RouterOs 2,9 adalah membaca saja, sehingga hanya
bahaya yang memungkinkan akses ke sana adalah bahwa tanpa firewall untuk
menghentikan akses ada pada jaringan atau jika router memiliki alamat IP publik
akan dapat melihat sinyal nirkabel, tingkat jaringan, dll.Sekarang bahwa Anda
memiliki dasar keamanan router keamanan dan sekarang adalah waktu untuk melihat
pengguna yang mengakses router dan bahwa mereka memiliki hak istimewa atau tidak.2.
Users & Passwords Secara default mikrotik akan mempunyai user akses adalah admin
maka gunakanlah kebijakan di kantor anda untuk mengetahui user mana yang harus
memiliki privilage :/user set admin password=putpasshere gunakalah hanya satu jalur
masuk, contohnya gunakan winbox, dan matikan semua layanan yang berjalan diatas,
ini berguna untuk melindungi diri dari attacker yang menggunakan ssh brute force,
maupun telnet, dan ftp begitu juga menggunakan browser untuk masuk ke router anda.
yang berikutnya adalah gunakan 1 komputer di jaringan lokal anda yang hanya bisa
masuk router. ini mencegah dari banyak client yang ingin menggunakan router anda
dari client menggunakan winbox, jadi meskipun client menginstall winbox dan
mengetahui user dan password admin maka tidak akan bisa diijinkan masuk karena
hanya IP anda yang bisa anda gunakan untuk masuk./user add name=badmin
password=putpasshere group=full address=192.168.12.3/32Setelah itu gunakan winbox
untuk menyimpan user dan password anda.3. Port Knocking Di firewall kita akan
meload ke router nanti kita bahas dibagi menjadi 2 bagian :1. daftar alamat device
yang bisa diakses router.2. semua device yang lain punya batas waktu untuk akses ke
router.Satu hal bahwa semua perangkat lain yang hanya terbatas bagi mereka yang
tidak memiliki Winbox / SSH / telnet akses ke router, yang kadang-kadang berarti
Anda tidak bisa memasukinya. Salah satu cara untuk sementara membolehkan akses
penuh ke router adalah port ketukan.port knocking RouterOs adalah salah satu cara
untuk menambahkan alamat IP dinamis ke dalam daftar alamat untuk jumlah waktu yang
ditentukan. Cara kerjanya adalah seperti ini.1. client mengirim paket ke router
dengan port 13372. router menambah ip client ke address list temp misalkan dengan
waktu 15 menit.3. client mengirim paket ke router degnen port 73314. router
mengecek untuk melihat apakah IP client ada di address list temp.5. jika demikian
maka router menambah IP address ke address list safe dengan waktu 15 menit.6.
client akan mengakses router selama 15 menit.Jadi dengan ini client dibatasi waktu
aksesnya ke router. ini membuat router lebih aman.bagi yang belum punya softwarenya
silahkan didownload di http://www.zeroflux.org/proj/knock/files/knock-cygwin.zip
Knock.exe <IP Address> port:protocol port:protocol port:protocolKnock.exe
192.168.0.2 1337:tcp 7331:tcpMeskipun fitur ini berguna namun dalam keamanan, dalam
aturan firewall saya akan menunjukkan aturan yang digunakan untuk membuat sebuah
port knocking, jika Anda keluar dari aturan ini maka tidak ada port knocking di
router anda.4. Loading A Firewall Yups sekarang saatnya kita membahas tentang

firewall, sekarang router Anda sudah aman dari akses oleh password, tetapi password
merupakan salah satu lapisan keamanan bukan hanya lapisan. Script ini berdasarkan
firewall digunakan pada router MT demo tetapi memiliki beberapa perubahan disana,
hanya melindungi router dan tidak foward dalam aturan firewall./ ip firewall
filter add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list
address-list=knock \ address-list-timeout=15s comment=" disabled=noadd chain=input
protocol=tcp dst-port=7331 src-address-list=knock action= add-src-to-address-list \
address-list=safe address-list-timeout=15m comment=" disabled=noPada peraturan
setup port knocking, setup diatas digunakan pada contoh kami akan gunakan untuk
menambahkan alamat IP agar aman-daftar alamat ini adalah alamat yang digunakan
dalam daftar ini firewall untuk mengizinkan penuh akses ke router.add chain=input
connection-state=established action=accept comment="accept established connection
packets" disabled=noadd chain=input connection-state=related action=accept
comment="accept related connection packets" disabled=noadd chain=input connectionstate=invalid action=drop comment="drop invalid packets" disabled=no
Aturan ini
hanya berlaku pastikan sambungan pergi ke router dan akan mematikan apapun yang
tidak sah.add chain=input src-address-list=safe action=accept comment=Allow access
to router from known network disabled=noAturan ini merupakan aturan yang
memungkinkan akses penuh ke router untuk alamat IP tertentu, ini berisi daftar IP
statis untuk masukan dari Anda akan selalu memiliki akses dan juga berisi IP
dinamis dari orang-orang ditambah port knocking jika digunakan.add chain=input
protocol=tcp psd=21,3s,3,1 action=drop comment=detect and drop port scan
connections disabled=no add chain=input protocol=tcp connection-limit=3,32 srcaddress-list=black_list action=tarpit \ comment=suppress DoS attack disabled=no
add chain=input protocol=tcp connection-limit=10,32 action= add-src-to-address-list
\ address-list=black_list address-list-timeout=1d comment=detect DoS attack
disabled=noIni adalah aturan dari sedikit reaktif ke DoS dan yang mencoba untuk
menggunakan port scanner, port scan adalah menurun tetapi serangan DoS adalah
tarpitted dalam bahwa semua koneksi yang diperlambat bawah untuk meningkatkan
penggunaan sumber daya pada perangkat penyerang.add chain=input protocol=icmp
action=jump jump-target=ICMP comment=jump to chain ICMP disabled=no add
chain=input action=jump jump-target=services comment=jump to chain services
disabled=no2 peraturan ini beralih ke rantai kita akan membuat, jumping adalah
berguna karena memungkinkan Anda untuk kembali aturan yang sama di berbagai rantai
(Ie Input dan Forward dapat beralih ke rantai yang sama dan menjalankan peraturan
yang sama)add chain=input dst-address-type=broadcast action=accept comment=Allow
Broadcast Traffic disabled=noBroadcast membolehkan lalu lintas ke router, hal ini
kadang-kadang diperlukan oleh hal-hal seperti NTPadd chain=input action=log logprefix=Filter: comment=" disabled=no add chain=input action=drop comment=drop
everything else disabled=noDan ini merupakan aturan yang menolak semua akses ke
router, lalu lintas jika belum diterima oleh aturan-aturan di atas maka akan drop.
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept
comment="0:0 and limit for 5pac/s" disabled=noadd chain=ICMP protocol=icmp icmpoptions=3:3 limit=5,5 action=accept comment="3:3 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment="3:4
and limit for 5pac/s" disabled=noadd chain=ICMP protocol=icmp icmp-options=8:0-255
limit=5,5 action=accept comment="8:0 and limit for 5pac/s" disabled=noadd
chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept
comment="11:0 and limit for 5pac/s" disabled=noadd chain=ICMP protocol=icmp
action=drop comment="Drop everything else" disabled=no
Aturan-aturan ini
membentuk ICMP rantai yang kami melompat dari prediksi, ia terbatas berbagai
paket ICMP untuk menghentikan orang-orang yang ping flooding oleh attacker.add
chain=services src-address-list=127.0.0.1 dst-address=127.0.0.1 action=accept
comment="accept localhost" disabled=noadd chain=services protocol=udp dstport=20561 action=accept comment="allow MACwinbox " disabled=noadd chain=services
protocol=tcp dst-port=2000 action=accept comment="Bandwidth server" disabled=noadd
chain=services protocol=udp dst-port=5678 action=accept comment=" MT Discovery
Protocol" disabled=noadd chain=services protocol=tcp dst-port=161 action=accept
comment="allow SNMP" disabled=yesadd chain=services protocol=tcp dst-port=179

action=accept comment="Allow BGP" disabled=yesadd chain=services protocol=udp dstport=5000-5100 action=accept comment="allow BGP" disabled=yesadd chain=services
protocol=udp dst-port=123 action=accept comment="Allow NTP" disabled=yesadd
chain=services protocol=tcp dst-port=1723 action=accept comment="Allow PPTP"
disabled=yesadd chain=services protocol=gre action=accept comment="allow PPTP and
EoIP" disabled=yesadd chain=services protocol=tcp dst-port=53 action=accept
comment="allow DNS request" disabled=yesadd chain=services protocol=udp dst-port=53
action=accept comment="Allow DNS request" disabled=yesadd chain=services
protocol=udp dst-port=1900 action=accept comment="UPnP" disabled=yesadd
chain=services protocol=tcp dst-port=2828 action=accept comment="UPnP" disabled=yes
add chain=services protocol=udp dst-port=67-68 action=accept comment="allow DHCP"
disabled=yesadd chain=services protocol=tcp dst-port=8080 action=accept
comment="allow Web Proxy" disabled=yesadd chain=services protocol=ipencap
action=accept comment="allow IPIP" disabled=yesadd chain=services protocol=tcp
dst-port=443 action=accept comment="allow https for Hotspot" disabled=yesadd
chain=services protocol=tcp dst-port=1080 action=accept comment="allow Socks for
Hotspot" disabled=yesadd chain=services protocol=udp dst-port=500 action=accept
comment="allow IPSec connections" disabled=yesadd chain=services protocol=ipsec-esp
action=accept comment="allow IPSec" disabled=yesadd chain=services protocol=ipsecah action=accept comment="allow IPSec" disabled=yesadd chain=services protocol=udp
dst-port=520-521 action=accept comment="allow RIP" disabled=yesadd chain=services
protocol=ospf action=accept comment="allow OSPF" disabled=yesadd chain=services
action=return comment="" disabled=no Ini adalah layanan yang kami Izinkan setiap
mengakses, karena Anda dapat melihat kebanyakan mereka dinonaktifkan secara
default. Satu-satunya adalah layanan yang memungkinkan pribadi saya merasa harus
selalu dapat diakses.Mac-TelnetBandwidth Test ServerMT DiscoverySemua layanan
lainnya hanya boleh diaktifkan bila mereka merasa diperlukan, menjalankan script
ini pada produksi router yang sudah dikonfigurasi akan menyebabkan ia terjatuh ke
IPSec, BGP, dan EOIP a bunch dari layanan lainnya, jadi harus diperiksa aturan2
tersebut, jangan asal copy paste. Sekali lagi baca dengan teliti, dan seksama untuk
menerapkan aturan ini.5. Logging & Syslog Nah penyimpanan yang melebihi 100 baris
akan hilang di router. maka log sangat diperlukan untuk memantau semua jaringan.
berikut ini setting default log./system logging print Flags: X disabled, I
invalid# TOPICS ACTION PREFIX0 info memory1 error memory2 warning memory3 critical
echojadi yang terlihat adalah ketika terjadi booting ulang maka kita akan
kehilangan semua log kita.oleh sebab itu kita harus menanamnya di hardisk./system
logging print /system logging remove 0/system logging remove 1/system logging
remove 2/system logging remove 3sekarang kita setup log beberapa ke disk./system
logging add topics=critical action=disk /system logging add topics=critical
action=echo/system logging add topics=error action=disk/system logging add
topics=warning action=disk/system logging add topics=info action=memorysekarang
tinggal mau diset berapa, klo saya 300 baris log untuk memori tapi klo hardisk saya
kasih 1000 baris log./system logging action print/system logging action set 0 disklines=XXX/system logging action set 1 disk-lines=XXXatau sekarang bisa juga kita
buat aturan bahwa log tidak di memori namun langsung tersimpan di hardisk, caranya
adalah seperti dibawah ini :/system logging action add target=disk disk-lines=XXX
name=FirewallHits Kemudian kita mengubah logging tindakan untuk menghentikan
firewall clogging up log/system logging print /system logging set 0 topics=info,!
firewallDan sekarang kita atur agar semua firewall hits mendapatkan dikirim ke
sasaran baru./system logging add topics=firewall action=FirewallHits sekarang
tinggal ditentukan alamat IP mana file ini akan disimpan :/system logging action
print /system logging action set 3# #r#e#m#o#t#e#=#1#9#2#.#1#6#8#.#0#.#3#:#5#1#4#
#J#a#n#g#a#n# #l#u#p#a# #u#n#t#u#k# #m#e#n#a#m#b#a#h#k#a#n# ## :# #5#1#4#2 #d#i#
#b#a#g#i#a#n# #a#k#h#i#r# #a#l#a#m#a#t# #I#P# #s#e#p#e#r#t#i# #i#n#i#
#m#e#n#e#n#t#u#k#a#n# #p#o#r#t# #y#a#n#g# #d#i#g#u#n#a#k#a#n#.# #S#e#t#e#l#a#h#
#k#a#m#i# #t#e#l#a#h# #m#e#n#g#a#t#u#r# #I#P# #k#i#t#a# #d#a#p#a#t# #m#a#j#u#
#d#a#n# #m#e#n#a#m#b#a#h#k#a#n# #s#e#b#u#a#h# #a#t#u#r#a#n# #u#n#t#u#k# #m#a#s#u#k#
#k#e# #s#e#m#u#a# #d#a#e#m#o#n##/#s#y#s#t#e#m# #l#o#g#g#i#n#g# #a#d#d action=remote
topics=info,warning,critical,firewall,error prefix=RouterId setelah itu

periksalah tiap hari log tersebut, jangan hanya akan menjadi file sampah yaUnder
*nix-like OS kamu dapat melakukan (FreeBSD): 1. vi /etc/rc.confsyslogd_enable=YES
# Run syslog daemon (or NO). syslogd_program=/usr/sbin/syslogd # path to syslogd,
if you want a different o syslogd_flags=" # Flags to syslogd (if enabled).(By
default into syslogd_flags set -s option. Dont forget remove it. The -a
options are ignored if the -s option is also specified. See man syslogd. )2.
vi /etc/syslog.conf+@ # syslog settings of current system +* # +<ip-address or host
of your router> *.* /var/log/mikrotik.log +* 3. /etc/rc.d/syslogd restart6. NTP
Sync & Misc.Waktu itu harus disetting jangan lupa.. jangan2 belum diset time di
compynya../system clock set time-zone=+12 kita juga harus mensetup NTP
Client/system ntp client set enabled=yes primary-ntp=192.168.0.2 secondaryntp=192.168.0.3 mode=unicast Thanks to : jasakom, echo, jatimcrew, and all security
forum indonesiaPentest Lab with Mikrotik from primadonal.wordpress.com Lebih
lengkap silahkan dilihat di SINIxxxxxxxxxxxxxxxxxxxxx#Pentest
Lab#xxxxxxxxxxxxxxxxxxxxxSecara default untuk mengakses RouterOS dapat melalui:o
Telnet#o SSH#o HTTP#o Winbox#o FTP#o Mac-Telnet### Minimal Firewall Configuration
Fig. TopologiTarget Attacker#[ vmWare ]
;x x; [ Notebook ]#192.168.0.1/24
192.168.0.2/24#RouterOS winXPAlatbantu:PortScanner . Nmap v4.2#- HTTP BruteForce . FScan v0.6#- SSH BruteForce#- FTP
BruteForce#- Portknock;;;;;;;;;;;; Ada lima Rule ;;;;;;;;;;o1. Drop Port
Scanner#o2. Drop SSH BruteForce#o3. Drop FTP BruteForce#o4. Drop HTTP/HTTPS
BruteForce#o5. PortKnocking Ruleo1. Drop Port Scanner
#D:\>nmap -vv -sX -sV -p U:53,111,137,500,T:2125,80,139,179,8080 192.168.0.1Starting Nmap 4.22SOC8 ( http://insecure.org ) at
2008-07-19 17:12 SE Asia Stand#ard Time#Initiating ARP Ping Scan at 17:12#Scanning
192.168.0.1 [1 port]#Completed ARP Ping Scan at 17:12, 0.11s elapsed (1 total
hosts)#Initiating Parallel DNS resolution of 1 host. at 17:12#Completed Parallel
DNS resolution of 1 host. at 17:12, 16.50s elapsed#Initiating XMAS Scan at
17:12#Scanning 192.168.0.1 [9 ports]#Completed XMAS Scan at 17:12, 1.27s elapsed (9
total ports)#Initiating Service scan at 17:12#Scanning 4 services on
192.168.0.1#Discovered open port 80/tcp on 192.168.0.1#Discovered open|filtered
port 80/tcp on 192.168.0.1 is actually open#Discovered open port 23/tcp on
192.168.0.1#Discovered open|filtered port 23/tcp on 192.168.0.1 is actually
open#Discovered open port 22/tcp on 192.168.0.1#Discovered open|filtered port
22/tcp on 192.168.0.1 is actually open#Discovered open port 21/tcp on
192.168.0.1#Discovered open|filtered port 21/tcp on 192.168.0.1 is actually
open#Completed Service scan at 17:12, 6.09s elapsed (4 services on 1 host)#SCRIPT
ENGINE: Initiating script scanning.#Host 192.168.0.1 appears to be up
good.#Interesting ports on 192.168.0.1:#PORT STATE SERVICE
VERSION#21/tcp open ftp MikroTik router ftpd 2.9.27#22/tcp open
ssh OpenSSH 2.3.0 mikrotik 2.9 (protocol 1.99)#23/tcp open telnet
Linux telnetd#24/tcp closed priv-mail#25/tcp closed smtp#80/tcp open
http MikroTik router http config#139/tcp closed netbios-ssn#179/tcp closed
bgp#8080/tcp closed http-proxy#MAC Address: 00:0C:29:D1:59:AB (VMware)#Service
Info: Host: MikroTik; OS: Linux; Device: routerRead data files from: C:\Program
Files\Nmap#Service detection performed. Please report any incorrect results at
http://insec#ure.org/nmap/submit/ .#Nmap done: 1 IP address (1 host up) scanned in
24.203 seconds#Raw packets sent: 14 (562B) | Rcvd: 7 (302B)
D:\>#Tambahkan rule;##|
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \#|
address-list=port scanners address-list-timeout=2w comment=Drop Port \#|
Scanners disabled=no#| add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!
psh,!ack,!urg \#| action=add-src-to-address-list address-list=port
scanners \#| address-list-timeout=2w comment=" disabled=no#| add
chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \#|
address-list=port scanners address-list-timeout=2w comment=" \#|
disabled=no#| add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-toaddress-list \#| address-list=port scanners address-list-timeout=2w

comment=" \#| disabled=no#| add chain=input protocol=tcp tcpflags=fin,psh,urg,!syn,!rst,!ack \#| action=add-src-to-address-list addresslist=port scanners \#| address-list-timeout=2w comment=" disabled=no#| add
chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \#| action=add-srcto-address-list address-list=port scanners \#| address-list-timeout=2w
comment=" disabled=no#| add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!
psh,!ack,!urg \#| action=add-src-to-address-list address-list=port
scanners \#| address-list-timeout=2w comment=" disabled=no#| add
chain=input src-address-list=port scanners action=drop comment=" \#|
disabled=no#IP address Attacker akan dimasukkan kedalam
ip firewall address-list, Maka;##D:\>nmap -vv -sX -sV
-p U:53,111,137,500,T:21-25,80,139,179,8080 192.168.0.1Starting Nmap 4.22SOC8
( http://insecure.org ) at 2008-07-19 17:16 SE Asia Stand#ard Time#Initiating ARP
Ping Scan at 17:16#Scanning 192.168.0.1 [1 port]#Completed ARP Ping Scan at 17:16,
0.11s elapsed (1 total hosts)#Initiating Parallel DNS resolution of 1 host. at
17:16#Completed Parallel DNS resolution of 1 host. at 17:17, 16.50s
elapsed#Initiating XMAS Scan at 17:17#Scanning 192.168.0.1 [9 ports]#Completed XMAS
Scan at 17:17, 1.26s elapsed (9 total ports)#Initiating Service scan at
17:17#Scanning 9 services on 192.168.0.1#Completed Service scan at 17:17, 5.00s
elapsed (9 services on 1 host)#SCRIPT ENGINE: Initiating script scanning.#Host
192.168.0.1 appears to be up good.#Interesting ports on 192.168.0.1:#PORT
STATE SERVICE VERSION#21/tcp open|filtered ftp#22/tcp open|
filtered ssh#23/tcp open|filtered telnet#24/tcp open|filtered privmail#25/tcp open|filtered smtp#80/tcp open|filtered http#139/tcp open|filtered
netbios-ssn#179/tcp open|filtered bgp#8080/tcp open|filtered http-proxy#MAC
Address: 00:0C:29:D1:59:AB (VMware)Read data files from: C:\Program
Files\Nmap#Service detection performed. Please report any incorrect results at
http://insec#ure.org/nmap/submit/ .#Nmap done: 1 IP address (1 host up) scanned in
23.094 seconds#Raw packets sent: 19 (762B) | Rcvd: 1 (42B)D:\>[admin@MikroTik] ip
firewall address-list> print#Flags: X - disabled, D - dynamic## LIST
ADDRESS#0 Save Haven 192.168.0.3-192.168.0.5#1 D Save Haven 192.168.0.2#2 D
port scanners 192.168.0.2#[admin@MikroTik] ip firewall address-list>C:\Documents
and Settings\adminz>ping 192.168.0.1 -tPinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32
time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from
192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms
TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1:
bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Request
timed out.#Request timed out.#Request timed out.#Request timed out.#Request timed
out.Ping statistics for 192.168.0.1:#Packets: Sent = 24, Received = 19, Lost = 5
(20% loss),#Approximate round trip times in milli-seconds:#Minimum = 0ms, Maximum =
0ms, Average = 0ms#Control-C#^C#C:\Documents and Settings\adminz>
o2. Drop SSH
BruteForces##| add chain=input protocol=tcp dstport=22 src-address-list=ssh_blacklist \#| action=drop comment=Drop SSH brute
forcers disabled=no#| add chain=input protocol=tcp dst-port=22 connectionstate=new \#| src-address-list=ssh_stage3 action=add-src-to-address-list \#|
address-list=ssh_blacklist address-list-timeout=1w3d comment=" \#|
disabled=no#| add chain=input protocol=tcp dst-port=22 connection-state=new \#|
src-address-list=ssh_stage2 action=add-src-to-address-list \#| addresslist=ssh_stage3 address-list-timeout=1m comment=" disabled=no#| add chain=input
protocol=tcp dst-port=22 connection-state=new \#| src-address-list=ssh_stage1
action=add-src-to-address-list \#| address-list=ssh_stage2 address-listtimeout=1m comment=" disabled=no#| add chain=input protocol=tcp dst-port=22
connection-state=new \#| action=add-src-to-address-list addresslist=ssh_stage1 \#| address-list-timeout=1m comment="
disabled=no#o3. Drop FTP
BruteForce##| add chain=input protocol=tcp dst-port=21
src-address-list=ftp_blacklist \#| action=drop comment=Drop FTP brute

forcers disabled=no#| add chain=output protocol=tcp content=530 Login incorrect

\#| dst-limit=1/1m,9,dst-address/1m action=accept comment=" disabled=no#|
add chain=output protocol=tcp content=530 Login incorrect \#| action=adddst-to-address-list address-list=ftp_blacklist \#| address-list-timeout=3h
comment=" disabled=no# o4. Drop HTTP/HTTPS BruteForce
Meminimalkan attacking terhadap port http/https ke RouterOS dengan BruteForce
Seperti:##D:\fscan>fscan.exe ports 80 hosts
192.168.0.1 threads 200#Fast HTTP Auth Scanner v0.6#(c) Andres Tarasco http://www.514.es[+] Loaded 26 user/pass combinations#[+] Loaded 42 ignored
webservers#[+] Loaded 41 Router authentication schemes#[+] Loaded 51 webform
authentication schemes#[+] Loaded 13 Single Users#[+] Scanning 1 hosts
(192.168.0.1 - (null))#[+] Scanning 1 ports - bruteforce is activeServer
Port status password banner#192.168.0.1 80 200 not:found
(mikrotik routeros)#scan FinishedD:\fscan>#Jika dilihat
pada log RouterOS :##[admin@MikroTik] > log
print#16:49:45 system,error,critical login failure for user admin from 192.168.0.2
via web#16:49:45 system,error,critical login failure for user admin from
192.168.0.2 via web#16:49:45 system,error,critical login failure for user from
192.168.0.2 via web#16:49:45 system,error,critical login failure for user Admin
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user
admin from 192.168.0.2 via web#16:49:45 system,error,critical login failure for
user admin from 192.168.0.2 via web#16:49:45 system,error,critical login failure
for user admin from 192.168.0.2 via web#16:49:45 system,error,critical login
failure for user admin from 192.168.0.2 via web#16:49:45 system,error,critical
login failure for user admin from 192.168.0.2 via web#16:49:45
system,error,critical login failure for user admin from 192.168.0.2 via
web#16:49:45 system,error,critical login failure for user admin from 192.168.0.2
via web#16:49:45 system,error,critical login failure for user cisco from
192.168.0.2 via web#16:49:45 system,error,critical login failure for user 1234 from
192.168.0.2 via web#16:49:45 system,error,critical login failure for user operator
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user user
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user root
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user root
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user root
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user root
from 192.168.0.2 via web#16:49:45 system,error,critical login failure for user
super from 192.168.0.2 via web#16:49:45 system,error,critical login failure for
user test from 192.168.0.2 via web#16:49:45 system,error,critical login failure for
user Cisco from 192.168.0.2 via web#16:49:45 system,error,critical login failure
for user from 192.168.0.2 via web#16:49:45 system,error,critical login failure for
user smc from 192.168.0.2 via web#16:49:45 system,error,critical login failure for
user support from 192.168.0.2 via web#16:52:17 system,error,critical login failure
for user admin via local#Tambahkan Rule di firewall
RouterOS##| add chain=input protocol=tcp dst-port=80
src-address-list=web_blacklist \#| action=drop comment=Drop Web brute
forcers disabled=no#| add chain=input protocol=tcp dst-port=443 src-addresslist=web_blacklist \#| action=drop comment=" disabled=no#| add chain=output
protocol=tcp content=invalid user name or password \#| dst-limit=1/1m,9,dstaddress/1m action=accept comment=" disabled=no#| add chain=output protocol=tcp
content=invalid user name or password \#| action=add-dst-to-address-list
address-list=web_blacklist \#| address-list-timeout=3h comment="
disabled=no#Dilakukan Bruteforce lagi,
maka:##[admin@MikroTik] ip firewall address-list>
pr#Flags: X - disabled, D - dynamic## LIST ADDRESS#0 Save Haven
192.168.0.3-192.168.0.5#1 D Save Haven 192.168.0.2#2 D web_blacklist
192.168.0.2#[admin@MikroTik] ip firewall address-list>D:\fscan>fscan.exe ports 80
hosts 192.168.0.1 threads 200#Fast HTTP Auth Scanner v0.6#(c) Andres Tarasco http://www.514.es[+] Loaded 26 user/pass combinations#[+] Loaded 42 ignored
webservers#[+] Loaded 41 Router authentication schemes#[+] Loaded 51 webform

authentication schemes#[+] Loaded 13 Single Users#[+] Scanning 1 hosts

(192.168.0.1 - (null))#[+] Scanning 1 ports - bruteforce is activeServer
Port status password banner#scan Finished
D:\fscan>#o5. PortKnocking RuleTambahkan Rule pada
Firewall filter:##| add chain=input protocol=tcp dstport=1337 action=add-src-to-address-list \#| address-list=knock-knock addresslist-timeout=15s comment=Port Knocking \#| disabled=no#| add chain=input
protocol=udp dst-port=17954 src-address-list=knock-knock \#| action=add-srcto-address-list address-list=Save Haven \#| address-list-timeout=3h
comment=" disabled=no#| add chain=input src-address-list=Save Haven
action=accept comment=" \#| disabled=no#| add chain=input action=drop
comment=" disabled=no# ##
Download tool portknockingD:\>wget http://www.zeroflux.org/proj/knock/files/knockcygwin.zip# Ekstrak fileD:\knock>dir#Volume in drive D is data.#Volume Serial
Number is 20B3-1A4DDirectory of D:\knock19/07/2008 15:24 <DIR>
.#19/07/2008 15:24 <DIR> ..#03/07/2005 02:30 1.295.582
cygwin1.dll#10/08/2005 14:52 15.238 knock.exe#2 File(s) 1.310.820
bytes#2 Dir(s) 714.395.648 bytes freeD:\knock>C:\Documents and
Settings\adminz>ping 192.168.0.1 -tPinging 192.168.0.1 with 32 bytes of data:
Request timed out.#Request timed out.#Request timed out.#Request timed out.#Request
timed out.#Request timed out.Ping statistics for 192.168.0.1:#Packets: Sent = 6,
Received = 0, Lost = 6 (100% loss),#Control-C#^C#C:\Documents and Settings\adminz>
D:\>telnet 192.168.0.1 22#Connecting To 192.168.0.1Could not open connection to
the host, on port 22: C#onnect failedD:\>putty -ssh -l admin 192.168.0.1D:\>
#|PuTTY Fatal Error [x]|#|-|#|
|#| (X) Network error: Connection
timed out |#| |#|
++ |#| | OK | |#|
++ |#|
|#D:\knock>knock.exe#usage:
knock [options] <host> <port[:proto]> [port[:proto]] #options:#-u,
udp make all ports hits use UDP (default is TCP)#-v, verbose be
verbose#-V, version display version#-h, help this helpexample:
knock myserver.example.com 123:tcp 456:udp 789:tcpD:\knock>knock 192.168.0.1
1337:tcp 17954:udpD:\knock>C:\Documents and Settings\adminz>ping 192.168.0.1 -t
Pinging 192.168.0.1 with 32 bytes of data:Request timed out.#Request timed
out.#Request timed out.#Request timed out.#Request timed out.#Request timed
out.#Request timed out.#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from
192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms
TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1:
bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply
from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32
time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms TTL=64#Reply from
192.168.0.1: bytes=32 time<1ms TTL=64#Reply from 192.168.0.1: bytes=32 time<1ms
TTL=64Ping statistics for 192.168.0.1:#Packets: Sent = 18, Received = 11, Lost = 7
(38% loss),#Approximate round trip times in milli-seconds:#Minimum = 0ms, Maximum =
0ms, Average = 0ms#Control-C#^C#C:\Documents and Settings\adminz>D:\>putty -ssh -l
admin
192.168.0.1#D:\>#==================================================================
=====================#| 192.168.0.1 PuTTY [_][O][X]|#|
-+#|Using username
admin. [^]|#|
admin@192.168.0.1s password:
| ||#|

| ||#| MMM MMM KKK TTTTTTTTTTT

KKK | ||#| MMMM MMMM KKK
TTTTTTTTTTT KKK | ||#| MMM MMMM MMM III KKK KKK RRRRRR

OOOOOO TTT III KKK KKK | ||#| MMM MM MMM III KKKKK RRR
RRR OOO OOO TTT III KKKKK | ||#| MMM MMM III KKK KKK
RRRRRR OOO OOO TTT III KKK KKK | ||#| MMM MMM III KKK
KKK RRR RRR OOOOOO TTT III KKK KKK | ||#|

| ||#| MikroTik RouterOS 2.9.27 (c) 1999-2006

http://www.mikrotik.com/ | ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|

| ||#|Terminal xterm detected, using multiline input

mode | ||#|[admin@MikroTik] > log
print | ||#|17:38:31
system,info,account user admin logged in from 192.168.0.2 via ssh [v]|
#==================================================================================
=====Export file configuration#-;/ ip firewall filter#add chain=input
protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \#address-list=port
scanners address-list-timeout=2w comment=Drop Port \#Scanners disabled=no#add
chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \#action=add-srcto-address-list address-list=port scanners \#address-list-timeout=2w comment="
disabled=no#add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-toaddress-list \#address-list=port scanners address-list-timeout=2w comment="
\#disabled=no#add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-toaddress-list \#address-list=port scanners address-list-timeout=2w comment="
\#disabled=no#add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
\#action=add-src-to-address-list address-list=port scanners \#address-listtimeout=2w comment=" disabled=no#add chain=input protocol=tcp tcpflags=fin,syn,rst,psh,ack,urg \#action=add-src-to-address-list address-list=port
scanners \#address-list-timeout=2w comment=" disabled=no#add chain=input
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \#action=add-src-to-addresslist address-list=port scanners \#address-list-timeout=2w comment="
disabled=no#add chain=input src-address-list=port scanners action=drop comment="
\#disabled=no#add chain=input protocol=tcp dst-port=22 src-addresslist=ssh_blacklist \#action=drop comment=Drop SSH brute forcers disabled=no#add
chain=input protocol=tcp dst-port=22 connection-state=new \#src-addresslist=ssh_stage3 action=add-src-to-address-list \#address-list=ssh_blacklist
address-list-timeout=1w3d comment=" \#disabled=no#add chain=input protocol=tcp
dst-port=22 connection-state=new \#src-address-list=ssh_stage2 action=add-src-toaddress-list \#address-list=ssh_stage3 address-list-timeout=1m comment="

disabled=no#add chain=input protocol=tcp dst-port=22 connection-state=new \#srcaddress-list=ssh_stage1 action=add-src-to-address-list \#address-list=ssh_stage2

address-list-timeout=1m comment=" disabled=no#add chain=input protocol=tcp dstport=22 connection-state=new \#action=add-src-to-address-list addresslist=ssh_stage1 \#address-list-timeout=1m comment=" disabled=no#add chain=input
protocol=tcp dst-port=21 src-address-list=ftp_blacklist \#action=drop comment=Drop
FTP brute forcers disabled=no#add chain=output protocol=tcp content=530 Login
incorrect \#dst-limit=1/1m,9,dst-address/1m action=accept comment="
disabled=no#add chain=output protocol=tcp content=530 Login incorrect
\#action=add-dst-to-address-list address-list=ftp_blacklist \#address-listtimeout=3h comment=" disabled=no#add chain=input protocol=tcp dst-port=80 srcaddress-list=web_blacklist \#action=drop comment=Drop Web brute forcers
disabled=no#add chain=input protocol=tcp dst-port=443 src-addresslist=web_blacklist \#action=drop comment=" disabled=no#add chain=output
protocol=tcp content=invalid user name or password \#dst-limit=1/1m,9,dstaddress/1m action=accept comment=" disabled=no#add chain=output protocol=tcp
content=invalid user name or password \#action=add-dst-to-address-list addresslist=web_blacklist \#address-list-timeout=3h comment=" disabled=no#add chain=input
protocol=tcp dst-port=1337 action=add-src-to-address-list \#address-list=knockknock address-list-timeout=15s comment=Port Knocking \#disabled=no#add
chain=input protocol=udp dst-port=17954 src-address-list=knock-knock \#action=addsrc-to-address-list address-list=Save Haven \#address-list-timeout=3h comment="
disabled=no#add chain=input src-address-list=Save Haven action=accept
comment=" \#disabled=no#add chain=input action=drop comment=" disabled=no###
Other Securityo SSH Preshated Key authenticationGenerate Publik dan private key
Menggunakan ssh keygen pada *NIXsh$ ssh-keygen -t dsa -f ./id_dsa#Generating
public/private dsa key pair.#Enter passphrase (empty for no passphrase):#Enter same
passphrase again:#Your identification has been saved in ./id_dsa.#Your public key
has been saved in ./id_dsa.pub.#The key fingerprint
is:#91:d7:08:be:b6:a1:67:5e:81:02:cb:4d:47:d6:a0:3b admin-ssh@bekaMenggunakan
PuTTYGen Pada WindowsUpload file publik key ke RouterOS gunakan Scp, selanjutnya
import file,[admin@MikroTik] user ssh-keys> import file=id_dsa.pub user=adminssh#[admin@MikroTik] user ssh-keys> print## USER KEY-OWNER#0 admin-ssh adminssh@beka#[admin@MikroTik] user ssh-keys>o Firewall http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling#o Syslog DaemonRepost:Mendalami
HTB pada QoS RouterOS Mikrotik Implementasi QoS (Quality of Services) di Mikrotik
banyak bergantung pada sistem HTB (Hierarchical Token Bucket). HTB memungkinkan
kita membuat queue menjadi lebih terstruktur, dengan melakukan pengelompokanpengelompokan bertingkat. Yang banyak tidak disadari adalah, jika kita tidak
mengimplementasikan HTB pada Queue (baik Simple Queue maupun Queue Tree), ternyata
ada beberapa parameter yang tidak bekerja seperti yang kita inginkan.Beberapa
parameter yang tidak bekerja adalah priority, dan dual limitation (CIR / MIR).Pada
pembahasan artikel ini, kita akan mengambil contoh sebuah sistem QoS sederhana, di
mana kita ingin mengalokasikan bandwidth sebesar 400kbps untuk 3 client, di mana
masing-masing client bisa mendapatkan maksimal 200kbps. Di antara ketiga client
tersebut, memiliki prioritas yang berbeda, yaitu: 1,2, dan 3.Untuk mempermudah
pemantauan dan pembuktian, kita akan menggunakan queue tree.Cara paling mudah untuk
melakukan queue dengan queue tree, adalah dengan menentukan parameter :parent (yang
harus diisi dengan outgoing-interface),packet-mark (harus dibuat terlebih dahulu di
ip-firewall-mangle),max-limit (yang merupakan batas kecepatan maksimum), atau
dikenal juga dengan MIR (Maximum Information Rate)Untuk percobaan awal, semua
priority diisi angka yang sama: 8, dan parameter limit-at tidak kita isi. Gambar
berikut ini
adalah ilustrasi apa yang akan terjadi dengan konfigurasi di atas.# INCLUDEPICTURE
"http://mikrotik.co.id/images/artikel/qos-htb-01/01.jpg" \* MERGEFORMATINET ###
Karena alokasi bandwidth yang tersedia hanya 400kbps, sedangkan total akumulasi
ketiga client melebihinya (600 kbps), maka ketiga client akan saling berebut, dan
tidak bisa diprediksikan siapa yang akan menang (menggunakan bandwidth secara
penuh) dan siapa yang akan kalah (tidak mendapatkan bandwidth yang sesuai).Misalkan

q1 adalah client dengan prioritas tertinggi, dan q3 adalah client dengan prioritas
terbawah. Kita akan mencoba memasukkan nilai prioritas untuk masing-masing client
sesuai dengan prioritasnya.# INCLUDEPICTURE
"http://mikrotik.co.id/images/artikel/qos-htb-01/02.jpg" \* MERGEFORMATINET ###
Tampak pada gambar di atas, meskipun sekarang q1 sudah memiliki prioritas
tertinggi, namun ketiga client masih berebutan bandwidth dan tidak terkontrol.
Gambar berikut akan mencoba mengimplementasikan nilai limit-at. Seharusnya, limitat adalah CIR (Committed Information Rate), merupakan parameter di mana suatu
client akan mendapatkan bandwidthnya, apapun kondisi lainnya, selama bandwidthnya
memang tersedia.# INCLUDEPICTURE "http://mikrotik.co.id/images/artikel/qos-htb01/03.jpg" \* MERGEFORMATINET ###Ternyata q1 masih tidak mendapatkan bandwidth
sesuai dengan limit-at (CIR) nya. Padahal, karena bandwidth yang tersedia adalah
400kbps, seharusnya mencukupi untuk mensuplai masing-masing client sesuai dengan
limit-at nya.Berikutnya, kita akan menggunakan parent queue, dan menempatkan ketiga
queue client tadi sebagai child queue dari parent queue yang akan kita buat. Pada
parent queue, kita cukup memasukkan outgoing-interface pada parameter parent, dan
untuk ketiga child, kita mengubah parameter parent menjadi nama parent queue.
Pertama-tama, kita belum akan memasukkan nilai max-limit pada parent-queue, dan
menghapus semua parameter limit-at pada semua client.# INCLUDEPICTURE
"http://mikrotik.co.id/images/artikel/qos-htb-01/04.jpg" \* MERGEFORMATINET ###
Tampak pada contoh di atas, karena kita tidak memasukkan nilai max-limit pada
parent, maka priority pada child pun belum bisa terjaga.Setelah kita memasang
parameter max-limit pada parent queue, barulah prioritas pada client akan berjalan.
# INCLUDEPICTURE "http://mikrotik.co.id/images/artikel/qos-htb-01/05.jpg" \*
MERGEFORMATINET ###Tampak pada contoh di atas, q1 dan q2 mendapatkan bandwidth
hampir sebesar max-limitnya, sedangkan q3 hampir tidak kebagian bandwidth.
Prioritas telah berjalan dengan baik. Namun, pada kondisi sebenarnya, tentu kita
tidak ingin ada client yang sama sekali tidak mendapatkan bandwidth.Untuk itu, kita
perlu memasang nilai limit-at pada masing-masing client. Nilai limit-at ini adalah
kecepatan minimal yang akan di dapatkan oleh client, dan tidak akan terganggu oleh
client lainnya, seberapa besarpun client lainnya menyedot bandwidth, ataupun
berapapun prioritasnya. Kita memasang nilai 75kbps sebagai limit-at di semua
client.# INCLUDEPICTURE "http://mikrotik.co.id/images/artikel/qos-htb-01/06.jpg" \*
MERGEFORMATINET ###Tampak bahwa q3, yang memiliki prioritas paling bawah,
mendapatkan bandwidth sebesar limit-at nya. q1 yang memiliki prioritas tertinggi,
bisa mendapatkan bandwidth sebesar max-limitnya, sedangkan q2 yang prioritasnya di
antara q1 dan q3, bisa mendapatkan bandwidth di atas limit-at, tapi tidak mencapai
max-limit. Pada contoh di atas, semua client akan terjamin mendapatkan bandwidth
sebesar limit-at, dan jika ada sisa, akan dibagikan hingga jumlah totalnya mencapai
max-limit parent, sesuai dengan prioritas masing-masing client.Jumlah akumulatif
dari limit-at tidaklah boleh melebihi max-limit parent. Jika hal itu terjadi,
seperti contoh di bawah ini, jumlah limit-at ketiga client adalah 600kbps,
sedangkan nilai max-limit parent hanyalah 400kbps, maka max-limit parent akan
bocor. Contoh di bawah ini mengasumsikan bahwa kapasitas keseluruhan memang bisa
mencapai nilai total limit-at. Namun, apabila bandwidth yang tersedia tidak
mencapai total limit-at, maka client akan kembali berebutan dan sistem prioritas
menjadi tidak bekerja.# INCLUDEPICTURE "http://mikrotik.co.id/images/artikel/qoshtb-01/07.jpg" \* MERGEFORMATINET ###Sedangkan, mengenai max-limit, max-limit
sebuah client tidak boleh melebihi max-limit parent. Jika hal ini terjadi, maka
client tidak akan pernah mencapai max-limit, dan hanya akan mendapatkan kecepatan
maksimum sebesar max-limit parent (lebih kecil dari max-limit client).#
INCLUDEPICTURE "http://mikrotik.co.id/images/artikel/qos-htb-01/09.jpg" \*
MERGEFORMATINET ###Jika semua client memiliki prioritas yang sama, maka client akan
berbagi bandwidth sisa. Tampak pada contoh di bawah ini, semua client mendapatkan
bandwidth yang sama, sekitar 130kbps (total 400kbps dibagi 3).# INCLUDEPICTURE
"http://mikrotik.co.id/images/artikel/qos-htb-01/08.jpg" \* MERGEFORMATINET ###Yang
perlu diingat mengenai HTB:HTB hanya bisa berjalan, apabila rule queue client
berada di bawah setidaknya 1 level parent, setiap queue client memiliki parameter
limit-at dan max-limit, dan parent queue harus memiliki besaran max-limit.Jumlah

seluruh limit-at client tidak boleh melebihi max-limit parent.Max-limit setiap

client harus lebih kecil atau sama dengan max-limit parent.Untuk parent dengan
level tertinggi, hanya membutuhkan max-limit (tidak membutuhkan parameter limitat).Untuk semua parent, maupun sub parent, parameter priority tidak diperhitungkan.
Priority hanya diperhitungkan pada child queue.Perhitungan priority baru akan
dilakukan setelah semua limit-at (baik pada child queue maupun sub parent) telah
terpenuhi.Panduan praktis cara perhitungan limit-at dan max-limit Di asumsikan
bandwidth yang tersedia sebesar 1000kbps. Dan jumlah seluruh client adalah 70.
Yang perlu diketahui adalah :Berapa jumlah maksimal client yang menggunakan
internet pada saat yang bersamaan. Jumlah ini belum tentu sama dengan jumlah
komputer yang ada, apabila semua client tidak pernah terkoneksi secara bersamaan.
Sebagai contoh, untuk kasus ini kita asumsikan adalah 50.Berapa jumlah minimal
client yang menggunakan internet pada saat yang bersamaan. Sebagai contoh, untuk
kasus ini kita asumsikan adalah 10Maka, untuk setiap client (1 client dibuatkan 1
rule queue), limit-at nya adalah 1000 / 50 = 20kbps, dan max-limit nya adalah
1000 / 10 = 100 kbps.Jangan lupa untuk menambahkan parent dengan max-limit sebesar
1000kbps (tidak perlu limit-at), dan memasukkan semua queue client di bawah parent
queue. Jika untuk terminal tertentu membutuhkan priority lebih besar, maka kita
bisa menggunakan priority yang berbeda-beda, tergantung dengan urutan prioritasnya.
Load Balancing 3 Line Speedy Load Balancing 3 Line Speedy Mencoba berbagi
pengalaman karena baru saja disuruh load balancing 3 line speedy dengan mikrotik.
Walaupun mungkin bisa dikatakan belum sempurna, tapi tidak ada salahnya tho bagiilmu?? # INCLUDEPICTURE "http://infonesia.info/wpincludes/images/smilies/icon_biggrin.gif" \* MERGEFORMATINET ###Load balancing yang
coba aku bahas saat ini dilakukan pada mikrotik 2.9 (Jadul euy) yang diinstall pada
PC pentium 3 dengan ethernet card sebanyak 4 buah yang diinstal di slot PCI.
Gambaran topologi yang aku tulis seperti ini :# INCLUDEPICTURE
"http://infonesia.info/wp-content/uploads/2009/05/topology-balancing.jpg" \*
MERGEFORMATINET ###Langkah-langkah load balancing :Ubah IP dan Nama interface
ethernet tiap port ehternet seperti contoh gambar di atas.#Ex : Ether1 -> Nama
interface diganti menjadi local dan IP di set 192.168.10.1/24Mulai dengan
menambah gateway di mikrotik ip route add dst-address=0.0.0.0/0 gateway
192.168.1.1 scope=255 target-scope=10 routing-mark=satu comment="" disabled=noip
route add dst-address=0.0.0.0/0 gateway 192.168.2.1 scope=255 target-scope=10
routing-mark=dua comment="" disabled=noip route add dst-address=0.0.0.0/0 gateway
192.168.3.1 scope=255 target-scope=10 routing-mark=tiga comment="" disabled=no
Dilanjutkan dengan menggunakan ip firewall mangle ip firewall mangleadd
chain=prerouting in-interface=local connection-state=new nth=2,3,0 action=markconnection new-connection-mark=satu passtrough=yes comment="load balancing"
disabled=noadd chain=prerouting in-interface=local connection-mark=satu
action=mark-routing new-routing-mark=satu passthrough=no comment="" disabled=noadd
chain=prerouting in-interface=local connection-state=new nth=2,3,1 action=markconnection new-connection-mark=dua passtrough=yes comment="" disabled=noadd
chain=prerouting in-interface=local connection-mark=dua action=mark-routing newrouting-mark=dua passthrough=no comment="" disabled=noadd chain=prerouting ininterface=local connection-state=new nth=2,3,2 action=mark-connection newconnection-mark=tiga passtrough=yes comment="" disabled=noadd chain=prerouting ininterface=local connection-mark=tiga action=mark-routing new-routing-mark=tiga
passthrough=no comment="" disabled=nodan yan terakhir dengan proses NAT ip firewall
nat add chain=srcnat out-interface=speedy1 action=masqueradeip firewall nat add
chain=srcnat out-interface=speedy2 action=masqueradeip firewall nat add
chain=srcnat out-interface=speedy3 action=masqueradeSelamat mencoba #
INCLUDEPICTURE "http://infonesia.info/wp-includes/images/smilies/icon_smile.gif" \*
MERGEFORMATINET ###Sumber : http://infonesia.infoTags:<!-- >Wed 22 Apr 2009#
HYPERLINK "http://www.areksitiung.com/2009/04/22/load-balancing-3-line-speedy/" \o
"Permanent Link: Load Balancing 3 Line Speedy" #Load Balancing 3 Line Speedy#Posted
by harinto under # HYPERLINK "http://www.areksitiung.com/category/mikrotik/" \o
"View all posts in Mikrotik" #Mikrotik### HYPERLINK
"http://www.areksitiung.com/2009/04/22/load-balancing-3-line-speedy/" \l

"respond" \o "Comment on Load Balancing 3 Line Speedy" #No Comments#MMM

MMM KKK TTTTTTTTTTT KKK#MMMM MMMM KKK TTTTTTTTTTT KKK#MMM MMMM MMM III KKK KKK
RRRRRR OOOOOO TTT III KKK KKK#MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III
KKKKK#MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK#MMM MMM III KKK KKK RRR
RRR OOOOOO TTT III KKK KKKMikroTik RouterOS 2.9.27 (c) 1999-2006
http://www.mikrotik.com// interface ethernet#set Local name=Local mtu=1500 macaddress=0A:C0:18:1A:3C:8A arp=enabled disable-running-check=yes auto-negotiation=no
\#full-duplex=yes cable-settings=default speed=100Mbps comment= disabled=no#set
Speedy1 name=Speedy1? mtu=1500 mac-address=0A:C0:18:1A:3C:75 arp=enabled disablerunning-check=yes \#auto-negotiation=no full-duplex=yes cable-settings=default
speed=1Gbps comment= disabled=no#set Speedy2 name=Speedy2? mtu=1500 macaddress=C0:10:18:C0:30:94 arp=enabled disable-running-check=yes \#autonegotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=
disabled=no#set Speedy3 name=Speedy3? mtu=1500 mac-address=00:0C:6E:D3:0D:FC
arp=enabled disable-running-check=yes \#auto-negotiation=no full-duplex=yes cablesettings=default speed=1Gbps comment= disabled=no#/ interface l2tp-server
server#set enabled=no max-mtu=1460 max-mru=1460
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption#/
interface pptp-server#add name=vpn user= disabled=no#/ interface pptp-server
server#set enabled=yes max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2
keepalive-timeout=30 default-profile=vpn#/ interface pppoe-client#add name=pppoeout1? max-mtu=1480 max-mru=1480 interface=Speedy2 user=111401104174@telkom.net
password=sttlqg13mc \#profile=default service-name= ac-name= add-defaultroute=yes dial-on-demand=no use-peer-dns=no \#allow=pap,chap,mschap1,mschap2
disabled=no#/ ip pool#add name=dhcp_pool1? ranges=10.2.1.110.2.1.252,10.2.1.254#add name=vpn ranges=172.16.1.1-172.16.1.6#/ ip
accounting#set enabled=no account-local-traffic=no threshold=256#/ ip accounting
web-access#set accessible-via-web=no address=0.0.0.0/0#/ ip service#set telnet
port=23 address=0.0.0.0/0 disabled=yes#set ftp port=21 address=0.0.0.0/0
disabled=yes#set www port=7479 address=0.0.0.0/0 disabled=no#set ssh port=1981
address=0.0.0.0/0 disabled=no#set www-ssl port=443 address=0.0.0.0/0
certificate=none disabled=yes#/ ip upnp#set enabled=no allow-disable-externalinterface=yes show-dummy-rule=yes#/ ip arp#/ ip socks#set enabled=no port=1080
connection-idle-timeout=2m max-connections=200#/ ip dns#set primarydns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cachesize=2048KiB cache-max-ttl=1w#/ ip dns static#add name=www.ktr-pjk-pdg.org
address=10.2.1.253 ttl=1d#/ ip traffic-flow#set enabled=no interfaces=all cacheentries=4k active-flow-timeout=30m inactive-flow-timeout=15s#/ ip address#add
address=10.2.1.253/24 network=10.2.1.0 broadcast=10.2.1.255 interface=Local
comment= disabled=no#add address=192.168.1.2/24 network=192.168.1.0
broadcast=192.168.1.255 interface=Speedy1 comment= disabled=no#add
address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255
interface=Speedy2 comment= disabled=no#add address=192.168.3.2/24
network=192.168.3.0 broadcast=192.168.3.255 interface=Speedy3 comment=
disabled=no#add address=172.16.1.1/29 network=172.16.1.0 broadcast=172.16.1.7
interface=Local comment= disabled=no#/ ip proxy#set enabled=no port=8080 parentproxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000#/ ip
proxy access#add dst-port=23-25 action=deny comment=block telnet & spam e-mail
relaying disabled=no#/ ip neighbor discovery#set Local discover=yes#set Speedy1
discover=yes#set Speedy2 discover=yes#set Speedy3 discover=yes#set pppoe-out1
discover=no#set vpn discover=no#/ ip route#add dst-address=0.0.0.0/0
gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=speedy1 comment=
disabled=no#add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 targetscope=10 routing-mark=speedy2 comment= disabled=no#add dst-address=0.0.0.0/0
gateway=192.168.3.1 scope=255 target-scope=10 routing-mark=speedy3 comment=
disabled=no#add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 targetscope=10 comment= disabled=no#/ ip firewall mangle#add chain=prerouting p2p=allp2p action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes
comment=Prio \#P2P disabled=yes#add chain=prerouting connection-

mark=prio_conn_p2p action=mark-packet new-packet-mark=prio_p2p_packet

passthrough=no \#comment= disabled=yes#add chain=prerouting protocol=tcp dstport=995 action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=Prio Download_Services disabled=yes#add
chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=markconnection \#new-connection-mark=prio_conn_download_services passthrough=yes
comment= disabled=yes#add chain=prerouting connectionmark=prio_conn_download_services action=mark-packet new-packetmark=prio_download_packet \#passthrough=no comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connectionmark=prio_conn_ensign_services \#passthrough=yes comment=Prio Ensign_Services
disabled=yes#add chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=prio_conn_ensign_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0500000 action=mark-connection \#new-connection-mark=prio_conn_ensign_services
passthrough=yes comment= disabled=yes#add chain=prerouting protocol=tcp dstport=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services
\#passthrough=yes comment= disabled=yes#add chain=prerouting connectionmark=prio_conn_ensign_services action=mark-packet new-packetmark=prio_ensign_packet \#passthrough=no comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=markconnection \#new-connection-mark=prio_conn_user_services passthrough=yes
comment=Prio User_Request disabled=yes#add chain=prerouting protocol=tcp dstport=8291 packet-size=1400-1500 action=mark-connection \#new-connectionmark=prio_conn_user_services passthrough=yes comment= disabled=yes#add
chain=prerouting connection-mark=prio_conn_user_services action=mark-packet newpacket-mark=prio_request_packet \#passthrough=no comment= disabled=yes#add
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connectionmark=prio_conn_comm_services \#passthrough=yes comment=Prio_Communication
disabled=yes#add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=
disabled=yes#add chain=prerouting protocol=tcp dst-port=6660-7000 action=markconnection new-connection-mark=prio_conn_comm_services \#passthrough=yes comment=

disabled=yes#add chain=prerouting protocol=ipencap action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=

disabled=yes#add chain=prerouting protocol=gre action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting protocol=ipsec-esp action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting protocol=ipsec-ah action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting protocol=ipip action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting protocol=encap action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment=
disabled=yes#add chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet
new-packet-mark=prio_comm_packet \#passthrough=no comment= disabled=yes#add
chain=prerouting in-interface=Local connection-state=new nth=2,1,0 action=markconnection new-connection-mark=speedy1 \#passthrough=yes comment=LB 3 Line Speedy
disabled=no#add chain=prerouting in-interface=Local connection-mark=speedy1
action=mark-routing new-routing-mark=speedy1 \#passthrough=no comment=
disabled=no#add chain=prerouting in-interface=Local connection-state=new nth=2,1,1
action=mark-connection new-connection-mark=speedy2 \#passthrough=yes comment=
disabled=no#add chain=prerouting in-interface=Local connection-mark=speedy2
action=mark-routing new-routing-mark=speedy2 \#passthrough=no comment=
disabled=no#add chain=prerouting in-interface=Local connection-state=new nth=2,1,2
action=mark-connection new-connection-mark=speedy3 \#passthrough=yes comment=
disabled=no#add chain=prerouting in-interface=Local connection-mark=speedy3
action=mark-routing new-routing-mark=speedy3 \#passthrough=no comment=
disabled=no#/ ip firewall nat#add chain=srcnat connection-mark=speedy1 action=srcnat to-addresses=192.168.1.2 to-ports=0-65535 comment=NAT 2 CLIENT
\#disabled=no#add chain=srcnat connection-mark=speedy2 action=src-nat toaddresses=125.165.115.184 to-ports=0-65535 comment= \#disabled=no#add
chain=srcnat connection-mark=speedy3 action=src-nat to-addresses=192.168.3.2 toports=0-65535 comment= disabled=no#add chain=srcnat src-address=172.16.1.0/29
action=masquerade comment=NAT VPN disabled=no#/ ip firewall connection
tracking#set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcpestablished-timeout=1d tcp-fin-wait-timeout=10s \#tcp-close-wait-timeout=10s tcplast-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udptimeout=10s \#udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcpsyncookie=no#/ ip firewall filter#add chain=forward src-address=0.0.0.0/8
action=drop comment=Block Bogus IP Address disabled=no#add chain=forward dstaddress=0.0.0.0/8 action=drop comment= disabled=no#add chain=forward srcaddress=127.0.0.0/8 action=drop comment= disabled=no#add chain=forward dstaddress=127.0.0.0/8 action=drop comment= disabled=no#add chain=forward srcaddress=224.0.0.0/3 action=drop comment= disabled=no#add chain=forward dstaddress=224.0.0.0/3 action=drop comment= disabled=no#add chain=forward srcaddress=192.168.1.99 protocol=tcp content=www action=drop comment=block browsing
1? disabled=yes#add chain=forward src-address=192.168.1.7 content=!www action=drop
comment= disabled=yes#add chain=forward src-address=192.168.1.8 protocol=tcp
content=www action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.9 action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.10 content=!www action=drop comment= disabled=yes#add
chain=forward src-address=192.168.1.11 protocol=tcp content=www action=drop
comment= disabled=yes#add chain=forward src-address=192.168.1.12 protocol=tcp
content=www action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.99 protocol=tcp content=http: action=drop comment=block browsing
2? disabled=yes#add chain=forward src-address=192.168.1.4 protocol=tcp
content=http: action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.5 protocol=tcp content=http: action=drop comment=
disabled=yes#add chain=forward src-address=192.168.1.6 protocol=tcp content=http:

action=drop comment= disabled=yes#add chain=forward src-address=192.168.1.7

content=!http: action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.8 protocol=tcp content=http: action=drop comment=
disabled=yes#add chain=input src-address=192.168.1.9 action=drop comment=
disabled=yes#add chain=input src-address=192.168.1.10 content=!http: action=drop
comment= disabled=yes#add chain=forward src-address=192.168.1.11 protocol=tcp
content=http: action=drop comment= disabled=yes#add chain=forward srcaddress=192.168.1.12 protocol=tcp content=http: action=drop comment=
disabled=yes#add chain=forward protocol=icmp icmp-options=11:0 action=drop
comment=Drop Traceroute disabled=no#add chain=forward protocol=icmp icmpoptions=3:3 action=drop comment=Drop Traceroute disabled=no#add chain=input
protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=Drop
SSH brute forcers \#disabled=no#add chain=input protocol=tcp dst-port=22
connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list
\#address-list=ssh_blacklist address-list-timeout=1w3d comment= disabled=no#add
chain=input protocol=tcp dst-port=22 connection-state=new src-addresslist=ssh_stage2 action=add-src-to-address-list \#address-list=ssh_stage3 addresslist-timeout=1m comment= disabled=no#add chain=input protocol=tcp dst-port=22
connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list
\#address-list=ssh_stage2 address-list-timeout=1m comment= disabled=no#add
chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-toaddress-list address-list=ssh_stage1 \#address-list-timeout=1m comment=
disabled=no#add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-addresslist address-list=port scanners \#address-list-timeout=2w comment=Port Scanners
to list disabled=no#add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!
ack,!urg action=add-src-to-address-list address-list=port \#scanners addresslist-timeout=2w comment= disabled=no#add chain=input protocol=tcp tcpflags=fin,syn action=add-src-to-address-list address-list=port scanners
\#address-list-timeout=2w comment= disabled=no#add chain=input protocol=tcp tcpflags=syn,rst action=add-src-to-address-list address-list=port scanners
\#address-list-timeout=2w comment= disabled=no#add chain=input protocol=tcp tcpflags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list addresslist=port \#scanners address-list-timeout=2w comment= disabled=no#add
chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-toaddress-list address-list=port scanners \#address-list-timeout=2w comment=
disabled=no#add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port \#scanners address-listtimeout=2w comment= disabled=no#add chain=input src-address-list=port scanners
action=drop comment= disabled=no#add chain=input protocol=tcp dst-port=21 srcaddress-list=ftp_blacklist action=drop comment=Filter FTP to Box
\#disabled=no#add chain=output protocol=tcp content=530 Login incorrect dstlimit=1/1m,9,dst-address/1m action=accept comment= \#disabled=no#add chain=output
protocol=tcp content=530 Login incorrect action=add-dst-to-address-list addresslist=ftp_blacklist \#address-list-timeout=3h comment= disabled=no#add
chain=forward protocol=tcp action=jump jump-target=tcp comment=Separate Protocol
into Chains disabled=no#add chain=forward protocol=udp action=jump jump-target=udp
comment= disabled=no#add chain=forward protocol=icmp action=jump jump-target=icmp
comment= disabled=no#add chain=input protocol=tcp action=jump jump-target=tcp
comment= disabled=no#add chain=input protocol=udp action=jump jump-target=udp
comment= disabled=no#add chain=udp protocol=udp dst-port=69 action=drop
comment=Blocking UDP Packet disabled=no#add chain=udp protocol=udp dst-port=111
action=drop comment= disabled=no#add chain=udp protocol=udp dst-port=135
action=drop comment= disabled=no#add chain=udp protocol=udp dst-port=445
action=drop comment= disabled=no#add chain=udp protocol=udp dst-port=137-139
action=drop comment= disabled=no#add chain=udp protocol=udp dst-port=2049
action=drop comment= disabled=no#add chain=udp protocol=udp dst-port=3133
action=drop comment= disabled=no#add chain=tcp protocol=tcp dst-port=25
action=drop comment=Bloking TCP Packet disabled=no#add chain=tcp protocol=tcp
dst-port=69 action=drop comment= disabled=no#add chain=tcp protocol=tcp dst-

port=111 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=137-139 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=135 action=drop comment= disabled=no#add chain=tcp protocol=tcp dst-port=119
action=drop comment= disabled=no#add chain=tcp protocol=tcp dst-port=445
action=drop comment= Virus Conficker disabled=no#add chain=tcp protocol=tcp
dst-port=2049 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=12345-12346 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=20034 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=3133 action=drop comment= disabled=no#add chain=tcp protocol=tcp dstport=67-68 action=drop comment= disabled=no#add chain=icmp protocol=icmp icmpoptions=0:0-255 limit=5,5 action=accept comment=Limited Ping Flood
disabled=no#add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5
action=accept comment= disabled=no#add chain=icmp protocol=icmp icmp-options=3:3
limit=5,5 action=accept comment= disabled=no#add chain=icmp protocol=icmp icmpoptions=11:0-255 limit=5,5 action=accept comment= disabled=no#add chain=icmp
protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment= disabled=no#add
chain=icmp protocol=icmp action=drop comment= disabled=no#add chain=input dstaddress-type=broadcast action=accept comment=Allow Broadcast Traffic
disabled=no#add chain=input connection-state=established action=accept
comment=Connection State disabled=no#add chain=input connection-state=related
action=accept comment= disabled=no#add chain=input protocol=icmp limit=50/5s,2
action=accept comment= disabled=no#add chain=input connection-state=invalid
action=drop comment= disabled=no#/ ip firewall service-port#set ftp ports=21
disabled=yes#set tftp ports=69 disabled=yes#set irc ports=6667
disabled=yes#set h323 disabled=yes#set quake3 disabled=yes#set gre
disabled=yes#set pptp disabled=yes#/ ip hotspot service-port#set ftp ports=21
disabled=no#/ ip hotspot profile#set default name=default hotspot-address=0.0.0.0
dns-name= html-directory=hotspot rate-limit= http-proxy=0.0.0.0:0 \#smtpserver=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-userdomain=no use-radius=no#/ ip hotspot user profile#set default name=default idletimeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1
\#transparent-proxy=yes open-status-page=always advertise=no#/ ip dhcp-server#add
name=dhcp1? interface=Local lease-time=3d address-pool=dhcp_pool1 bootpsupport=static authoritative=after-2sec-delay \#disabled=no#/ ip dhcp-server
config#set store-leases-disk=5m#/ ip dhcp-server lease#/ ip dhcp-server network#add
address=10.2.1.0/24 gateway=10.2.1.253 comment=#/ ip ipsec proposal#add
name=default auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0
pfs-group=modp1024 disabled=no#/ ip web-proxy#set enabled=yes src-address=0.0.0.0
port=3128 hostname=proxy transparent-proxy=yes parent-proxy=0.0.0.0:0 \#cacheadministrator=webmaster max-object-size=4096KiB cache-drive=system max-cachesize=unlimited \#max-ram-cache-size=unlimited#/ ip web-proxy access#add dstport=23-25 action=deny comment=block telnet & spam e-mail relaying disabled=no#/
ip web-proxy cache#add url=:cgi-bin \\? action=deny comment=dont cache dynamic
http pages disabled=no#/ system logging#add topics=info prefix= action=memory
disabled=no#add topics=error prefix= action=memory disabled=no#add topics=warning
prefix= action=memory disabled=no#add topics=critical prefix= action=echo
disabled=no#/ system logging action#set memory name=memory target=memory memorylines=100 memory-stop-on-full=no#set disk name=disk target=disk disk-lines=100
disk-stop-on-full=no#set echo name=echo target=echo remember=yes#set remote
name=remote target=remote remote=0.0.0.0:514#/ system upgrade mirror#set
enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d
user=#/ system clock dst#set dst-delta=+00:00 dst-start=jan/01/1970 00:00:00?
dst-end=jan/01/1970 00:00:00?#/ system watchdog#set reboot-on-failure=yes watchaddress=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-sendsupout=no#/ system console#add port=serial0 term= disabled=no#set FIXME
term=linux disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#/ system console screen#set line-

count=25#/ system identity#set name=ROUTER-NET#/ system note#set show-atlogin=yes note=#/ port#set serial0 name=serial0? baud-rate=9600 data-bits=8
parity=none stop-bits=1 flow-control=hardware#/ ppp profile#set default
name=default use-compression=default use-vj-compression=default useencryption=default only-one=default \#change-tcp-mss=yes comment=#add name=vpn
local-address=vpn remote-address=vpn use-compression=default use-vjcompression=default \#use-encryption=required only-one=default change-tcpmss=default dns-server=203.130.193.74 comment=#set default-encryption
name=default-encryption use-compression=default use-vj-compression=default useencryption=yes \#only-one=default change-tcp-mss=yes comment=#/ ppp secret#add
name=areksitiung service=pptp caller-id= password=sentot profile=vpn
routes= limit-bytes-in=0 \#limit-bytes-out=0 comment= disabled=no#/ ppp aaa#set
use-radius=yes accounting=yes interim-update=0s#/ queue type#set default
name=default kind=pfifo pfifo-limit=50#set ethernet-default name=ethernetdefault kind=pfifo pfifo-limit=50#set wireless-default name=wireless-default
kind=sfq sfq-perturb=5 sfq-allot=1514#set synchronous-default name=synchronousdefault kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \#redburst=20 red-avg-packet=1000#set hotspot-default name=hotspot-default kind=sfq
sfq-perturb=5 sfq-allot=1514#add name=default-small kind=pfifo pfifo-limit=10#/
queue simple#add name=DreamNet target-addresses=192.168.1.0/24 dstaddress=0.0.0.0/0 interface=Local parent=none direction=both \#priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=Down_Services dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_download_packet direction=both \#priority=5
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=Ensign_Services dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_ensign_packet direction=both \#priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=User_Request dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_request_packet direction=both \#priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=Communication target-addresses=0.0.0.0/0 dstaddress=0.0.0.0/0 interface=all parent=none \#packet-marks=prio_comm_packet
direction=both priority=3 queue=default-small/default-small limit-at=0/0 maxlimit=0/0 \#total-queue=default-small disabled=no#add name=Kasir targetaddresses=192.168.1.99/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default-small \#disabled=no#add name=Client1?
target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=Local
parent=DreamNet direction=both \#priority=8 queue=default-small/default-small
limit-at=16000/32000 max-limit=32000/128000 total-queue=default \#disabled=no#add
name=Client2? target-addresses=192.168.1.4/32 dst-address=0.0.0.0/0
interface=Local parent=DreamNet direction=both \#priority=8 queue=defaultsmall/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default
\#disabled=no#add name=Client3? target-addresses=192.168.1.5/32 dstaddress=0.0.0.0/0 interface=Local parent=DreamNet direction=both \#priority=8
queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000
total-queue=default \#disabled=no#add name=Client4? targetaddresses=192.168.1.6/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client5? targetaddresses=192.168.1.7/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client6? targetaddresses=192.168.1.8/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client7? targetaddresses=192.168.1.9/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000

max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client8? targetaddresses=192.168.1.10/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet

direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client9? targetaddresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default-small/default-small limit-at=16000/32000
max-limit=32000/128000 total-queue=default \#disabled=no#add name=Client10?
target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=Local
parent=DreamNet direction=both \#priority=8 queue=default-small/default-small
limit-at=16000/32000 max-limit=32000/128000 total-queue=default \#disabled=no#/
user#add name=admin group=full address=0.0.0.0/0 comment=system default user
disabled=yes#add name=areksitiung group=full address=0.0.0.0/0 comment=
disabled=no#add name=nanda group=full address=0.0.0.0/0 comment=
disabled=no#add name=riko group=full address=0.0.0.0/0 comment= disabled=no#add
name=padang group=full address=0.0.0.0/0 comment= disabled=no#/ user group#add
name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!
write,!policy#add name=write
policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy#add
name=full
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web#/
user aaa#set use-radius=no accounting=yes interim-update=0s default-group=read#/
radius incoming#set accept=no port=1700#/ driver#/ snmp#set enabled=no contact=
location=#/ snmp community#set public name=public address=0.0.0.0/0 readaccess=yes#/ tool bandwidth-server#set enabled=yes authenticate=yes allocate-udpports-from=2000 max-sessions=10#/ tool mac-server ping#set enabled=yes#/ tool email#set server=0.0.0.0 from=<>#/ tool sniffer#set interface=all only-headers=no
memory-limit=10 file-name= file-limit=10 streaming-enabled=no streamingserver=0.0.0.0 \#filter-stream=yes filter-protocol=ip-only filteraddress1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535#/ tool graphing#set
store-every=5min#/ tool graphing queue#add simple-queue=all allow-address=0.0.0.0/0
store-on-disk=yes allow-target=yes disabled=no#/ tool graphing resource#add allowaddress=0.0.0.0/0 store-on-disk=yes disabled=no#/ tool graphing interface#add
interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no#/ routing
ospf#set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no \#redistribute-bgp=no metric-default=1
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20#/ routing ospf
area#set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import= \#prefix-list-export= disabled=no#/
routing bgp#set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no
redistribute-connected=no redistribute-rip=no \#redistribute-ospf=no#/ routing
rip#set redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-static=1 \#metric-connected=1 metric-ospf=1 metric-bgp=1
update-timer=30s timeout-timer=3m garbage-timer=2m# HYPERLINK
"http://cybermuttaqin.co.cc/?p=270" \o "Permanent Link to Bikin billing Hotspot!"
#Bikin billing Hotspot!# # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###August 20th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# Setting # HYPERLINK "http://www.billinghotspot.com/" \t "_blank"
#Billing Hotspot# integrasi Router Mikrotik sangatlah mudah, setalah # HYPERLINK
"http://www.kotainternet.com/installasi-router-mikrotik.html" #install mikrotik#
dengan benar, jalankan aplikasi Winbox Loader sehingga anda bisa mengkonfigurasi
Mikrotik Router dari Desktop Windows secara mudah dan cepat tanpa harus menghafal
command line Mikrotik. Setelah klik dua kali aplikasi Winbox maka akan muncul
tampilan sebagai berikut :# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/014.gif" \* MERGEFORMATINET ###Setelah itu klik tanda
maka akan muncul MAC Address Mikrotik yang sedang aktif dalam hal ini klik dua kali

Mac Address 00:0B:CD:64:D9:22 dan isikan user admin dan password secara default
adalah kosong kemudian klik Connect# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/02.gif" \* MERGEFORMATINET
###IP ==> Address List#Klik tanda plus |+| kemudian pada Address kemudian isikan
nomor IP yang diinginkan misal 192.168.1.110/24 (slash 24 artinya nanti secara
otomatis akan mengisi Network dan Broadcast). Kemudian pada Interface pilih
ether1 dimana ether1 yang akan terhubung dengan Modem/ISP.# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/03.gif" \* MERGEFORMATINET
###IP ==> Route List#Klik tanda plus |+| kemudian pada Gateway isikan IP Gateway
anda, misal 192.168.1.1 Kemudian klik OK# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/04.gif" \* MERGEFORMATINET
###New Terminal#Maka akan muncul tampilan konsole sebagai berikut dan kemudian
lakukan ping ke Gateway Internet anda, ketikkan ping 192.168.1.1 Jika berhasil maka
akan tampilan seperti gambar di bawah ini dan itu artinya jaringan dari Mikrotik ke
Gateway/Modem telah terhubung dengan normal.# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/05.gif" \* MERGEFORMATINET
###Interface ==> Interface List#Ini adalah untuk melihat interface atau Ethernet
card yang mana sedang aktif (konek ke jaringan) yaitu pada posisi Tx dan Rx
maka akan muncul trafik xxx bps. Dalam hal ini adalah ether1 sedang terhubung
dengan jaringan LAN# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/06.gif" \* MERGEFORMATINET ###IP ==> DNS #Kemudian klik
Setting pada Primary DNS isikan DNS1 misal 202.134.1.10 dan pada Secondary
DNS isikan DNS2 misal 202.134.0.155 dan jika setelah klik OK# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/07.gif" \* MERGEFORMATINET
###New Terminal#Lakukan testing ping keluar yaitu ke internet misal ke google.com
dengan mengetikkan perintah ping google.com jika hasil seperti di bawah ini maka
koneksi internet anda sudah konek.# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/08.gif" \* MERGEFORMATINET ###IP ==> Hotspot ==> Hotspot
Setup#Pada Hotspot Interface pilih ether yang mana yang ingin di jadikan untuk
hotspot, dalam hal ini adalah ether3 dan jika ada wireless antena anda pilih
wireless. Kemudian klik Next# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/09.gif" \* MERGEFORMATINET ###Pada Local Address of
Network adalah Gateway Hotspot anda, kemudian klik Next# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/10.gif" \* MERGEFORMATINET
###Pada Address Pool of Network adalah Range IP DHCP yang nantinya di berikan ke
user hotspot. Anda bisa tentukan berapa range IP inginkan dalam hal ini adalah dari
10.5.50.2 s/d 10.5.50.254 kemudian klik Next# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/11.gif" \* MERGEFORMATINET
###Pada Select Certificate pilih none kemudian klik Next# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/12.gif" \* MERGEFORMATINET
###Pada IP Address of SMTP Server biarkan kosong kemudian klik Next#
INCLUDEPICTURE "http://www.kotainternet.com/wp-content/uploads/2008/11/13.gif" \*
MERGEFORMATINET ###Pada DNS Servers sudah terisi DNS anda dengan benar dan
langsung aja klik Next# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/14.gif" \* MERGEFORMATINET ###Pada DNS Name biarkan saja
kosong kemudian klik Next# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/15.gif" \* MERGEFORMATINET ###Kemudian langsung saja klik
Next# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/16.gif" \* MERGEFORMATINET ###Setelah selesai maka akan
muncul kotak dialog sebagai berikut kemudian klik OK# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/17.gif" \* MERGEFORMATINET
###Kemudian lanjutkan dengan konfigurasi Hotspot Mikrotik agar terkoneksi dengan
software Billing Hotspot sebaik berikut :IP ==> Hotspot ==> Server Profiles ==>
hsprof1 (klik 2x)#Dari tab General pindah ke tab Login kemudian hilangkan tanda
centang (uncheck) pada Cookies kemudian klik Apply# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/18.gif" \* MERGEFORMATINET
###Kemudian pindah ke tab Radius dan hilangkan tanda centang (uncheck) pada Use
RADIUS kemudian klik Apply lalu klik OK# HYPERLINK
"http://www.kotainternet.com/wp-content/uploads/2008/11/19.gif" ## INCLUDEPICTURE

"http://www.kotainternet.com/wp-content/uploads/2008/11/19.gif" \* MERGEFORMATINET
####Radius#Klik tanda plus |+| dan pada tab General beri tanda centang pada
service hotspot kemudian pada Address isikan IP Address radius server Billing
Hotspot (PC Linux) dan Secret isikan secret id misal 123457890 sesuai yang anda
isikan di Linux, kemudian jika selesai klik OK# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/21.gif" \* MERGEFORMATINET
###Agar Halaman Login User Hotspot muncul halaman login Billing Hotspot seperti
gambar di bawah ini# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/login-page-hotspot-billing.gif" \* MERGEFORMATINET ###IP
==> Hotspot ==> Walled Garden#Klik tanda plus |+| dan pada posisi Action = allow
pilih Dst. Address isikan nomer IP server Billing Hotspot, misal 192.168.1.10
kemudian klik OK# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/11/231.gif" \* MERGEFORMATINET ####Jika selesai lakukan upload
file ke dalam mikrotik yang udah di konfigurasi oleh Team software Billing Hotspot
Langkah selanjutnya agar Billing Hotspot terintegrasi dengan Router Mikrotik, anda
harus login dulu ke Billing Hotspot Manager. Masukkan username, password dan
Security Code dengan benar seperti berikut ini.# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/login.gif" \*
MERGEFORMATINET ###Setelah berhasil masuk ke Billing Hotspot Manager, masuk Menu
Preference ==> Setting Service ==> Pilih /var/www/html/config.client.php kemudian
klik Edit dan jika selesai klik Save$ipServer=192.168.1.2; ==> isikan nomor
IP Server Billing Hotspot#$ipMikrotik=192.168.1.10; ==> isikan nomor IP Router
Mikrotik#$userMikrotik=admin; ==> isikan nama user Router
Mikrotik#$passMikrotik=admin; ==> isikan password Router Mikrotik# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/configclient.gif" \*
MERGEFORMATINET ###Bila tidak bisa di simpan masuk ke Konsole sebagai root di Linux
dan ketikkan perintah chmod 775 /var/www/html/config.client.phpMasuk Preference
==> Setting Service ==> Pilih /etc/raddb/clients.conf kemudian klik Edit tarik
scroll ke baris paling bawah kemudian tambahkan empat baris perintah sebagai
berikut dan jika selesai klik Saveclient 192.168.1.2 ==> isikan dengan nomor IP
Router Mikrotik#secret=123457890 ==> isikan secret sesuai di RADIUS
Mikrotik#shortname=mikrotik ==> isikan dengan nama label mikrotik# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/clientconf.gif" \*
MERGEFORMATINET ###Masuk Preference ==> Setting Service ==> Pilih
/etc/raddb/naslist kemudian klik Edit# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/11/naslist.gif" \*
MERGEFORMATINET ###Bila tidak bisa di simpan masuk ke Konsole sebagai root di Linux
dan ketikkan perintah chmod 775 /etc/raddb/naslist# HYPERLINK
"http://cybermuttaqin.co.cc/?p=267" \o "Permanent Link to Konfigurasi Hotspot
Mikrotik" #Konfigurasi Hotspot Mikrotik# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###August 20th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author:
# HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o "Author" #admin# Setting
Hotspot pada Mikrotik Router OS sangat mudah dikonfigurasi. Sistem autentikasi
hotspot biasa digunakan ketika kita akan menyediakan akses internet pada areal
publik, seperti : Hotel, caf, Kampus, airport, taman, mall dll. Teknologi akses
internet ini biasanya menggunakan jaringan wireless atau wired. Biasanya
menyediakan akses internet gratis dengan menggunakan hotspot atau bisa juga
menggunakan Voucher untuk autentikasinya. Ketika membuka halaman web maka router
akan mengecek apakah user sudah di autentikasi atau belum. Jika belum melakukan
autentikasi, maka user akan di arahkan pada hotspot login page yang mengharuskan
mengisi username dan password. Jika informasi login yang dimasukkan sudah benar,
maka router akan memasukkan user tersebut kedalam sistem hotspot dan client sudah
bisa mengakses halaman web. Selain itu akan muncul popup windows berisi status ip
address, byte rate dan time live. Penggunaan akses internet hotspot dapat dihitung

berdasarkan waktu (time-based) dan data yang di download/upload (volume-based).

Selain itu dapat juga dilakukan melimit bandwidth berdasarkan data rate, total data
upload/download atau bisa juga di limit berdasarkan lama pemakaian.Cara mudah
setting hotspot pada mikrotik adalah ada 2 (dua) pilihan selain menggunakan teks
mode kita juga bisa menggunakan setting wizard dengan menggunakan Winbox Router OS,
Langkah-langkat berikut merupakan konfigurasi dasar hotspot mikrotik sebagai
Gateway Server. Pertama install Mikrotik Router OS pada PC atau pasang DOM atau
kalau menggunakan Rouer Board langsung aja Login = admin sedangkan untuk pasword
anda kosongin untuk defaultnya.Masuk ke IP ==> Hotspot ==> Setup# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/05/hotspot-mikrotik1.gif" \*
MERGEFORMATINET ###Kemudian tentukan IP lokal hospot yang akan ada gunakan, misal
192.168.10.1 dan Tentukan IP DHCP ke clientnya yang akan anda gunakan, dalam contoh
ini adalah 192.168.10.2-192.168.10.255# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/05/hotspot1.gif" \*
MERGEFORMATINET #### INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/hotspot3.gif" \* MERGEFORMATINET ###Untuk SMTP Server
sebaiknya anda kosongin saja, Kemudian DNS servernya anda isikan sesuaikan dengan
Provider anda, dalam contoh ini adalah DNS1=202.47.78.1 DNS2=202.47.78.9#
INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/hotspot4.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/05/hotspot5.gif" \*
MERGEFORMATINET ###DNS lokal hotspot anda NEXT saja kemudian pada Hotspot user
anda dalam contoh berikut diisi admin password admin123# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/05/hotspot6.gif" \*
MERGEFORMATINET #### INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/hotspot7.gif" \* MERGEFORMATINET ###Hotspot Server Profile
digunakan untuk mensetting server yang akan sering digunakan untuk semua user
seperti metode autentikasi dan Limitasi data rate. Ada 6 jenis autentikasi Hotspot
mikrotik yang berbeda dalam profile setting, jenis autentikas tersebut adalah :
HTTP PAP, HTTP CHAP, HTTPS, HTTP cookie, MAC address, Trial# INCLUDEPICTURE
"http://www.kotainternet.com/wp-content/uploads/2008/05/new-hotspot-server.gif" \*
MERGEFORMATINET #### INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/hotspot-profile.gif" \* MERGEFORMATINET ###Metode
autentikasi yang akan digunakan, biasanya cukup menggunakan metode HTTP CHAP#
INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/autentikasi.gif" \* MERGEFORMATINET ###Data rate
limitation digunakan sebagai default setting untuk user yang belum di setting
bandwidth limit pemakaiannya. Dimana RX adalah Client upload dan TX adalah Client
download. Misal setting default data rate di 64k/128k (upload/download)#
INCLUDEPICTURE "http://www.kotainternet.com/wp-content/uploads/2008/05/bandwidthlimit.gif" \* MERGEFORMATINET ###Hotspot user profile digunakan untuk menyimpan
data user yang akan dibuatkan rule profilenya. Dimana didalamnya bisa dilakukan
setting firewall filter chain untuk traffic yang keluar/masuk, juga bisa untuk
mensetting limitasi data rate dan selain itu dapat juga dilakukan paket marking
untuk setiap user yang masuk kedalam profile tersebut secara otomatis.##
INCLUDEPICTURE "http://www.kotainternet.com/wp-content/uploads/2008/05/hotspotuser-profile.gif" \* MERGEFORMATINET ###Hotspot user yaitu nama-nama user yang akan
diautentikasi pada sistem hotspot. Beberapa hal yang dapat dilakukan dalam
konfigurasi hotspot user yaitu : username dan password, Membatasi user berdasarkan
waktu dan paket data yang akan digunakan, hanya ip address tertentu dari ip address
dhcp yang ditawarkan atau hanya mengizinkan user untuk koneksi ke sistem hotspot
dari MAC Address tertentu saja.# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/hotspot-user.gif" \* MERGEFORMATINET ###IP Bindings
digunakan untuk mengizinkan ip tertentu untuk membypass autentikasi hotpot, ini
sangat berguna sekali ketika kita ingin menjalankan layanan server, atau IP
telephony dibawah system hotspot. Misal, PC atau Notebook anda untuk dapat
membypass hotspot system, dengan demikian anda dapat melakukan browsing tanpa
autentikasi# INCLUDEPICTURE "http://www.kotainternet.com/wpcontent/uploads/2008/05/ip-binding.gif" \* MERGEFORMATINET #### INCLUDEPICTURE

"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=267" \l "respond" \o
"Comment on Konfigurasi Hotspot Mikrotik" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=265" \o "Permanent Link to pantau yang flooding ala
om tamam" #pantau yang flooding ala om tamam# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###August 12th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# pagi2 iseng2 say hallo to om tamam yg super sibuk orang
nya..hahahah # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/icon_mrgreen.gif" \*
MERGEFORMATINET ###(becanda OMz)..nie trik dari om tamam .tau deh ap namanyasemoga
berguna. # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/peace1.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/peace1.gif" \* MERGEFORMATINET
###ok langsung aj..#buka winbox nya trus login..masuk ke system trus klik
loggingpilih rule klik tanda + maka muncul lah seperti gmbar di bawah ini. untuk
topics arahkan ke web-proxy,prefix di biarin kosong..lalu untuk action pilih action
satu etis tunggu dulupertama2 aq jg bingung,..kok di winbox q nggk nampil
action1..bersambung.. # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/icon_mrgreen.gif" \*
MERGEFORMATINET #### INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET ##### INCLUDEPICTURE
"http://img193.imageshack.us/img193/9587/mk1.gif" \* MERGEFORMATINET ###setalah
langkah di atas selesai selanjutnya klik menu di sebelah rule yaitu actions untuk
namedefault action1 trus untuk type pilih echo..kemudian centang save trus klik
apply..# INCLUDEPICTURE "http://img199.imageshack.us/img199/6408/mk2.gif" \*
MERGEFORMATINET ### alhamdulillah selesai ..eitsss tunggu jangan lupa untuk check
dns anda klik ipdnssetting pastikan allow remote request nya sudah di
centang..setalah itu reboot miketek anda setelah berhasil reebot..login kembali
dengan winbox..trus klik new terminal..insyaALLAh keliatan tan tuh log2 ip client
yg lagi akses..liatin aj..klo memang ad yang mencurigakan alias bukan dari client
kita..blocking aj deh.. # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/icon_mrgreen.gif" \*
MERGEFORMATINET ###pegal juga ngetik sebanyak ini..nggk ad bakat jadi writer neh..
# INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/icon_mrgreen.gif" \*
MERGEFORMATINET ###or untuk keterangan lebih lanjut hub segera (kyk dokter aj #
INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpadmin/images/smilies/icon_mrgreen.gif" \* MERGEFORMATINET #### INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-admin/images/smilies/icon_mrgreen.gif" \*
MERGEFORMATINET ###) mampir aj ke blog om tamam # HYPERLINK
"http://tamampapua.wordpress.com/" #http://tamampapua.wordpress.com/#semoga
bermanfaat.# INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE

"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=265"
\l "respond" \o "Comment on pantau yang flooding ala om tamam" #No Comments # #
HYPERLINK "http://cybermuttaqin.co.cc/?p=227" \o "Permanent Link to Rate-limiting
RapidShare Mikrotik" #Rate-limiting RapidShare Mikrotik# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# I have to say that RapidShare is a great invention, but sometimes
it can be a problem that they are so well connected *G* Compared to
torrent/edonkey/ RapidShare customers normally have full speed for their downloads
from the very first second. RapidShare is connected by many HUGE carriers, like
Global Crossing (Tier 1), Cogent (Tier 1), Level3 (Tier 1), which is just great
for the person downloading, but on the other hand its sometimes a pain in the
admins a**. The bandwidth you are giving your customers will be used for the
download completelly! A lets say 8mbit cable client will download with 8mbit. If
you want the customers to browse the web lightning fast but dont want him to
constantly consume his full bandwidth by downloading multiple gigs from RapidShare,
you could do the following:Create an address list with all RapidShare networks
(2008-12-03)/ip firewall address-list#add address=62.140.31.0/24
list=RapidShare#add address=62.153.244.0/24 list=RapidShare#add
address=62.67.46.0/24 list=RapidShare#add address=62.67.50.0/24 list=RapidShare#add
address=62.67.57.0/24 list=RapidShare#add address=64.211.146.0/24
list=RapidShare#add address=64.214.225.0/24 list=RapidShare#add
address=64.215.245.0/24 list=RapidShare#add address=80.152.62.0/24
list=RapidShare#add address=80.231.128.0/24 list=RapidShare#add
address=80.231.24.0/24 list=RapidShare#add address=80.231.41.0/24
list=RapidShare#add address=80.231.56.0/24 list=RapidShare#add
address=80.239.137.0/24 list=RapidShare#add address=80.239.151.0/24
list=RapidShare#add address=80.239.152.0/24 list=RapidShare#add
address=80.239.159.0/24 list=RapidShare#add address=80.239.226.0/24
list=RapidShare#add address=80.239.236.0/24 list=RapidShare#add
address=80.239.239.0/24 list=RapidShare#add address=82.129.33.0/24
list=RapidShare#add address=82.129.35.0/24 list=RapidShare#add
address=82.129.36.0/24 list=RapidShare#add address=82.129.39.0/24
list=RapidShare#add address=195.122.131.0/24 list=RapidShare#add
address=195.122.149.0/24 list=RapidShare#add address=195.122.151.0/24
list=RapidShare#add address=195.122.152.0/24 list=RapidShare#add
address=195.122.153.0/24 list=RapidShare#add address=195.219.1.0/24
list=RapidShare#add address=206.57.14.0/24 list=RapidShare#add
address=207.138.168.0/24 list=RapidShare#add address=208.48.186.0/24
list=RapidShare#add address=212.162.2.0/24 list=RapidShare#add
address=212.162.63.0/24 list=RapidShare#add address=217.243.210.0/24
list=RapidShareBTW: It was a quick and dirty awk hack with /24 only, but
195.122.152.0 could be added as /23 as well!Now lets mark all traffic that matches
the address list/ip firewall mangle#add action=mark-connection chain=prerouting
comment=Entire Traffic \#disabled=no new-connection-mark=Entire Traffic
\#passthrough=yes#add action=mark-connection chain=prerouting \#comment=RapidShare
Connections connection-mark=Entire Traffic \#disabled=no new-connectionmark=RapidShare Connections \#passthrough=yes src-address-list=RapidShare#add
action=mark-packet chain=prerouting comment=RapidShare Traffic \#connectionmark=RapidShare Connections disabled=no \#new-packet-mark=RapidShare Traffic
passthrough=noThis is the interessting part: Limit em *G* (in this case its
1M)/queue simple#add comment=RapidShare direction=both disabled=no \#dstaddress=0.0.0.0/0 interface=all limit-at=1000000/1000000 \#max-

limit=1000000/1000000 name=RapidShare \#packet-marks=RapidShare Traffic

parent=none priority=8 \#queue=default-small/default-small total-queue=defaultsmall# INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=227" \l "respond" \o
"Comment on Rate-limiting RapidShare Mikrotik" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=225" \o "Permanent Link to Limit Different Bandwidth
In Day and Night in Mikrotik" #Limit Different Bandwidth In Day and Night in
Mikrotik# # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# There are lot many ways to limit bandwidth for day and Night, but
personally I found this is the easiest way, Here it is.I have used Simple Queue,
Script and Scheduler.Suppose we have one network 192.168.1.0/24 and want to limit
Bandwidth for day and Night Time.Network 192.168.1.0/24#Bandwidth = 06:00am
18:00pm 1Mbps.#Bandwidth = 18:00pm 06:00am 2Mbps. Create two simple queues
for the same network with different Bandwidth Limit./queue simple##name=Day
target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0#interface= parent=none
direction=both priority=8#queue=default-small/default-small limit-at=512k/512k#maxlimit=1M/1M total-queue=default-small#name=Night target-addresses=192.168.1.0/24
dst-address=0.0.0.0/0#interface= parent=none direction=both
priority=8#queue=default-small/default-small limit-at=1M/1M#max-limit=2M/2M totalqueue=default-smallNow, write scripts/system script##name=Day source=/queue
simple enable Day; /queue simple disable Night#name=Night source=/queue simple
enable Night; /queue simple disable DayFinally, Schedule it/system
scheduler##name=Day on-event=Day start-date=oct/13/2007 start-time=06:00:00
interval=1d#name=Night on-event=Night start-date=oct/13/2007 start-time=18:#
INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=225" \l "respond" \o
"Comment on Limit Different Bandwidth In Day and Night in Mikrotik" #No Comments #
# HYPERLINK "http://cybermuttaqin.co.cc/?p=222" \o "Permanent Link to Ngeblok
Koneksi Bit-Torrent Di Mikrotik" #Ngeblok Koneksi Bit-Torrent Di Mikrotik# #
INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# Sebenarnya cara ngeblok software download per-to-per ini sangat
mudah dengan simple scripts yaitu/ip firewall filter add chain=forward p2p=bittorrent action=dropBisa di Cek deh Trafiknya. # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wp-includes/images/smilies/icon_razz.gif" \*
MERGEFORMATINET ###[admin@Cendekia] /queue simple> print#Flags: X disabled, I
invalid, D dynamic#0 name=P2P dst-address=0.0.0.0/0 interface=ether4
parent=none#direction=both priority=8 queue=wireless-default/wirelessdefault#limit-at=1000000/64000 max-limit=1000000/64000#total-queue=default-small
time=0s-1d,sun,mon,tue,wed,thu,fri,sat#p2p=all-p2p# INCLUDEPICTURE

"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=222" \l "respond" \o
"Comment on Ngeblok Koneksi Bit-Torrent Di Mikrotik" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=212" \o "Permanent Link to Caching YouTube via
Mikrotik" #Caching YouTube via Mikrotik# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# Untuk menyimpan video streaming dari # HYPERLINK
"http://www.youtube.com/" \t "_blank" #YouTube# ke dalam # HYPERLINK
"http://www.mikrotik.com/testdocs/ros/2.9/ip/webproxy.php" \t "_blank" #Web
proxynya# Mikrotik.Perintah:#/ip web-proxy access add url=http*youtube*get_video*
action=allow comment=youtube disabled=noSumber # HYPERLINK
"http://forum.mikrotik.com/" \t "_blank" #Forum Mikrotik## INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png"
\* MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=212" \l "respond"
\o "Comment on Caching YouTube via Mikrotik" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=211" \o "Permanent Link to The Little Guide to MT
Hotspot" #The Little Guide to MT Hotspot# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# This little guide takes you through a step-by-step approach to
setting up a simple hotspot using the excellent MikroTik RouterOS software. Some
detail and explanations are left out to keep things clearer. This guide assumes
that you have installed RouterOS v2.9.27 and upwards.Code:#[admin@MikroTik] >
system reset(The system restores itself to a clean install state and reboots)Lets
see what interfaces we have on the computer:#Code:#[admin@MikroTik] > /interface
printFlags: X disabled, D Dynamic, R Running## NAME TYPE MTU#0 X ether1 ether
1500#1 X ether2 ether 1500(You can see that there are two Ethernet ports on this
computer, both disabled)#So lets enable them both:#Code:#[admin@MikroTik]
interface> set 0,1 disabled=no#[admin@MikroTik] interface> printFlags: X
disabled, D Dynamic, R Running## NAME TYPE MTU#0 R ether1 ether 1500#1 R ether2
ether 1500Lets give the Ethernet ports names, as its getting complicated already:
Code:#[admin@MikroTik] interface> set 0 name=hotspot#[admin@MikroTik] interface>
set 1 name=internet#[admin@MikroTik] interface> printFlags: X disabled, D
Dynamic, R Running## NAME TYPE MTU#0 R internet ether 1500#1 R hotspot ether 1500
We can now more easily refer to the interfaces by name, which is also easier to
remember. Now, lets set up the address of Ethernet card on the internet side. In
this case, were going to call the MikroTik box 192.168.1.2 and the gateway (ie the
broadband router) as 192.168.1.1 and the DNS given to you by your ISP. In this
case, our example is using the DNS from Plusnet of 212.159.13.50
Code:#[admin@MikroTik] > /ip#[admin@MikroTik] ip> address add

address=192.168.1.2/24 interface=internet#[admin@MikroTik] ip> route add

gateway=192.168.1.1#[admin@MikroTik] ip> dns#[admin@MikroTik] ip dns> set primarydns=212.159.13.50#[admin@MikroTik] ip dns> set secondary-dns=212.159.11.50To speed
things up a little, you can cache dns requests local to the MikroTik box as
follows:Code:#[admin@MikroTik] ip dns> set allow-remoterequests=yes#[admin@MikroTik] ip dns> ..Now set up the hotspot side:
Code:#[admin@MikroTik] ip> hotspot#[admin@MikroTik] ip hotspot> setup#Select
interface on which to run HotSpot#Hotspot interface: hotspot#Enable universal
client configuration?#Enable universal client: yesThis is a feature that allows
remote computers to connect even if they have totally different network settings
already set up on themCode:#Local address of hotspot network gateway:
10.5.50.1/24#Masquerade hotspot network: yes#Address pool of hotspot network will
be: 10.5.50.2-10.5.50.254#ip address of smtp server: 192.168.1.3(We have to enter
here the IP address of your ISP SMTP server, or otherwise put the address of your
local one. If you dont have one, then just give it an an address on the internet
side of the MikroTik box)Code:#Use local DNS cache?#use local DNS cache: yes#Setup
DNS Configuration#dns servers: 192.168.1.2We enter here the IP address of the
MikroTik box on the internet side, becasue we have already set up a DNS cache
earlier.Code:#Name of hotspot user: admin#Password for the user: admin(This is the
hotspot administrator username and password keep the details safe)Code:#Select
another port for (www) service#Another port for service: 8081The port that you
specify here is the port for Winbox.Code:#Use transparent web proxy for hotspot
clients?#Use transparent web proxy: yes#And thats about it. Connect to your
MikroTik box from either the internet side using the address of
http://192.168.1.2:8081 or on the hotspot side (use your admin password).Download
the Winbox from that link, and go to the Hotspot section to manage users. And there
you have it your Hotspot.Taken From Mikrotik Forum# INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=211" \l "respond" \o
"Comment on The Little Guide to MT Hotspot" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=209" \o "Permanent Link to Mikrotik dan Squid Proxy"
#Mikrotik dan Squid Proxy# # INCLUDEPICTURE "http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# Alpha version#. o Instalasi Jaringan untuk Warnet dengan Mikrotik
dan Proxy o.[0] IntroInstalasi Mikrotik sebagai bandwidth management dengan Squid
Proxy Server#Bisa dipergunakan untuk Warnet, Laboratorium Perguruan tinggi atau
Sekolah[1] PersiapanPercobaan saat dilakukan dengan menggunakan PC, uraian
spesifikasinya sbb:o Spesifikasi Mesin Proxy pake CentOs 4.4#- Prosesor Pentium 4
Cpu Clock 2.4 Ghz#- RAM 512 MB#- Harddisk 40 GB#- satu buah Card LAN Dlinko
Spesifikasi Mesin Mikrotik#- Prosesor Pentium III Cpu Clock 1,3 Ghz#- RAM 256 MB#Harddisk 40 GB#- 2 Card LAN Dlink + 1 prolinkMesin silahkan disesuaikan sesuai
kondisi yang ada.(a) Skema/topologi jaringanAsumsi:Koneksi Internet dengan
menggunakan xDSL menggunakan modem, bisa lewat#infrastuktur telkom atau provider
lainnya. Untuk koneksi melalui provider#wireless bisa disesuaikan.
_(
o--+
____|
|
/
| Telpon
|
_/
-(
+--[_] Splitter
|
|
+----+
+---|
| Modem xDSL
+--*-+
(1)|
+---+
|
|
|
(3)
|
|
+|---------+
|
+-----+
| |. . . . . |
| a|
|
| +--|-|-|-|-+
+---|=====|
|
| | | |
|
|
|
| | | |
|
|---+
+-|-|-|--[client 1]

+----|
|b
+-|-|------------[client 2]
|
c|
|
+-|----------------------[client 3]
|
L-----J
+--------[client n]
|
(2)
d|
+-----+
|
| (4)
|=====|
|
|
|
|
|
|
|
|
L-----JKeterangan skema(1) = Modem xDSL (Ip Address :
192.168.1.1/24)#(2) = Mikrotik Box dengan 3 ethernet card yaitu a (publik), b
(local) dan c (Proxy)#(3) = SwitchUntuk sambungan ke Client. Asumsi Client
Jumlahnya 20 Client#Range Ip Address : 192.168.0.0/27#Alokasi Ip Client =
192.168.0.1-192.168.0.30#Ip Net ID : 192.168.0.0/27#Ip Broadcast : 192.168.0.31/27
(4) = Proxy Server Box(b) Alokasi IP Address[*] Mikrotik BoxKeterangan Skema#a =
ethernet card 1 (Publik) -> Ip Address : 192.168.1.2/24#b = ethernet card 2 (Local)
-> Ip Address : 192.168.0.30/27#c = ethernet card 3 (Proxy) -> Ip Address :
192.168.2.1/30Gateway : 192.168.1.1 (ke Modem)[*] Client#Client 1 Client n, Ip
Address : 192.168.0.n . n (1-30)Contoh:#Client 6#Ip Address :
192.168.0.6/27#Gateway : 192.168.0.30 (ke Mikrotik Box)[*] Linux untuk Proxyd =
ethernet card 4 (Linux) -> Ip Address : 192.168.2.2/30#Gateway : 192.168.2.1/30 (ke
ethernet 3 di Mikrotik)CATATAN :#- Angka dibelakang Ip address ( /27) sama dengan
nilai netmasknya#untuk angka (/27) nilainya sama dengan 255.255.255.224.Untuk Sub
Netmask blok ip address Local kelas C, dapat diuraikan#sebagai berikut :Subnetmask
kelas C#-#255.255.255.0 = 24 -> 254 mesin#.. .128 = 25 -> 128 mesin#.. .192 =
26 -> 64 mesin#.. .224 = 27 -> 32 mesin#.. .240 = 28 -> 16 mesin#.. .248 = 29 -> 8
mesin#.. .252 = 30 -> 4 mesin#.. .254 = 31 -> 2 mesin#.. .255 = 32 -> 1 mesin!!
Perlu dikurangin juga untuk 2 Ip adress yang tidak digunakan pada mesin.#Yaitu 1 ip
address untuk Network ID dan 1 ip address untuk broadcast- Susunan kabel UTP antara
(2)-Mikrotik Box dengan (4)-Linux Box adalah Cross,[2] Konfigurasi Dasar
Sebagaimana di gambarkan pada skema jaringan diatas, jenis sistem operasi yang
perlu disiapkan ada Sistem Operasi untuk Router yaitu Mikrotik RouterOS versi
2.9.27 level 6 dan Sistem Operasi Gnu/Linux distro CentOs versi 4.4 yang dipakai
nantinya untuk mesin Proxy.Informasi untuk mikrotik ini dapat dilihat pada official
websitenya di http://www.mikrotik.com dan http://www.mikrotik.co.id untuk
Indonesia.Silahkan siapkan dulu ISOnya, andaikata pembaca belum mempunyainya, untuk
ISO sample silahkan download di # HYPERLINK
"http://adminpreman.web.id/download/mikrotik-2.9.27.iso" \o "MT ISO" \t "_blank"
#SINI#.Begitu juga untuk Linux CentOsnya, silahkan download dahulu ISOnya di
http://mirror.nsc.liu.se/CentOS/4.4/isos/i386/. CentOS ini versi 4.4.Sesuaikan saja
Sistem Operasinya jika pembaca ingin memamakai Sistem Operasi yang berbeda dari
percobaan yang dilakukan. Misalnya untuk mikrotik memakai MT Versi 2.8.x atau
diatasnya lagi, begitu juga dengan Linux, silahkan dipilih sendiri Distrobusi yang
disukai. Secara konsep konfigurasinya sama.Nah, di anggap kedua mesin telah
siap beroperasi tentu telah di installkan pada kedua mesin, Untuk Mikrotik
silahkan lihat metode instalasinya di # HYPERLINK
"http://www.mikrotik.com/testdocs/ros/2.9/guide/cdinstall.php" \o "Instalasi Dasar"
\t "_blank" #SINI# juga di # HYPERLINK
"http://www.mikrotik.com/testdocs/ros/2.9/guide/basic.php" \o "Instalasi Lanjut" \t
"_blank" #SINI#. Sedangkan untuk CentOs, jika pembaca ingin membuat partisi khusus
untuk /cache/ silahkan saja, Memang percobaan kali ini partisinya dibuat khusus.
Konfigurasi dasar.(a) Mikrotik- Instalasi paket SYSTEM, SECURITY, DHCP (optional)Set Ip addressnya sesuai dengan Skema, karena memeliki 3 card lan, maka#di set IP
address untuk ketiga card tersebut. Sesuaikan nama interfacenya#berdasarkan skema
diatas, berarti ada nama interface yaitu:#1. interface Public#2. interface Local#3.
interface Proxy#Interface#-#[admin@MikroTik] interface>
print#Flags: X disabled, D dynamic, R running## NAME TYPE RX-RATE TX-RATE
MTU#0 R public ether 0 0 1500#1 R proxy ether 0 0 1500#2 R local ether 0 0
1500#[admin@MikroTik] interface>#-Tentu saja nama
interface boleh tidak sesuai dengan nama diatas, terserah#pembaca. Yang jelas
ketiga interface diatas memiliki Subnet Ip address ber#beda, perhatikan skema.# IP
Address##[admin@MikroTik] > ip address print#Flags: X
disabled, I invalid, D dynamic## ADDRESS NETWORK BROADCAST INTERFACE#0
192.168.1.2/24 192.168.1.0 192.168.1.255 public#1 192.168.0.30/27 192.168.0.0

192.168.0.31 local#2 192.168.2.1/30 192.168.2.0 192.168.2.3 proxy#[admin@MikroTik]

>#- Set Ip Gateway atau routing. Untuk mikrotik
gatewaynya ke Modem yaitu 192.168.1.1# Ip Gateway
#[admin@MikroTik] > ip route print#Flags: X disabled,
A active, D dynamic,#C connect, S static, r rip, b bgp, o ospf## DSTADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE#0 ADC 192.168.2.0/30 192.168.2.1
proxy#1 ADC 192.168.0.0/27 192.168.0.30 local#2 ADC 192.168.1.0/24 192.168.1.2
public#3 A S 0.0.0.0/0 r 192.168.1.1 public#[admin@MikroTik]
>#- Set DNS#Ip DNS
#[admin@MikroTik] > [admin@MikroTik] >#invalid command
name#[admin@MikroTik] > ip dns print#primary-dns: 203.130.193.74#secondary-dns:
202.134.0.155#allow-remote-requests: yes#cache-size: 10240KiB#cache-max-ttl:
1w#cache-used: 271KiB#[admin@MikroTik] >#- Tambahkan
rule di /ip firewall nat nya, untuk masquarade.#Rule Firewall NAT, Redirect ke Web
Proxy-#[admin@MikroTik] ip firewall nat> pr#Flags: X
disabled, I invalid, D dynamic#0 chain=srcnat out-interface=public
action=masquerade1 chain=dstnat src-address=192.168.0.0/27 protocol=tcp dstport=80#action=redirect to-ports=80802 chain=dstnat src-address=192.168.0.0/27
protocol=tcp dst-port=8000#action=redirect to-ports=31283 chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=3128#action=redirect toports=8080#-# Bandwidth management dengan PCQ### Set
Trafik lewat Proxy dan Trafik Langsung/ ip firewall mangle#add chain=prerouting
src-address=192.168.n.n/27 action=mark-packet \#new-packet-mark=test-up
passthrough=no comment=UP TRAFFIC disabled=no#add chain=forward srcaddress=192.168.14.n.n/27 action=mark-connection \#new-connection-mark=test-conn
passthrough=yes comment=CONN-MARK \#disabled=no#add chain=forward ininterface=Public connection-mark=test-conn \#action=mark-packet new-packetmark=test-down passthrough=no comment= \#DOWN-DIRECT CONNECTION disabled=no#add
chain=output out-interface=Local dst-address=192.168.n.n/27 \#action=mark-packet
new-packet-mark=test-down passthrough=no \#comment=DOWN-VIA PROXY disabled=no
##### Set PCQ type/ queue type#add name=pcq-download kind=pcq pcq-rate=0 pcqlimit=50 \#pcq-classifier=dst-address pcq-total-limit=2000#add name=pcq-upload
kind=pcq pcq-rate=0 pcq-limit=50 \#pcq-classifier=src-address pcq-total-limit=2000
####### ini Queue Treenya Simple Amat/ queue tree#add name=downstream
parent=Local packet-mark=test-down limit-at=0 \#queue=pcq-download priority=8 maxlimit=0 burst-limit=0 burst-threshold=0 \#burst-time=0s disabled=no#add
name=upstream parent=global-in packet-mark=test-up limit-at=0 \#queue=pcq-upload
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \#burst-time=0s disabled=no
#Konfigurasi Squid.conf
#============================================================$#
rotor - www.somethink.org
$#
SQUID PROXY CACHE
$#
alpha version
$
#============================================================$http_port 8080
transparenticp_port 3130icp_query_timeout 0mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
#============================================================$hierarchy_stoplist
cgi-bin ? .js .jsp localhost visicom indosat.net.idacl QUERY urlpath_regex cgibin ? .js .jsp localhost visicom indosat.net.idno_cache deny QUERY
#============================================================$
#============================================================$# OPTIONS WHICH
AFFECT THE CACHE SIZE#============================================================$
cache_mem 8 MBmaximum_object_size 128 MBmaximum_object_size_in_memory 32 KB
cache_swap_low 98%cache_swap_high 99%store_dir_select_algorithm round-robin
ipcache_size 2048ipcache_low 98ipcache_high 99fqdncache_size 2048
cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSF
#============================================================$# LOGFILE PATHNAMES
AND CACHE DIRECTORIES#============================================================$
cache_dir aufs /cache/squid 4500 18 256 cache_access_log /var/log/squid/access.log
cache_log nonecache_store_log nonemime_table /etc/mime.confpid_filename

/var/run/squid.pidlog_fqdn offlog_mime_hdrs offlog_ip_on_direct offlogfile_rotate 7

debug_options ALL,1buffered_logs offemulate_httpd_log off
#============================================================$# FTP section
#============================================================$ftp_user anonymous@
ftp_list_width 32ftp_passive onftp_sanitycheck on
#============================================================$# DNS resolution
section#============================================================$
cache_dns_program /squid/libexec/dnsserverdns_children 24dns_nameservers 127.0.0.1
XXX.XXX.XXX.XXX#============================================================$#
Refresh Rate#============================================================$
refresh_pattern -i .(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 overrideexpirerefresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 0 90% 1440
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmodquick_abort_min 0
KBquick_abort_max 0 KBquick_abort_pct 98negative_ttl 3 minutespositive_dns_ttl 53
secondsnegative_dns_ttl 29 secondsforward_timeout 4 minutesconnect_timeout 2
minutespeer_connect_timeout 1 minutespconn_timeout 120 secondsshutdown_lifetime 10
secondsread_timeout 15 minutesrequest_timeout 5 minutespersistent_request_timeout 1
minuteclient_lifetime 60 minuteshalf_closed_clients off
#============================================================$# ACL section
#============================================================$acl all src
0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src
127.0.0.1/255.255.255.255acl skynet src xxx.xxx.xxx.xxx/xxacl to_localhost dst
127.0.0.0/8acl SSL_ports port 443 563
# https, snewsacl Safe_ports port
80
# httpacl Safe_ports port 21
# ftpacl Safe_ports
port 443 563
# https, snewsacl Safe_ports port 70
#
gopheracl Safe_ports port 210
# waisacl Safe_ports port 102565535
# unregistered portsacl Safe_ports port 280
#
http-mgmtacl Safe_ports port 488
# gss-httpacl Safe_ports port 591
# filemakeracl Safe_ports port 777
# multiling httpacl
Safe_ports port 631
# cupsacl Safe_ports port 873
# rsyncacl Safe_ports port 901
# SWATacl purge method PURGE
acl CONNECT method CONNECT#acl badip url_regex -i "/squid/ip-deny"#acl badurl
url_regex -i "/squid/bad-url"acl warnet src xxx.xxx.xxx.xxx/xxacl virus dst
204.177.92.204/32 64.191.99.145/32acl gator dstdom_regex gator hot_indonesia.exeacl
exploit urlpath_regex winnt/system32/cmd.exe?acl exploit urlpath_regex
splashPages/black.sps?acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514
http_access deny virushttp_access deny gatorhttp_access deny exploithttp_access
deny BADPORTShttp_access deny badiphttp_access deny badurlhttp_access allow manager
http_access allow localhosthttp_access allow skynethttp_access allow warnet
http_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny all
http_reply_access allow allicp_access deny allmiss_access allow allalways_direct
allow localhost warnetalways_direct deny all
#============================================================$# Parameter
Administratif
$
#============================================================$cache_mgr
support@somethink.orgcache_effective_user squidcache_effective_group _squid
visible_hostname proxyiblis.somethink.orgunique_hostname support@somethink.org
#============================================================$# Transparent proxy
setting#============================================================$
httpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy on
httpd_accel_uses_host_header onhttpd_accel_no_pmtu_disc onhttpd_accel_single_host
offhalf_closed_clients offheader_access From deny
allheader_access Referer deny allheader_access Server deny allheader_access WWWAuthenticate deny allheader_access Link deny allheader_access Via deny all
header_access X-Forwarded-For deny allheader_access Accept-Encoding deny all
header_access User-Agent deny allheader_replace User-Agent Mozilla/5.0 (compatible;
MSIE 6.0)header_access Accept deny allheader_replace Accept */*header_access
Accept-Language deny allheader_replace Accept-Language id, en

#============================================================$# ACCELERATOR
#============================================================$memory_pools off
forwarded_for offlog_icp_queries officp_hit_stale onminimum_direct_hops 4
minimum_direct_rtt 400store_avg_object_size 13 KBstore_objects_per_bucket 20
client_db onnetdb_low 9900netdb_high 10000netdb_ping_period 30 secondsquery_icmp
offpipeline_prefetch onreload_into_ims onvary_ignore_expire onmax_open_disk_fds 100
nonhierarchical_direct onprefer_direct off
#============================================================$# MISCELLANEOUS
#============================================================$logfile_rotate 3
store_dir_select_algorithm round-robinshutdown_lifetime 10 secondscachemgr_passwd
disable shutdowncachemgr_passwd allbuffered_logs offoffline_mode offcoredump_dir
/squidignore_unknown_nameservers onacl hotmail dstdomain .hotmail.com .msn.com
.passport.net .msn.co.id .passport.comheader_access Accept-Encoding deny hotmail
#============================================================$# DELAY POOLS
#============================================================$ acl download
url_regex -i ftp .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip acl
download url_regex -i .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar
.doc acl download url_regex -i .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma#
delay_pools 2delay_pools 2delay_class 1 2delay_parameters 1 8000/8000 6000/8000
delay_access 1 allow downloaddelay_access 1 deny all delay_class 2 2
delay_parameters 2 25000/25000 10000/16000 #200kb/200kb 80Kb/128Kbdelay_access 2
allow userdelay_access 2 deny all # Silahkan diisi
#============================================================$# DOWNLOAD LIMIT
#============================================================$#reply_body_max_size
3072000 deny !client> Ganti nilai dengan yang dikehendaki
#============================================================$# SNMP
#============================================================$acl snmpcommunity
snmp_community publicsnmp_port 3401snmp_access allow snmpcommunity localhost
snmp_access deny all[3] Evaluasi#[4] Troubleshooting- Subnetmask antara
interface Public dengan interface Proxy Sama, ping dari mikrotik ke mesin linux
tidak reply[5] Referensi## HYPERLINK
"http://primadonal.wordpress.com/category/mikrotik/page/10/"
#http://primadonal.wordpress.com/category/mikrotik/page/10/## INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCategoryIcon.png" \*
MERGEFORMATINET ###Posted in # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"View all posts in Mikrotik" #Mikrotik# | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostCommentsIcon.png" \*
MERGEFORMATINET #### HYPERLINK "http://cybermuttaqin.co.cc/?p=209" \l "respond" \o
"Comment on Mikrotik dan Squid Proxy" #No Comments # # HYPERLINK
"http://cybermuttaqin.co.cc/?p=206" \o "Permanent Link to Mikrotik Web Proxy
Cleaning Scheduler" #Mikrotik Web Proxy Cleaning Scheduler# # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostDateIcon.png" \*
MERGEFORMATINET ###July 30th, 2009 | # INCLUDEPICTURE
"http://cybermuttaqin.co.cc/wpcontent/themes/stick_figure_dance_ote040/images/PostAuthorIcon.png" \*
MERGEFORMATINET ###Author: # HYPERLINK "http://cybermuttaqin.co.cc/?cat=4" \o
"Author" #admin# sCRIPt-/ system script#add name="Proxy-off" source="/ip
firewall nat set \[/ip firewall nat find \#comment=\"Proxy\"\] disable=yes#\n/ip
web-proxy set enabled=no"
\#policy=ftp,reboot,read,write,policy,test,winbox,password#add name="Proxylimpacache" source="/ip web-proxy clear-cache"
\#policy=ftp,reboot,read,write,policy,test,winbox,password#add name="Proxy-on"
source="/ip web-proxy set enabled=yes#\n/ip firewall nat \#set \[/ip firewall nat
find comment=\"Proxy\"\] disable=no"
\#policy=ftp,reboot,read,write,policy,test,winbox,password / system scheduler#add
name="control-proxy-off" on-event=Proxy-off start-date=may/30/2007 \#start-

time=04:30:00 interval=1w comment="" disabled=no#add name="control-proxylimpacache" on-event=Proxy-limpacache \#start-date=may/30/2007 start-time=04:31:00

interval=1w comment="" \#disabled=no#add name="controle-proxy-on" on-event=Proxy-on
start-date=may/30/2007 \#start-time=04:40:00 interval=1w comment="" disabled=noKopi
Paste ke Terminal Mikrotik. Dengan Syarat, Mikrotik telah terinstall System Packet
Web-proxy, dan telah dijalankan.Script diatas, berguna membuat skedule pembersihan
Cache web-proxy, dengan Jarak waktu selama tujuh hari. Script diatas melakukan
proses pencarian berdasarkan Comment=proxy, jadi pada ip firewall nat nya,
dituliskan comment Proxy, tulisan bersifat Case sensitive. Silahkan di kustomais
sesuai kebutuhan. Ada baiknya dilakukan test-script, pada script-list di Winbox,
Jalankan Run script, untuk melihat benar tidaknya script yang dituliskan.Alur
script diatas kira-kira seperti ini:Cari pada direktori mikrotik, untuk perintah ip
firewall nat berdasarkan kata kunci=Proxy. Jika ditemukan, maka matikan perintah
redirect ke port proxy.Setelah service web-proxy tidak aktif, maka lakukan proses
pembersihan Cache.Berdasarkan interval waktu yang diberikan untuk proses
pembersihan Cache, maka aktifkan kembali perintah redirect ke port proxy pada
perintah ip firewall natnya.Selamat mencoba,Different bandwidth in day and night
for several categories of users IntroductionMaybe you have many users,
institutions, and alike, that use the internet during the day. And maybe you have
power users that have two jobs, come home at 19.00 and they want to make it all
at once, read mail, chat, download with p2p programs, etc.Lets say you have
corporate users / institutions / government. People that arrive at 07.00 and leave
the office 18.00 at most. You reserve them 1 mbit/s all the time. Most of your home
users are using maximum bandwidth after 15.00 and just after midnight. You decide
to allow them to use all the bandwidth you can afford, after the big clients get
offline ( institutions, and alike, wich pay big money for quality services)So, you
decide you may lend some of the bandwidth of the users that are not working,
while they are notHow? You can of course add 2 ( two ) queues for each limit you
want to put, but you can also put a single queue, and modify its limits from a
script.Thats the way we will do it. Might just be simpler. Why? You keep the
limits for different type of users in a single place ( the script). Also you can
graph a single queue, that may be more acceptable for you and for some users if you
allow them to view their traffic graphs.#Premises:You are using simple queues to
limit the traffic.( This can be easily adapted to queue tree, by modifying limits
in the queue tree. but thats another story. Work it out yourself.)#You have 3
types of users:- 256k/256k at day, 1M/1M at night- 512k/512k at day, 2M/2M at night
- 1M/1M at day, 4M/4M at night#You limit your users by individual simple queues,
and distinction among categories is by comment.( I put this also on queue name to
make it easier to see. It seems to me that winbox does not display comments on
simple queues on v3.6, at least on the RB I am working with right now:(, but the
console uses them right and the scripts work fine )How do we do it?- Put simple
queues with established limits, and distinctive queue _comment_ for each category
of users. ( eg. Vasile_CAT#1#3 # ,# ## # V#a#s#i#l#e#2#_#C#A#T#2#3 # ,# #e#t#c#
#a#s# #q#u#e#u#e# #n#a#m#e#s#,# #a#n#d# #[#C#A#T#1#,# #C#A#T#2# #w#i#l#l# #b#e#
#t#h#e# #c#a#t#e#g#o#r#y# #i#d#e#n#t#i#f#i#e#r#s#,# #p#u#t# #i#n# #c#o#m#m#e#n#t#]#
#-# #E#s#t#a#b#l#i#s#h# #l#i#m#i#t#s# #f#o#r# #e#a#c#h# #c#a#t#e#g#o#r#y#:#
#C#A#T#1#,# #C#A#T#2#,# #e#t#c#.#,# #w#e# #w#i#l#l# #m#o#d#i#f#y# #t#h#i#s#
#f#r#o#m# #t#h#e# #2# #s#c#r#i#p#t#s# #t#h#a#t# #h#a#n#d#l#e#
#e#v#e#r#y#t#h#i#n#g#.##-# #P#u#t# #t#h#e# #s#c#r#i#p#t# #t#o# #r#u#n# #f#r#o#m the
scheduler every 24 hours, and modify limits for day/night, reg. each category of
users. The script for the day starts 06.00 hours, and ends 18.00 hours, when the
script for the night starts, enabling the night modifications.Setup NTP Client
Ok. Now, for this to work, first of all sync your clock. Or you might get strange
results and complains, if your clock is out of sync:)/system ntp clientset
enabled=yes mode=unicast primary-ntp=213.239.154.12 secondary-ntp=213.249.66.35
( You can put primary-ntp and secondary-npt to be resolved to whatever
0.europe.pool.ntp.org and 1.europe.pool.ntp.org is pointing to. Please replace
europe with your continent, for further improvement on response times and
proximity. See ntp.org for further information )# HYPERLINK

"http://wiki.mikrotik.com/wiki/Image:NtxNtpclient.jpg" \o "Image:NtxNtpclient.jpg"
## INCLUDEPICTURE "http://wiki.mikrotik.com/images/4/4a/NtxNtpclient.jpg" \*
MERGEFORMATINET ####Setup the queues ( I put 4 for this example only. you can setup
as many as you like, it does not matter )/queue simpleadd comment="CAT1"
direction=both disabled=no dst-address=192.168.4.15/32 \
max-limit=256000/256000
name="George_CAT1" parent=none priority=8 \
queue=default-small/default-smalladd
comment="CAT1" direction=both disabled=no dst-address=192.168.4.16/32
\
max-limit=256000/256000 name="Robinson_CAT1" parent=none priority=8 \
queue=default-small/default-smalladd comment="CAT2" direction=both disabled=no dstaddress=192.168.4.17/32 \
max-limit=512000/512000 name="Crusoe_CAT2" parent=none
priority=8 \
queue=default-small/default-smalladd comment="CAT3" direction=both
disabled=no dst-address=192.168.4.18/32 \
max-limit=1024000/1024000
name="Momma_CAT3" parent=none priority=8 \
queue=default-small/default-small#
HYPERLINK "http://wiki.mikrotik.com/wiki/Image:NtxQueues.jpg" \o
"Image:NtxQueues.jpg" ## INCLUDEPICTURE
"http://wiki.mikrotik.com/images/2/2d/NtxQueues.jpg" \* MERGEFORMATINET ####Now,
these were the queues. Lets see:[# HYPERLINK "http://wiki.mikrotik.com/index.php?
title=Different_bandwidth_in_day_and_night_for_several_categories_of_users&action=e
dit&section=5" \o "Edit section: Setup the scripts" #edit#] Setup the scripts For
the day limits:/system scheduleradd comment="" disabled=no interval=1d name="Day"
on-event="/queue simple\r\nset [find \
comment=CAT1] maxlimit=256000/256000\r\nset [find comment=CAT2] \
max-limit=512000/512000\r\nset
[find comment=CAT3] max-limit=1024000/1024000\r\n" \
start-date=jan/01/1970
start-time=06:00:00For the night limits:/system scheduleradd comment=""
disabled=no interval=1d name="Night" on-event="/queue simple\r\nset [find \
comment=CAT1] max-limit=1024000/1024000\r\nset [find comment=CAT2] \
maxlimit=2048000/2048000\r\nset [find comment=CAT3] max-limit=4096000/4096000\r\n" \
start-date=jan/01/1970 start-time=18:00:00# HYPERLINK
"http://wiki.mikrotik.com/wiki/Image:NtxScript.jpg" \o "Image:ntxScript.jpg" ##
INCLUDEPICTURE "http://wiki.mikrotik.com/images/7/7f/NtxScript.jpg" \*
MERGEFORMATINET #####Well, in clear text, they look (better)like this:DAY:/queue
simpleset [find comment=CAT1] max-limit=256000/256000set [find comment=CAT2] maxlimit=512000/512000set [find comment=CAT3] max-limit=1024000/1024000NIGHT:/queue
simpleset [find comment=CAT1] max-limit=1024000/1024000set [find comment=CAT2] maxlimit=2048000/2048000set [find comment=CAT3] max-limit=4096000/4096000Each script
is put to run at 1 day interval, Day script starts at 06.00, Night script
starts at 18.00.Limit Different Bandwidth In Day and Night Limit Different
Bandwidth In Day and Night.There are lot many ways to limit bandwidth for day and
Night, but personally I found this is the easiest way, Here it is.I have used
Simple Queue, Script and Scheduler.Suppose we have one network 192.168.1.0/24 and
want to limit Bandwidth for day and Night Time.Network 192.168.1.0/24Bandwidth =
06:00am 18:00pm 1Mbps. <Max-Limit>Bandwidth = 18:00pm 06:00am 2Mbps. <MaxLimit>Create two simple queues for the same network with different Bandwidth Limit.
/queue simple#name=Day target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8queue=defaultsmall/default-small limit-at=512k/512kmax-limit=1M/1M total-queue=default-small
#name=Night target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8queue=defaultsmall/default-small limit-at=1M/1Mmax-limit=2M/2M total-queue=default-smallNow,
write scripts/system script#name=Day source=/queue simple enable Day; /queue
simple disable Night#name=Night source=/queue simple enable Night; /queue simple
disable DayFinally, Schedule it/system scheduler#name=Day on-event=Day startdate=oct/13/2007 start-time=06:00:00 interval=1dsource = wiki.mikrotik.com
#name=Night on-event=Night start-date=oct/13/2007 start-time=18:00:00 interval=1d
Queue Tree with more than two interfaces Basic SetupThis page will talk about how
to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces.
Its for sharing internet connection among users on each interfaces. In manual this
possibility isnt written.#First, lets set the basic setting first. Im using a
machine with 3 or more network interfaces:[admin@instaler] > in pr#
NAME

TYPE
RX-RATE
TX-RATE
MTU0 R public
ether
0
0
1500
1 R wifi1
wlan
0
0
15002 R wifi2
wlan
0
0
15003 R wifi3
wlan
0
0
1500And this is the IP
Addresses for each interface:[admin@instaler] > ip ad prFlags: X - disabled, I invalid, D - dynamic# ADDRESS
NETWORK
BROADCAST
INTERFACE0
10.20.1.0/24
10.20.1.0
10.20.1.255
public1 10.10.2.0/24
10.10.2.0
10.10.2.255
wifi12 10.10.3.0/24
10.10.3.0
10.10.3.255
wifi23
10.10.4.0/24
10.10.4.0
10.10.4.255
wifi3On the public you can add NAT or
proxy if you want.Mangle SetupAnd now is the most important part in this case.We
need to mark our users. One connection for upload and second for download. In this
example I add mangle for one user. At the end I add mangle for local transmission
because I dont QoS local trafic emong users. But for user I need to separate
upload and download.[admin@instaler] ip firewall mangle> printFlags: X - disabled,
I - invalid, D - dynamic
disabled=no0 chain=forward src-address=10.10.2.36
action=mark-connection \
new-connection-mark=users-userU passthrough=yes
comment="" disabled=no1 chain=forward dst-address=10.10.2.36 action=mark-connection
\
new-connection-mark=users-userD passthrough=yes comment="" disabled=no2
chain=forward connection-mark=users-userU action=mark-packet \
new-packetmark=userU passthrough=yes comment="" disabled=no3 chain=forward connectionmark=users-userD action=mark-packet \
new-packet-mark=userD passthrough=yes
comment="" disabled=no98 chain=forward src-address=10.10.0.0/16 dstaddress=10.10.0.0/16
action=mark-connection new-connection-mark=users-lokal
passthrough=yes99 chain=forward connection-mark=users-lokal action=mark-packet
new-packet-mark=lokalTrafic passthrough=yesQueue Tree SetupAnd now, the queue tree
setting. We need one rule for downlink and one rule for uplink. Be careful when
choosing the parent. for downlink traffic, we use parent global-out, because we
have two or more downloading interfaces. And for uplink, we are using parent
public, we want QoS uplink traffic. (Im using pcq-up and download from manual)
This example is for 2Mb/1Mb[admin@instaler] > queue tree prFlags: X - disabled, I invalid0
name="Download" parent=global-out packet-mark="" limit-at=0
queue=pcq-download priority=1 max-limit=2000000 burst-limit=0
burst-threshold=0
burst-time=0s1
name="Upload" parent=WGW packet-mark="" limit-at=0 queue=pcqupload
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
bursttime=0sNow we add our user:2
name="user10D" parent=Download packet-mark=userD
limit-at=0
queue=pcq-download priority=5 max-limit=0 burst-limit=0
burstthreshold=0 burst-time=0s3
name="user10U" parent=Upload packet-mark=userU limitat=0
queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0ssouce = wiki.mikrotik.comQueue with Masquerading and Internal WebProxy IntroductionThis page will tak about how to make QUEUE TREE in RouterOS that
also running Web-Proxy and Masquerading. Several topics in forum say its
impossible to do.In version 2.9.x, we can not know which traffic is HIT and which
traffic is MISS from web-proxy. Several people want to make a configuration, to let
cache data in proxy (HIT traffic) deliver in maximum possible speed. In other word,
if we already have the requested data, those process will not queued. In ver 3.0 we
can do this, using TOS header modification in web-proxy feature. We can set any TOS
value for the HIT traffic, and make it as parameter in mangle.Basic SetupFirst,
lets set the basic setting first. Im using a machine with 2 network interface:
admin@instaler] > in pr#
NAME
TYPE
RX-RATE
TX-RATE
MTU0 R public
ether
0
0
15001 R lan
wlan
0
0
1500And this is the IP Address for each interface:[admin@instaler] > ip ad prFlags:
X - disabled, I - invalid, D - dynamic# ADDRESS
NETWORK
BROADCAST
INTERFACE0 192.168.0.217/24 192.168.0.0 192.168.0.255 public1 172.21.1.1/24
172.21.1.0
172.21.1.255
lanDont forget to set the transparant web-proxy. We
set cache-hit-dscp: 4.[admin@instaler] > ip proxy pr
enabled:
yes
src-address: 0.0.0.0
port: 3128
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-drive:
system
cache-administrator: "webmaster"
max-cache-size: none
cache-on-disk: yes maximal-client-connections: 600 maximal-server-connections: 600
max-fresh-time: 3d
serialize-connections: yes
cache-hit-dscp: 4

Firewall NATMake 2 NAT rules, 1 for Masquerading, and the other for redirecting
transparant proxy.[admin@instaler] ip firewall nat> prFlags: X - disabled, I invalid, D - dynamic0
chain=srcnat out-interface=public
srcaddress=172.21.1.0/24 action=masquerade1
chain=dstnat in-interface=lan srcaddress=172.21.1.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128
Mangle SetupAnd now is the most important part in this case.If we want to make HIT
traffic from web proxy not queued, we have to make a mangle to handle this traffic.
Put this rule on the beginning of the mangle, as it will check first.
[admin@instaler] > ip firewall mangle printFlags: X - disabled, I - invalid, D dynamic0 ;;; HIT TRAFFIC FROM PROXY
chain=output out-interface=lan
dscp=4
action=mark-packet
new-packet-mark=proxy-hit passthrough=noAs we will make Queue
for uplink and
downlink traffic, we need 2 packet-mark. In this example, we use test-up for
uplink traffic, and test-down for downlink traffic.For uplink traffic, its quite
simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and
using PREROUTING chain. Rule number #1.But for downlink, we have to make sevaral
rules. As we use masquerading, we need Connection Mark, named as test-conn. Rule
no #2.Then we have to make 2 more rules. First rule is for non-HTTP connection /
direct connection. We use chain forward, as the data traveling through the router.
Rule no #3.The second rule is for data coming from web-proxy to the client (MISS
traffic). We use OUTPUT chain, as the data coming from internal process in the
router itself. Rule no #4.For both rules (no #3 and #4) we named it test-down.
Please be aware, we use passthrough only for connection mark (rule no #2).
[admin@instaler] > ip firewall mangle printFlags: X - disabled, I - invalid, D dynamic1 ;;; UP TRAFFIC
chain=prerouting in-interface=lan
srcaddress=172.21.1.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
2 ;;; CONN-MARK
chain=forward src-address=172.21.1.0/24
action=markconnection
new-connection-mark=test-conn passthrough=yes 3 ;;; DOWN-DIRECT
CONNECTION
chain=forward in-interface=public
connection-mark=test-conn
action=mark-packet
new-packet-mark=test-down passthrough=no 4 ;;; DOWN-VIA
PROXY
chain=output out-interface=lan
dst-address=172.21.1.0/24 action=markpacket
new-packet-mark=test-down passthrough=noQueue Tree SetupAnd now, the
queue tree setting. We need one rule for downlink and one rule for uplink. Be
careful when choosing the parent. for downlink traffic, we use parent lan, the
interface name for local network. And for uplink, we are using parent global-in.
[admin@instaler] > queue tree prFlags: X - disabled, I - invalid0
name="downstream" parent=lan packet-mark=test-down
limit-at=32000 queue=default
priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s 1
name="upstream" parent=global-in
packet-mark=test-up limit-at=32000
queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0
burst-time=0sYou can use those mangle also with PCQ.source = wiki.mikrotik.comMrtg
Report # INCLUDEPICTURE "http://harrychanputra.web.id/wpcontent/uploads/2009/03/mrtg.jpg" \* MERGEFORMATINET ###Mrtg Report# INCLUDEPICTURE
"http://harrychanputra.web.id/wp-content/uploads/2009/03/a1.jpg" \* MERGEFORMATINET
###Mik SNMP# INCLUDEPICTURE "http://harrychanputra.web.id/wpcontent/uploads/2009/03/a2.jpg" \* MERGEFORMATINET ###trafic monitoring#
INCLUDEPICTURE "http://harrychanputra.web.id/wp-content/uploads/2009/03/a21.jpg" \*
MERGEFORMATINET ###interface 1# INCLUDEPICTURE "http://harrychanputra.web.id/wpcontent/uploads/2009/03/a22.jpg" \* MERGEFORMATINET ###interface 2# INCLUDEPICTURE
"http://harrychanputra.web.id/wp-content/uploads/2009/03/a23.jpg" \*
MERGEFORMATINET ###Setting web proxy mikrotik untuk warnet lupa asalnya Beberapa
hari yang lalu seorang teman meminta bantuan untuk setting warnetnya menggunakan
Proxy server, yang selama ini warnetnya tanpa menggunakan Proxy server.#Asumsinya
ketika client1 mengakses website A maka proses yang terjadi adalah client1
meminta/request ke web server yang mempunyai website A tersebut. Ketika client2
atau yang lain mengakses website yang sama (website A) maka proses client tersebut
akan mengulang kembali proses meminta/request ke web server tersebut. Seandainya
ada banyak client lain yang mengakses website yang sama (website A) maka proses
yang sama akan dilakukan lagi. nah inilah yang membuat akses terasa lambat.

Disinilah peran sebuah Proxy sangat dibutuhkan untuk mempercepat akses website.
Suatu halaman website yang pernah dikunjungi oleh client akan disimpan (cache) di
server proxy. Ketika ada client yang meminta/request suatu website maka client
tidak langsung request ke webserver. client akan mencari website yang direquest-nya
ke proxy dulu, kalo ada maka proxy akan menjawab request tersebut dan memberikannya
ke client, jika website yang dicari tidak ditemukan di simpanan/Cache proxy barulah
proxy server request website tersebut ke webserver dituju.Ada banyak macam proxy,
untuk basis OS windows bisa menggunakan winroute,winproxy, dll. untuk basis OS
linux bisa menggunakan Squid. Disini saia menngunakan basis linux mikrotik. selain
handal digunakan sebagai router, mikrotik juga bisa digunakan sebagai web proxy
server. settingannya dibawah ini yang saia gunakanSpek PC : P3 800 Mhz, Mem 256, HD
30 Gb, 2 buah LAN Card (1 LAN onboard, 1 LAN tambahan)#OS : Mikrotik OS 2.29.XX#ISP
: Telkom Speedy (Profesional) 1 line#Modem merk Sanex standard bawaan speedy#Client
: 10 komputerKonfigurasi Mikrotik :#1. Setting Interface LAN card#/interface#set
ether1 name=modem#set ether2 name=lanketerangan:#ether1 diganti nama (interface)
menjadi modem (koneksi dari dan ke modem)#ether2 diganti nama (interface) menjadi
lan (koneksi dari dan ke jaringan LAN)#tujuannya biar mudah di ingat gak ada
pengaruh ke akses-nya.#2. Setting IP address#/ip address#add address=192.168.1.2/24
interface=modem#add address=192.168.10.1/24 interface=lanketerangan :#ip address
standart (umumnya) modem 192.168.1.1 jadi ip interface dari-ke modem antara
192.168.1.2-254 (suka-suka)#3. Setting Gateway#/ip route#/add gateway=192.168.1.1
#4. Setting DNS#/ip dns#set primary-dns=202.134.1.10#set secondarydns=203.130.196.155#set allow-remote-requests=yesKeterangan :#DNS digunakan untuk
menerjemahkan alamat IP ke domain (****.com, ****.net, dll) atau sebaliknya, ada
beberapa DNS untuk speedy pilih yang latency-nya kecil dengan nge-ping agar akses
ke dns-nya agak cepat dikit.#5. Setting NAT#/ip firewall nat#add chain=srcnat
action=masquerade out-interface=modemketerangan :#Network Address Translation (NAT)
fasilitas router untuk meneruskan paket dari ip asal dan atau ke ip tujuan dan
merupakan standart internet yang mengizinkan komputer host dapat berkomunikasi
dengan jaringan luar menggunakan ip address public.#6. Setting web Proxy
(transparent)#/ip web-proxy#set enabled=yes#set hostname=proxywarnetku#set
transparent-proxy=yes#set cache-administrator=admin@warnetmuKeterangan :#settingan
web proxy yang lain menggunakan default bawaan mikrotik.#hostname=hostname dns atau
ip address web proxy#cache-administrator=email admin yang bisa dihubungi ketika
proxy error, yang akan ditampilkan pada browser client ketika proxy error.#7.
Setting redirect ke proxy#/ip firewall nat#add chain=dstnat protocol=tcp dstport=80 action=redirect to-port=3128keterangan :#Redirect digunakan untuk
membelokkan/memaksa koneksi port 80 (www/web) dari client ke port 3128 default-nya
web proxy mikrotik, jadi semua request client yang menggunakan port 80 (www/web)
akan di belokkan ke web proxy mikrotik.#8. Memonitor web proxy#/ip webproxy#monitor interval=1keterangan :#memonitor penggunaan web proxy mikrotik dengan
interval waktu 1 detikHasilnya : memuaskan dan bikin puaspuas!#Sengaja tidak
setting DHCP karena ip client (windows) disetting manual hubungannya dengan billing
warnet. Untuk jaringan yang besar dan client banyak sebaiknya menggunakan Squid
dari linux.Selamat MencobaMikrotik Router dan Proxy FreeBSD modem
Mikrotik192.168.2.1BSD 192.168.2.2#192.168.1.1 192.168.1.2#hub client
client 192.168.0.1#A. Konfig Mikrotik#1. Interface#/ interface ethernetset PUBLIC
name=PUBLIC mtu=1500 mac-address=00:50:DA:EE:A5:F2 arp=enabled \disable-runningcheck=yes auto-negotiation=yes full-duplex=yes \cable-settings=default
speed=100Mbps comment= disabled=noset PROXY name=PROXY mtu=1500 macaddress=00:01:02:86:DA:1E arp=enabled \disable-running-check=yes autonegotiation=yes full-duplex=yes \cable-settings=default speed=100Mbps comment=
disabled=noset LAN name=LAN mtu=1500 mac-address=00:50:DA:EC:85:0C arp=enabled
\disable-running-check=yes auto-negotiation=yes full-duplex=yes \cablesettings=default speed=100Mbps comment= disabled=no#2. Poll IP addres untuk dhcp
server#/ ip pooladd name=dhcp_pool1? ranges=192.168.0.2-192.168.0.14#3. Dns server
isp/ ip dnsset primary-dns=202.134.0.155 secondary-dns=203.130.193.74 \allowremote-requests=yes cache-size=2048KiB cache-max-ttl=1w#4. Setting ip address /
interface#/ ip addressadd address=192.168.1.2/24 network=192.168.1.0

broadcast=192.168.1.255 \interface=PUBLIC comment= disabled=noadd

address=192.168.2.1/30 network=192.168.2.0 broadcast=192.168.2.3 \interface=PROXY
comment= disabled=noadd address=192.168.0.1/27 network=192.168.0.0
broadcast=192.168.0.31 \interface=LAN comment= disabled=no#5. Routing Gateway/ ip
routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
\comment= disabled=no#6. Packet mark#/ ip firewall mangleadd chain=prerouting
protocol=tcp dst-port=80 action=mark-connection \new-connection-mark=http_conn
passthrough=yes comment= disabled=noadd chain=prerouting protocol=tcp dstport=443 action=mark-connection \new-connection-mark=http_conn passthrough=yes
comment= disabled=noadd chain=prerouting protocol=tcp dst-port=53 action=markconnection \new-connection-mark=dns_conn passthrough=yes comment= disabled=noadd
chain=prerouting protocol=udp dst-port=53 action=mark-connection \new-connectionmark=dns_conn passthrough=yes comment= disabled=noadd chain=prerouting
protocol=tcp dst-port=5050-5061 action=mark-connection \new-connection-mark=ym_conn
passthrough=yes comment= disabled=noadd chain=prerouting protocol=udp dstport=27015 action=mark-connection \new-connection-mark=cs_conn passthrough=yes
comment= disabled=noadd chain=prerouting protocol=tcp dst-port=6000-7000
action=mark-connection \new-connection-mark=irc_conn passthrough=yes comment=
disabled=noadd chain=prerouting protocol=tcp
dst-port=8291 action=mark-connection \new-connection-mark=mt_conn passthrough=yes
comment= disabled=noadd chain=prerouting protocol=tcp dst-port=110 action=markconnection \new-connection-mark=email_conn passthrough=yes comment=
disabled=noadd chain=prerouting protocol=tcp dst-port=25 action=mark-connection
\new-connection-mark=email_conn passthrough=yes comment= disabled=noadd
chain=prerouting protocol=tcp dst-port=22 action=mark-connection \new-connectionmark=ssh_conn passthrough=yes comment= disabled=noadd chain=prerouting
connection-mark=http_conn action=mark-packet \new-packet-mark=http passthrough=no
comment= disabled=noadd chain=prerouting connection-mark=dns_conn action=markpacket \new-packet-mark=dns passthrough=no comment= disabled=noadd
chain=prerouting connection-mark=ym_conn action=mark-packet \new-packet-mark=ym
passthrough=no comment= disabled=noadd chain=forward src-address=192.168.0.0/27
action=mark-connection \new-connection-mark=local passthrough=yes comment=
disabled=noadd chain=prerouting connection-mark=irc_conn action=mark-packet \newpacket-mark=irc passthrough=no comment= disabled=noadd chain=prerouting
connection-mark=mt_conn action=mark-packet \new-packet-mark=mt passthrough=no
comment= disabled=noadd chain=prerouting connection-mark=email_conn action=markpacket \new-packet-mark=email passthrough=no comment= disabled=noadd
chain=prerouting connection-mark=ssh_conn action=mark-packet \new-packet-mark=ssh
passthrough=no comment= disabled=noadd chain=forward dst-address=192.168.0.0/27
action=mark-connection \new-connection-mark=local passthrough=yes comment=
disabled=noadd chain=forward src-address=192.168.0.2 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=billing passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.2 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=billing passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.3 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja1 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.3 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja1 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.4 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja2 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.4 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja2 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.5 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja3 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.5 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja3 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.6 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja4 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.6 protocol=tcp connection-

mark=local \action=mark-packet new-packet-mark=meja4 passthrough=no comment=

\disabled=noadd chain=forward src-address=192.168.0.7 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja5 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.7 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja5 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.8 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja6 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.8 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja6 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.9 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja7 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.9 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja7 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.10 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja8 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.10 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja8 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.11 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja9 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.11 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja9 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.12 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja10 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.12 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja10 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.13 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja11 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.13 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja11 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.14 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja12 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.14 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja12 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.15 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja13 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.15 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja13 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.16 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja14 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.16 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja14 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.17 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja15 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.17 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja15 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.18 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja16 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.18 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja16 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.19 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja17 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.19 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja17 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.20 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja18 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.20 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja18 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.21 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja19 passthrough=no comment=

\disabled=noadd chain=forward dst-address=192.168.0.21 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja19 passthrough=no comment=

\disabled=noadd chain=forward src-address=192.168.0.22 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja20 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.22 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja20 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.23 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja21 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.23 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja21 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.24 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja22 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.24 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja22 passthrough=no comment=
\disabled=noadd chain=forward src-address=192.168.0.25 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja23 passthrough=no comment=
\disabled=noadd chain=forward dst-address=192.168.0.25 protocol=tcp connectionmark=local \action=mark-packet new-packet-mark=meja23 passthrough=no comment=
\disabled=no#7. Netwotrk Address Translator#/ ip firewall natadd chain=srcnat outinterface=PUBLIC action=masquerade comment= disabled=noadd chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=80 \action=dst-nat toaddresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=8080 \action=dst-nat toaddresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=3128 \action=dst-nat toaddresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=8081 \action=dst-nat
to-addresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat
src-address=192.168.0.0/27 protocol=tcp dst-port=8090 \action=dst-nat toaddresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=3127 \action=dst-nat toaddresses=192.168.2.2 to-ports=3128 comment= \disabled=yesadd chain=dstnat
protocol=tcp dst-port=8050 action=dst-nat \to-addresses=192.168.2.2 to-ports=3128
comment= disabled=yes8. Paket Firewall fiter#/ ip firewall filteradd
chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=tcp \src-port=065535 dst-port=80 action=accept comment= disabled=noadd chain=forward srcaddress=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=tcp \src-port=0-65535 dstport=8291 action=accept comment= disabled=noadd chain=forward srcaddress=0.0.0.0/0 action=accept comment= disabled=noadd chain=forward srcaddress=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=tcp \src-port=0-65535 dstport=5000-5050 action=accept comment= disabled=noadd chain=forward srcaddress=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=tcp \src-port=0-65535 dstport=6667-7000 action=accept comment= disabled=noadd chain=forward connectionstate=established action=accept comment=allow \established connections
disabled=noadd chain=forward connection-state=related action=accept
comment=allow \related connections disabled=noadd chain=virus protocol=udp dstport=135-139 action=drop comment=Drop \Messenger Worm disabled=noadd
chain=forward connection-state=invalid action=drop comment=drop invalid
\connections disabled=noadd chain=virus protocol=tcp dst-port=135-139 action=drop
comment=Drop \Blaster Worm disabled=noadd chain=virus protocol=tcp dst-port=14331434 action=drop comment=Worm \disabled=noadd chain=virus protocol=tcp dstport=445 action=drop comment=Drop Blaster \Worm disabled=noadd chain=virus
protocol=udp dst-port=445 action=drop comment=Drop Blaster \Worm disabled=noadd
chain=virus protocol=tcp dst-port=593 action=drop comment=________
\disabled=noadd chain=virus protocol=tcp dst-port=1024-1030 action=drop
comment=________ \disabled=noadd chain=virus protocol=tcp dst-port=1080
action=drop comment=Drop MyDoom \disabled=noadd chain=virus protocol=tcp dstport=1214 action=drop comment=Drop Kazaa \disabled=noadd chain=virus protocol=tcp
dst-port=1363 action=drop comment=ndm requester \disabled=noadd chain=virus

protocol=tcp dst-port=1364 action=drop comment=ndm server \disabled=noadd

chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast
\disabled=noadd chain=virus protocol=tcp dst-port=1373 action=drop
comment=hromgrafx \disabled=noadd chain=virus protocol=tcp dst-port=1377
action=drop comment=cichlid \disabled=noadd chain=virus protocol=tcp dstport=2745 action=drop comment=Beagle Virus \disabled=noadd chain=virus
protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y \disabled=noadd
chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop Beagle
\disabled=noadd chain=virus protocol=tcp dst-port=2745 action=drop comment=Drop
\Beagle.C-K disabled=noadd chain=virus protocol=tcp dst-port=3127 action=drop
comment=Drop MyDoom \disabled=noadd chain=virus protocol=tcp dst-port=3410
action=drop comment=Drop Backdoor \OptixPro disabled=noadd chain=virus
protocol=tcp dst-port=4444 action=drop comment=Worm \disabled=noadd chain=virus
protocol=udp dst-port=4444 action=drop comment=Worm \disabled=noadd chain=virus
protocol=tcp dst-port=5554 action=drop comment=Drop Sasser \disabled=noadd
chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop Beagle.B
\disabled=noadd chain=virus protocol=tcp dst-port=9898 action=drop comment=Drop
\Dabber.A-B disabled=noadd chain=virus protocol=tcp dst-port=10080 action=drop
comment=Drop \MyDoom.B disabled=noadd chain=virus protocol=tcp dst-port=12345
action=drop comment=Drop NetBus \disabled=noadd chain=virus protocol=tcp dstport=17300 action=drop comment=Drop Kuang2? \disabled=noadd chain=virus
protocol=tcp dst-port=27374 action=drop comment=Drop \SubSeven disabled=noadd
chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop \PhatBot,Agobot,
Gaobot disabled=noadd chain=forward action=jump jump-target=virus comment=jump to
the virus \chain disabled=noadd chain=virus protocol=tcp dst-port=6881-6889
action=drop comment=Drop \BitTorrent disabled=noadd chain=virus protocol=tcp dstport=6345-6349 action=drop comment=Drop \Gnutella disabled=noadd chain=virus
protocol=tcp dst-port=31337 action=drop comment=Drop \Streaming Virus
disabled=noadd chain=virus protocol=tcp dst-port=6257 action=drop comment=winmx
napster \disabled=noadd chain=virus protocol=tcp dst-port=6699 action=drop
comment=winmx napster \disabled=noadd chain=virus protocol=tcp dst-port=2754
action=drop comment=winmx napster \disabled=noadd chain=virus protocol=tcp dstport=2535 action=drop comment=winmx napster \disabled=noadd chain=virus
protocol=tcp dst-port=4661-4672 action=drop comment=Edonkey \Clones
disabled=noadd chain=virus protocol=tcp dst-port=5556-5557 action=drop
comment=Edonkey \Clones disabled=noadd chain=input in-interface=PUBLIC
protocol=tcp dst-port=8080 action=drop \comment= disabled=noadd chain=forward
out-interface=PUBLIC protocol=tcp p2p=all-p2p action=drop \comment=
disabled=noadd chain=forward out-interface=PUBLIC protocol=udp p2p=all-p2p
action=drop \comment= disabled=noadd chain=forward in-interface=PUBLIC dstaddress=192.168.0.2 protocol=tcp \dst-port=6000-6667 action=drop comment=
disabled=noadd chain=forward src-address=208.65.153.251 action=drop comment=
\disabled=noadd chain=forward src-address=208.65.153.253 action=drop comment=
\disabled=no#9. service port yang di aloow dan tidak#/ ip firewall service-portset
ftp ports=21 disabled=yesset tftp ports=69 disabled=yesset irc ports=6667
disabled=yesset h323 disabled=yesset quake3 disabled=yesset gre disabled=yesset
pptp disabled=yes#10. Services dhcp server#/ ip dhcp-serveradd name=dhcp1? leasetime=3d address-pool=dhcp_pool1 bootp-support=static \authoritative=after-2secdelay disabled=yes#11. Log System di mikrotik#/ system loggingadd topics=info
prefix= action=remote disabled=noadd topics=error prefix= action=remote
disabled=noadd topics=firewall prefix= action=remote disabled=noadd
topics=critical prefix= action=remote disabled=noadd topics=debug prefix=
action=remote disabled=noadd topics=web-proxy prefix= action=remote
disabled=noadd topics=firewall prefix= action=remote disabled=noadd topics=packet
prefix= action=remote disabled=noadd topics=state prefix= action=remote
disabled=noadd topics=system prefix= action=remote disabled=noadd topics=watchdog
prefix= action=remote disabled=noadd topics=keepalive prefix= action=memory
disabled=noadd topics=web-proxy prefix= action=remote disabled=no/ system logging
actionset memory name=memory target=memory memory-lines=100 memory-stop-on-

full=noset disk name=disk target=disk disk-lines=100 disk-stop-on-full=noset echo

name=echo target=echo remember=yesset remote name=remote target=remote
remote=192.168.0.24:514/ system upgrade mirrorset enabled=no primary-server=0.0.0.0
secondary-server=0.0.0.0 \check-interval=1d user=#12. Name router#/ system
identityset name=Payau.NET13. Tipe quee/ queue typeset default name=default
kind=bfifo bfifo-limit=15000set ethernet-default name=ethernet-default kind=pfifo
pfifo-limit=50set wireless-default name=wireless-default kind=sfq sfqperturb=5 \sfq-allot=1514set synchronous-default name=synchronous-default
kind=red red-limit=60 \red-min-threshold=10 red-max-threshold=50 red-burst=20 redavg-packet=1000set hotspot-default name=hotspot-default kind=sfq sfq-perturb=5
\sfq-allot=1514add name=default-small kind=pfifo pfifo-limit=10#14. bw management
pakai quee tree#/ queue treeadd name=UPSTREAM parent=PUBLIC packet-mark= limitat=0 queue=default \priority=1 max-limit=0 burst-limit=0 burst-threshold=0 bursttime=0s \disabled=noadd name=BILLING-UP parent=UPSTREAM packet-mark=billing
limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA1-UP parent=UPSTREAM packet-mark=meja1
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA2-UP parent=UPSTREAM packet-mark=meja2
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA3-UP parent=UPSTREAM packet-mark=meja3
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA4-UP parent=UPSTREAM packet-mark=meja4
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA5-UP parent=UPSTREAM packet-mark=meja5
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA6-UP parent=UPSTREAM packet-mark=meja6
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA7-UP parent=UPSTREAM packet-mark=meja7
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA8-UP parent=UPSTREAM packet-mark=meja8
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA9-UP parent=UPSTREAM packet-mark=meja9
limit-at=0 queue=default \priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s \disabled=noadd name=MEJA10-UP parent=UPSTREAM packet-mark=meja10
limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=DOWNSTREAM parent=LAN packet-mark= limitat=0
queue=default \priority=1 max-limit=384000 burst-limit=0 burst-threshold=0 bursttime=0s \disabled=noadd name=BILLING-DOWN parent=DOWNSTREAM packet-mark=billing
limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA2-DOWN parent=DOWNSTREAM packet-mark=meja2
limit-at=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burstthreshold=0 \burst-time=0s disabled=noadd name=MEJA3-DOWN parent=DOWNSTREAM
packet-mark=meja3 limit-at=0 \queue=default priority=5 max-limit=96000 burstlimit=0 burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA4-DOWN
parent=DOWNSTREAM packet-mark=meja4 limit-at=0 \queue=default priority=5 maxlimit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s disabled=noadd
name=MEJA5-DOWN parent=DOWNSTREAM packet-mark=meja5 limit-at=0 \queue=default
priority=5 max-limit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s
disabled=noadd name=MEJA6-DOWN parent=DOWNSTREAM packet-mark=meja6 limit-at=0
\queue=default priority=5 max-limit=96000 burst-limit=0 burst-threshold=0 \bursttime=0s disabled=noadd name=MEJA7-DOWN parent=DOWNSTREAM packet-mark=meja7 limitat=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA8-DOWN parent=DOWNSTREAM packet-mark=meja8
limit-at=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burstthreshold=0 \burst-time=0s disabled=noadd name=MEJA9-DOWN parent=DOWNSTREAM
packet-mark=meja9 limit-at=0 \queue=default priority=5 max-limit=96000 burstlimit=0 burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA10-DOWN
parent=DOWNSTREAM packet-mark=meja10 limit-at=0 \queue=default priority=5 max-

limit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s disabled=noadd

name=MEJA20-DOWN parent=DOWNSTREAM packet-mark=meja20 limit-at=0 \queue=default
priority=5 max-limit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s
disabled=noadd name=MEJA19-DOWN parent=DOWNSTREAM packet-mark=meja19 limitat=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA18-DOWN parent=DOWNSTREAM packetmark=meja18 limit-at=0 \queue=default priority=5 max-limit=96000 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA11-UP parent=UPSTREAM
packet-mark=meja11 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA12-UP parent=UPSTREAM
packet-mark=meja12 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-13UP parent=UPSTREAM
packet-mark=meja13 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-14UP parent=UPSTREAM
packet-mark=meja14 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-15UP parent=UPSTREAM
packet-mark=meja15 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-16UP parent=UPSTREAM
packet-mark=meja16 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-17UP parent=UPSTREAM
packet-mark=meja17 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-18UP parent=UPSTREAM
packet-mark=meja18 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-19UP parent=UPSTREAM
packet-mark=meja19 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA-20UP parent=UPSTREAM
packet-mark=meja20 limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA11-DOWN
parent=DOWNSTREAM packet-mark=meja11 limit-at=0 \queue=default priority=5 maxlimit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s disabled=noadd
name=MEJA12-DOWN parent=DOWNSTREAM packet-mark=meja12 limit-at=0 \queue=default
priority=5 max-limit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s
disabled=noadd name=MEJA13-DOWN parent=DOWNSTREAM packet-mark=meja13 limitat=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA14-DOWN parent=DOWNSTREAM packetmark=meja14 limit-at=0 \queue=default priority=5 max-limit=96000 burst-limit=0
burst-threshold=0 \burst-time=0s disabled=noadd name=MEJA15-DOWN
parent=DOWNSTREAM packet-mark=meja15 limit-at=0 \queue=default priority=5 maxlimit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s disabled=noadd
name=MEJA16-DOWN parent=DOWNSTREAM packet-mark=meja16 limit-at=0 \queue=default
priority=5 max-limit=96000 burst-limit=0 burst-threshold=0 \burst-time=0s
disabled=noadd name=MEJA17-DOWN parent=DOWNSTREAM packet-mark=meja17 limitat=0 \queue=default priority=5 max-limit=96000 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=noadd name=MEJA1-DOWN parent=DOWNSTREAM packet-mark=meja1
limit-at=0 \queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
\burst-time=0s disabled=no#15. user mikrotik#/ useradd name=admin group=full
address=0.0.0.0/0 comment=system default user \disabled=noadd name=areksitiung
group=full address=0.0.0.0/0 comment= disabled=noadd name=dartox group=full
address=0.0.0.0/0 comment= disabled=noadd name=aldie group=full
address=0.0.0.0/0 comment= disabled=noadd name=Rivol group=full
address=0.0.0.0/0 comment= disabled=no/ user groupadd name=read
policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\tp,!write,!
policyadd name=write
policy=local,telnet,ssh,reboot,read,write,test,winbox,password\,web,!ftp,!policyadd
name=full
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\x,password,web#B.
Instalasi FReeBSd#Instal Router dengan FreeBSD#1. Install freeBSD melalui
CDRoom/Ftp/DOS.( saya gunakan freeBSD.4.9-RELEASE )#2. setelah tahap install
selesai, lalu isikan ip address untuk Routernya.#ketik command :#/stand/sysinstall

> Configure > Networking > Interfaces > rl0#Note :#rl0 ==> dalam hal ini di
artikan eth0 jika di linux.#3. OK sekarang untuk membuat Router dan Squid kita coba
lakukan Kompile kerneldengan option pendukung :#cd /usr/src/sys/i386/conf#cp
GENERIC ROUTER > copy kernel asli jika kemudian terjadi masalahbisa kembali ke
awal # INCLUDEPICTURE "http://harrychanputra.web.id/wpincludes/images/smilies/icon_razz.gif" \* MERGEFORMATINET ####a. OK lalu masukan
option-optin di bawah ini :#ident ROUTER #pastikan ident sama dengan nama
kernel#options IPDIVERT #option untuk NAT#option untuk firewall dan forwardoptions
IPFILTERoptions IPFILTER_LOGoptions IPFIREWALLoptions IPFIREWALL_VERBOSEoptions
IPFIREWALL_VERBOSE_LIMIToptions IPFIREWALL_FORWARD#b. kemudian kita kompile
kernelnya :#config ROUTERcd ../../compile/ROUTERmake depend && make && make
install#( setelah selesai coba reboot dengan single User mode ).#4. Lanjutkan
dengan Installasi Squid # INCLUDEPICTURE "http://harrychanputra.web.id/wpincludes/images/smilies/icon_sad.gif" \* MERGEFORMATINET ###saya menggunakan squid2.5.STABLE7.tar.gz )#Download file squid versi squid-2.5.STABLE7.tar.gz dari google
# INCLUDEPICTURE "http://harrychanputra.web.id/wpincludes/images/smilies/icon_razz.gif" \* MERGEFORMATINET ####fetch # HYPERLINK
"http://hostname/squid-2.5.STABLE7.tar.gz" #http://hostname/squid2.5.STABLE7.tar.gz# -> fetch = wget#tar -zxvf squid-2.5.STABLE7.tar.gz#./configure
\prefix=/usr/local/squid \exec-prefix=/usr/local/squid \enable-delay-pools
\enable-cache-diggests \enable-poll \disable-ident-lookups \enablesnmp#makemake install#5. setelah selesai lanjutkan ke bagian konfigurasi squid
nya :#ee /usr/local/squid/etc/squid.conf > edit squid.conf##dibawah ini contoh
penggalan isi dari squid.conf##direktory cache dan logcache_dir ufs
/usr/local/squid/var/cache 512 16 256cache_access_log
/var/log/squid/access.logcache_log /var/log/squid/cache.log##group dan user
squidcache_effective_user squidcache_effective_group squid#6. Lanjutkan ke bagian
user group dan dir untuk cache dan logs nya :#mkdir /usr/local/squid/var/cache >
bikin dir cache dan logs (kalau belum ada).#mkdir /usr/local/squid/var/logs#pw
groupadd squid > buat group squid#pw useradd squid -g squid -d dev/null -s
etc/shells > buat user squid#chown -R squid:squid /usr/local/squid/var/cache >
rubah permisions untuk cache lognya#chown -R squid:squid
/usr/local/squid/var/logs#/usr/local/squid/sbin/squid -z > jalankan command ini
untuk membuat swap dir.#7. Ok setelah semuah konfigurasi selesai coba jalankan
squidnya :#/usr/local/squid/sbin/squid -D -f /usr/local/squid/etc/squid.conf#ps
axgrep squid > ketikan command ini untuk memastikan squidnya jalan.#setelah itu
coba cek apa squid benar-benar OK :#tail -f /var/log/messages#tail -f
/var/log/squid/cache.log#8. Untuk mempermudah gunakan script ini sebagai alat bantu
# INCLUDEPICTURE "http://harrychanputra.web.id/wpincludes/images/smilies/icon_razz.gif" \* MERGEFORMATINET ####ee /usr/sbin/squid.sh
> buat file shell.#chmod 755 squid.sh > lakukan perubahan permision
file.# Cut di sini ##!/bin/shecho -n Squid case $1?
instart)/usr/local/squid/sbin/squid -D -f
/usr/local/squid/etc/squid.conf;;stop)/usr/local/squid/sbin/squid -k
shutdown;;restart)/usr/local/squid/sbin/squid -k reconfigure;;*)echo Usage:
`basename $0` {startstoprestart};;esac# Cut di sini #Nah jadi
jika ingin men stop atau me-run kan squid tinggal gunakan command
:#/usr/sbin/squid.sh start > ( gunakan start, stop atau restart ).#9. OK squid
sudah beres sekarang masuk ke konfigurasi ip forward nya # INCLUDEPICTURE
"http://harrychanputra.web.id/wp-includes/images/smilies/icon_razz.gif"
\* MERGEFORMATINET ####ee /etc/sysctl.conf -> edit file
sysctl.conf#net.inet.ip.forwarding=1 > masukan option forward.#sekarang pastikan
command di bawah ini pada file rc.conf anda :#ee /etc/rc.conf > edit file
rc.conf#gateway_enable=YESfirewall_enable=YESfirewall_type=OPEN#natd_enable=YESnatd
_interface=rl0?
inetd_enable=YES#router_enable=YESnamed_enable=YESsshd_enable=YES#ifconfig_rl0=192
.168.2.2?inet ip_public netmask public_maskdefaultrouter=192.168.2.1?gw
ip_public#10. Langkah terakhir rule untuk ip forwardnya agar lebih aman masukan
langsung rule nyake file rc.local .. so sewaktu server di reboot bisa di bacanya

hehehe.btw sekalian squidnya jugak boleh jadi coba pastekan aja langsung file di
bawah ke rc.local :#ee /etc/rc.local > edit file rc.local#/sbin/ipfw -f
flush/sbin/ipfw add divert natd all from any to any via rl0/sbin/ipfw add pass all
from any to any/sbin/ipfw add 00050 fwd 192.168.0.254,3128 tcp from any to any 80
via rl0 /usr/sbin/squid.sh start#C. Suid.conf#http_port 192.168.0.254:3128
transparenthttp_port 127.0.0.1:3128 transparenticp_port 3130#hierarchy_stoplist
cgi-bin ?acl QUERY urlpath_regex cgi-bin \?no_cache deny QUERYcache_mem 8
MBcache_swap_low 98cache_swap_high 99ipcache_size 4096ipcache_low 98ipcache_high
99fqdncache_size 4096maximum_object_size 32 MBmaximum_object_size_in_memory 16
KBcache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSFcache_dir
diskd /cache 10000 26 256 Q1=72 Q2=88access_log
/var/log/squid/access.logcache_log /var/log/squid/cache.log#access_log
noneallow_underscore onpid_filename /var/run/squid/squid.pidcache_store_log
noneauth_param basic children 5auth_param basic realm Squid proxy-caching web
serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive
off###REFRESH PATTERNrefresh_pattern yahoo 0 20% 4320refresh_pattern -i \.
(classcssjsgifjpg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(jpejpegpngbmptif)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(tiffmovaviqtmpeg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(mpgmpewavaumid)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(zipgzarjlhalzh)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(rartgztarexebin)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(hqxpdfrtfdocswf)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(inccabadtxtdll)$ 10080 100% 43200 override-expirerefresh_pattern -i \.
(aspacgiplshtmlphp3php)$ 2 20% 4320 reload-into-imsrefresh_pattern -i \? 2 20% 4320
reload-into-imsrefresh_pattern -i cgi-bin 2 20% 4320 reload-into-imsrefresh_pattern
# HYPERLINK "http://.*/.friendster/.com/" #http://.*\.friendster\.com/# 960 20%
4320refresh_pattern # HYPERLINK "http://.*/.yahoo/.com/" #http://.*\.yahoo\.com/#
960 20% 4320refresh_pattern # HYPERLINK "http://.*/login.yahoo/.com/"
#http://.*\login.yahoo\.com/# 10080 20% 4320refresh_pattern . 960 90% 43200 reloadinto-ims#quick_abort_min 0quick_abort_max 0quick_abort_pct 100client_lifetime 3
hoursshutdown_lifetime 10 secondshalf_closed_clients offhigh_memory_warning 400
mbhigh_response_time_warning 0high_page_fault_warning 2strip_query_terms
offlog_fqdn offmemory_pools offacl all src 0.0.0.0/0.0.0.0acl manager proto
cache_objectacl localhost src 127.0.0.1/255.255.255.255acl lan src 192.168.1.0/30
192.168.0.0/24#acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id
.passport.comacl file_berat url_regex -i ^ftp://acl file_berat url_regex -i .exe
.mp3 .vqf .tar.gz .rpm .raracl file_berat url_regex -i .mpeg .mpg .iso .rm .wmv
.avi .asf .swfacl file_berat url_regex -i .cab .mov .qtacl gator1 dstdomain
.riaa.com .gator.com .xxxtoolbar.com .hotbar.com ftpaol.newsacl gator2 dstdom_regex
gator hot_indonesia.exeacl blokir dstdomain .rankyou.com .x10.com .infostart.com
.startgp.com .iwantnet.netacl blokir dstdomain .goclick.com .00fun.com .xupiter.com
.sexlist.com .pageseeker.conacl blokir dstdomain .terra.es .fastmetasearch.com
.trendmicro.com .grab.nastydollars.com .adserver.securityfocus.comacl blokir
dstdomain .evidence-eliminator.com .supereva.it .tjaw.com .a248.e.akamai.netacl
blokir dstdomain .180solutions.com .hrvg.tk .cerials.net .vesperexchange.com
.pagead2.googlesyndication.comacl blokir dstdomain .nude-celebs-top.com
.aqonk.com .mtvxxx.com .kittens.plays.com .ai134.insightexpressai.comacl blokir
dstdomain .sex-info.cjb.net .usa-download.nocreditcard.com .pusatvcd.comacl blokir
dstdomain .dev-download.nocreditcard.com .wazzupnet.com .hamsah.net
.casalemedia.com .doubleclick.netacl blokir dstdomain .hackwars.com
.vasile200.home.ro .mrazirnydasice.cz .XXXTOLBAR.comacl blokir dstdomain
.hitbox.com .adlogix.com .daddyswap.comacl blokir dstdomain .internet-optimizer.com
.offshoreclicks.com .animespy.comacl blokir dstdomain .leader.linkexchange.com
.layer-ads.de .animedc.com .paypopup.com .sugarporn.netacl blokir dstdomain
.kaza.com .kazza .nastyxpix.com .reliz.ru .fullmovies.net .adfarm.mediaplex.comacl
blokir dstdomain .virtuagirl2.com .spybouncer.com .kerclink.com tradedoubler.com
.xxxindonesia.comacl blokir dstdomain .getright.com .kazaa.com .sleazydream.com
.revenue.net .view.atdmt.comacl blokir dstdomain .freshdevices.com .gozilla.com

.reget.com .89.com .xnxx.com .yieldmanager.comacl blokir dstdomain .leechget.de

.as.cmpnet.com .netants.com .gadisbandung.comacl blokir dstdomain
.netvampire.com .downloadaccelerator.com .tribalfusion.com .etology.comacl blokir
dstdomain .cometsystems.com .mtreexxx.net .japanxtgp.net .ceritabokep.com .teenimages.com .quatangtraitim.us.tfacl blokir dstdomain .fleshlightcash.com
.adsrevenue.net .xxx .nude .porn .sex .spermacl file_terlarang url_regex -i
hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl
file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i
R32.exeacl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i
mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i
Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang
url_regex -i od-teenacl file_terlarang url_regex -i URLDownload.exeacl
file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i
Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang
url_regex -i malaysexacl file_terlarang url_regex -i edita.htmlacl file_terlarang
url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang
url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl
file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i
download.exeacl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex
-i GnoOS2003acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex
-i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex
-i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex
-i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang
url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl
file_terlarang url_regex -i dat0.exeacl manager proto cache_objectacl SSL_ports
port 443 563acl Safe_ports port 80 # httpacl Safe_ports port 81acl Safe_ports port
84acl Safe_ports port 21 # ftpacl Safe_ports port 443 563 # https, snewsacl
Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 102565535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port
488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 #
multiling httpacl CONNECT method CONNECTacl BADPORTS port 7 9 11 19 22 23 25 110
119 513 514 445 213 137 138 32768acl VIRUS urlpath_regex winnt/system32/cmd.exe?
http_access allow manager localhosthttp_access deny managerhttp_access deny !
Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny gator1http_access
deny gator2http_access deny blokirhttp_access deny file_terlaranghttp_access deny
VIRUShttp_access deny BADPORTShttp_access allow lanhttp_access allow
localhosthttp_access deny allicp_access allow lanicp_access deny allmiss_access
allow lanmiss_access deny allftp_user # HYPERLINK "mailto:areksitiung@yahoo.com"
#areksitiung@yahoo.com#ftp_list_width 32ftp_passive on#forwarded_for
offstore_objects_per_bucket 15store_avg_object_size 13 kbdebug_options ALL,1
98,2max_open_disk_fds 100store_dir_select_algorithm round-robin#cache_mgr #
HYPERLINK "mailto:areksitiung@yahoo.com"
#areksitiung@yahoo.com#cache_effective_user squidcache_effective_group
squidvisible_hostname proxy.englishfirst.comlogfile_rotate 1pipeline_prefetch
onvary_ignore_expire oncachemgr_passwd lifesource andalaswavebuffered_logs
onignore_unknown_nameservers offheader_access Accept-Encoding deny
hotmailie_refresh off#delay_pools 1##delay_class 1 1#delay_parameters 1
2000/64000#delay_access 1 allow lan#delay_access 1 deny all#delay_class 1
1delay_parameters 1 8000/16000delay_access 1 allow file_beratdelay_access 1 deny
all#Filed under: BSD, Mikrotik, Router Sumatera Gempa Khususnya padang potensil
tsunami speedy tidak bisa VPN ??? Load Balancing dengan Mikrotik Untuk Router
Warnet Disini akses yang digunakan adalah 2 Line Speedy Office Unlimitted untuk
salah satu warnet yang ada di kota Padang, contoh confignya adalah :Login:
areksitiung#Password:MMM MMM KKK TTTTTTTTTTT KKK#MMMM MMMM KKK TTTTTTTTTTT KKK#MMM
MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK#MMM MM MMM III KKKKK RRR RRR OOO
OOO TTT III KKKKK#MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK#MMM MMM III
KKK KKK RRR RRR OOOOOO TTT III KKK KKKMikroTik RouterOS 2.9.27 (c) 1999-2006
http://www.mikrotik.com/# nov/27/2008 11:26:36 by RouterOS 2.9.27## software id =
HUI7-TQN###/ interface ethernet#set Local name=Local mtu=1500 mac-

address=00:11:6B:95:D4:49 arp=enabled disable-running-check=yes autonegotiation=yes \#full-duplex=yes cable-settings=default speed=100Mbps

comment=###########################################################################
#########################################
############ "# #d#i#s#a#b#l#e#d#=#n#o###s#e#t# #S#p#e#e#d#y#1# #n#a#m#e#=##
S#p#e#e#d#y#1#3 #m#t#u#=#1#5#0#0# #m#a#c##a#d#d#r#e#s#s#=#0#0#:#1#1#:#6#B#:#9#4#:#F#0#:#C#5# #a#r#p#=#e#n#a#b#l#e#d#
#d#i#s#a#b#l#e#-#r#u#n#n#i#n#g#-#c#h#e#c#k#=#y#e#s# #\###a#u#t#o##n#e#g#o#t#i#a#t#i#o#n#=#y#e#s# #f#u#l#l#-#d#u#p#l#e#x#=#y#e#s# #c#a#b#l#e##s#e#t#t#i#n#g#s#=#d#e#f#a#u#l#t# #s#p#e#e#d#=#1#0#0#M#b#p#s# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#n#o###s#e#t# #S#p#e#e#d#y#2# #n#a#m#e#=## S#p#e#e#d#y#2#3
#m#t#u#=#1#5#0#0# #m#a#c-address=00:19:21:28:5F:87 arp=enabled disable-runningcheck=yes \#auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=" disabled=no#/ interface l2tp-server server#set enabled=no
max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 defaultprofile=default-encryption#/ interface pptp-server server#set enabled=no maxmtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30
\#default-profile=default-encryption#/ interface pppoe-client#add name=pppoe##o#u#t#2#3 #m#a#x#-#m#t#u#=#1#4#8#0# #m#a#x#-#m#r#u#=#1#4#8#0#
#i#n#t#e#r#f#a#c#e#=#S#p#e#e#d#y#2# #u#s#e#r#=##
1#1#1#4#0#x#x#x#x#x#@#t#e#l#k#o#m#.#n#e#t## #p#a#s#s#w#o#r#d#=## x#x#x#x#x#x##
#\###p#r#o#f#i#l#e#=#d#e#f#a#u#l#t# #s#e#r#v#i#c#e#-#n#a#m#e#=## "# #a#c##n#a#m#e#=## "# #a#d#d#-#d#e#f#a#u#l#t#-#r#o#u#t#e#=#y#e#s# #d#i#a#l#-#o#n##d#e#m#a#n#d#=#n#o# #u#s#e#-#p#e#e#r#-#d#n#s#=#n#o#
#\###a#l#l#o#w#=#p#a#p#,#c#h#a#p#,#m#s#c#h#a#p#1#,#m#s#c#h#a#p#2#
#d#i#s#a#b#l#e#d#=#n#o###/# #i#p# #a#c#c#o#u#n#ting#set enabled=no account-localtraffic=no threshold=256#/ ip accounting web-access#set accessible-via-web=no
address=0.0.0.0/0#/ ip service#set telnet port=23 address=0.0.0.0/0
disabled=yes#set ftp port=21 address=0.0.0.0/0 disabled=yes#set www port=1979
address=0.0.0.0/0 disabled=no#set ssh port=1982 address=0.0.0.0/0 disabled=no#set
www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes#/ ip upnp#set
enabled=no allow-disable-external-interface=yes show-dummy-rule=yes#/ ip arp#/ ip
socks#set enabled=no port=1080 connection-idle-timeout=2m max-connections=200#/ ip
dns#set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remoterequests=yes cache-size=2048KiB cache-max-ttl=1w#/ ip traffic-flow#set enabled=no
interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s#/
ip address#add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255
interface=Local comment=" disabled=no#add address=192.168.2.2/24
network=192.168.2.0 broadcast=192.168.2.255 interface=Speedy1 comment="
disabled=no#add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255
interface=Speedy2 comment=" disabled=yes#/ ip proxy#set enabled=no port=8080
parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-serverconnectons=1000#/ ip proxy access#add dst-port=23-25 action=deny comment=block
telnet & spam e-mail relaying disabled=no#/ ip neighbor discovery#set Local
discover=yes#set Speedy1 discover=yes#set Speedy2 discover=yes#set pppoe-out2
discover=no#/ ip route#add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255
target-scope=10 routing-mark=one comment=" disabled=no#/ ip firewall mangle#add
chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=markconnection new-connection-mark=one \#passthrough=yes comment=" disabled=no#add
chain=prerouting in-interface=Local connection-mark=one action=mark-routing newrouting-mark=one passthrough=no \#comment=" disabled=no#add chain=prerouting ininterface=Local connection-state=new nth=1,1,1 action=mark-connection newconnection-mark=two \#passthrough=yes comment=" disabled=no#add chain=prerouting
in-interface=Local connection-mark=two action=mark-routing new-routing-mark=two
passthrough=no \#comment=" disabled=no#/ ip firewall nat#add chain=srcnat outinterface=Speedy1 connection-mark=one action=masquerade comment=" disabled=no#add
chain=srcnat out-interface=pppoe-out2 connection-mark=two action=masquerade
comment=" disabled=no#/ ip firewall connection tracking#set enabled=yes tcp-synsent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-

wait-timeout=10s \#tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-timewait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \#udp-stream-timeout=3m

icmp-timeout=10s generic-timeout=10m tcp-syncookie=no#/ ip firewall filter#add
chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop Blaster Worm
disabled=no#add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop
Messenger Worm disabled=no#add chain=virus protocol=tcp dst-port=445-3000
action=drop comment=Drop Blaster Worm disabled=no#add chain=virus protocol=udp
dst-port=445-3000 action=drop comment=Drop Blaster Worm disabled=no#add
chain=virus protocol=tcp dst-port=593 action=drop
comment=________#################################################################
###################################################################################
###################################################################################
######################### #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s#
#p#r#o#t#o#c#o#l#=#u#d#p# #d#s#t#-#p#o#r#t#=#7#0#0#0# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## S#e#t#a#n#1#3 #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#1#0#0##1#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## S#e#t#a#n#1#3
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#u#d#p#
#d#s#t#-#p#o#r#t#=#1#0#0#-#1#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=##
D#r#o#p# #M#e#s#s#e#n#g#e#r# #W#o#r#m## #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#1#0#0#0##3#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## S#e#t#a#n#1#3
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#u#d#p#
#d#s#t#-#p#o#r#t#=#1#0#0#0#-#3#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=##
D#r#o#p# #M#e#s#s#e#n#g#e#r# #W#o#r#m## #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#4#0#0#0#0##5#0#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## S#e#t#a#n#1#3
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#u#d#p#
#d#s#t#-#p#o#r#t#=#4#0#0#0#0#-#5#0#0#0#0# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## D#r#o#p# #M#e#s#s#e#n#g#e#r# #W#o#r#m##
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p#
#d#s#t#-#p#o#r#t#=#7#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=##
S#e#t#a#n#1#3 #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s#
#p#r#o#t#o#c#o#l#=#u#d#p# #d#s#t#-#p#o#r#t#=#1#3#5#-#1#3#9# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## D#r#o#p# #M#e#s#s#e#n#g#e#r# #W#o#r#m##
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p#
#d#s#t#-#p#o#r#t#=#7#0#0#0# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=##
S#e#t#a#n#1#3 #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s#
#p#r#o#t#o#c#o#l#=#u#d#p# #d#s#t#-#p#o#r#t#=#1#3#5#-#1#3#9# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## D#r#o#p# #M#e#s#s#e#n#g#e#r# #W#o#rm disabled=no#add
chain=virus action=return comment=" disabled=no#add chain=input connectionstate=invalid action=drop comment=Drop invalid connections disabled=no#add
chain=input connection-state=established action=accept comment=Allow esatblished
connections disabled=no#add chain=input connection-state=related action=accept
comment=Allow related connections disabled=no#add chain=input protocol=udp
action=accept comment=Allow UDP disabled=no#add chain=input protocol=icmp
action=accept comment=Allow ICMP disabled=no#add chain=input protocol=tcp
psd=21,3s,3,1 action=add-src-to-address-list address-list=port scanners
\#address-list-timeout=2w comment=Port scanners to list disabled=no#add
chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-toaddress-list address-list=port \#scanners address-list-timeout=2w comment=NMAP
FIN Stealth scan disabled=no#add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list=port scanners \#address-listtimeout=2w comment=SYN/FIN scan disabled=no#add chain=input protocol=tcp tcpflags=syn,rst action=add-src-to-address-list address-list=port scanners
\#address-list-timeout=2w comment=SYN/RST scan disabled=no#add chain=input
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list
address-list=port \#scanners address-list-timeout=2w comment=FIN/PSH/URG scan
disabled=no#add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

action=add-src-to-address-list address-list=port scanners \#address-listtimeout=2w comment=ALL/ALL scan disabled=no#add chain=input protocol=tcp tcpflags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list addresslist=port \#scanners address-list-timeout=2w comment=NMAP NULL scan
disabled=no#/ ip firewall service-port#set ftp ports=21 disabled=yes#set tftp
ports=69 disabled=yes#set irc ports=6667 disabled=yes#set h323 disabled=yes#set
quake3 disabled=yes#set gre disabled=yes#set pptp disabled=yes#/ ip hotspot
service-port#set ftp ports=21 disabled=no#/ ip hotspot profile#set default
name=default hotspot-address=0.0.0.0 dns-name=" html-directory=hotspot ratelimit=" http-proxy=0.0.0.0:0 \#smtp-server=0.0.0.0 login-by=cookie,http-chap httpcookie-lifetime=3d split-user-domain=no use-radius=no#/ ip hotspot user profile#set
default name=default idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=1 \#transparent-proxy=yes open-status-page=always advertise=no#/ ip
dhcp-server config#set store-leases-disk=5m#/ ip ipsec proposal#add name=default
auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfsgroup=modp1024 disabled=no#/ ip web-proxy#set enabled=no
src-address=0.0.0.0 port=3128 hostname=proxy transparent-proxy=no parentproxy=0.0.0.0:0 \#cache-administrator=webmaster max-object-size=4096KiB cachedrive=system max-cache-size=none \#max-ram-cache-size=unlimited#/ ip web-proxy
access#add dst-port=23-25 action=deny comment=block telnet & spam e-mail relaying
disabled=no#/ ip web-proxy cache#add url=:cgi-bin \\? action=deny comment=dont
cache dynamic http pages disabled=no#/ system logging#add topics=info prefix="
action=memory disabled=no#add topics=error prefix=" action=memory disabled=no#add
topics=warning prefix=" action=memory disabled=no#add topics=critical prefix="
action=echo disabled=no#/ system logging action#set memory name=memory
target=memory memory-lines=100 memory-stop-on-full=no#set disk name=disk
target=disk disk-lines=100 disk-stop-on-full=no#set echo name=echo target=echo
remember=yes#set remote name=remote target=remote remote=0.0.0.0:514#/ system
upgrade mirror#set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0
check-interval=1d user="#/ system clock dst#set dst-delta=+00:00 dststart=ja##########################################################################
###################################################################################
###################################################################################
################n#/#0#1#/#1#9#7#0# #0#0#:#0#0#:#0#0#3 #d#s#t#-#e#n#d#=##
j#a#n#/#0#1#/#1#9#7#0# #0#0#:#0#0#:#0#0#3 ##/# #s#y#s#t#e#m#
#w#a#t#c#h#d#o#g###s#e#t# #r#e#b#o#o#t#-#o#n#-#f#a#i#l#u#r#e#=#y#e#s# #w#a#t#c#h##a#d#d#r#e#s#s#=#n#o#n#e# #w#a#t#c#h#d#o#g#-#t#i#m#e#r#=#y#e#s# #n#o#-#p#i#n#g##d#e#l#a#y#=#5#m# #a#u#t#o#m#a#t#i#c#-#s#u#p#o#u#t#=#y#e#s# #a#u#t#o#-#s#e#n#d##s#u#p#o#u#t#=#n#o###/# #s#y#s#t#e#m# #c#o#n#s#o#l#e###a#d#d#
#p#o#r#t#=#s#e#r#i#a#l#0# #t#e#r#m#=## "# #d#i#s#a#b#l#e#d#=#n#o###s#e#t#
#F#I#X#M#E# #t#erm=linux disabled=no#set FIXME term=linux disabled=no#set FIXME
term=linux disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME
term=linux#######################################################################
###################################################################################
###################################################################################
################### #d#i#s#a#b#l#e#d#=#n#o###/# #s#y#s#t#e#m# #c#o#n#s#o#l#e#
#s#c#r#e#e#n###s#e#t# #l#i#n#e#-#c#o#u#n#t#=#2#5###/# #s#y#s#t#e#m#
#i#d#e#n#t#i#t#y###s#e#t# #n#a#m#e#=## R#O#U#T#E#R#-#9#9#N#E#T## ##/# #s#y#s#t#e#m#
#n#o#t#e###s#e#t# #s#h#o#w#-#a#t#-#l#o#g#i#n#=#y#e#s# #n#o#t#e#=## "###/#
#p#o#r#t###s#e#t# #s#e#r#i#a#l#0# #n#a#m#e#=## s#e#r#i#a#l#0#3 #b#a#u#d##r#a#t#e#=#9#6#0#0# #d#a#t#a#-#b#i#t#s#=#8# #p#a#r#i#t#y#=#n#o#n#e# #s#t#o#p##b#i#t#s#=#1# #f#l#o#w#-#c#o#n#t#r#o#l#=#h#a#r#d#w#a#r#e###/# #p#p#p#
#p#r#ofile#set default name=default use-compression=default use-vjcompression=default use-encryption=default only-one=default \#change-tcp-mss=yes
comment="#set default-encryption name=default-encryption use-compression=default
use-vj-compression=default use-encryption=yes \#only-one=default change-tcp-mss=yes
comment="#/ ppp aaa#set use-radius=no accounting=yes interim-update=0s#/ queue

type#set default name=default kind=pfifo pfifo-limit=50#set ethernet-default

name=ethernet-default kind=pfifo pfifo-limit=50#set wireless-default
name=wireless-default kind=sfq sfq-perturb=5 sfq-allot=1514#set synchronousdefault name=synchronous-default kind=red red-limit=60 red-min-threshold=10 redmax-threshold=50 \#red-burst=20 red-avg-packet=1000#set hotspot-default
name=hotspot-default kind=sfq sfq-perturb=5 sfq-allot=1514#add name=pcqdownload kind=pcq pcq-rate=384000 pcq-limit=50 pcq-classifier=dst-address pcqtotal-limit=2000#add name=pcq-upload kind=pcq pcq-rate=64000 pcq-limit=50 pcqclassifier=src-a#d#d#r#e#s#s# #p#c#q#-#t#o#t#a#l#-#l#i#m#i#t#=#2#0#0#0###a#d#d#
#n#a#m#e#=## P#F#I#F#O#-#6#4#3 #k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o##l#i#m#i#t#=#6#4###a#d#d# #n#a#m#e#=## d#e#f#a#u#l#t#-#s#m#a#l#l##
#k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o#-#l#i#m#i#t#=#1#0###/# #q#u#e#u#e#
#s#i#m#p#l#e###a#d#d# #n#a#m#e#=## 9#9#.#n#e#t## #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#0#/#2#4# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#n#o#n#e# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\#priority=1 queue=ethernetdefault/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small
disabled=yes#add name=Server target-addresses=192.168.1.100/32 dstaddress=0.0.0.0/0 interface=all parent=99.net direction=both \#priority=8
queue=e############################################################################
###################################################################################
###################################################################################
##############t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#0#/#0# #m#a#x#-#l#i#m#i#t#=#0#/#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#n#a#m#e#=## M#e#j#a#-#1#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#2#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#n#o#n#e# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l#/#d#e#f#a#u#l#t#-#s#m#a#l#l# #l#i#m#i#t##a#t#=#0#/#0# #m#a#x#-#l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #\###d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#n#a#m#e#=## M#e#j#a#-#3#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#4#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#5#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x#-

#l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#6#3

#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#6#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#n#o#n#e# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l#/#d#e#f#a#u#l#t#-#s#m#a#l#l# #l#i#m#i#t##a#t#=#0#/#0# #m#a#x#-#l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#n#a#m#e#=## M#e#j#a#-#7#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#8#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#9#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#9#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#0#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#0#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#1#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #t#i#m#e#=#0#s#-#0#s#,# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
M#e#j#a#-#1#2#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#2#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#3#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#4#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#4#/#3#2# #d#s#t#-

#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#5#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #m#a#x##l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0# #\###t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t##s#m#a#l#l# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#6#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#0#/#0# #m#a#x#-#l#i#m#i#t#=#6#4#0#0#0#/#1#2#8#0#0#0#
#t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l#
#\###d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## M#e#j#a#-#1#7#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#0#/#9#6#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#9#6#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #\###d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#n#a#m#e#=## M#e#j#a#-#1#8#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#0#/#9#6#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#9#6#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #\###d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#n#a#m#e#=## M#e#j#a#-#1#9#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#2#9#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#a#l#l#
#p#a#r#e#n#t#=#9#9#.#n#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h# #\###p#r#i#o#r#i#t#y#=#8#
#q#u#e#u#e#=#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#/#e#t#h#e#r#n#e#t#-#d#e#f#a#u#l#t#
#l#i#m#i#t#-#a#t#=#0#/#9#6#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#9#6#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t#-#s#m#a#l#l# #\###d#i#s#abled=no#add name=Printer
target-addresses=192.168.1.26/32 dst-address=0.0.0.0/0 interface=all parent=none
direction=both \#priority=8 queue=default-small/default-small limit-at=0/0 maxlimit=0/0 total-queue=default-small disabled=no#/ queue tree#add name=ICMP
parent=global-in packet-mark=ICMP-PM limit-at=8000 queue=PFIFO-64 priority=1 maxlimit=16000 burst-limit=0 \#burst-threshold=0 burst-time=0s disabled=no#add
name=DNS parent=global-in packet-mark=DNS-PM limit-at=8000 queue=PFIFO-64
priority=1 max-limit=16000 burst-limit=0 \#burst-threshold=0 burst-time=0s
disabled=no#/ user#add name=admin group=full address=0.0.0.0/0 comment=system
default user disabled=yes#add name=areksitiung group=full address=0.0.0.0/0
comment=" disabled=no#add name=99net group=full address=0.0.0.0/0 comment="
disabled=no#/ user group#add name=read
policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!
policy#add name=write
policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy#add
name=full
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web#/
user aaa#set use-radius=no accounting=yes interim-update=0s default-group=read#/
radius incoming#set accept=no port=1700#/ driver#/ snmp#set enabled=no contact="
location="#/ snmp community#set public name=public address=0.0.0.0/0 read-

access=yes#/ tool bandwidth-server#set enabled=yes authenticate=yes allocate-udpports-from=2000 max-sessions=10#/ tool mac-server ping#set enabled=yes#/ tool email#set server=0.0.0.0 from=<>#/ tool sniffer#set interface=all only-headers=no
memory-limit=10 file-name=" file-limit=10 streaming-enabled=no streamingserver=0.0.0.0 \#filter-stream=yes filter-protocol=ip-only filteraddress1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535#/ tool graphing#set
store-every=5min#/ tool graphing queue#add simple-queue=all allow-address=0.0.0.0/0
store-on-disk=yes allow-target=yes disabled=no#/ tool graphing resource#add allowaddress=0.0.0.0/0 store-on-disk=yes disabled=no#/ tool graphing interface#add
interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no#/ routing
ospf#set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no \#redistribute-bgp=no metric-default=1
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20#/ routing ospf
area#set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import=" \#prefix-list-export=" disabled=no#/
routing bgp#set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no
redistribute-connected=no redistribute-rip=no \#redistribute-ospf=no#/ routing
rip#set redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-static=1 \#metric-connected=1 metric-ospf=1 metric-bgp=1
update-timer=30s timeout-timer=3m garbage-timer=2m#[areksitiung@ROUTER-99NET] >
Mikrotik Modem ADSL Bridge and Dial PPPoe Client On Mikrotik MMM MMM
KKK TTTTTTTTTTT KKK#MMMM MMMM
KKK TTTTTTTTTTT KKK#MMM MMMM MMM III KKK KKK
RRRRRR OOOOOO TTT III KKK KKK#MMM MM MMM III KKKKK RRR RRR
OOO OOO TTT III KKKKK#MMM MMM III KKK KKK RRRRRR OOO OOO
TTT III KKK KKK#MMM MMM III KKK KKK RRR RRR OOOOOO TTT
III KKK KKKMikroTik RouterOS 2.9.27 (c) 1999-2006 # HYPERLINK
"http://www.mikrotik.com/" #http://www.mikrotik.com/#[areksitiung@DREAMNET] >
export## mar/22/2009 19:38:44 by RouterOS 2.9.27## software id = BP3G-RUN###/
interface ethernet#set Local name=Local mtu=1500 mac-address=0E:1A:18:1A:37:E1
arp=enabled disable-running-check=yes auto-negotiation=no \#full-duplex=yes cablesettings=default speed=100Mbps comment=" disabled=no#set Public name=Public
mtu=1500 mac-address=00:EE:B1:05:BC:DB arp=enabled disable-running-check=yes autonegotiation=no \#full-duplex=yes cable-settings=default speed=100Mbps comment="
disabled=no#/ interface l2tp-server server#set enabled=no max-mtu=1460 max-mru=1460
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption#/
interface pptp-server server#set enabled=no max-mtu=1460 max-mru=1460
authentication=mschap1,mschap2 keepalive-timeout=30 \#default-profile=defaultencryption#/
i##################################################################################
###################################################################################
#########################################################n#t#e#r#f#a#c#e#
#p#p#p#o#e#-#c#l#i#e#n#t###a#d#d# #n#a#m#e#=## p#p#p#o#e#-#o#u#t#1#3 #m#a#x##m#t#u#=#1#4#8#0# #m#a#x#-#m#r#u#=#1#4#8#0# #i#n#t#e#r#f#a#c#e#=#P#u#b#l#i#c#
#u#s#e#r#=## ## #H#Y#P#E#R#L#I#N#K#
#"#m#a#i#l#t#o#:#1#1#1#4#0#1#1#0#0#2#4#5#@#t#e#l#k#o#m#.#n#e#t#"#
###1#1#1#4#0#x#x#x#x#x#x#x#@#t#e#l#k#o#m#.#n#e#t#### #p#a#s#s#w#o#r#d#=##
x#x#x#x#x#x## #\###p#r#o#f#i#l#e#=#d#e#f#a#u#l#t# #s#e#r#v#i#c#e#-#n#a#m#e#=## "#
#a#c#-#n#a#m#e#=## "# #a#d#d#-#d#e#f#a#u#l#t#-#r#o#u#t#e#=#y#e#s# #d#i#a#l#-#o#n##d#e#m#a#n#d#=#n#o#
#u#s#e#-#p#e#e#r#-#d#n#s#=#n#o#
#\###a#l#l#o#w#=#p#a#p#,#c#h#a#p#,#m#s#c#h#a#p#1#,#m#s#c#h#a#p#2#
#d#i#s#a#b#l#e#d#=#n#o###/# #i#p# #p#o#o#l###a#d#d# #n#a#m#e#=##
d#h#c#p#_#p#o#o#l#1#3 #r#a#n#g#e#s#=#1#9#2#.#1#6#8#.#1#.#2##1#9#2#.#1#6#8#.#1#.#2#5#4###/# #i#p# #a#c#c#o#u#n#t#i#n#g###s#e#t#
#e#n#a#b#l#e#d#=#n#o# #a#c#c#o#u#n#t#-#l#o#c#a#l#-#t#r#a#f#f#i#c#=#n#o#
#t#h#r#e#s#h#o#l#d#=#2#5#6###/# #i#p# #a#c#c#o#u#n#t#i#n#g# #w#e#b##a#c#c#e#s#s###s#e#t# #a#c#c#e#s#s#i#b#l#e#-#v#i#a#-#w#e#b=no address=0.0.0.0/0#/
ip service#set telnet port=23 address=0.0.0.0/0 disabled=yes#set ftp port=21

address=0.0.0.0/0 disabled=yes#set www port=7479 address=0.0.0.0/0 disabled=no#set

ssh port=1981 address=0.0.0.0/0 disabled=no#set www-ssl port=443 address=0.0.0.0/0
certificate=none disabled=yes#/ ip upnp#set enabled=no allow-disable-externalinterface=yes show-dummy-rule=yes#/ ip arp#/ ip socks#set enabled=no port=1080
connection-idle-timeout=2m max-connections=200#/ ip dns#set primarydns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cachesize=2048KiB cache-max-ttl=1w#/ ip traffic-flow#set enabled=no interfaces=all
cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s#/ ip address#add
address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Public
comment=" disabled=no#add address=192.168.1.1/24 network=192.168.1.0
broadcast=192.168.1.255 interface=Local comment=" disabled=no#/ ip proxy#set
enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximalserver-connectons=1000#/ ip proxy access#add dst-port=23-25 action=deny
comment=block telnet & spam e-mail relaying disabled=no#add src-address=0.0.0.0/0
dst-address=0.0.0.0/0 dst-port=8080 action=deny comment=" disabled=yes#/ ip
neighbor discovery#set Local discover=yes#set Public discover=yes#set pppoe-out1
discover=no#/ ip route#/ ip firewall mangle#add chain=prerouting p2p=all-p2p
action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes
comment=Prio \#P2P disabled=no#add chain=prerouting connection-mark=prio_conn_p2p
action=mark-packet new-packet-mark=prio_p2p_packet passthrough=no \#comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services \#passthrough=yes comment=Prio
Download_Services disabled=no#add chain=prerouting protocol=tcp dst-port=143
action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=993 action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=995 action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=25 action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=80 action=mark-connection new-connection-mark=prio_conn_download_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=20-21 action=mark-connection new-connectionmark=prio_conn_download_services \#passthrough=yes comment=" disabled=no#add
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=markconnection \#new-connection-mark=prio_conn_download_services passthrough=yes
comment=" disabled=no#add chain=prerouting connectionmark=prio_conn_download_services action=mark-packet new-packetmark=prio_download_packet \#passthrough=no comment=" disabled=no#add
chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connectionmark=prio_conn_ensign_services \#passthrough=yes comment=Prio Ensign_Services
disabled=no#add chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=prio_conn_ensign_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000
action=mark-connection \#new-connection-mark=prio_conn_ensign_services
passthrough=yes comment=" disabled=no#add chain=prerouting protocol=tcp dstport=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services
\#passthrough=yes comment=" disabled=no#add chain=prerouting connectionmark=prio_conn_ensign_services action=mark-packet new-packetmark=prio_ensign_packet \#passthrough=no comment=" disabled=no#add
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=markconnection \#new-connection-mark=prio_conn_user_services passthrough=yes

comment=Prio User_Request disabled=no#add chain=prerouting protocol=tcp dstport=8291 packet-size=1400-1500 action=mark-connection \#new-connectionmark=prio_conn_user_services passthrough=yes comment=" disabled=no#add
chain=prerouting connection-mark=prio_conn_user_services action=mark-packet newpacket-mark=prio_request_packet \#passthrough=no comment=" disabled=no#add
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connectionmark=prio_conn_comm_services \#passthrough=yes comment=Prio_Communication
disabled=no#add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=6660-7000 action=markconnection new-connection-mark=prio_conn_comm_services \#passthrough=yes comment="
disabled=no#add chain=prerouting protocol=ipencap action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=gre action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=ipsec-esp action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=ipsec-ah action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=ipip action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting protocol=encap action=mark-connection newconnection-mark=prio_conn_comm_services passthrough=yes \#comment="
disabled=no#add chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet new-packet-mark=prio_comm_packet \#passthrough=no comment="
disabled=no#add chain=postrouting out-interface=pppoe-out1 protocol=tcp tcpflags=syn connection-state=new packet-size=40-100 \#action=mark-connection newconnection-mark=upstream_conn passthrough=yes comment=Testing TCP Flags
disabled=no#add chain=postrouting out-interface=pppoe-out1 protocol=tcp tcpflags=rst connection-state=new packet-size=40-100 \#action=mark-connection newconnection-mark=upstream_conn passthrough=yes comment=" disabled=no#add
chain=postrouting out-interface=pppoe-out1 protocol=tcp tcp-flags=ack connectionstate=new packet-size=40-100 \#action=mark-connection new-connectionmark=upstream_conn passthrough=yes comment=" disabled=no#add chain=postrouting
out-interface=pppoe-out1 protocol=tcp tcp-flags=fin connection-state=new packetsize=40-100 \#action=mark-connection new-connection-mark=upstream_conn
passthrough=yes comment=" disabled=no#add chain=postrouting out-interface=pppoeout1 protocol=tcp tcp-flags=syn connection-state=established packet-size=40-100
\#action=mark-connection new-connection-mark=upstream_conn passthrough=yes
comment=" disabled=no#add chain=postrouting protocol=tcp connectionmark=upstream_conn action=mark-packet new-packet-mark=upstream_ack \#passthrough=no
comment=" disabled=no#add chain=prerouting src-address=192.168.1.0/24 action=markpacket new-packet-mark=upstream_ack passthrough=no comment=Up \#Traffic
disabled=no#add chain=forward src-address-list=user action=mark-connection newconnection-mark=user-conn passthrough=yes comment=Mark \#user traffic
disabled=no#add chain=output out-interface=Local dst-address-list=user action=markpacket new-packet-mark=user-conn-traffic \#passthrough=no comment="
disabled=no#add chain=forward src-address-list=kasir action=mark-connection newconnection-mark=kasir-conn passthrough=yes \#comment=Mark kasir traffic
disabled=no#add chain=forward in-interface=pppoe-out1 connection-mark=kasir-conn
src-address-list=kasir action=mark-packet \#new-packet-mark=kasir-conn-traffic

passthrough=yes comment=" disabled=no#add chain=output out-interface=Local dstaddress-list=kasir action=mark-packet new-packet-mark=kasir-conn-traffic

\#passthrough=no comment=" disabled=no#/ ip firewall nat#add chain=srcnat outinterface=pppoe-out1 action=masquerade comment=" disabled=no#add chain=dstnat
src-address=192.168.1.0/24 protocol=tcp dst-port=8000 action=redirect toports=8080 comment=webproxy \#disabled=no#add chain=dstnat srcaddress=192.168.1.0/24 protocol=tcp dst-port=8080 action=redirect to-ports=3128
comment=" \#disabled=no#add chain=dstnat src-address=192.168.1.0/24 protocol=tcp
dst-port=3128 action=redirect to-ports=8080 comment=" \#disabled=no#add
chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=9000 action=redirect
to-ports=3128 comment=" \#disabled=no#add chain=dstnat src-address=192.168.1.0/24
protocol=tcp dst-port=10000 action=redirect to-ports=3128 comment="
\#disabled=no#add chain=dstnat in-interface=Local src-address=192.168.1.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128 \#comment=block
disabled=no#/ ip firewall connection tracking#set enabled=yes tcp-syn-senttimeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-waittimeout=10s \#tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-waittimeout=10s tcp-close-timeout=10s udp-timeout=10s \#udp-stream-timeout=3m icmptimeout=10s generic-timeout=10m tcp-syncookie=no#/ ip firewall filter#add
chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop Blaster Worm
disabled=no#add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop
Messenger Worm disabled=no#add chain=virus protocol=tcp dst-port=445 action=drop
comment=Drop Blaster Worm disabled=no#add chain=virus protocol=udp dst-port=445
action=drop comment=Drop Blaster Worm disabled=no#add chain=virus ininterface=Local protocol=tcp dst-port=593 action=drop comment=Virus
disabled=no#add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork
action=accept comment=winbox disabled=no#add chain=input in-interface=Local
p2p=all-p2p action=drop comment=Drop All P2P disabled=no#add chain=for#w#a#r#d#
#s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#5# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#L#i#e#n#t# #1#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#5# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#5#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#4# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #2#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#4# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#4#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#5# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #3#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#5# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#5#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#6# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #4#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#6# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#6#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#

#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#7# #p#r#o#t#o#c#o#l#=#t#c#p#

#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #5#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#7# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#7#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#8# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #6#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#8# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#8#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#9# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #7#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#9# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#9#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#0# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #8#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#0# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#0#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#1# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #9#3 disabled=yes#add
chain=input src-address=192.168.1.11 protocol=tcp action=drop comment="
disabled=yes#add chain=output src-address=192.168.1.11 protocol=tcp action=drop
comment=" disabled=yes#add chain=forward src-address=192.168.1.12 protocol=tcp
actio##############################################################################
###################################################################################
###################################################################################
############n#=#d#r#o#p# #c#o#m#m#e#n#t#=## C#l#i#e#n#t# #1#0#3
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#i#n#p#u#t# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#2# #p#r#o#t#o#c#o#l#=#t#c#p#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d#
#c#h#a#i#n#=#o#u#t#p#u#t# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#2#
#p#r#o#t#o#c#o#l#=#t#c#p# #a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #c#h#a#i#n#=#f#o#r#w#a#r#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#68.1.99 protocol=tcp action=drop comment=Operator
disabled=yes#add chain=input src-address=192.168.1.99 protocol=tcp action=drop
comment=" disabled=yes#add chain=output src-address=192.168.1.99 protocol=tcp
action=drop comment=" disabled=yes#add chain=forward protocol=icmp icmpoptions=11:0 action=drop comment=ngeDrop Traceroute dari client disabled=no#add
chain=forward protocol=icmp icmp-options=3:3 action=drop comment=ngeDrop
Traceroute dari client disabled=no#add chain=forward out-interface=Local
protocol=tcp dst-port=8080 action=drop comment=" disabled=yes#/ ip firewall
address-list#add list=ournetwork address=192.168.1.0/24 comment=LAN Network
disabled=no#add list=speedy address=125.162.93.0/24 comment=Speedy Network
disabled=no#/ ip firewall service-port#set ftp ports=21 disabled=yes#set tftp

ports=69 disabled=yes#set irc ports=6667 disabled=yes#set h323 disabled=yes#set

quake3 disabled=yes#set gre disabled=yes#set pptp disabled=yes#/ ip hotspot
service-port#set ftp ports=21 disabled=no#/ ip hotspot profile#set default
name=default hotspot-address=0.0.0.0 dns-name=" html-directory=hotspot ratelimit=" http-proxy=0.0.0.0:0 \#smtp-server=0.0.0.0 login-by=cookie,http-chap httpcookie-lifetime=3d split-user-domain=no use-radius=no#/ ip
hotsp##############################################################################
###################################################################################
###################################################################################
############o#t# #u#s#e#r# #p#r#o#f#i#l#e###s#e#t# #d#e#f#a#u#l#t# #n#a#m#e#=##
d#e#f#a#u#l#t## #i#d#l#e#-#t#i#m#e#o#u#t#=#n#o#n#e# #k#e#e#p#a#l#i#v#e##t#i#m#e#o#u#t#=#2#m# #s#t#a#t#u#s#-#a#u#t#o#r#e#f#r#e#s#h#=#1#m# #s#h#a#r#e#d##u#s#e#r#s#=#1# #\###t#r#a#n#s#p#a#r#e#n#t#-#p#r#o#x#y#=#y#e#s# #o#p#e#n##s#t#a#t#u#s#-#p#a#g#e#=#a#l#w#a#y#s# #a#d#v#e#r#t#i#s#e#=#n#o###/# #i#p#
#d#h#c#p#-#s#e#r#v#e#r###a#d#d# #n#a#m#e#=## d#h#c#p#1#3
#i#n#t#e#r#f#a#c#e#=#L#o#c#a#l# #l#e#a#s#e#-#t#i#m#e#=#3#d# #a#d#d#r#e#s#s##p#o#o#l#=dhcp_pool1 bootp-support=static authoritative=after-2sec-delay
\#disabled=no#/ ip dhcp-server config#set store-leases-disk=5m#/ ip dhcp-server
network#add address=192.168.1.0/24 gateway=192.168.1.1 comment="#/ ip ipsec
proposal#add name=default auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no#/ ip web-proxy#set enabled=yes
src-address=0.0.0.0 port=3128 hostname=proxy.dream.net transparent-proxy=yes
parent-proxy=0.0.0.0:0 \#cache-administrator=Maintenance max-object-size=4096KiB
cache-drive=system max-cache-size=unlimited \#max-ram-cache-size=unlimited#/ ip
web-proxy access#add dst-port=23-25 action=deny comment=block telnet & spam e-mail
relaying disabled=no#add url=xxx action=deny comment=" disabled=no#add
url=porn action=deny comment=" disabled=no#add url=koncek action=deny
comment=" disabled=no#add url=sperms action=deny comment=" disabled=no#add
url=redtube.com action=deny comment=" disabled=no#add url=memek action=deny
comment=" d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=## r#a#p#e##
#a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#u#r#l#=## s#u#s#u#a#k#u## #a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=## l#a#l#a#t#x## #a#c#t#i#o#n#=#d#e#n#y#
#c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=## 1#7#t#a#h#u#n##
#a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## "# #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#u#r#l#=## t#u#b#e#8#3 #a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=#" disabled=no#add
url=duniasex.com action=deny comment=" disabled=no#add url=ninjaclock.com
action=deny comment=" disabled=no#add url=adult action=deny comment="
disabled=no#add url=sex action=deny comment=" disabled=no#add url=Hacker
action=allow comment=" disabled=no#add url=kontol action=deny comment="
disabled=no#add src-address=192.168.1.15/32 dst-port=80 url=# HYPERLINK
"http://www" #http://www# action=deny comment=Block Browsing disabled=no#add
src-address=192.168.1.4/32 dst-port=80 url=# HYPERLINK "http://www" #http://www#
action=deny comment=" disabled=no#add src-address=192.168.1.5/32 dst-port=80
url=# HYPERLINK "http://www" #http://www# action=deny comment=" disabled=no#add
src-address=192.168.1.6/32 dst-port=80 url=# HYPERLINK "http://www" #http://www#
action=deny comment=" disabled=no#add src-address=192.168.1.7/32 dst-port=80
url=# HYPERLINK "http://www" #http://www# action=deny comment=" disabled=no#add
src-address=192.168.1.8/32 dst-port=80 url=# HYPERLINK "http://www" #http://www#
action=deny comment=" disabled=no#add src-address=192.168.1.9/32 dst-port=80
url=# HYPERLINK "http://www" #http://www# action=deny comment=" disabled=no#add
src-address=192.168.1.10/32 dst-port=80 url=# HYPERLINK "http://www" #http://www#
action=deny comment=" disabled=no#add src-address=192.168.1.11/32 dst-port=80
url=# HYPERLINK "http://www" #http://www# action=deny comment=" disabled=no#add
src-address=192.168.1.12/32 dst-port=80 url=# HYPERLINK "http://www"
#http://ww#w#### #a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#1#5#/#3#2# #d#s#t#-#p#o#r#t#=#8#0# #u#r#l#=##
w#w#w## #a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## B#l#o#c#k# #B#r#o#w#s#i#n#g#2#3

#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #s#r#c##a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1#.#4#/#3#2# #d#s#t#-#p#o#r#t#=#8#0# #u#r#l#=##

w#w#w## #a#c#t#i#o#n#=#d#e#n#y# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #s#r#c#-#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#1.5/32
dst-port=80 url=www action=deny comment=" disabled=no#add srcaddress=192.168.1.6/32 dst-port=80 url=www action=deny comment=" disabled=no#add
src-address=192.168.1.7/32 dst-port=80 url=www action=deny comment="
disabled=no#add src-address=192.168.1.8/32 dst-port=80 url=www action=deny
comment=" disabled=no#add src-address=192.168.1.9/32 dst-port=80 url=www
action=deny comment=" disabled=no#add src-address=192.168.1.10/32 dst-port=80
url=www action=deny comment=" disabled=no#add src-address=192.168.1.11/32 dstport=80 url=www action=deny comment=" disabled=no#add srcaddress=192.168.1.12/32 dst-port=80 url=www action=deny comment="
disabled=no#add dst-port=8080 action=deny comment=" disabled=yes#add dst-port=80
action=deny comment=" disabled=yes#/ ip web-proxy cache#add url=:cgi-bin \\?
action=deny comment=dont cache dynamic http pages disabled=no#/ system
logging#add topics=info prefix=" action=memory disabled=no#add topics=error
prefix=" action=memory disabled=no#add topics=warning prefix=" action=memory
disabled=no#add topics=critical prefix=" action=echo disabled=no#/ system logging
action#set memory name=memory target=memory memory-lines=100 memory-stop-onfull=no#set disk name=disk target=disk disk-lines=100 disk-stop-on-full=no#set
echo name=echo target=echo remember=yes#set remote name=remote target=remote
remote=0.0.0.0:514#/ system upgrade mirror#set enabled=no primary-server=0.0.0.0
secondary-server=0.0.0.0 check-interval=1d user="#/ system clock dst##s#e#t#
#d#s#t#-#d#e#l#t#a#=#+#0#0#:#0#0# #d#s#t#-#s#t#a#r#t#=## j#a#n#/#0#1#/#1#9#7#0#
#0#0#:#0#0#:#0#0#3 #d#s#t#-#e#n#d#=## j#a#n#/#0#1#/#1#9#7#0# #0#0#:#0#0#:#0#0#3
##/# #s#y#s#t#e#m# #w#a#t#c#h#d#o#g###s#e#t# #r#e#b#o#o#t#-#o#n##f#a#i#l#u#r#e#=#y#e#s# #w#a#t#c#h#-#a#d#d#r#e#s#s#=#n#o#n#e# #w#a#t#c#h#d#o#g##t#i#m#e#r#=#y#e#s# #n#o#-#p#i#n#g#-#d#e#l#a#y#=#5#m# #a#u#t#o#m#a#t#i#c##s#u#p#o#u#t#=#y#e#s# #a#u#t#o#-#s#e#n#d#-#s#u#p#o#u#t#=#n#o###/# #s#y#s#t#e#m#
#c#o#n#s#o#l#e###a#d#d# #t#e#r#m#=## "# #d#isabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#set FIXME term=linux
disabled=no#set FIXME term=linux disabled=no#/ system console screen#set linecount=25#/ system identity#set name=DREAMNET#/ system note#set show-at-login=yes
note="#/ ppp profile#set default name=default use-compression=default use-vjcompression=default use-encryption=default only-one=default \#change-tcp-mss=yes
comment="#set default-encryption name=default-encryption use-compression=default
use-vj-compression=default use-encryption=yes \#only-one=default change-tcp-mss=yes
comment="#/ ppp aaa#set use-radius=no accounting=yes interim-update=0s#/ queue
type#set default name=default kind=pfifo pfifo-limit=50#set ethernet-default
name=ethernet-default kind=pfifo pfifo-limit=50#set wireless-default
name=wireless-default kind=sfq sfq-perturb=5 sfq-allot=1514#set synchronousdefault name=synchronous-default kind=red red-limit=60 red-min-threshold=10 redmax-threshold=50 \#red-burst=20 red-avg-packet=1000#set hotspot-default
name=hotspot-default kind=sfq sfq-perturb=5 sfq-allot=1514#add
name=PCQ_down_user kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address
pcq-total-limit=500#add name=PCQ_up_user kind=pcq pcq-rate=32000 pcq-limit=20
pcq-classifier=src-address pcq-total-limit=500#add name=PCQ_up_kasir kind=pcq
pcq-rate=0 pcq-limit=20 pcq-classifier=src-address pcq-total-limit=500#add
name=PCQ_down_kasir kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address
pcq-total-limit=500#add name=PCQ_download kind=pcq pcq-rate=0 pcq-limit=50 pcqclassifier=dst-address pcq-total-limit=2000#add
na#################################################################################
###################################################################################
###################################################################################
#########m#e#=## P#C#Q#_#u#p#l#o#a#d## #k#i#n#d#=#p#c#q# #p#c#q#-#r#a#t#e#=#0#
#p#c#q#-#l#i#m#i#t#=#5#0# #p#c#q#-#c#l#a#s#s#i#f#i#e#r#=#s#r#c#-#a#d#d#r#e#s#s#

#p#c#q#-#t#o#t#a#l#-#l#i#m#i#t#=#2#0#0#0###a#d#d# #n#a#m#e#=## P#F#I#F#O#-#6#4#3

#k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o#-#l#i#m#i#t#=#6#4###a#d#d# #n#a#m#e#=##
d#e#f#a#u#l#t#-#s#m#a#l#l## #k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o##l#i#m#i#t#=#1#0###/# #q#u#e#u#e# #s#i#m#p#l#e###a#d#d# #n#a#m#e#=##
D#r#e#a#m#N#e#t## #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#0/24 dstaddress=0.0.0.0/0 interface=Local parent=none direction=both \#priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=P2P dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=prio_p2p_packet direction=both priority=8 \#queue=defaultsmall/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
disabled=no#add name=Down_Services dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_download_packet direction=both \#priority=5
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=Ensign_Services dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_ensign_packet direction=both \#priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=User_Request dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=prio_request_packet direction=both \#priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=defaultsmall disabled=no#add name=Communication target-addresses=0.0.0.0/0 dstaddress=0.0.0.0/0 interface=all parent=none \#packet-marks=prio_comm_packet
direction=both priority=3 queue=default-small/default-small limit-at=0/0 maxlimit=0/0 \#total-queue=default-small disabled=no#add name=Operator targetaddresses=192.168.1.99/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet
direction=both \#priority=8 queue=default/default limit-at=0/64000 max##l#i#m#i#t#=#0#/#6#4#0#0#0# #t#o#t#a#l#-#q#u#e#u#e#=#d#e#f#a#u#l#t#
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## C#l#i#e#n#t#1#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#n#a#m#e#=## C#l#i#e#n#t#2#3 #t#a#r#g#e#t##a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#3#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#5#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#4#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#6#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#5#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#7#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#6#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#8#/#3#2#

#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#7#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#9#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#8#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#0#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#i#e#n#t#9#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#1#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
C#l#e#n#t#1#0#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#1#.#1#2#/#3#2#
#d#s#t#-#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#D#r#e#a#m#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#\###p#r#i#o#r#i#t#y#=#8# #q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#1#2#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#0#/#1#9#2#0#0#0# #t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###/# #q#u#e#u#e# #t#r#e#e##add
name=Total_download parent=Local packet-mark=" limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 \#burst-threshold=0 burst-time=0s
disabled=yes#add name=Total_upload parent=pppoe-out1 packet-mark=" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 \#burst-threshold=0 bursttime=0s disabled=yes#add name=User_download parent=Total_download packetmark=user-conn-traffic limit-at=0 queue=PCQ_down_user priority=1 \#max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes#add
name=Kasir_download parent=Total_download packet-mark=kasir-conn-traffic limitat=0 queue=PCQ_down_kasir priority=8 \#max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes#add name=User_upload parent=Total_upload packetmark=user-conn-traffic limit-at=0 queue=PCQ_up_user priority=1 \#max-limit=0 burstlimit=0 burst-threshold=0 burst-time=0s disabled=yes#add name=Kasir_upload
parent=Total_upload packet-mark=kasir-conn-traffic limit-at=0 queue=PCQ_up_kasir
priority=8 \#max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=yes#add name=Priorization parent=global-in packet-mark=" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 \#burst-threshold=0 bursttime=0s disabled=yes#add
name=Communication################################################################
###################################################################################
###################################################################################
##########################_#S#e#r#v#i#c#e#s#_#P#r#i#o#7#3
#p#a#r#e#n#t#=#P#r#i#o#r#i#z#a#t#i#o#n# #p#a#c#k#e#t##m#a#r#k#=#p#r#i#o#_#c#o#m#m#_#p#a#c#k#e#t# #l#i#m#i#t#-#a#t#=#0#
#q#u#e#u#e#=#d#e#f#a#u#l#t# #\###p#r#i#o#r#i#t#y#=#7# #m#a#x#-#l#i#m#i#t#=#0#
#b#u#r#s#t#-#l#i#m#i#t#=#0# #b#u#r#s#t#-#t#h#r#e#s#h#o#l#d#=#0# #b#u#r#s#t##t#i#m#e#=#0#s# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #n#a#m#e#=##
D#o#w#n#l#o#a#d#_#S#e#r#v#i#c#e#s#_#P#r#i#o#5#3
#p#a#r#e#n#t#=#P#r#i#o#r#i#z#a#t#i#o#n# #p#a#c#k#e#t##m#a#r#k#=#p#r#i#o#_#d#o#w#n#l#o#a#d#_#p#a#c#k#e#t# #l#i#m#i#t#-#a#t#=#0#
#q#u#e#u#e#=#d#e#f#a#u#l#t# #\###p#r#i#o#r#i#t#y#=#5# #m#a#x#-#l#i#m#i#t#=#0#

#b#u#r#s#t#-#l#i#m#i#t#=#0# #b#u#r#s#t#-#t#h#r#e#s#h#o#l#d#=#0# #b#u#r#s#t##t#i#m#e#=#0#s# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #n#a#m#e#=##

E#n#s#i#g#n#_#S#e#r#v#i#c#e#s#_#P#r#i#o#1#3
#p#a#r#e#n#t#=#P#r#i#o#r#i#z#a#t#i#o#n# #p#a#c#k#e#t##m#a#r#k#=#p#r#i#o#_#e#n#s#i#g#n#_#p#a#c#k#e#t# #l#i#m#i#t#-#a#t#=#0#
#q#u#e#u#e#=#d#e#f#a#u#l#t# #p#r#i#o#r#i#t#y#=#1# #\###m#a#x#-#l#i#m#i#t#=#0#
#b#u#r#s#t#-#l#i#m#i#t#=#0# #b#u#r#s#t#-#t#h#r#e#s#h#o#l#d#=#0# #b#u#r#s#t##t#i#m#e#=#0#s# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #n#a#m#e#=##
P#2#P#_#T#r#a#f#f#i#c#_#P#r#i#o#8#3 #p#a#r#e#n#t#=#P#r#i#o#r#i#z#a#t#i#o#n#
#p#a#c#k#e#t#-#m#a#r#k#=#p#r#i#o#_#p#2#p#_#p#a#c#k#e#t# #l#i#m#i#t#-#a#t#=#0#
#q#u#e#u#e#=#d#e#f#a#u#l#t# #p#r#i#o#r#i#t#y#=#8# #\###m#a#x#-#l#i#m#i#t#=#0#
#b#u#r#s#t#-#l#i#m#i#t#=#0# #b#u#r#s#t#-#t#h#r#e#s#h#o#l#d#=#0# #b#u#r#s#t##t#i#m#e#=#0#s# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #n#a#m#e#=##
U#s#e#r#_#R#e#q#u#e#s#t#_#P#r#i#o#3#3 #p#a#r#e#n#t#=#P#r#i#o#r#i#z#a#t#i#o#n#
#p#a#c#k#e#t#-#m#a#r#k#=#p#r#i#o#_#r#e#q#u#e#s#t#_#p#a#c#k#e#t# #l#i#m#i#t##a#t#=#0# #q#u#e#u#e#=#d#e#f#a#u#l#t# #p#r#i#o#r#i#t#y#=#3# #\###m#a#x##l#i#m#i#t#=#0# #b#u#r#s#t#-#l#i#m#i#t#=#0# #b#u#r#s#t#-#t#h#r#e#s#h#o#l#d#=#0#
#b#u#r#s#t#-#t#i#m#e#=#0#s# #d#i#s#a#b#l#e#d#=#y#e#s###a#d#d# #n#a#m#e#=##
T#c#p#_#a#c#k## #p#a#r#e#n#t#=#T#o#t#a#l#_#u#p#l#o#a#d# #p#a#c#k#e#t##m#a#r#k#=#u#p#s#t#r#e#a#m#_#a#c#k# #l#i#m#i#t#-#a#t#=#0#
#q#u#e#u#e#=#s#ynchronous-default priority=1 \#max-limit=0 burst-limit=0 burstthreshold=0 burst-time=0s disabled=yes#/ user#add name=admin group=full
address=0.0.0.0/0 comment=system default user disabled=yes#add name=areksitiung
group=full address=0.0.0.0/0 comment=" disabled=no#add name=rimor group=full
address=0.0.0.0/0 comment=" disabled=no#add name=ririn group=read
address=0.0.0.0/0 comment=" disabled=no#/ user group#add name=read
policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!
policy#add name=write
policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy#add
name=full
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web#/
user aaa#set use-radius=no accounting=yes interim-update=0s default-group=read#/
radius incoming#set accept=no port=1700#/ driver#/ snmp#set enabled=no contact="
location="#/ snmp community#set public name=public address=0.0.0.0/0 readaccess=yes#/ tool bandwidth-server#set enabled=yes authenticate=yes allocate-udpports-from=2000 max-sessions=10#/ tool mac-server ping#set enabled=yes#/ tool email#set server=0.0.0.0 from=<>#/ tool sniffer#set interface=all only-headers=no
memory-limit=10 file-name=" file-limit=10 streaming-enabled=no streamingserver=0.0.0.0 \#filter-stream=yes filter-protocol=ip-only filteraddress1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535#/ tool graphing#set
store-every=5min#/ tool graphing queue#add simple-queue=all allow-address=0.0.0.0/0
store-on-disk=yes allow-target=yes disabled=no#/ tool graphing resource#add allowaddress=0.0.0.0/0 store-on-disk=yes disabled=no#/ tool graphing interface#add
interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no#/ routing
ospf#set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no \#redistribute-bgp=no metric-default=1
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20#/ routing ospf
area#set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import=" \#prefix-list-export=" disabled=no#/
routing bgp#set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no
redistribute-connected=no redistribute-rip=no
\#redistribute-ospf=no#/ routing rip#set redistribute-static=no redistributeconnected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \#metricconnected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbagetimer=2m#[areksitiung@DREAMNET] >configuration speedy connection with load
balancing prolink this example internet cafe use speedy connection. this costumer
use 2 line adsl connection1.the connection using office unlimted package 384/64 up
tothe equitment we use :1. 2 adsl modem2. 1 loadbalancing machine3. 1 router pc
linux and 1 mirktoik boxa. hasil monitoring load balacingData Monitor#Time :

12:31:41Load Balance Mode : Weight round robinSession#WAN1 WAN2 WAN3 WAN4#TCP

Session 39 41 0 0#UDP Session 5 5 0 0#ICMP Session 1 2 0 0#Current Session 45 48 0
0#Accumulative Session 25094 30166 0 0Current Bandwidth#WAN1 WAN2 WAN3
WAN4#Download Speed (byte/sec) 3310 20358 0 0#Upload Speed (byte/sec) 2331 7127 0 0
Accumulative Data Counter#WAN1 WAN2 WAN3 WAN4#Usage (%) 63 36 0 0#Byte Received
(Kbytes) 938673 671939 0 0#Byte Transmitted (Kbytes) 414539 97349 0 0#Total Bytes
(Kbytes) 1353212 769288 0 0Config ShowSystem Configuration Setting
=========================================================================Firmware:
Version : TMH141-A V1023-MB2.4-ERelease Date : Dec 28 2006Printout Time : FRI JAN
02 12:35:04 1970Time Zone : GM+06:00Primary NTP IP: time.nist.govSecondary NTP :
stdtime.gov.hk=========================================================LAN status:
IP address : 192.168.1.254MAC address : 00:D0:DA:00:3B:5FMask : 255.255.255.0Dhcp
status : DisableDhcp IP Start : 192.168.1.12 - 192.168.1.20DNS IP address:
168.95.1.1=========================================================DHCPreserved IP:
MAC address IP address
=========================================================WAN status: 1.IP address :
192.168.11.100Netmask : 255.255.255.0MAC address : 00.d0.da.00.3b.60Connect To :
InterNetCurrent status: EnableHealthy Check : NoDefaultType : Static IPPrimary
DNS : 203.130.193.74Secondary DNS : 202.134.0.155GatewayAddress: 192.168.11.254
Schedule : Disable2.IP address : 192.168.12.100Netmask :
255.255.255.0MAC address : 00.d0.da.00.3b.61Connect To : InterNetCurrent status:
EnableHealthy Check : NoDefaultType : Static IPPrimary DNS : 203.130.193.74
Secondary DNS : 202.134.0.155GatewayAddress: 192.168.12.254Schedule :
Disable#Routing setup: Work mode : Basic NAT modeStatic Route :Network NetMask
Gateway Status-Dynamic Route : Status:
Disable=========================================================Routing Table:
Network NetMask Gateway0.0.0.0 0.0.0.0 192.168.12.254192.168.1.0
255.255.255.0 192.168.1.254192.168.11.0 255.255.255.0 192.168.11.100192.168.12.0
255.255.255.0 192.168.12.100
=========================================================IP Filtering: No. IP
address Port Pass/Drop status =========================================================RemoteIP Filtering: No. IP
address Status=========================================================DoS
Defense: Function Parameter Time of Lock StatusOversized Ping 32
EnablePort Scan 1000 5 EnableTCP SYN Flooding (Wan) 1000 5 EnableTCP SYN Flooding
(Lan) 1000 5 EnableICMP Flooding (Wan) 1000 5 EnableICMP Flooding (Lan) 1000 5
EnableUDP Flooding (Wan) 1000 5 EnableUDP Flooding (Lan) 1000 5 Enable
=========================================================ALG: Options Status
Ipsec Pass Through (Port 500) DisablePPTP Pass Through (Port
1723) DisableVOIP Pass Through Disable
=========================================================Virtual Server: ID
Global_Port Local_Port Local_IP_address Status
Group: StartPort EndPort Local_IP_address TCP/UDP Status
=========================================================MultiDMZ Host: No. DMZ_Host_IP_address IP_address_from_ISP Status
Dynamic-IP-DMZ: Wan HOST_IP_address Status-1 0.0.0.0
Disable2 0.0.0.0 Disable3 0.0.0.0 Disable4 0.0.0.0 Disable
=========================================================Multi-NAT: No
LAN_IP_address NetMask Wan_IP Wan_No
=========================================================Load Balance: Weight Round
RobinWan 1: 1Wan 2: 1Wan 3: 1Wan 4: 1
=========================================================Dynamic DNS: Status :
Disable=========================================================Proxy Server:
Status: Disable=========================================================Mail
Alert : Status: Disable=========================================================URL
Filtering : Status: Disable
=========================================================ThroughputControl : Wan
DownLoad(kbits/s) UpLoad(kbits/s) Port Usage% Status1. 384 64
2. 384 64 80 60 Enable25 1 Enable21 30 Enable3128 30 Enable8080

30 Enable3. 0 04. 0 0
=========================================================WAN CONTROL:Special :
StartPort EndPort Select-WAN StatusApplication -1000 3000 Wan1 Enable
3000 3028 Wan1 Enable3128 3128 Wan2 Enable3129 8079 Wan1 Enable8080 8080 Wan2
Enable8081 40000 Wan1 Enable0 80 Wan2 Enable21 21 Wan2 Enable6000 7000 Wan1 Enable
IP binding : No Start-Remote-IP End-Remote-IP StartPort EndPort
Select-WAN Status-1. 0.0.0.0 0.0.0.0 1000 3000 Wan1 Enable
2. 0.0.0.0 0.0.0.0 3000 3028 Wan1 Enable3. 0.0.0.0 0.0.0.0 3128 3128 Wan2 Enable4.
0.0.0.0 0.0.0.0 3129 8079 Wan1 Enable5. 0.0.0.0 0.0.0.0 8080 8080 Wan2 Enable6.
0.0.0.0 0.0.0.0 8081 40000 Wan1 Enable7. 0.0.0.0 0.0.0.0 0 80 Wan2 Enable8. 0.0.0.0
0.0.0.0 21 21 Wan2 Enable9. 0.0.0.0 0.0.0.0 6000 7000 Wan1 Enable
Special IP : Start-IP-Address End-IP-Address WAN Status
Assignment =========================================================
QoS IP Control: Local_IP_address DownLoad(kbits) UpLoad(kbits) Wan-Apply Min/Max
Status
=========================================================Remote Control: Status:
Disable=========================================================MAC IP binding:
Status: Disable
========================================================================#b.
mikrotik configuration## jan/26/2008 20:00:05 by RouterOS 2.9.27## software id =
IMAX-IAN###/ interface ethernet#set Public name=Public mtu=1500 macaddress=00:19:21:5E:E4:9D arp=enabled \#disable-running-check=yes autonegotiation=yes full-duplex=yes \#cable-settings=default speed=100Mbps comment="
disabled=no#set Local name=Local mtu=1500 mac-address=00:1C:F0:5C:BA:5F
arp=enabled \#disable-ru#n#n#i#n#g#-#c#h#e#c#k#=#y#e#s# #a#u#t#o##n#e#g#o#t#i#a#t#i#o#n#=#y#e#s# #f#u#l#l#-#d#u#p#l#e#x#=#y#e#s# #\###c#a#b#l#e##s#e#t#t#i#n#g#s#=#d#e#f#a#u#l#t# #s#p#e#e#d#=#1#0#0#M#b#p#s# #c#o#m#m#e#n#t#=## "#
#d#i#s#a#b#l#e#d#=#n#o###/# #i#p# #p#o#o#l###a#d#d# #n#a#m#e#=##
d#h#c#p#_#p#o#o#l#1#3 #r#a#n#g#e#s#=#1#9#2#.#1#6#8#.#0#.#1##1#9#2#.#1#6#8#.#0#.#2#9##/# #i#p# #d#n#s###s#e#t# #p#r#i#m#a#r#y##d#n#s#=#2#0#3#.#1#3#0#.#1#9#3#.#7#4# #s#e#c#o#n#d#a#r#y##d#n#s#=#2#0#2#.#1#3#4#.#0#.#1#5#5# #\###a#l#l#o#w#-#remote-requests=yes cachesize=2048KiB cache-max-ttl=1w#/ ip address#add address=192.168.0.30/27
network=192.168.0.0 broadcast=192.168.0.31 \#interface=Local comment="
disabled=no#add address=192.168.1.2/24 network=192.168.1.0
broadcast=192.168.1.255 \#interface=Public comment=" disabled=no#/ ip route#add
dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=255 target-scope=10 \#comment="
disabled=no#/ ip firewall mangle#add chain=prerouting src-address=192.168.0.0/27
protocol=icmp \#action=mark-connection new-connection-mark=ICMP-CM
passthrough=yes \#comment=ToS disabled=no#add chain=prerouting connectionmark=ICMP-CM action=mark-packet \#new-packet-mark=ICMP-PM passthrough=yes
comment=" disabled=no#add chain=prerouting packet-mark=ICMP-PM action=change-tos
new-tos=min-delay \#comment=" disabled=no#add chain=prerouting srcaddress=192.168.0.0/27 protocol=tcp dst-port=53 \#action=mark-connection newconnection-mark=DNS-CM passthrough=yes \#comment=" disabled=no#add
chain=prerouting src-address=192.168.0.0/27 protocol=udp dst-port=53 \#action=markconnection new-connection-mark=DNS-CM passthrough=yes \#comment=" disabled=no#add
chain=prerouting connection-mark=DNS-CM action=mark-packet \#new-packet-mark=DNS-PM
passthrough=yes comment=" disabled=no#add chain=prerouting packet-mark=DNS-PM
action=change-tos new-tos=min-delay \#comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=80 action=mark-connection \#new-connection-mark=http_conn
passthrough=yes comment=Services \#disabled=no#add chain=prerouting protocol=tcp
dst-port=443 action=mark-connection \#new-connection-mark=http_conn passthrough=yes
comment=" disabled=no#add chain=prerouting protocol=tcp dst-port=8080 action=markconnection \#new-connection-mark=http_conn passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=3128 action=markconnection \#new-connection-mark=http_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=http_conn action=mark-packet
\#new-packet-mark=http passthrough=no comment=" disabled=no#add chain=prerouting

protocol=tcp dst-port=5050-5061 action=mark-connection \#new-connectionmark=ym_conn passthrough=yes comment=" disabled=no#add chain=prerouting

connection-mark=ym_conn action=mark-packet \#new-packet-mark=ym passthrough=no
comment=" disabled=no#add chain=prerouting protocol=udp dst-port=27015
action=mark-connection \#new-connection-mark=cs_conn
passthrough=yes comment=" disabled=no#add chain=prerouting connectionmark=cs_conn action=mark-packet \#new-packet-mark=cs passthrough=no comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=6667-7000 action=markconnection \#new-connection-mark=irc_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=irc_conn action=mark-packet \#newpacket-mark=irc passthrough=no comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=8291 action=mark-connection \#new-connection-mark=mt_conn
passthrough=yes comment=" disabled=no#add chain=prerouting connection-mark=mt_conn
action=mark-packet \#new-packet-mark=mt passthrough=no comment=" disabled=no#add
chain=prerouting protocol=tcp dst-port=110 action=mark-connection \#new-connectionmark=email_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=25 action=mark-connection \#new-connection-mark=email_conn
passthrough=yes comment=" disabled=no#add chain=prerouting connectionmark=email_conn action=mark-packet \#new-packet-mark=email passthrough=no
comment=" disabled=no#add chain=prerouting protocol=tcp dst-port=22 action=markconnection \#new-connection-mark=ssh_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=ssh_conn action=mark-packet \#newpacket-mark=ssh passthrough=no comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=500-3127 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=3129-6665 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=7001-65535 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=udp dst-port=500-3127 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=udp dst-port=3129-6665 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
protocol=udp dst-port=7001-65535 action=mark-connection \#new-connectionmark=games_conn passthrough=yes comment=" disabled=no#add chain=prerouting
connection-mark=games_conn action=mark-packet \#new-packet-mark=games
passthrough=no comment=" disabled=no#add chain=prerouting srcaddress=192.168.0.0/27 action=mark-packet \#new-packet-mark=Naik passthrough=no
comment=Up Traffic disabled=no#add chain=forward src-address=192.168.0.0/27
action=mark-connection \#new-connection-mark=Koneksi passthrough=yes comment=ConnMark \#disabled=no#add chain=forward in-interface=Public connectionmark=Koneksi \#action=mark-packet new-packet-mark=Turun passthrough=no
\#comment=Down-Direct Connection disabled=no#add chain=output out-interface=Local
dst-address=192.168.0.0/27 \#action=mark-packet new-packet-mark=Turun
passthrough=no comment=Down-Via \#Proxy disabled=no#/ ip firewall nat#add
chain=srcnat out-interface=Public action=masquerade comment=Nat \#disabled=no#add
chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=80 \#action=redirect
to-ports=8080 comment=Tanpa proxy Linux disabled=no#add chain=dstnat srcaddress=192.168.0.0/27 protocol=tcp dst-port=3128 \#action=redirect to-ports=8080
comment=" disabled=no#add chain=dstnat src-address=192.168.0.0/27 protocol=tcp
dst-port=8080 \#action=redirect to-ports=8080 comment=" disabled=no#/ ip firewall
connection tracking#set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-receivedtimeout=5s \#tcp-established-timeout=1d tcp-fin-wait-timeout=10s \#tcp-close-waittimeout=10s tcp-last-ack-timeout=10s \#tcp-time-wait-timeout=10s tcp-closetimeout=10s udp-timeout=10s \#udp-stream-timeout=3m icmp-timeout=10s generictimeout=10m \#tcp-syncookie=no#/ ip firewall filter#add chain=input connectionstate=invalid action=drop comment=Drop invalid \#connections disabled=no#add
chain=input connection-state=established action=accept comment=Allow \#esatblished
connections disabled=no#add chain=input connection-state=related action=accept

comment=Allow related \#connections disabled=no#add chain=input protocol=udp

action=accept comment=Allow UDP disabled=no#add chain=input protocol=icmp
action=accept comment=Allow ICMP disabled=no#add chain=input in-interface=!Public
action=accept comment=Allow connection \#to router from local network
disabled=no#add chain=input action=drop comment=Drop everything else
disabled=no#add chain=input protocol=tcp dst-port=1337 action=add-src-to-addresslist \#address-list=knock address-list-timeout=15s comment=" disabled=no#add
chain=input protocol=tcp dst-port=7331 src-address-list=knock \#action=add-src-toaddress-list address-list=safe address-list-timeout=15m \#comment="
disabled=no#add chain=input connection-state=established action=accept
comment=accept \#established connection packets disabled=no#add chain=input
connection-state=related action=accept comment=accept related \#connection
packets disabled=no#add chain=input connection-state=invalid action=drop
comment=drop invalid \#packets disabled=no#add chain=input protocol=tcp
psd=21,3s,3,1 action=drop comment=detect and \#drop port scan connections
disabled=no#add chain=input protocol=tcp connection-limit=3,32 src-addresslist=black_list \#action=tarpit comment=suppress DoS attack disabled=no#add
chain=input protocol=tcp connection-limit=10,32 \#action=add-src-to-address-list
address-list=black_list \#address-list-timeout=1d comment=detect DoS attack
disabled=no#add chain=input protocol=icmp action=jump jump-target=ICMP
comment=jump to \#chain ICMP disabled=no#add chain=input action=jump jumptarget=services comment=jump to chain \#services disabled=no#add chain=input dstaddress-type=broadcast action=accept comment=Allow \#Broadcast Traffic
disabled=no#add chain=input action=log log-prefix=Filter: comment="
disabled=no#add chain=input action=accept comment=Allow access to router from
known \#network disabled=no#add chain=input src-address=192.168.0.0/27
action=accept comment=" \#disabled=no#add chain=input src-address=192.168.1.0/24
action=accept comment=" \#disabled=no#add chain=input src-address=63.219.6.0/24
action=accept comment=" disabled=no#add chain=input src-address=125.0.0.0/8
action=accept comment=" disabled=no#add chain=input action=drop comment=drop
everything else disabled=no#add chain=ICMP protocol=icmp icmp-options=0:0-255
limit=5,5 action=accept \#comment=0:0 and limit for 5pac/s disabled=no#add
chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \#comment=3:3
and limit for 5pac/s disabled=no#add chain=ICMP protocol=icmp icmp-options=3:4
limit=5,5 action=accept \#comment=3:4 and limit for 5pac/s disabled=no#add
chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept
\#comment=8:0 and limit for 5pac/s disabled=no#add chain=ICMP protocol=icmp icmpoptions=11:0-255 limit=5,5 action=accept \#comment=11:0 and limit for 5pac/s
disabled=no#add chain=ICMP protocol=icmp action=drop comment=Drop everything else
\#disabled=no#add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-addresslist \#address-list=port scanners address-list-timeout=2w comment=Port
\#scanners to list disabled=no#add chain=input protocol=tcp tcp-flags=fin,!syn,!
rst,!psh,!ack,!urg \#action=add-src-to-address-list address-list=port scanners
\#address-list-timeout=2w comment=NMAP FIN Stealth scan disabled=no#add
chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
\#address-list=port scanners address-list-timeout=2w comment=SYN/FIN \#scan
disabled=no#add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-toaddress-list \#address-list=port scanners address-list-timeout=2w
comment=SYN/RST \#scan disabled=no#add chain=input protocol=tcp tcpflags=fin,psh,urg,!syn,!rst,!ack \#action=add-src-to-address-list addresslist=port scanners \#address-list-timeout=2w comment=FIN/PSH/URG scan
disabled=no#add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
\#action=add-src-to-address-list address-list=port scanners \#address-listtimeout=2w comment=ALL/ALL scan disabled=no#add chain=input protocol=tcp tcpflags=!fin,!syn,!rst,!psh,!ack,!urg \#action=add-src-to-address-list addresslist=port scanners \#address-list-timeout=2w comment=NMAP NULL scan
disabled=no#add chain=input src-address-list=port scanners action=drop
comment=dropping \#port scanners disabled=no#add chain=forward connectionstate=established action=accept comment=allow \#established connections

disabled=no#add chain=forward connection-state=related action=accept comment=allow

\#related connections disabled=no#add chain=forward connection-state=invalid
action=drop comment=drop invalid \#connections disabled=no#add chain=virus
protocol=tcp dst-port=135-139 action=drop comment=Drop \#Blaster Worm
disabled=no#add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop
\#Messenger Worm disabled=no#add chain=virus protocol=tcp dst-port=445 action=drop
comment=Drop Blaster \#Worm disabled=no#add chain=virus protocol=udp dst-port=445
action=drop comment=Drop Blaster \#Worm disabled=no#add chain=virus protocol=tcp
dst-port=593 action=drop comment=________ \#disabled=no#add chain=virus
protocol=tcp dst-port=1024-1030 action=drop comment=________ \#disabled=no#add
chain=virus protocol=tcp dst-port=1080 action=drop comment=Drop MyDoom
\#disabled=no#add chain=virus protocol=tcp dst-port=1214 action=drop
comment=________ \#disabled=no#add chain=virus protocol=tcp dst-port=1363
action=drop comment=ndm requester \#disabled=no#add chain=virus protocol=tcp dstport=1364 action=drop comment=ndm server \#disabled=no#add chain=virus
protocol=tcp dst-port=1368 action=drop comment=screen cast
\#disabled=no#add chain=virus protocol=tcp dst-port=1373 action=drop
comment=hromgrafx \#disabled=no#add chain=virus protocol=tcp dst-port=1377
action=drop comment=cichlid \#disabled=no#add chain=virus protocol=tcp dstport=1433-1434 action=drop comment=Worm \#disabled=no#add chain=virus
protocol=tcp dst-port=2745 action=drop comment=Bagle Virus \#disabled=no#add
chain=virus protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y
\#disabled=no#add chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop
Beagle \#disabled=no#add chain=virus protocol=tcp dst-port=2745 action=drop
comment=Drop \#Beagle.C-K disabled=no#add chain=virus protocol=tcp dst-port=3127
action=drop comment=Drop MyDoom \#disabled=no#add chain=virus protocol=tcp dstport=3410 action=drop comment=Drop Backdoor \#OptixPro disabled=no#add
chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm \#disabled=no#add
chain=virus protocol=udp dst-port=4444 action=drop comment=Worm \#disabled=no#add
chain=virus protocol=tcp dst-port=5554 action=drop comment=Drop Sasser
\#disabled=no#add chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop
Beagle.B \#disabled=no#add chain=virus protocol=tcp dst-port=9898 action=drop
comment=Drop \#Dabber.A-B disabled=no#add chain=virus protocol=tcp dst-port=10000
action=drop comment=Drop \#Dumaru.Y disabled=no#add chain=virus protocol=tcp dstport=10080 action=drop comment=Drop \#MyDoom.B disabled=no###a#d#d#
#c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#1#2#3#4#5#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## D#r#o#p# #N#e#t#B#u#s##
#\###d#i#s#a#b#l#e#d#=#n#o###a#d#d# #c#h#a#i#n#=#v#i#r#u#s#
#p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#1#7#3#0#0# #a#c#t#i#o#n#=#d#r#o#p#
#c#o#m#m#e#n#t#=## D#r#o#p# #K#u#a#n#g#2#3 #\###d#i#s#a#b#l#e#d#=#n#o###a#d#d#
#c#h#a#i#n#=#v#i#r#u#s# #p#r#o#t#o#c#o#l#=#t#c#p# #d#s#t#-#p#o#r#t#=#2#7#3#7#4#
#a#c#t#i#o#n#=#d#r#o#p# #c#o#m#m#e#n#t#=## D#r#o#p# #\#SubSeven disabled=no#add
chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop PhatBot,
\#Agobot, Gaobot disabled=no#add chain=forward action=jump jump-target=virus
comment=jump to the virus \#chain disabled=no#add chain=input connectionstate=invalid action=drop comment=Drop Invalid \#connections disabled=no#add
chain=input connection-state=established action=accept comment=Allow \#Established
connections disabled=no#add chain=input protocol=udp action=accept comment=Allow
UDP disabled=no#add chain=input protocol=icmp action=accept comment=Allow ICMP
disabled=no#add chain=input action=drop comment=Drop anything else
disabled=no#add chain=forward protocol=tcp connection-state=invalid action=drop
\#comment=drop invalid connections disabled=no#add chain=forward connectionstate=established action=accept comment=allow \#already established connections
disabled=no#add chain=forward connection-state=related action=accept comment=allow
\#related connections disabled=no#add chain=forward src-address=0.0.0.0/8
action=drop comment=" disabled=no#add chain=forward dst-address=0.0.0.0/8
action=drop comment=" disabled=no#add chain=forward src-address=127.0.0.0/8
action=drop comment=" disabled=no#add chain=forward dst-address=127.0.0.0/8
action=drop comment=" disabled=no#add chain=forward src-address=224.0.0.0/3

action=drop comment=" disabled=no#add chain=forward dst-address=224.0.0.0/3

action=drop comment=" disabled=no#add chain=forward protocol=tcp action=jump jumptarget=tcp comment=" \#disabled=no#add chain=forward protocol=udp action=jump
jump-target=udp comment=" \#disabled=no#add chain=forward protocol=icmp
action=jump jump-target=icmp comment=" \#disabled=no#add chain=tcp protocol=tcp
dst-port=69 action=drop comment=deny TFTP \#disabled=no#add chain=tcp
protocol=tcp dst-port=111 action=drop comment=deny RPC \#portmapper
disabled=no#add chain=tcp protocol=tcp dst-port=135 action=drop comment=deny
RPC \#portmapper disabled=no#add chain=tcp protocol=tcp dst-port=137-139
action=drop comment=deny NBT \#disabled=no#add chain=tcp protocol=tcp dstport=445 action=drop comment=deny cifs \#disabled=no#add chain=tcp protocol=tcp
dst-port=2049 action=drop comment=deny NFS \#disabled=no#add chain=tcp
protocol=tcp dst-port=12345-12346 action=drop comment=deny \#NetBus
disabled=no#add chain=tcp protocol=tcp dst-port=20034 action=drop comment=deny
NetBus \#disabled=no#add chain=tcp protocol=tcp dst-port=3133 action=drop
comment=deny \#BackOriffice disabled=no#add chain=tcp protocol=tcp dst-port=67-68
action=drop comment=deny DHCP \#disabled=no#add chain=udp protocol=udp dstport=69 action=drop comment=deny TFTP \#disabled=no#add chain=udp protocol=udp
dst-port=111 action=drop comment=deny PRC \#portmapper disabled=no#add chain=udp
protocol=udp dst-port=135 action=drop comment=deny PRC \#portmapper
disabled=no#add chain=udp protocol=udp dst-port=137-139 action=drop comment=deny
NBT \#disabled=no#add chain=udp protocol=udp dst-port=2049 action=drop
comment=deny NFS \#disabled=no#add chain=udp protocol=udp dst-port=3133
action=drop comment=deny \#BackOriffice disabled=no#add chain=icmp protocol=icmp
icmp-options=0:0 action=accept comment=drop \#invalid connections disabled=no#add
chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=allow
\#established connections disabled=no#add chain=icmp protocol=icmp icmpoptions=3:1 action=accept comment=allow \#already established connections
disabled=no#add chain=icmp protocol=icmp icmp-options=4:0 action=accept
comment=allow \#source quench disabled=no#add chain=icmp protocol=icmp icmpoptions=8:0 action=accept comment=allow \#echo request disabled=no#add chain=icmp
protocol=icmp icmp-options=11:0 action=accept comment=allow \#time exceed
disabled=no#add chain=icmp protocol=icmp icmp-options=12:0 action=accept
comment=allow \#parameter bad disabled=no#add chain=icmp action=drop
comment=deny all other types disabled=no#add chain=input connectionstate=established action=accept comment=Accept \#established connections
disabled=no#add chain=input connection-state=related action=accept comment=Accept
related \#connections disabled=no#add chain=input connection-state=invalid
action=drop comment=Drop invalid \#connections disabled=no#add chain=input
protocol=udp action=accept comment=UDP disabled=no#add chain=input protocol=icmp
limit=50/5s,2 action=accept comment=Allow \#limited pings disabled=no#add
chain=input protocol=icmp action=drop comment=Drop excess pings \#disabled=no#add
chain=input protocol=tcp dst-port=22 action=accept comment=SSH for secure \#shell
disabled=no#add chain=input protocol=tcp dst-port=8291 action=accept
comment=winbox \#disabled=no#add chain=input src-address=159.148.172.192/28
action=accept comment=From \#Mikrotikls network disabled=no#add chain=input srcaddress=192.168.0.0/27 action=accept comment=From our \#private LAN
disabled=no#add chain=input action=log log-prefix=DROP INPUT comment=Log
everything \#else disabled=no#add chain=tcp protocol=tcp p2p=all-p2p action=drop
comment=deny DHCP \#disabled=no#add chain=tcp src-address=192.168.0.2
protocol=tcp dst-port=3133 p2p=all-p2p \#action=drop comment=deny BackOriffice
disabled=no#/ ip firewall service-port#set ftp ports=21 disabled=no#set tftp
ports=69
disable############################################################################
###################################################################################
###################################################################################
##############d#=#y#e#s###s#e#t# #i#r#c# #p#o#r#t#s#=#6#6#6#7#
#d#i#s#a#b#l#e#d#=#n#o###s#e#t# #h#3#2#3# #d#i#s#a#b#l#e#d#=#y#e#s###s#e#t#
#q#u#a#k#e#3# #d#i#s#a#b#l#e#d#=#y#e#s###s#e#t# #g#r#e#

#d#i#s#a#b#l#e#d#=#y#e#s###s#e#t# #p#p#t#p# #d#i#s#a#b#l#e#d#=#y#e#s###/# #i#p#

#d#h#c#p#-#s#e#r#v#e#r###a#d#d# #n#a#m#e#=## d#h#c#p#1#3
#i#n#t#e#r#f#a#c#e#=#L#o#c#a#l# #l#e#a#s#e#-#t#i#m#e#=#3#d# #a#d#d#r#e#s#s##p#o#o#l#=#d#h#c#p#_#p#o#o#l#1# #\###b#o#o#t#p#-#s#u#p#p#o#r#t#=#s#t#a#t#i#c#
#a#d#d#-#a#r#p#=#y#e#s# #a#u#t#h#o#r#i#t#a#t#i#v#e#=#a#f#t#e#r#-#2#s#e#c##d#e#l#a#y# #\###d#i#s#a#b#l#e#d#=#n#o###/# #i#p# #d#h#c#p#-#s#e#r#v#e#r#
#c#o#n#f#i#g###s#e#t# #s#t#o#r#e#-#l#e#a#s#e#s#-#d#i#s#k#=#5#m###/# #i#p#
#d#h#c#p#-#s#e#r#v#e#r# #l#e#a#s#e###a#d#d#
#a#d#d#r#e#s#s#=#1#9#2#.#1#6#8#.#0#.#2#9# #m#a#c##a#d#d#r#e#s#s#=#0#0#:#1#4#:#2#A#:#8#D#:#6#6#:#D#1# #\###c#l#i#e#n#t#-#i#d#=##
1#:#0#:#1#4#:#2#a#:#8#d#:#6#6#:#d#1#3 #s#e#r#v#e#r#=#d#h#c#p#1# #c#o#m#m#e#n#t#=##
"# #d#i#s#a#b#l#e#d#=#n#o###/# #i#p# #d#h#c#p#-#s#e#r#v#e#r# #n#e#t#w#o#rk#add
address=192.168.0.0/27 gateway=192.168.0.30 \#dnsserver=192.168.1.1,203.130.193.74,202.134.0.155 comment="#/ ip ipsec proposal#add
name=default auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \#lifebytes=0
pfs-group=modp1024 disabled=no#/ ip web-proxy#set enabled=yes src-address=0.0.0.0
port=8080 \#hostname=proxy.smart.war.net.id transparent-proxy=yes \#parentproxy=0.0.0.0:0 cache-administrator=webmaster@smart.war.net.id \#max-objectsize=4096KiB cache-drive=system max-cache-size=unlimited \#max-ram-cachesize=unlimited#/ ip web-proxy access#add dst-port=23-25 action=deny comment=block
telnet & spam e-mail relaying \#disabled=no#add url=suck*** action=deny
comment=" disabled=yes#add url=nude**** action=deny comment=" disabled=yes#add
url=bugil**** action=deny comment=" disabled=yes#add url=gay*** action=deny
comment=" disabled=yes#add url=penis action=deny comment=" disabled=yes#add
url=vagina action=deny comment=" disabled=yes#add url=vagina action=deny
comment=" disabled=yes#/ ip web-proxy cache#add url=:cgi-bin \\? action=deny
comment=dont cache dynamic http pages \#disabled=no#add url=\\.exe\$
action=allow comment=" disabled=no#add url=\\.zip\$ action=allow comment="
disabled=no#add
url=\\.mpeg\$ action=allow comment=" disabled=no#add url=\\.mp3\$
action=allow comment=" disabled=no#add url=\\.avi\$ action=allow comment="
disabled=no#add url=\\.pdf\$ action=allow comment=" disabled=no#add url=\\.rar\
$ action=allow comment=" disabled=no#add url=\\.mov\$ action=allow comment="
disabled=no#add url=\\.mpg\$ action=allow comment=" disabled=no#add url=\\.dat\
$ action=allow comment=" disabled=no#add url=\\.3gp\$ action=allow comment="
disabled=no#add url=\\.jpg\$ action=allow comment=" disabled=no#add url=\\.gif\
$ action=allow comment=" disabled=no#add action=allow comment=" disabled=no#add
url=http*youtube*get_video* action=allow comment=YouTube disabled=no#add
url=http*friendster.com action=allow comment=Friendster disabled=no#add
url=http*pu.go.id action=allow comment=PU disabled=no#add url=http*detik*com
action=allow comment=Detik disabled=no#add url=http*domai.com action=allow
comment=Domai disabled=no#add url=http*nigmae.net action=allow comment=Nigmae
disabled=no#add url=http*kompas.com action=allow comment=Kompas disabled=no#add
url=http*lalatx.com action=allow comment=Lalatx disabled=no#add
url=http*yahoo.com action=allow comment=Yahoo disabled=no#add
url=http*kapanlagi.com action=allow comment=Kapanlagi disabled=no#add
url=http*plasa.com action=allow comment=Plasa disabled=no#add
url=http*kaskus.us action=allow comment=Kaskus disabled=no#add
url=http*avaxhome*org action=allow comment=Avaxhome disabled=no#add
url=www.wor#######################################################################
###################################################################################
###################################################################################
###################t#h#1#0#0#0#.#c#o#m## #a#c#t#i#o#n#=#a#l#l#o#w#
#c#o#m#m#e#n#t#=## W#o#r#t#h#1#0#0#0#3 #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=##
h#t#t#p#*#r#f#-#o#n#l#i#n#e#*#.#w#e#b#.#i#d## #a#c#t#i#o#n#=#a#l#l#o#w#
#c#o#m#m#e#n#t#=## E#r#a#m#u#s#l#i#m## #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=##
h#t#t#p#*#*#*## #a#c#t#i#o#n#=#a#l#l#o#w# #c#o#m#m#e#n#t#=## s#e#m#u#a# #h#t#t#p##
#d#i#s#a#b#l#e#d#=#n#o###a#d#d# #u#r#l#=## h#t#t#p#*#h#i#5#.#c#o#m##
#a#c#t#i#o#n#=#a#l#l#o#w# #c#o#m#m#e#n#t#=## P#U## #d#i#s#a#b#l#e#d#=no#add

action=allow comment=Allow sado alahe disabled=no#add url=:cgi-bin \\?

action=deny comment=dont cache dynamic http pages \#disabled=no#add url=cgi-bin
\\? action=deny comment=" disabled=no#/ system logging#add topics=info prefix="
action=disk disabled=no#add topics=error prefix=" action=disk disabled=no#add
topics=warning prefix=" action=disk disabled=no#add topics=critical prefix="
action=echo disabled=no#add topics=debug prefix=" action=disk disabled=no#add
topics=web-proxy prefix=" action=disk disabled=no#/ system logging action#set
memory name=memory target=memory memory-lines=100 memory-stop-on-full=no#set disk
name=disk target=disk disk-lines=100 disk-stop-on-full=no#set echo name=echo
target=echo remember=yes#set remote name=remote target=remote remote=0.0.0.0:514/
queue type#set default name=default kind=pfifo pfifo-limit=50#set ethernetdefault name=ethernet-default kind=pfifo pfifo-limit=50#set wireless-default
name=wireless-default kind=sfq sfq-perturb=5 \#sfq-allot=1514#set synchronousdefault name=synchronous-default kind=red red-limit=60 \#red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000#set hotspot-default
name=hotspot-default kind=sfq sfq-perturb=5 \#sfq-allot=1514#add
name=P############################################################################
###################################################################################
###################################################################################
##############F#I#F#O#-#6#4#3 #k#i#n#d#=#p#f#i#f#o# #p#f#i#f#o##l#i#m#i#t#=#6#4###a#d#d# #n#a#m#e#=## p#c#q#-#d#o#w#n#l#o#a#d## #k#i#n#d#=#p#c#q#
#p#c#q#-#r#a#t#e#=#3#8#4#0#0#0# #p#c#q#-#l#i#m#i#t#=#5#0# #\###p#c#q##c#l#a#s#s#i#f#i#e#r#=#d#s#t#-#a#d#d#r#e#s#s# #p#c#q#-#t#o#t#a#l##l#i#m#i#t#=#2#0#0#0###a#d#d# #n#a#m#e#=## p#c#q#-#u#p#l#o#a#d## #k#i#n#d#=#p#c#q#
#p#c#q#-#r#a#t#e#=#6#4#0#0#0# #p#c#q#-#l#i#m#i#t#=#5#0# #\###p#c#q##c#l#a#s#s#i#f#i#e#r#=#s#r#c#-#a#d#d#r#e#s#s# #p#c#q#-#t#o#t#a#l##l#i#m#i#t#=#2#0#0#0###add name=default-small kind=pfifo pfifo-limit=10#/ queue
simple#add name=Smart.Net target-addresses=192.168.0.0/27 dstaddress=0.0.0.0/0 \#interface=Local parent=none direction=both priority=1
\#queue=ethernet-default/ethernet-default limit-at=0/512000 \#max-limit=0/512000
total-queue=default disabled=no#add name=Kasir target-addresses=192.168.0.29/32
dst-address=0.0.0.0/0 \#interface=Local parent=Smart.Net direction=both
priority=8 \#queue=default/default limit-at=0/8000 max-limit=16000/48000 \#total#q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#1#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#2#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#3#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#4#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#5#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#5#/#3#2# #d#s#t#-

#a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#6#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#6#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#7#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#8#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 0#9#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#9#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#0#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#0#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#1#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=##
1#2#3 #t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#3#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#4#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#5#3

#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#

#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#6#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#6#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#7#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#8#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 1#9#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#1#9#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#0#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#0#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#1#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#1#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#2#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#2#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#3#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#3#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#4#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#4#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l#-

#q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#5#3

#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#5#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#7#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#7#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#8#3
#t#a#r#g#e#t#-#a#d#d#r#e#s#s#e#s#=#1#9#2#.#1#6#8#.#0#.#2#8#/#3#2# #d#s#t##a#d#d#r#e#s#s#=#0#.#0#.#0#.#0#/#0# #\###i#n#t#e#r#f#a#c#e#=#L#o#c#a#l#
#p#a#r#e#n#t#=#S#m#a#r#t#.#N#e#t# #d#i#r#e#c#t#i#o#n#=#b#o#t#h#
#p#r#i#o#r#i#t#y#=#1# #\###q#u#e#u#e#=#d#e#f#a#u#l#t#/#d#e#f#a#u#l#t# #l#i#m#i#t##a#t#=#0#/#8#0#0#0# #m#a#x#-#l#i#m#i#t#=#1#6#0#0#0#/#4#8#0#0#0# #\###t#o#t#a#l##q#u#e#u#e#=#d#e#f#a#u#l#t# #d#i#s#a#b#l#e#d#=#n#o###a#d#d# #n#a#m#e#=## 2#6#3
#t#a#r#g#e#t#-#a#d#d#resses=192.168.0.26/32 dst-address=0.0.0.0/0 \#interface=Local
parent=Smart.Net direction=both priority=1 \#queue=default/default limit-at=0/8000
max-limit=16000/48000 \#total-queue=default disabled=no#/ queue tree#add
name=ICMP parent=global-in packet-mark=ICMP-PM limit-at=8000 \#queue=PFIFO-64
priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \#burst-time=0s
disabled=no#add name=DNS parent=global-in packet-mark=DNS-PM limit-at=8000
\#queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
\#burst-time=0s disabled=no#add name=downstream parent=Local packet-mark=Turun
limit-at=0 \#queue=pcq-download priority=1 max-limit=0 burst-limit=0 burstthreshold=0 \#burst-time=0s disabled=no#add name=upstream parent=global-in
packet-mark=Naik limit-at=0 \#queue=pcq-upload priority=1 max-limit=0 burst-limit=0
burst-threshold=0 \#burst-time=0s disabled=no#/ system identity#set
name=Smart.net#c. linux router configuration # HYPERLINK
"http://harrychanputra.web.id/?p=484" #Simple sample Prolink Load Balancing
Cryptone.Net# # HYPERLINK "http://harrychanputra.web.id/?p=479" #Free BSD Router
with PPPOE Dial# Planning Internet Cafe With Speedy internet Connection Using PC
LINUX and router MikrotikNetwork Schema 192.168.1.2/29Modem 4 Port -Mikrotik
Hub-Client 192.168.0.0/24192.168.1.1/29 192.168.0.254/24Linux
proxy#192.168.1.3/29A. Router Mikrotik Configurationa. Interface/ interface
ethernet#set Local name=Local mtu=1500 mac-address=00:50:DA:5F:AB:16
arp=enabled \#disable-running-check=yes auto-negotiation=yes full-duplex=yes
\#cable-settings=default speed=100Mbps comment=" disabled=no#set Public
name=Public mtu=1500 mac-address=00:A0:D2:11:C2:79 arp=enabled \#disable-runningcheck=yes auto-negotiation=yes full-duplex=yes \#cable-settings=default
speed=100Mbps comment=" disabled=nob. ARP/ ip arp#add address=192.168.0.7 macaddress=00:19:21:14:4A:E7 interface=Local \#comment=" disabled=no#add
address=192.168.0.4 mac-address=00:E0:4D:2F:81:6E interface=Local \#comment="
disabled=no#add address=192.168.0.1 mac-address=00:1B:B9:57:79:75
interface=Local \#comment=" disabled=no#add address=192.168.0.6 macaddress=00:E0:4D:2F:4D:F3 interface=Local \#comment=" disabled=no#add
address=192.168.0.11 mac-address=00:1B:B9:57:7E:31 interface=Local \#comment="
disabled=no#add address=192.168.0.2 mac-address=00:E0:4D:2F:81:6D
interface=Local \#comment=" disabled=no#add address=192.168.0.5 macaddress=00:19:21:DD:90:F4 interface=Local \#comment=" disabled=no#add
address=192.168.0.10 mac-address=00:1B:B9:95:EB:6D interface=Local \#comment="
disabled=no#add
address=192.168.0.253 mac-address=00:1A:92:56:79:5E interface=Local \#comment="
disabled=no#add address=192.168.1.1 mac-address=00:18:6E:CA:4F:2E
interface=Public \#comment=" disabled=no#add address=192.168.1.3 macaddress=00:1B:11:66:2A:69 interface=Public \#comment=" disabled=no#c. DNS ISP#/ ip

dns#set primary-dns=192.168.1.3 secondary-dns=202.134.0.155 \#allow-remoterequests=yes cache-size=2048KiB cache-max-ttl=1wd. IP address/ ip address#add

address=192.168.1.2/29 network=192.168.1.0 broadcast=192.168.1.7 \#interface=Public
comment=" disabled=no#add address=192.168.0.254/24 network=192.168.0.0
broadcast=192.168.0.255 \#interface=Local comment=" disabled=noe. Mangle/ ip
firewall mangle#add chain=prerouting src-address=192.168.0.0/24 protocol=icmp
\#action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
\#comment=ToS disabled=no#add chain=prerouting connection-mark=ICMP-CM
action=mark-packet \#new-packet-mark=ICMP-PM passthrough=yes comment="
disabled=no#add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=mindelay \#comment=" disabled=no#add chain=prerouting src-address=192.168.0.0/24
protocol=tcp dst-port=53 \#action=mark-connection new-connection-mark=DNS-CM
passthrough=yes \#comment=" disabled=no#add chain=prerouting srcaddress=192.168.0.0/24 protocol=udp dst-port=53 \#action=mark-connection newconnection-mark=DNS-CM passthrough=yes \#comment=" disabled=no#add
chain=prerouting connection-mark=DNS-CM action=mark-packet \#new-packet-mark=DNS-PM
passthrough=yes comment=" disabled=no#add chain=prerouting packet-mark=DNS-PM
action=change-tos new-tos=min-delay \#comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=80 action=mark-connection \#new-connection-mark=http_conn
passthrough=yes comment=Services \#disabled=no#add chain=prerouting protocol=tcp
dst-port=443 action=mark-connection \#new-connection-mark=http_conn passthrough=yes
comment=" disabled=no#add chain=prerouting protocol=tcp dst-port=8080 action=markconnection \#new-connection-mark=http_conn passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=3128 action=markconnection \#new-connection-mark=http_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=http_conn action=mark-packet
\#new-packet-mark=http passthrough=no comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=5050-5061 action=mark-connection \#new-connectionmark=ym_conn passthrough=yes comment=" disabled=no#add chain=prerouting
connection-mark=ym_conn action=mark-packet \#new-packet-mark=ym passthrough=no
comment=" disabled=no#add chain=prerouting protocol=udp dst-port=27015
action=mark-connection \#new-connection-mark=cs_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=cs_conn action=mark-packet \#newpacket-mark=cs passthrough=no comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=6667-7000 action=mark-connection \#new-connectionmark=irc_conn passthrough=yes comment=" disabled=no#add chain=prerouting
connection-mark=irc_conn action=mark-packet \#new-packet-mark=irc passthrough=no
comment=" disabled=no#add chain=prerouting protocol=tcp dst-port=8291 action=markconnection \#new-connection-mark=mt_conn passthrough=yes comment=" disabled=no#add
chain=prerouting connection-mark=mt_conn action=mark-packet \#new-packet-mark=mt
passthrough=no comment=" disabled=no#add chain=prerouting protocol=tcp dstport=110 action=mark-connection \#new-connection-mark=email_conn passthrough=yes
comment=" disabled=no#add chain=prerouting protocol=tcp dst-port=25 action=markconnection \#new-connection-mark=email_conn passthrough=yes comment="
disabled=no#add chain=prerouting connection-mark=email_conn action=mark-packet
\#new-packet-mark=email passthrough=no comment=" disabled=no#add chain=prerouting
protocol=tcp dst-port=22 action=mark-connection \#new-connection-mark=ssh_conn
passthrough=yes comment=" disabled=no#add chain=prerouting connectionmark=ssh_conn action=mark-packet \#new-packet-mark=ssh passthrough=no comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=500-3127 action=markconnection \#new-connection-mark=games_conn passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=3129-6665 action=markconnection \#new-connection-mark=games_conn passthrough=yes comment="
disabled=no#add chain=prerouting protocol=tcp dst-port=70016##################################################################################
###N###P###t###&
##(
##?
##@

##B
########r

##t

##p##r##################################j###l###############

################################O###Q###################!
###x###z###############{###}###T###V##################$###
%######!
#h#n#5#B*#OJ##QJ##\#^J##ph######h#n#B*#OJ##QJ##^J##ph######h#n#0J(#B*#OJ##QJ##
^J##ph####
%#h#n#0J(#5#B*#OJ##QJ##\#^J##ph######h#n##&#h#n#5#B*#CJ##OJ##QJ##^J##aJ##ph##
##A####N###P####*###8###8###8##?
8##[E##\E##wE##E##E###F##RF##xF##F##G###H##WH##H##bJ##K##L##/N##VP###S##V##
V##Z##################$#################T##$########$########$##
######$##W###U##$########$########$########$########$#####
###$########$########$########$########$########$########$
########$########$########$#######$########$#####
##$#####

##$#####

##$########$########$###########3####################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
#################################################################
%###q###r########################
###

###&###)###########################%###&###'###)#######################!
###n###p###########################A ##B ## ## ## ## ## ## ## ##
## ## ###!###!##+!##-!##!##!##!##!
##

#####h#n#0J)#OJ##QJ#######j########h#n#U###
#h#n####j#####h#n#U####h#n#B*#OJ##QJ##^J##ph######h#n#0J(#B*#OJ##QJ##^J##ph####
!#h#n#5#B*#OJ##QJ##\#^J##ph####%#h#n#0J(#5#B*#OJ##QJ##\#^J##ph#####=!###"##
"##7"##8"##`"##a"##"##"##"##"##"##"##"##"##"############
$###$##5$##6$##p$##q$##$##$##$##$##$##$##,%##-%##S%##T%##%##%##%##%##
%##
%##/&##0&##l&##n&##&##&##&##&##&##&##)'##*'##]'##^'##'##'##'##'##'##'##
'##'##1(##2(##]
(##^(##(##(##(##(##(##(###)###)##2)##4)##X)##Y)##)##)###*###*###*##$*##I*##
J*##d*##e*##*##
###h#n#B*#OJ##QJ##^J##ph######h#n#0J(#B*#OJ##QJ##^J##ph###
##Y*##*##*##*##*##*##*##*##*##*##*##*##/
+##0+##W+##X+##+##+##+##+##+##+##
,##

,##F,##H,##,##,##C-##D-##X-##Y-##q-##s-##-##-##-##-##-####*.##+.##C.##E.##O/##P/##/##/##/##/##/##/##
0###0##

0###0###0##?0##@0##0##0##0##0##(1##*1##1##1###2##
2##\2##]2##2##2##2##2##2##2##
##h#n#0J)#OJ##QJ#######j#######h#n#U####h#n####j#
####h#n#U####h#n#0J(#B*#OJ##QJ##^J##ph######h#n#B*#OJ##QJ##^J##ph#####L2###3###
3##>3##?3##P3##Q3##3##3##3##3###4##
4##o4##q4##4##4##4##4##4##4##4##4##4##4##4##$5##
%5##]5##^5##5##5##5##5##"6###6##56##76##N6##O6##P6##6##6##6##6##6##6##6#
#6###7###7###7##N7##O7##P7##Q7##R7##7##7##7##7##7##7##
########j#######h#n#U######j#######h#n#
U######j#######h#n#U####h#n#0J)#OJ##QJ#######j>#######h#n#U####h#n####j#####
h#n#U####h#n#B*#OJ##QJ##^J##ph######h#n#0J(#B*#OJ##QJ##^J##ph#####>7##7##7##
7##7##7###8###8###8##?
8##V##V##V##V##V##V##V##[##[##s##s##^z##_z##z##z##z##
{##
{###{##@{##{##{##{##}##}##E##F##~##~t~ft~t########
#########j5
###h#n#OJ##QJ##U##^J####h#n#OJ##QJ##^J#####h#n#0J*#OJ##QJ##^J#######j

#######h#n#U##$#j#####h#n#B*#OJ##QJ##U##^J##ph#######h#n#B*#ph########j########
h#n#U##)#h#n#5#B*#CJ##OJ##QJ##\#^J##aJ##ph######h#n#0J)#OJ##QJ#######jF######
#h#n#U####h#n####j#####h#n#U####h#n#B*#OJ##QJ##^J##ph#####
%Z##Z##[##[##^##_##_##`##|b##id##Je##e##6f##,i##hm##Rq##"r###r##$r##
%r##&r##'r##(r##)r##r##%s##ys##s######$########$########$#####
##$########$########$########$########$########$########$#
#######$########$####################################################
####$########$########$########$########$########$########
$########$########$########$########$###################3###3##
#^##3#
&##F############s##

t###t##t##u##,v##v##w##?x##x##y###z##^z###{###{##
{##@{##g{##{##{##{##{###|##|
##+}######$########$########$########$########$########$###
#####$########$########$########$########$########$#######
#$#########$########$########$########$########$########$##
######$##
%T,#####$########$########$########$#########################
&##F#####
&##F########
&##F########
&##F##########
##
###g###X#^X###3###+}##}##}##~#######
#####=##>##X##x###### #####)
##P##w##y##{####D##########
####$########$########$########$########$########
1##$########$########$########$##########$########$###
#####$########$########$########$########$########$#######
#$########$########$##v:######$##v:######$########$##v:######$##
v:######$##v:######$##v:######$##v:######$##v:############4###3####
&##F#######~###########
##=##>##y####D##H####&##8##H#########
#################
#####<##=##>##e##f###############@##A###### ####
yn#####j2]######h#n#U######j}\######h#n#U######j[######
h#n#U####h#n#0J*#OJ##QJ##^J#####jJ###h#n#OJ##QJ##U##^J####h#n#0J*#6#OJ##QJ##]
#^J#####h#n#0J+#OJ##QJ##^J#####h#n####h#n#0J+#CJ##OJ##QJ##^J##aJ#####h#n#OJ##Q
J##^J#####h#n#0J)#OJ##QJ#####j#####h#n#U######j#J######h#n#U###+9#######l#
#
#m##r######
###
##########,##1##M###### ##########
%##H##e#################$##v:######$##v:######$##v:######$##v:####
##$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$#
#v:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:##
####$##v:######$##v:######$##v:######$##v:######$##v:######$########
$##v:######$##v:######$##v:######$########$##M#####$###########3##
#4##########t##1######I###################i####
##g########B#########F###########$########$########$###
#####$########$########$########$########$########$#######
#$########$########$########$########$########$########$##
######$########$########$#########$########$########$####
####$#########$####################$#########$########$########
$###############3#####-######
9##8############^##[##\##.####r##s##u#######p##q##
##########`##n######)##p]###################
########$#j#b###h#n#B*#OJ##QJ##U##^J##ph####$#j1####h#n#B*#OJ##QJ##U##^J##ph###
#$#jLp###h#n#B*#OJ##QJ##U##^J##ph####$#jg_###h#n#B*#OJ##QJ##U##^J##ph######h#n
#0J*#OJ##QJ##^J#######j^######h#n#U####h###h##5#\####h##OJ##QJ##^J######
#j]######h#n#U####h#n####h#n#OJ##QJ##^J#####h#n#0J)#OJ##QJ#####j#####h#n#U##
#########-##F## #############)########-######
####h####0##8##v################$########$########$########
$########$########$########$########$########$########$##
######$########$########$########$########$########$######
###$########$########$########$########$########$########$
########$########$#########$########$########$#######
###h#######^h#######3#########V####p##############`##n##<####)
##+##~########f################
######$########$########$########$########$########$########$##gb######$########$##Zy,#####$########$######
##$#######$##yC#####$########$####6#####$########$########$#
#######$########$########$########$########$#########$####
####$########$##c3-#####$##c3-#########
&##F########

&##F#####
&##F#######3###)##*###########
##
%##P#########L#####L##E##y##H##p############*##+#################3##4##6###############5##6##8##<##

zo#######j######h#n#U######j######h#n#U####h#n#B*#OJ##QJ##^J#
#ph####
#h#n#0J)######j######h#n#U####j#####h#n#U####h#n#6#OJ##QJ##]#^J###$#j###h
#n#B*#OJ##QJ##U##^J##ph######h#n##$#jC###h#n#B*#OJ##QJ##U##^J##ph######h#n#O
J##QJ##^J###$#j###h#n#B*#OJ##QJ##U##^J##ph###+
######)##
%##P##z#######U##h####L#####L##\####E##y##w######H##p###
################$########$########$########$########$##
######$########$########$########$########$########$#####
###$########$########$########$########$########$########$
########$########$########$########$########$########$###
#####$########$########$########$########$###############3###
##########6##7####&##L##t######N##]####H############8##
<#####:######$########$#######$########$########$########
$#####
##$########$########$########$########$########$########$#
#######$########$########$########$########$########$####
####$########$########$########$########$########$#########
###################
&##F########
&##F#####
&##F#####################3###:#######<##>##*##,##+##########@#
#B########J#####2##T######}########$########$########$#
#######$## A######$########$##@.#####$########$########$##
#####$########$##g(#####$########$##i######$########$#######
#$########$########$########$########$########$########$##
@.#####$########$###############
&##F#####
&##F##############
###h#######^h####
&##F#######
&##F####
&##F
######<##=##*##+##########@##A######&##'##(##G##H##J####
###############9##:##<####zg
\z############################################j0o######h#n#U##$#jK####h#n#
B*#OJ##QJ##U##^J##ph####
#h#n#0J)######jP#######h#n#U####h#n####j#####h#n#U##$#jk###h#n#B*#OJ##QJ##U#
#^J##ph####$#j###h#n#B*#OJ##QJ##U##^J##ph####$#jJ###h#n#B*#OJ##QJ##U##^J##ph
####$#j###h#n#B*#OJ##QJ##U##^J##ph######h#n#OJ##QJ##^J###$#j###h#n#B*#OJ##
QJ##U##^J##ph##########<##H#########:##j##t#######################$###&#######$########$########$########$####
####$########$########$########$########$########$########
$########$########$##U$#####$########$########$########$##
######$###*#####$########$########$########$##r#"######
#####^#`###
&##F#####
&##F########
&##F########
&##F#####
&##F###########3###### ###h#######^h####
&##F#################$###%###'###}###~#####################
#######

#######################

r_L9$#jg###h#n#B*#OJ##QJ##U##^J##ph####$#jv###h#n#B*#OJ##QJ##U##^J##ph###
#$#j5###h#n#B*#OJ##QJ##U##^J##ph####$#j###h#n#B*#OJ##QJ##U##^J##ph######h#n
##$#j###h#n#B*#OJ##QJ##U##^J##ph####$#jb###h#n#B*#OJ##QJ##U##^J##ph####$#j
####h#n#B*#OJ##QJ##U##^J##ph######h#n#B*#OJ##QJ##^J##ph###$#j$###h#n#B*#OJ##Q
J##U##^J##ph######h#n#OJ##QJ##^J###$#j?
p###h#n#B*#OJ##QJ##U##^J##ph####&###'#######}###~####################
#######
###################################7################$########$########
$########$########$##6######$########$########$########$##C
#####$########$########$#########$########$###,######$##OQ#####
#$########$##v######$########$##v######$##@.#####$########$##
######$########$##########3########
&##F########
&##F#####
&##F############
&##F########
&##F###
#####^#`##########################7###8#####################y
##z##{##|##############l###m###o### ###
lY F################$#j
##h#n#B*#OJ##QJ##U##^J##ph####$#jm
##h#n#B*#OJ##QJ##U##^J##ph####$#j,
##h#n#B*#OJ##QJ##U##^J##ph####$#j####h#n#B*#OJ##QJ##U##^J##ph####
#h#n#0J)######j######h#n#U####j#####h#n#U####h#n#OJ##QJ##^J###$#j####h#n#B
*#OJ##QJ##U##^J##ph######h#n##$#j19###h#n#B*#OJ##QJ##U##^J##ph######h#n#B*#OJ#
#QJ##^J##ph###$#jL###h#n#B*#OJ##QJ##U##^J##ph#######q###:###y#########,####
###########<
##
##
##
###
##>
##|
##
##@###X#######$########$########$########$########$########$#
#######$########$########$########$########$########$####
####$########$########$########$########$########$########
$########$#################
&##F########
&##F#####
&##F########
&##F########
&##F#####
&##F########
&##F########
&##F#####
&##F############
&##F

#######
&##F

####
&##F

######X#########d

##f##y##{##}#############################U###l###n###o######

###m#############$########$########$########$########$######
##$########$##z######$########$########$########$########$#
#######$########$########$########$########$########$##@.#
####$########$########$########$########$########$#########
#### #####^#`###
&##F#####
&##F##############
&##F########
&##F#####
&##F##############
###"###################N###[############L###M###A###W###b
###"###"###"###"##p"##q"######$########$########$##@.#####$########
$########$##@.#####$########$########$########$########$##
######$########$########$########$##v:###
##$##v:######$#####.##$##v:###
##$##v:######$##v:######$##@.#####$########$##v:######$############
###
###h#######^h###4#############3########
&##F###### #####^#`###
&##F#### ###!
##################################K###L###N###[###########;###<###=###C###D###
#########################"###"###"##q"##r"##"##vvc
###################$#j#
##h#n#B*#OJ##QJ##U##^J##ph######h#n#6#OJ##QJ##]#^J#####h#n#0J)#OJ##QJ#######
jy
#####h#n#U####h#n#5#OJ##QJ##\#^J###
#h#n#0J)######jd
#####h#n#U####h#n####j#####h#n#U##$#jp
##h#n#B*#OJ##QJ##U##^J##ph######h#n#OJ##QJ##^J#####h#n#B*#OJ##QJ##^J##ph###$#j
#
##h#n#B*#OJ##QJ##U##^J##ph####"##"##"##"##"##/###0###2###3###4###########
#############(##(##)##)##-##-##-####G.##H.##I.##O.##Q.##.##.##.##.##.##.##.##
/###/##

/###/###/##+/##,/##a/##b/##c/##i/##j/##
|########j-
#####h#n#U######jF
#####h#n#U######j=
#####h#n#U####h#n#0J)#OJ##QJ#######j4
#####h#n#U####h#n#OJ##QJ##^J#####h#n#5#6#OJ##QJ##\#]#^J###
#h#n#0J)######j#
#####h#n#U######j#
#####h#n#U####h#n####j#####h#n#U######j#
#####h#n#U###0q"##"##3#########(##)##)## *##0*##h*##*##+##E-##-####.###/##k/##/##L0##0##
1##2##2######$########$########$########$########$########$
########$########$########$########$########$########$###
#####$########$########$########$########$########$#######
#$########$########$########$#####
##$########$#################
&##F########
&##F#####
&##F########
&##F########
&##F#####
&##F###########3#######j/##/##/##/##/##/##/##/##/##/##B0##C0##D0##J0##K0#
#v0##w0##0##0##0##0##0###1###1##2##2##2##2##
3###3##H3##I3###4##vc##################################$#
j~###h#n#B*#OJ##QJ##U##^J##ph####$#j###h#n#B*#OJ##QJ##U##^J##ph####$#j^###h
#n#B*#OJ##QJ##U##^J##ph####$#j
##h#n#B*#OJ##QJ##U##^J##ph######h#n#5#6#OJ##QJ##\#]#^J#######j
#####h#n#U######j
#####h#n#U####h#n#0J)#OJ##QJ#######j
#####h#n#U####h#n####j#####h#n#U####h#n#OJ##QJ##^J##
2##2##2##2##2###3###3###3###3###3###3##
3##

3##H3##J3###4###4##N5##P5##Q5##R5##S5##T5##5##5##5##5##5##5##*6######$##"
#####$########$########$########$##c######$########$#######
#$########$########$########$########$##_W######$########$##
######$########$##Ku######$########$##[######$########$####
####$########$########$########$###J######$########$##
#####$########$##o]######$####################4###4##N5##O5##5##5##5##
5##5##5##*6##+6##s6##t6##7##7###9###9##9##9##9##q^K8########$#j
pY###h#n#B*#OJ##QJ##U##^J##ph####$#j(###h#n#B*#OJ##QJ##U##^J##ph####$#j
##h#n#B*#OJ##QJ##U##^J##ph####$#jf##h#n#B*#OJ##QJ##U##^J##ph####$#je
##h#n#B*#OJ##QJ##U##^J##ph####$#j4##h#n#B*#OJ##QJ##U##^J##ph####$#j#

##h#n#B*#OJ##QJ##U##^J##ph####$#j-

##h#n#B*#OJ##QJ##U##^J##ph####$#jHR

##h#n#B*#OJ##QJ##U##^J##ph######h#n#OJ##QJ##^J###$#jc!

##h#n#B*#OJ##QJ##U##^J##ph####*6##,6##s6##u6##7##7###9###9##9##9##9##9##9#
#E:##G:##!
<###<##<##<##0=##2=###B##.B##eB##oB##B##B##B##B##C######$##p######$##
######$##$######$########$########$########$###J######$######
##$##E######$########$########$##L######$########$########$#
#######$###,######$########$########$########$##L"#####$####
####$########$########$########$########$###r"#####$###J######
$########$###################9##9##E:##F:##[;##x;##;##;##!
<##"<##<##<##0=##1=##?
###@##$A##4A##B##B##B##B##B##B##zgcPc=###$#j@###h#n#B*#OJ##QJ
##U##^J##ph####$#j####h#n#B*#OJ##QJ##U##^J##ph######h#n##$#j###h#n#B*#OJ##QJ
##U##^J##ph####$#j}###h#n#B*#OJ##QJ##U##^J##ph####$#j#=###h#n#B*#OJ##QJ##U##^J
##ph####$#j####h#n#B*#OJ##QJ##U##^J##ph######h#n#6#OJ##QJ##]#^J#####h#n#5#
6#OJ##QJ##\#]#^J###$#j:###h#n#B*#OJ##QJ##U##^J##ph######h#n#OJ##QJ##^J###$#j
U###h#n#B*#OJ##QJ##U##^J##ph####B##=C##>C##C##C##D###E##
E##H##z##z##z##|##|##|##|##|##|##|##|##$}##
%}##&}##,}##.}##o}##p}##q}##r}##s}##[~##~##G##\####>##H##I##J####

t
f
#######h #n#B*#OJ##QJ##^J##ph########j#5######h#n#U##
##h#n#0J)#OJ##QJ#######j,4######h#n#U####j#####h#n#U##$#jG####h#n#B*#OJ##QJ##U
##^J##ph####$#jb###h#n#B*#OJ##QJ##U##^J##ph######h#n##$#j}q###h#n#B*#OJ##QJ##
U##^J##ph######h#n#6#OJ##QJ##]#^J#####h#n#5#6#OJ##QJ##\#]#^J#####h#n#OJ##
QJ##^J##'C##D##UE##lH##H##z##{##{##/|##9|##|##|##|##|
##i########s######>##H##I######(######$########$########
$########$#######$########$########$########$########$##
######$########$##'"#####$##d######$########$########$#######
#$########$########$#####
##$########$########$########$########$########$########$#
#v:######$####################
&##F
##H####-D##M
######^H###3#################E###################
%##&##(##)##R##S##T##Z##[##]##^#######################
#########################

y########################
#############jw9######h#n#U######j8######h#n#U######j!
8######h#n#U######jv7######h#n#U####h#n#B*#CJ##OJ##QJ##^J##aJ##ph######h#n#0J)
#OJ##QJ#######j6######h#n#U####h#n####h#n#CJ##OJ##QJ##^J##aJ#####h#n#CJ##aJ##
#
#h#n#0J)####j#####h#n#U######j5######h#n#U###)(##]#########~####
##############k##h#######5#########9##
##I#####.######$########$########$########$########$######
##$########$#####
##$########$########$########$########$########$########$#
#######$########$########$########$########$########$####
####$########$########$########$########$#######3#####
&##F
##H####-D##M
######^H#####
&##F
##H#-D##M
######^H##################
##6##C########b##q##v##}##T##j######5#######.##

#######3##################a##f######l##x####wwwwwwwkkk
kkkkkkk############h#n#0J,#OJ##QJ##^J#####h#n#0J+#OJ##QJ##^J#####h#n#OJ##
QJ##^J###,#jJA###h#n#B*#CJ##OJ##QJ##U##^J##aJ##ph#####,#j?
###h#n#B*#CJ##OJ##QJ##U##^J##aJ##ph#####,#j=###h#n#B*#CJ##OJ##QJ##U##^J##aJ##ph#
####,#j;###h#n#B*#CJ##OJ##QJ##U##^J##aJ##ph#####,#j&:###h#n#B*#CJ##OJ##QJ##U##^J
##aJ##ph####(.##G#########################!
##)##V##x##################*##;##M##c##########$##v:######
$########$##v:######$##v:######$##v:######$##v:######$##v:######$##
######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:###
###$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$
##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:#
#####$##v:######$##v:#########3###4##############1##S##h########
############(##>##l######## #######"##\##p##########$##v:##
####$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######
$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v
:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:###
###$##v:######$##v:######$########$##v:######$##v:######$########$
##v:######$##v:######$###########3###4##########1##r#############
#&##0###########$##;##T##s############## ##############$
##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:#
#####$########$##v:######$##v:######$##v:######$##v:######$##v:#####
#$########$##v:######$##v:######$##v:######$##v:######$########$##
v:######$##v:######$########$##v:######$##v:######$##v:######$##v:##
####$##v:######$##v:######$##v:#########3###4######)##6##m#########/#
#l####7######t#########M#########W############'##9##K####
####$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######
$##v:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v
:######$##v:######$##v:######$##v:######$##v:######$##v:######$##v:###
###$##v:######$##v:######$##v:######$########$##v:######$##v:######$
##v:######$##v:######$##v:######$###########3###4#######"#######9##I
####H##Q##s########################7######q######$##v
:######$########$########$########$########$########$#####
###$##v:######$########$########$########$########$########$
########$########$########$##E######$########$########$###
#####$########$########$########$###################
&##F########
&##F#####
&##F########
&##F########
&##F###################3###4####### ##############I##R##S#########
####################
##########*##+##f##g## ####
######d##e##f##n##o##q##r########## ########b##c##d##
#####j`K######h#n#U######jKJ######h#n#U####
##j
I######h#n#U######jG######h#n#U######jF######h#n#U######jeE######h#n#U####
##jC######h#n#U####h#n#OJ##QJ##^J#####h#n#0J)#OJ##QJ#######j#C######h#n#U###
#h#n####j#####h#n#U###5d##g##h####1##0##/####:##;###
####### ##!
##*##+##h##i############<##=############;####,####.##1##2####################O##P##Q##T##U######5##
########################jR######h#n#U
######j~Q######h#n#U######jiP######h#n#U######jlO######h#n#U######joN######h
#n#U######jrM######h#n#U######juL######h#n#U####h#n####h#n#OJ##QJ##^J#####j#
####h#n#U####h#n#0J)#OJ##QJ##65##6##7##@##A##a##b#############
###?
##@##A##O##P##Q##R################&##'##(##0##1########
Z##[##\##s##t##z##{##################e##f##g##o##p##

#### #jZ######h#n#U######j#Z######h#n#
U######j/Y######h#n#U######j#X######h#n#U######jV######h#n#U######jU######

h#n#U######jT######h#n#U####h#n####h#n#OJ##QJ##^J#####h#n#0J)#OJ##QJ#####j##
###h#n#U######jS######h#n#U###5p##y##z####################
###########"###################################
####U##V##W##n##o##x##y##################
x#####j######h#n#U######j'######h#n#U######j#######h#n
#U######j######h#n#U######j######h#n#U##$#j###h#n#B*#OJ##QJ##U##^J##ph####
$#j#]###h#n#B*#OJ##QJ##U##^J##ph######h#n#0J)#OJ##QJ#######j[######h#n#U####h
#n####j#####h#n#U####h#n#OJ##QJ##^J##/q#####n##################
####v#############
###########K##1########K########$########$##v:######$##
######$##p######$########$########$########$########$#####
###$########$#####
##$##v:######$########$##v:######$########$########$########$#
#v:######$########$##v:######$########$########$##v:######$####
####$########$########$########$##v:######$###########4###3#####
#I##J##K##l##m###############################\##]##^##u
##v##############################

##############>##?
####x##########jW######h#n#U######
jB######h#n#U######jo######h#n#U######j######h#n#U##$#j###h#n#B*#OJ##QJ
##U##^J##ph####$#j###h#n#B*#OJ##QJ##U##^J##ph########j######h#n#U####h#n#O
j
J##QJ##^J#####h#n#0J)#OJ##QJ#####j#####h#n#U######j
######hj
#n#U####h
#n#.##########################
########{##|
##}##########X##Y##Z##^##_##e##f##################i##
j##k##s##t############### ########|
##}##~######

#####j#######

h#n#U######j

######h#n#U######j######h#n#U######j#######h#n#U######j#######h#n#U####
##j######h#n#U######j######h#n#U####h#n####h#n#OJ##QJ##^J#####h#n#0J)#OJ
##QJ#####j#####h#n#U######j######h#n#U###5######&##'##(##+##,####
##1##2##3##6##7####################v##w########,#
###~kXM####j`######h#n#U##$#j^###h#n#B*#OJ##QJ##U##^J##
ph####$#j###h#n#B*#OJ##QJ##U##^J##ph####$#j#,###h#n#B*#OJ##QJ##U##^J##ph####$#j)###h#n
#B*#OJ##QJ##U##^J##ph####$#j9###h#n#B*#OJ##QJ##U##^J##ph####$#jT###h#n#B*#OJ#
#QJ##U##^J##ph########j?
######h#n#U####h#n#0J)#OJ##QJ#######j*######h#n#U####h#n####j#####h#n#U####
h#n#OJ##QJ##^J#######p########c#####################
##z##J####v##.#############
##i###
##$##v:######$########$########$##
######$########$########$########$########$##p######$#####
###$########$##p######$########$########$########$########$
########$########$########$########$##v:######$########$###
#####$########$########$########$########$##v:###################
#######3###4###-##########y##z##{##########
#####

########
%##&############i###########################=##P##Y#
#Z################[##\##]##c##d##

########j#h######h#n#U######jf######h#n#U####h#n#5#
CJ(#aJ(###h#n#B*#CJ##aJ##ph###h#n#CJ##aJ#######je######h#n#U######jd####
##h#n#U######jWc######h#n#U####h#n#0J)#OJ##QJ#######j#b######h#n#U####j#####h
#n#U####h#n####h#n#OJ##QJ##^J##2i#####=##P##f######V##W######
%##Z##########7##{####i###########$##V
#####$##t######$########$########$########$##p>#####$#######
#$#########$#########$########$########$########$########$##
######$########$########$########$########$##v:######$####
####$########$########$########
&##F########
&##F#######4####
&##F #######
&##F #######
&##F########
&##F#####
&##F###################3###d######V##W####m##t#############
#########~########################B##H##L##R##
##############################
#######################################h#n#OJ##QJ##^J##mH#sH####j#
####h#n#U##$#j.###h#n#B*#OJ##QJ##U##^J##ph####$#jI###h#n#B*#OJ##QJ##U##^J##ph
######h#n#5#OJ##QJ##\#^J#####h#n#0J#OJ##QJ##^J#####h#n##$#jdi###h#n#B*#OJ##QJ##U##^J##ph######h#n#OJ##QJ##^J##/#
###z############################3###########
##2##;############$###;#####$########$########$########$####
####$##'4#####$########$####################$########$########
$########$########$########$########$########$##v:######$##
######$##v:######$########$########$########$##s######$##s###
###$##########################&d####P############4####
&##F########
&##F#######3#######2##################################`###a###b######
######G###a###b#############################vke]vK###
j<###h#n#CJ##OJ##QJ##U##^J##aJ####h#n#CJ##aJ###
#h#n#0J)######j
######h#n#U####h#n#CJ##OJ##QJ##^J##aJ#####h#n#CJ##OJ##QJ##^J##aJ#######j0####
##h#n#U####h#n#0J)#OJ##QJ#######j#######h#n#U####h#n####j#####h#n#U####h#n#
B*#CJ##OJ##QJ##^J##aJ##ph###h#n#CJ##OJ##QJ##^J##aJ#####h#n#B*
CJ##aJ##ph
<t#)#h#n#5#B*#CJ##OJ##QJ##\#^J##aJ##phUUU#############G#####################
############U###V###W##############_###r#######O############m#############$
#########$##|######$##|######$#######$##Y4#####$##|######$##|
######$##|######$##|######$##|######$##|######$##|
##################$##|######$##|######$##|######$##z$#####$##|
######$##|#####$##J#####$########$##fq-#####$##|
######$#########$##|######$##|######$##|
##############dh#####3##dh########dh########dh#################################M###
N###############$###%#########
##
##%##&##########"##U######vd`Z`PH#######hx##nH #tH
####hx###hx##5#\##
#h#n#0J)####h#n####jdF###h#n#CJ##OJ##QJ##U##^J##aJ####j###h#n#CJ##OJ##QJ##U##
^J##aJ####jT###h#n#U####j####h#n#CJ##OJ##QJ##U##^J##aJ####j###h#n#CJ##OJ##QJ
##U##^J##aJ####j###h#n#CJ##OJ##QJ##U##^J##aJ####j#a###h#n#CJ##OJ##QJ##U##^J##aJ#
###j!
###h#n#CJ##OJ##QJ##U##^J##aJ####j#####h#n#U####h#n#CJ##OJ##QJ##^J##aJ##########
$###V###W###########
#####

##

##

##

##%##########:############'###k###|#######&###8###L#######$##|######$##|
#####$##b"#####$##|######$##|######$##n2#####$##|######$##|
#####$##t>C#####$##|######$##|######$##|######$##|######$##|
######$########$########$########$########$########$######
##$########$########$########$########$########$########$#
#######$######3#gd#n#####gd#n###3##dh#####L###m###y#########}#########
###3#########@###O###################)###################;#############
#######$########$########$########$########$########$####
####$########$########$########$########$########$########
$########$########$########$########$########$########$##
######$########$########$########$########$########$######
##$########$########$########$#########3#gd#n############+###U##
##########G#########]############W###z#### ##D ## ## ##P!##"##V###%##
%######$########$########$########$########$########$#####
###$########$########$########$########$########$########$
########$########$########$########$########$########$###
#####$########$########$########$#####
##$########$###################
&##F###d##d#*$#[$#\$#gdx#####d##d#*$#[$#\$#gdx####3#gd#n#######$##$##.%##
%##%##%##%##%##
%##;&##<&##=&##>&##I&##T&##X&##[&##y&##&##&##&##0'##1'##2'##3'##K'##X'##\'##`'##
c'##q'##u'##x'##y'##z'##'##'##'##'##'##'##'###(##*(##;
(##>(##(##(##(##(##(##(##(##(##(##(##(###)###)###)###)##s)##t)##u)##v)##
w)##x)##)##
######j|###hx##U##nH
#tH
###j###hx##U##nH
#tH
###jh;###hx##U##nH
#tH
###j###hx##U##nH
#tH
###j#####hx##U##nH
#tH
###hx##nH #tH
####hx###hx##5#\#nH #tH
#D%##?&##\&##4'##y'##'##'##@*##*##q+##+###-## .##C.##.##?/##W/##/##?
0##i0##M1##1######$##;H#####$#######$##`@#####$########$##P<###
##$#######$##=#####$#######$##T_3#####$########$########$#
########$########$########$## #####$########$########$##3!
B#####$########$########$##0.##################6#gdBc#####gdBc###3#gdB
c#####gdBc####d##d#*$#[$#\$#gdx######
&##F###d##d#*$#[$#\$#gdx########d##d#*$#[$#\
$#^#gdx####)##)##)##)##)##)##<*##=*##>*##?
*##L*##S*##*##*##*##*##*##*##

+###+###+##++##K+##T+##+##+##,##,###-###-##i-##j-##-##-##-####.##.##;/##</##=/##>/##/##/##;0##<0##=0##>0##M1##N1##1##1##1##1##

###j####hBc#U####jI
###hBc#U####j###hBc#U####j###hBc#U##
#hBc#0J)####hBc####j#####hBc#U####jFY###hx##U##nH #tH
###hx###hx##5#\#nH
#tH
####j###hx##U##nH
#tH
###hx##nH #tH
####j6###hx##U##nH
#tH
###j#####hx##U##nH
#tH
##51##b2##2##2##23##3##3##3##3###4##[4##4###5###5##}5##5###6##46##6###7##
e7###8##r8##,9##S9##:##':######$########$########$########$##&####
#$########$########$########$########$########$########$##
######$########$########$##
%#####$########$##='#####$########$########$########$########
$########$########$##
,#####$########$####S#####$##########
##########################################gd####3#gdBc###1##2##2##.3##/3##03#
#13###5###5##y5##z5##{5##|5##5##5##
6###6###6###6##46##56##6##6##6##6##6##6###7###7###7###7##7##7##
8##
8###8###8##r8##s8##8##8##8##'9##(9##)9##*9##+9##S9##T9##9##9##9###:## :##
:###:##

:##:##<## ##h#####j!
##hBc#B*#U##ph######j#!
##hBc#B*#U##ph######hBc#B*#ph#####j#####hBc#B*#U##ph####
#hBc#0J)####j#!##hBc#U####j ##hBc#U####j$###hBc#U####j(###hBc#U####j
%###hBc#U####j#####hBc#U####hBc#:<##<##<##0=##1=##<=##==##=##=##=###>###>#
#/>##0>##}>##~>##>##>##>##>##?###?##W?##X?##s?##t?##?##?##?##?##%@##&@##?
@##@@##@##@##@##@##@##@##@##@##FA##GA##XA##YA##A##A##A##A###B###B##

B##
B##[B##\B##gB##hB##B##B##B##B###C###C###C###C##jC##kC##vC##wC##C##C##C##C##
#D###D##*D##+D##uD##vD##D##D##D##D##D##D##E##.E##9E##:E##E##E##E##E##E##
######h###

#h##5#\##
#h##0J*#^E##E##E##E##BF##CF##NF##OF##F##F##F##F##F##F###G##
G##PG##QG##\G##]G##G##G##G##G###H##
H###H###H##[H##\H##sH##tH##H##H###I## I###I###I##eI##fI##{I##|
I##I##I##I##I##'J##(J##3J##4J##{J##|
J##J##J##J##J##J##J##KK##LK##^K##_K##K##K##K##K##!
L##"L##:L##;L##L##L##L##L##L##L##0M##1M##KM##LM##M##M##M##M##M##M###N##
#N##YN##ZN##N##N##N##N###O###O##OO##
##
#h##0J*##

#h##5#\#`OO##PO##wO##xO##O##O##O##O##>P##?
P##JP##KP##P##P##P##P###Q###Q###Q###Q##YQ##ZQ##Q##W######C##D##o##p##
q######;##########x##y##z##{##|##}#####
##R##S##T##
###################
#hh#0J)####hh####j#####hh#U####j"##h##U##nH #tH
###j#####h##U##nH
#tH
###h###h##6#]#nH #tH
####h##nH #tH
##
#h##0J)####j#####h##U##(#hM###hM##CJ##OJ##QJ##^J##aJ##nH
#tH
####hM###hM##nH #tH
####h###
#h##0J*##

#h##5#\#/':##Q##

R##lR##R##BS##S##S##GT##T##T##U##{U##U###V##fV##V###W#####$##:=####$##7#####$##7######$##1#####
#$##1######$##1######$##1######$##1######$##1######$##1######$##
1######$##1######$##1######$##1######$##1######$##1######$##1###
#####B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM###&4#$d####
%d####&d####'d####N########O########P########Q########gdM#####W##cW##W###
X##\X##X##X##HY##Y##Y##@Z##Z##&[##[###\##X\##\##\##B]##]##]##P^######$#
#1######$##1######$##1######$##1######$##1######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1######$##1######
$##1######$##1######$##1######$##1######$##1######$##1######$##
1######$##1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM####P^##^##^
##^_##_##?
`##`##`##;a##a##a###b##jb##b###c##\c##c##c##Kd##d##d##/e######$##1####
##$##1#####$##7#####$##7######$##1######$##1######$##1######$#
#1######$##1######$##1######$##1######$##1######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1######$##1######
$##1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM####/e##e##e
##
%f##qf##f###g##bg##g###h##fh##h###i##Ui##i##i##Bj##j##j##@k##k##ol######$
##1######$##1######$##1######$##1######$##1######$##1######$##1#
#####$##1######$##1######$##1######$##1######$##1######$##1#####
#$##1######$##1######$##1######$##1######$##1######$##1#####$##
7#####$##3##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM####ol##l##
%m##zm##m###n##^n##n##!
o##uo##o###p##hp##p###q##Uq##q##q##/r##zr##r###s######$##1######$##1###
###$##1######$##1######$##1######$##1######$##1######$##1######$
##1######$##1######$##1######$##1######$##1######$##1######$##1#
#####$##1######$##1######$##1######$##1######$##1######$##1######
############B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM#####s##{s##s
###t##bt##t###u##Lu##u##u##*v##xv##v###w##hw##w##w##zx##x###y##\y##y######
$##1######$##1######$##1######$##1######$##1######$##1######$##
1######$##1######$##1######$##1######$##1######$##1######$##1###
###$##1######$##1######$##1######$##1######$##1######$##1######$
##1######$##1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM####y##y##mz
##z##+{##t{##{###|##f|##|
###}##P}##}##}##5~##~##~##{#######X#######$##7#####$##7######$
##1######$##1######$##1######$##1######$##1######$##1######$##1#
#####$##1######$##1######$##1######$##1######$##1######$##1#####
#$##1######$##1######$##1######$##1######$##1######$##1###########
#######B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM########9#
#####
##o#######Z######A########8######5##########$##1######$#
#1######$##1######$##1######$##1######$##1######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1######$##1######
$##1######$##1######$##1######$##1######$##1######$##1######$##
1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM######'##u#
######m#######v#######o#######[#######\#######_#######$##7
######$##<O######$##1######$##1######$##1######$##1######$##1###
###$##1######$##1######$##1######$##1######$##1######$##1######$
##1######$##1######$##1######$##1######$##1######$##1######$##1#
#####$##1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM#########N
######?
#########U#########U#######Y#######^##########$##1######$#
#1######$##1######$##1######$##1######$##1######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1######$##1######
$##1######$##1######$##1######$##1######$##1######$##1######$##
1##################B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM######0###
### ##Y####
##Q#######M######8#########[######I######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1######$##1######
$##1######$##1######$##1######$##1######$##1######$##1######$##1
######$##1######$##1######$##1######$##1######$##1######$##1#####
#############B##2###(#
P##x#

##4 #\'*.#25@9################$d####
%d####&d####'d####*$#N########O########P########Q########gdM####I#####
#3#####
#####h#####Q#####\######?
######3######P########$##1######$##1######$##1######$##1##
####$##1######$##1######$##1######$##1######$##1#####$##3######
$##<O######$##1######$##1######$##1######$##1######$##1######$##1
######$##1######$##1######$##1######$##1##################B##2###(#
P