Photobucket

27 Jun 2012

MIKROTIK 1 ISP+PROXY EKSTERNAL

Berikut adalah contoh setting Routerboard/Mikrotik menggunakan 1 koneksi ISP TelkomSpeedy plus Proxy Server Exkternal. Penerapan mohon disesuaikan dengan kondisi jaringan, IP Address, dan Proxy Server anda.
(Artikel ini saya ambil dari Group Facebook punya saya)

IP ADDRESS IN MODEM ADSL MODE BRIDGE :
Modem : 192.168.3.1
IP ADDRESS IN CPU PROXY SERVER :
192.168.27.27

IP ADDRESS IN MIKROTIK:
Modem : 192.168.3.2/24

INTERFACE NAME :
ether1 : Modem
ether2 : LAN
ether3 : Proxy

INTERFACE LIST :
/interface
add name="Modem" type="ether" mtu=1500 l2mtu=1524
add name="LAN" type="ether" mtu=1500 l2mtu=1524
add name="Proxy" type="ether" mtu=1500 l2mtu=1524

IP ADDRESS LIST :
/ip addr

add address=192.168.3.2/24 network=192.168.3.0 interface=Modem1 actual-interface=Modem
add address=192.168.1.1/24 network=192.168.1.0 interface=LAN actual-interface=LAN
add address=192.168.27.1/24 network=192.168.27.0 interface=Proxy actual-interface=Proxy

PPP-PPPoE CLIENT :
/interface pppoe-client
add name="pppoe-speedy1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem user="*********@telkom.net" \
password="******" profile=default service-name="AnJeLaNeT" ac-name="" add-default-route=yes dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2

********* = ISI DGN USERNAME & PASSWORD SPEEDY ANDA


IP DNS :
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145
Gunakan IP DNS ISP anda (IP DNS terbaik adalah IP DNS dengan loop terpendek yaitu IP DNS ISP di wilayah anda)

IP DHCP SERVER :
DHCP-->DHCP Setup-->DHCP Server Interface=LAN-->NEXT..............FINISH
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145

IP FIRWALL NAT :
/ip fi nat

TRANSPARENT PROXY
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=3128 protocol=tcp src-address-list=LAN-NeT \
dst-address-list=!Proxy-NeT in-interface=LAN dst-port=80,81,8081,8080,3128

MASQUERADE
add chain=srcnat action=masquerade out-interface=pppoe-speedy1
add chain=srcnat action=masquerade out-interface=Modem

Transparent DNS
add chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53
add chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53

CEK MODEM
/ip fir nat
add chain=srcnat action=masquerade disabled=no dst-address=192.168.3.1/24 out-interface=Modem comment="CEK MODEM"

SSH PROXY OUT REMOTE TO WINsCP
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=22 protocol=tcp dst-address="IP PUBLIK" \
dst-port=2221 comment="SSH PROXY OUT REMOTE TO WINsCP"

"IP PUBLIK" : Isi dengan IP Publik Internet Speedy anda

IP FIREWALL ADDRESS-LIST
/ip fi addr

add list=LAN-NeT address=192.168.1.0/24
add list=Proxy-NeT address=192.168.27.0/24

Tambahan :
add list=Games address=203.89.146.0/23 comment="Gemscool"
add list=Games address=203.89.147.0/24 comment="Gemscool"
add list=Games address=203.89.146.156 comment="Gemscool"
add list=Games address=203.89.146.158 comment="Gemscool"
add list=Games address=203.89.146.166 comment="Gemscool"
add list=Games address=203.89.147.11 comment="Gemscool"
add list=Games address=203.89.146.99 comment="Gemscool"
add list=Games address=203.89.147.31 comment="Gemscool"
add list=Games address=203.89.146.130 comment="Gemscool"
add list=Games address=202.93.20.0/23 comment="Lytogame"
add list=Games address=202.93.21.0/24 comment="Lytogame"
add list=Games address=202.43.171.0/24 comment="Lytogame"
add list=Games address=202.93.16.0/24 comment="Lytogame"
add list=Games address=202.43.167.72 comment="Lytogame"
add list=Games address=202.93.20.253 comment="Lytogame" 
add list=Games address=202.93.17.197 comment="Lytogame"
add list=Games address=117.103.58.198 comment="Lytogame"
add list=Games address=202.93.17.219 comment="Lytogame"
add list=Games address=202.103.21.84 comment="Lytogame"
add list=Games address=202.93.21.250 comment="Lytogame"
add list=Games address=202.93.21.251 comment="Lytogame"
add list=Games address=202.93.21.142 comment="Lytogame"
add list=Games address=202.93.21.244 comment="Lytogame"
add list=Games address=202.93.17.216 comment="Lytogame"
add list=Games address=122.102.49.0/24 comment="Megaxus"
add list=Games address=122.102.51.0/24 comment="Megaxus"
add list=Games address=122.102.53.0/24 comment="Megaxus"
add list=Games address=122.102.51.19 comment="Megaxus" 
add list=Games address=122.102.51.17 comment="Megaxus"
add list=Games address=122.102.49.67 comment="Megaxus"
add list=Games address=122.102.49.132 comment="Megaxus"
add list=Games address=122.102.49.202 comment="Megaxus"
add list=Games address=122.102.53.4 comment="Megaxus"
add list=Games address=110.93.12.0/24 comment="Wavegame"
add list=Games address=122.93.12.201 comment="Wavegame"
add list=Games address=122.93.12.251 comment="Wavegame"
add list=Games address=204.160.144.254 comment="Atlantica Nexon"
add list=Games address=8.31.96.209 comment="Atlantica Nexon"
add list=Games address=208.85.111.0/24 comment="Atlantica Nexon"
add list=Games address=202.158.252.194 comment="FIFA Online"
add list=Games address=202.158.252.195 comment="FIFA Online"
add list=Games address=202.70.134.0/24 comment="Cabal Online"
add list=Games address=202.70.134.18 comment="Cabal Online"
add list=Games address=119.110.87.179 comment="IP Fresh-Ragnarok"
add list=Games address=69.175.20.186 comment="IP RF-Commanders"
add list=Games address=174.37.246.56 comment="IP RF-EQG"
add list=Games address=174.132.16.196 comment="IP RF-POA"
add list=Games address=202.162.207.111 comment="IP Dotta-Nusa"
add list=Games address=69.0.145.160 comment="IP Dota"
add list=Games address=72.172.238.49 comment="IP Dotta"
add list=Games address=202.78.197.18 comment="IP Tantra'
add list=Games address=202.78.197.0/24 comment="IP Drif-city"
add list=Games address=122.144.2.0/24 comment="IP IndoGamers"
add list=Games address=180.178.110.0/24 comment="IP X-Shot"
add list=Games address="64.211.145.89"
add list=Games address="64.211.145.91"
add list=Games address="64.211.145.104"
add list=Games address="64.233.181.97"
add list=Games address="64.233.189.113"
add list=Games address="65.54.82.164"
add list=Games address="65.55.162.26"
add list=Games address="66.220.146.25"
add list=Games address="69.63.181.11"
add list=Games address="69.63.181.16"
add list=Games address="69.63.186.30"
add list=Games address="74.125.153.138"
add list=Games address="75.125.122.98"
add list=Games address="116.12.45.2"
add list=Games address="119.110.77.1"
add list=Games address="119.110.77.2"
add list=Games address="119.110.77.3"
add list=Games address="119.110.77.4"
add list=Games address="119.110.77.5"
add list=Games address="119.110.77.6"
add list=Games address="119.110.77.7"
add list=Games address="119.160.200.173"
add list=Games address="119.160.200.166"
add list=Games address="119.160.200.168"
add list=Games address="122.102.49.0/24"
add list=Games address="122.102.48.0/24"
add list=Games address="122.102.50.0/24"
add list=Games address="122.102.51.0/24"
add list=Games address="122.102.52.0/24"
add list=Games address="122.102.53.0/24"
add list=Games address="122.102.54.0/24"
add list=Games address="122.102.55.0/24"
add list=Games address="122.144.2.38"
add list=Games address="122.144.2.132"
add list=Games address="122.144.2.137"
add list=Games address="125.160.17.181"
add list=Games address="125.160.17.182"
add list=Games address="124.195.18.122"
add list=Games address="125.56.199.10"
add list=Games address="125.56.199.16"
add list=Games address="125.56.199.27"
add list=Games address="125.160.173.26"
add list=Games address="125.163.212.218"
add list=Games address="173.194.0.148"
add list=Games address="202.43.161.117"
add list=Games address="202.43.161.120"
add list=Games address="202.43.161.121"
add list=Games address="202.43.167.70"
add list=Games address="202.43.171.131"
add list=Games address="202.43.171.130"
add list=Games address="202.43.171.133"
add list=Games address="202.43.171.134"
add list=Games address="202.57.118.35"
add list=Games address="202.57.118.54"
add list=Games address="202.58.163.204"
add list=Games address="202.67.15.34"
add list=Games address="202.70.134.34"
add list=Games address="202.70.134.35"
add list=Games address="202.70.134.37"
add list=Games address="202.74.73.98"
add list=Games address="202.78.197.83"
add list=Games address="202.78.197.85"
add list=Games address="202.89.208.61"
add list=Games address="202.93.17.0/24"
add list=Games address="202.93.18.0/24"
add list=Games address="202.93.19.0/24"
add list=Games address="202.93.20.0/24"
add list=Games address="202.93.21.0/24"
add list=Games address="202.93.22.0/24"
add list=Games address="202.93.23.0/24"
add list=Games address="202.93.24.0/24"
add list=Games address="202.93.25.0/24"
add list=Games address="202.93.26.0/24"
add list=Games address="202.93.27.0/24"
add list=Games address="202.93.28.0/24"
add list=Games address="202.93.29.0/24"
add list=Games address="202.93.30.0/24"
add list=Games address="202.93.31.0/24"
add list=Games address="202.162.207.111"
add list=Games address="202.138.226.22"
add list=Games address="202.138.226.19"
add list=Games address="202.149.65.139"
add list=Games address="202.149.65.142"
add list=Games address="202.149.65.160"
add list=Games address="202.93.16.0/24"
add list=Games address="203.77.212.20"
add list=Games address="203.89.146.0/24"
add list=Games address="203.89.147.12"
add list=Games address="203.89.147.13"
add list=Games address="204.2.171.27"
add list=Games address="204.2.171.154"
add list=Games address="204.2.171.97"
add list=Games address="204.2.171.112"
add list=Games address="204.117.211.2"
add list=Games address="204.117.211.3"
add list=Games address="204.117.211.4"
add list=Games address="209.190.9.202"
add list=Games address="209.51.218.170"
add list=Games address="211.43.208.219"
add list=Games address="211.233.43.45"
add list=Games address="212.58.226.79"
add list=Load-Poker address=216.252.121.168 comment="Load-Poker"
add list=Load-Poker address=216.252.121.169
add list=Load-Poker address=216.252.121.178
add list=Load-Poker address=208.43.79.19
add list=Load-Poker address=216.252.121.179
add list=Load-Poker address=184.72.247.138
add list=Load-Poker address=208.85.150.85
add list=Load-Poker address=216.227.212.167
add list=Load-Poker address=68.180.219.146
add list=Load-Poker address=67.228.216.164
add list=Load-Poker address=74.114.14.0/24
add list=Load-Poker address=64.71.138.105
add list=Load-Poker address=62.146.56.166
add list=Load-Poker address=184.105.197.12
add list=Load-Poker address=74.114.13.18
add list=Load-Poker address=74.217.68.204
add list=Load-Poker address=208.88.18.6
add list=Load-Poker address=199.9.252.170
add list=Load-Poker address=72.172.239.168
add list=Load-Poker address=74.114.12.233
add list=Load-Poker address=74.114.12.234
add list=Load-Poker address=199.9.252.172
add list=Load-Poker address=174.129.209.171
add list=Load-Poker address=75.126.250.198
add list=Load-Poker address=199.9.252.173
add list=Load-Poker address=68.180.219.144
add list=Load-Poker address=184.73.219.31
add list=Load-Poker address=174.129.56.62
add list=Load-Poker address=98.136.48.240
add list=Load-Poker address=174.129.190.31
add list=Load-Poker address=97.107.132.179
add list=Load-Poker address=64.127.108.169
add list=Load-Poker address=98.136.48.163
add list=Load-Poker address=74.86.119.18
add list=Load-Poker address=98.136.48.213
add list=Load-Poker address=67.228.216.163
add list=Load-Poker address=98.136.48.243
add list=Load-Poker address=98.136.48.234
add list=Load-Poker address=64.127.108.162
add list=Load-Poker address=202.157.174.20
add list=Load-Poker address=219.96.104.162
add list=Load-Poker address=98.136.48.219
add list=Load-Poker address=98.136.48.221
add list=Load-Poker address=98.136.48.220
add list=Load-Poker address=98.136.48.222
add list=Load-Poker address=98.136.48.235
add list=Load-Poker address=98.136.48.167
add list=Load-Poker address=79.125.7.18
add list=Load-Poker address=79.125.9.4
add list=Load-Poker address=218.213.86.12
add list=Load-Poker address=218.213.86.7
add list=Load-Poker address=98.136.48.212
add list=Load-Poker address=98.136.48.209
add list=Load-Poker address=98.136.48.208
add list=Load-Poker address=98.136.48.214
add list=Load-Poker address=98.136.48.241
add list=Load-Poker address=98.136.48.161
add list=Load-Poker address=98.136.48.215
add list=Load-Poker address=98.136.48.216
add list=Load-Poker address=98.136.48.210
add list=Load-Poker address=98.136.48.238
add list=Load-Poker address=202.78.200.35
add list=Load-Poker address=173.231.142.100
add list=Load-Poker address=98.136.48.236
add list=Load-Poker address=67.228.29.180
add list=Load-Poker address=98.136.48.242
add list=Load-Poker address=98.136.48.160
add list=Load-Poker address=98.136.48.165
add list=Load-Poker address=72.172.224.17
add list=Load-Poker address=72.172.224.11
add list=Load-Poker address=98.136.48.211
add list=Load-Poker address=98.136.48.166
add list=Load-Poker address=98.136.48.232
add list=Load-Poker address=98.136.48.239
add list=Load-Poker address=98.136.48.223
add list=Load-Poker address=98.136.48.237
add list=Load-Poker address=98.136.48.217
add list=Load-Poker address=98.136.48.162
add list=Load-Poker address=64.127.108.168
add list=Load-Poker address=209.20.93.211
add list=Load-Poker address=209.20.77.127
add list=Load-Poker address=174.36.242.26
add list=Load-Poker address=174.37.191.94
add list=Load-Poker address=72.172.239.163
add list=Load-Poker address=69.63.181.105
add list=Load-Poker address=64.127.108.165
add list=Load-Poker address=216.67.249.137
add list=Load-Poker address=173.231.142.101
add list=Load-Poker address=184.72.233.87
add list=Load-Poker address=72.172.239.164
add list=Load-Poker address=74.53.7.203
add list=Load-Poker address=184.72.58.19
add list=Load-Poker address=69.164.217.106
add list=Load-Poker address=74.86.120.196
add list=Load-Poker address=212.72.60.32
add list=Load-Poker address=74.53.22.42
add list=Load-Poker address=128.242.240.212
add list=Load-Poker address=128.242.240.148
add list=Load-Poker address=72.35.71.168
add list=Load-Poker address=74.86.120.195
add list=Load-Poker address=67.228.132.167
add list=Load-Poker address=64.236.111.28
add list=Load-Poker address=174.36.242.42
add list=Load-Poker address=72.172.232.90
add list=Load-Poker address=222.124.196.0/24
add list=Load-Poker address=72.37.153.226
add list=Load-Poker address=67.228.132.166
add list=Load-Poker address=67.228.132.169
add list=Load-Poker address=72.172.224.16
add list=Load-Poker address=209.20.84.182
add list=Load-Poker address=67.228.132.170
add list=Load-Poker address=128.242.245.148
add list=Load-Poker address=74.53.7.199
add list=Load-Poker address=72.172.224.13
add list=Load-Poker address=72.172.239.162
add list=Load-Poker address=72.172.224.9
add list=Load-Poker address=208.85.93.166
add list=Load-Poker address=208.85.93.165
add list=Load-Poker address=67.228.132.171
add list=Load-Poker address=75.101.154.77
add list=Load-Poker address=67.228.216.162
add list=Load-Poker address=174.36.242.34
add list=Load-Poker address=184.72.223.245
add list=Load-Poker address=174.120.49.154
add list=Load-Poker address=184.75.160.202

IP FIREWALL MANGLE :
/ip fi ma

PROXY-HIT
add chain=forward action=mark-connection new-connection-mark=HIT-conn passthrough=yes protocol=tcp \
in-interface=Proxy out-interface=LAN src-port=80,81,8081,8080,3128 dscp=12 comment="PROXY-HIT"

add chain=forward action=mark-packet new-packet-mark=PKT-HIT passthrough=no protocol=tcp in-interface=Proxy \
out-interface=LAN src-port=80,81,8081,8080,3128 connection-mark=HIT-conn

CRITICAL
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=icmp comment="CRITICAL"
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=udp dst-port=53
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=tcp dst-port=53
add chain=postrouting action=mark-connection new-connection-mark=critical-conn passthrough=yes dscp=1
add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passthrough=no connection-mark=critical-conn

YAHOO
add chain=prerouting action=mark-connection new-connection-mark=yahoo-conn passthrough=yes \
protocol=tcp dst-port=5000-5010,5050,5100,8001,8002

add chain=prerouting action=mark-packet new-packet-mark=yahoo-pkt passthrough=no connection-mark=yahoo-conn

FB+GAME
add chain=prerouting action=mark-connection new-connection-mark=fb-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Load-Poker dst-port=843,9339

add chain=prerouting action=mark-packet new-packet-mark=fb-pkt passthrough=no connection-mark=fb-conn

GEMSCOOL
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games \
dst-port=39190,49100,5300,10001,14009-14010,15100,15101,16052,16073 comment="PORT GEMSCOOL"

add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
src-address-list=LAN-NeT dst-address-list=Games dst-port=14010,40000-40005

add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn

LYTOGAME
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games \
dst-port=9110,13008,13413,16666,17730,17745,20570,27780,36430,48871,49309,56527,63919,64507 \
comment="PORT LYTOGAME"

add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=12020-12080,13000-13080,17001

add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn

MEGAXUS
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games dst-port=4403,4410,8401,8406,18900,31719,46113,7777 \
comment="PORT MEGAXUS"

add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=21850,21891

add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn

ALL GAME
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
dst-port=1818,2001,4062,5340-5352,6000-6152,6214,7341-7350,7451,9376-9377,15001,15002 \
comment="PORT ALL GAME"

add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=1949,6100-6152,9600-9602,7777-7977,11100-11125,11440-11460,30000,42051-42052

add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn

REALTIME
add chain=prerouting action=mark-connection new-connection-mark=realtime-conn passthrough=yes protocol=tcp \
dst-port=22,179,110,161 comment="REALTIME CONN"
add chain=prerouting action=mark-connection new-connection-mark=realtime-conn passthrough=yes protocol=udp \
dst-port=123
add chain=forward action=mark-packet new-packet-mark=realtime-pkt passthrough=no connection-mark=realtime-conn


CACHE-MISS
add chain=forward action=mark-connection new-connection-mark=HIT-LOSS passthrough=yes protocol=tcp \
in-interface=Proxy out-interface=LAN src-port=3128 packet-mark=no-mark comment="CACHE-MISS"

PROXY-SSH
add chain=prerouting action=mark-connection new-connection-mark=ssh-conn passthrough=yes protocol=tcp \
src-port=22 comment="PROXY-SSH"
add chain=forward action=mark-packet new-packet-mark=ssh-pkt passthrough=no protocol=tcp src-port=22 \
connection-mark=ssh-conn

BW-MANAGEMENT CONN FOR CLIENT :
add chain=prerouting action=mark-connection new-connection-mark=PC-OP passthrough=yes src-address=192.168.1.131 \
comment="BW-MANAGEMENT CONN FOR CLIENT"
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-01 passthrough=yes src-address=192.168.1.2
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-02 passthrough=yes src-address=192.168.1.3
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-03 passthrough=yes src-address=192.168.1.4
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-04 passthrough=yes src-address=192.168.1.5

BW-MANAGEMENT PACKET FOR CLIENT :
add chain=prerouting action=mark-packet new-packet-mark=PC-OP passthrough=no connection-mark=PC-OP \
comment="BW-MANAGEMENT PACKET FOR CLIENT"
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-01 passthrough=no connection-mark=CLIENT-01
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-02 passthrough=no connection-mark=CLIENT-02
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-03 passthrough=no connection-mark=CLIENT-03
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-04 passthrough=no connection-mark=CLIENT-04
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-05 passthrough=no connection-mark=CLIENT-05


QUEUE TYPE
/que ty
add name="PCQ-1Mbps" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=8000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="PCQ-1Mbps-UP" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=8000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="HIT" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=8000 pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="Yahoo" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="FBgame" kind=pcq pcq-rate=512k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="GAME" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="critical" kind=pfifo pfifo-limit=50

QUEUE TREE
/que tr
add name="01. HIT" parent=global-out packet-mark=PKT-HIT limit-at=0 queue=HIT \
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. GAME ONLINE" parent=LAN packet-mark=game-pkt limit-at=128k \
queue=GAME priority=1 max-limit=1024k burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. FB+GAME" parent=global-out packet-mark=fb-pkt limit-at=100k \
queue=FBgame priority=5 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. PCQ-DOWN" parent=global-out limit-at=0 priority=1 max-limit=800k\
burst-limit=0 burst-threshold=0 burst-time=0s
add name="00. PC-OP" parent="04. PCQ-DOWN" packet-mark=PC-OP limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="01. CLIENT-01" parent="04. PCQ-DOWN" packet-mark=CLIENT-01 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. CLIENT-02" parent="04. PCQ-DOWN" packet-mark=CLIENT-02 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. CLIENT-03" parent="04. PCQ-DOWN" packet-mark=CLIENT-03 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. CLIENT-04" parent="04. PCQ-DOWN" packet-mark=CLIENT-04 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="05. CLIENT-05" parent="04. PCQ-DOWN" packet-mark=CLIENT-05 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="05. PCQ-UP" parent=global-in limit-at=0 priority=1 max-limit=800k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="000. PC-OP-up" parent="05. PCQ-UP" packet-mark=PC-OP limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=200k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="01. CLIENT-01-up" parent="05. PCQ-UP" packet-mark=CLIENT-01 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. CLIENT-02-up" parent="05. PCQ-UP" packet-mark=CLIENT-02 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. CLIENT-03-up" parent="05. PCQ-UP" packet-mark=CLIENT-03 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. CLIENT-04-up" parent="05. PCQ-UP" packet-mark=CLIENT-04 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="05. CLIENT-05-up" parent="05. PCQ-UP" packet-mark=CLIENT-05 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="07. YAHOO" parent=global-out packet-mark=yahoo-pkt limit-at=32k \
queue=Yahoo priority=8 max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s
add name="08. CRITICAL" parent=pppoe-speedy1 packet-mark=critical-pkt \
limit-at=64k queue=critical priority=1 max-limit=224k burst-limit=0 \
burst-threshold=0 burst-time=0s
add name="09. REALTIME" parent=global-out packet-mark=realtime-pkt \
limit-at=64k queue=default priority=4 max-limit=224k burst-limit=0 \
burst-threshold=0 burst-time=0s
add name="10. PROXY SSH" parent=global-out packet-mark=ssh-pkt limit-at=64k \
queue=wireless-default priority=5 max-limit=224k burst-limit=0 \
burst-threshold=0 burst-time=0s

IP FIREWALL FILTER RULES :
/ip fi fi
add chain=forward connection-state=established action=accept comment="ALLOW ESTABILISHED" disabled=no
add chain=forward connection-state=related action=accept comment="ALLOW RELATED" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru" disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot,Gaobot" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no

add chain=forward protocol=tcp dst-port=995 action=drop comment="WEBMAIL" disabled=no
add chain=forward protocol=tcp dst-port=25 action=drop comment="------------" disabled=no
add chain=forward protocol=tcp dst-port=465 action=drop  comment="-----------" disabled=no
add chain=forward protocol=tcp dst-port=587 action=drop comment="-----------" disabled=no
add chain=forward protocol=tcp dst-port=110 action=drop comment="-----------" disabled=no

(PERHATIAN : AKTIFKAN/ENABLE SCRIPT DIBAWAH JIKA ANDA INGIN INTERNET HANYA BISA DI AKSES & DI REMOTE DARI DALAM JARINGAN ANDA SAJA)
add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no
add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=LAN-NeT action=accept comment="FTP" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=LAN-NeT action=accept comment="SSH for secure shell" disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=LAN-NeT action=accept comment="Telnet" disabled=yes
add chain=input protocol=tcp dst-port=80 src-address-list=LAN-NeT action=accept comment="Web" disabled=yes
add chain=input protocol=tcp dst-port=8291 src-address-list=LAN-NeT action=accept comment="winbox" disabled=no
add chain=input protocol=tcp dst-port=25 src-address-list=LAN-NeT action=accept comment="Allow SMTP-Email" disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment="pptp-server" disabled=no
add chain=input src-address-list=LAN-NeT action=accept comment="From LAN-NeT" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no
add chain=forward protocol=tcp dst-port=80 src-address-list=LAN-NeT action=accept comment="All Update" disabled=no

DROP PORT SCANNER
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
comment="PORT SCANNER-NETCUT" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" \
disabled=no

Scanner-Poker
add chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!LAN-NeT address-list=Load-Poker \
address-list-timeout=0s dst-port=843,9339,4530 comment="Scanner-Poker"
add chain=forward action=drop protocol=tcp dst-port=135-138,445
add chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp dst-port=135-138,445

1 komentar:

  1. gan mau tanya? kok games cabal online setelah di pasang mukrotik + proxy, jadi ga bisa? tp kalo games yg lain pada bisa lancar. padahal di firewall mikrotiknya tidak ada yg di blok.

    BalasHapus

Give Me Your Comment, No SPAM No JUNK: