Cara Bypass Hit Squid, Mangle Game, Queue Tree, Browsing di Mikrotik + Eksternal Proxy (IpCop)
Cara Bypass Hit Squid, Mangle Game, Queue Tree, Browsing di Mikrotik
Disini membagi Https di queue tree dan untuk Limit extention di gabung ke dalam Semua Down , jadi misalnya bandwidth 2 MB didalam 2 MB tersebut saya namakan ALL DOWN yang di dalamnya ada:Browsing (Http),Https dan Limit Extention,kemudian untuk upload saya gunakan parent=global-out tidak parent=Proxy karna mangle saya gunakan postrouting yang di serahakan ke Proxy external ini akan membuat Hit Proxy menjadi besar..Bagi yang menggunakan PC mikrotik supaya sinkron dengan scripts di bawah silahkan upgrade dulu PC mikrotiknya dengan Os.5.18.
Topologi Jaringan:
Ether1 - Public --------> IP Address : 192.168.1.2 Network : 192.168.1.0/24 ModemGanti nama interface menjadi internet,Local,Proxy supaya sesuai dengan scripts tutorial berikut , perintahnya:
Ether2 - Local ---------> IP Address : 192.168.0.1 Network : 192.168.0.0/24 HUB (Client)
Ether3 - Proxy ---------> IP Address : 192.168.5.1 Network : 192.168.5.0/24 External Proxy
IP Green Card Proxy External -----> IP Address : 192.168.5.2 Network : 192.168.5.0/24
Pastekan di “New Terminal” winbox
/interface set 0 name=PublicSet Jam supaya tidak berubah-ubah:
/interface set 1 name=Local
/interface set 2 name=Proxy
Pastekan di “New Terminal” winbox
/system ntp client \System Note:Ini scripts gunanya nanti jika buka “New Terminal” akan nongol Note nya=
set enabled=yes mode=unicast \
primary-ntp=152.118.24.8 \
secondary-ntp=202.169.224.16
Pastekan di “New Terminal” winbox
/system note \NAT Transparent Proxy dan Local Masquerade:Sesuaikan dengan network Proxy anda dan ip address Proxy anda dan juga port Proxy anda:
set note=Garashinet.setup.by GNet \
show-at-login=yes
Edit Sebelum di Pastekan di “New Terminal” winbox
/ip firewall nat add action=dst-nat \Ip firewall layer7-protocol
chain=dstnat comment="TRANSPARENT PROXY" \
disabled=no dst-port=80 in-interface=Local \
protocol=tcp src-address=!192.168.5.0/24 \
to-addresses=192.168.5.2 to-ports=3128
/ip firewall nat add action=masquerade chain=srcnat \
comment=MASQUERADE disabled=no
Untuk melimit download seperti rar,zip,youtube,exe,dll kecuali file yang tersimpan di Proxy otomatis loss:
Pastekan di “New Terminal” winbox
/ip firewall layer7-protocolIp Firewall Filter Drop Virus:Pastekan di “New Terminal” winbox
add name="YOUTUBE DOWNLOAD" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie
/ip firewall filterIp Firewall MangleIni Scripts Mangle Squid Hit,DSCP=12 untuk me Loss kan Proxy dari limit client,Di queue tree saya buat 80 MB Posisi di mangle paling di letakkan paling atas=
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward \
connection-state=invalid disabled=no
add action=drop chain=virus disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1433-1434 protocol=tcp
add action=drop chain=virus \
disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=445 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=65506 protocol=tcp
add action=jump chain=forward \
disabled=no jump-target=virus
add action=drop chain=input \
connection-state=invalid disabled=no
add action=accept chain=input \
disabled=no protocol=udp
add action=accept chain=input \
disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input \
disabled=no protocol=icmp
add action=accept chain=input \
disabled=no dst-port=21 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=22 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no \
dst-port=1723 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 \
protocol=tcp src-address-list=knock
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=61.213.183.1-61.213.183.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=67.195.134.1-67.195.134.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=68.142.233.1-68.142.233.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=68.180.217.1-68.180.217.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=203.84.204.1-203.84.204.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=69.63.176.1-69.63.176.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=69.63.181.1-69.63.181.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=63.245.209.1-63.245.209.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=63.245.213.1-63.245.213.254
Pastekan di “New Terminal” winbox
/ip firewall mangleScripts mangle untuk menstabilkan ping jika koneksi padat dan DNS=
add action=mark-packet chain=postrouting comment="SQUID PROXY HIT" \
dscp=12 new-packet-mark="garashinet SPH" passthrough=no
Pastekan di “New Terminal” winbox
/ip firewall mangleIni Di bawah Scripts untuk Game Online dan Game Facebook:Edit Sebelum di Pastekan di “New Terminal” winbox
add action=mark-connection chain=prerouting comment=ICMP \
new-connection-mark="garashinet I" passthrough=yes protocol=\
icmp
add action=change-dscp chain=prerouting connection-mark=\
"garashinet I" new-dscp=1 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"garashinet I" new-packet-mark=\
"garashinet I" passthrough=no
add action=mark-connection chain=prerouting comment=DNS dst-port=\
53 new-connection-mark="garashinet D" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting dst-port=53 \
new-connection-mark="garashinet D" passthrough=yes protocol=\
udp
add action=change-dscp chain=prerouting connection-mark=\
"garashinet D" new-dscp=1 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"garashinet D" new-packet-mark=\
"garashinet D" passthrough=no
/ip firewall mangleIni Di bawah adalah Scripts dan lain lain nya…di bawah port 1935 dalah port tv online..
add action=mark-connection chain=prerouting comment="GAME ONLINE" disabled=no \
dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
new-connection-mark="garashinet GO" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
new-connection-mark="garashinet GO" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
new-connection-mark="garashinet GO" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="10009,13008,\
16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15\
002" new-connection-mark="garashinet GO" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="16402-16502,\
18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49\
100" new-connection-mark="garashinet GO" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
14009-14010,14300,14301,14403,7000,14500 new-connection-mark=\
"garashinet GO" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
00-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="garashinet GO" passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 new-connection-mark=\
"garashinet GO" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark="garashinet GO" passthrough=yes \
protocol=udp
add action=mark-packet chain=prerouting connection-mark=\
"garashinet GO" disabled=no new-packet-mark=\
"garashinet GO" passthrough=no
add action=mark-connection chain=prerouting comment="GAME FACEBOOK" disabled=\
no dst-port=843,9339 new-connection-mark="garashinet GF" \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=\
"garashinet GF" disabled=no new-packet-mark=\
"garashinet GF" passthrough=no
jika ada port lain silahkan tambah dengna pembatas koma:
Pastekan di “New Terminal” winbox
/ip firewall mangleDi bawah ini adalah scripts Https:Pastekan di “New Terminal” winbox
add action=mark-connection chain=prerouting comment=DLL disabled=no dst-port=\
1935 new-connection-mark="garashinet DLL" passthrough=yes \ protocol=tcp
add action=mark-packet chain=forward connection-mark=\
"garashinet DLL" disabled=no new-packet-mark=\
"garashinet DLL" passthrough=no
/ip firewall mangleIni Di bawah Scripts mangle untuk Limit extention (yang download rar,zip,exe,dll ) akan di limit dan jika udah pernah di download tidak akan masuk limit mangle ini,otomatis ke Ip Firewall Mangle Squid Hit,DSCP=12
add action=mark-connection chain=postrouting comment=HTTPS disabled=no \
dst-port=443 new-connection-mark="garashinet H" passthrough=\
yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=\
"garashinet H" disabled=no new-packet-mark=\
"garashinet H" passthrough=no
Bisa di perhatikan setiap paket layer 7 di bawah mempunyai connection mark,beda dengan tutorial sebelumnya:
Pastekan di “New Terminal” winbox
/ip firewall mangleIni Di bawah Scripts mangle Untuk pembagian otomatis bandwidth browsing Upload dan Download,Sesuaikan network yang kolom bewarna merah dengan network Proxy anda=
add action=mark-connection chain=forward comment="LIMIT EXTENTION" disabled=\
no layer7-protocol="YOUTUBE DOWNLOAD" new-connection-mark=\
"YOUTUBE DOWNLOAD" passthrough=yes
add action=mark-packet chain=forward connection-mark="YOUTUBE DOWNLOAD" \
disabled=no new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=\
"YOUTUBE STREAMING" new-connection-mark="YOUTUBE STREAMING" passthrough=\
yes
add action=mark-packet chain=forward connection-mark="YOUTUBE STREAMING" \
disabled=no new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=TUBE \
new-connection-mark=PORN1 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN1 disabled=no \
new-packet-mark=PORN1 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=PORN \
new-connection-mark=PORN2 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN2 disabled=no \
new-packet-mark=PORN2 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=VIDEO \
new-connection-mark=PORN3 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN3 disabled=no \
new-packet-mark=PORN3 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MOVIE \
new-connection-mark=PORN4 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN4 disabled=no \
new-packet-mark=PORN4 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MKV \
new-connection-mark=MKV passthrough=yes
add action=mark-packet chain=forward connection-mark=MKV disabled=no \
new-packet-mark=MKV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MP3 \
new-connection-mark=MP3 passthrough=yes
add action=mark-packet chain=forward connection-mark=MP3 disabled=no \
new-packet-mark=MP3 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MP4 \
new-connection-mark=MP4 passthrough=yes
add action=mark-packet chain=forward connection-mark=MP4 disabled=no \
new-packet-mark=MP4 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=ZIP \
new-connection-mark=ZIP passthrough=yes
add action=mark-packet chain=forward connection-mark=ZIP disabled=no \
new-packet-mark=ZIP passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=EXE \
new-connection-mark=EXE passthrough=yes
add action=mark-packet chain=forward connection-mark=EXE disabled=no \
new-packet-mark=EXE passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=FLV \
new-connection-mark=FLV passthrough=yes
add action=mark-packet chain=forward connection-mark=FLV disabled=no \
new-packet-mark=FLV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=ISO \
new-connection-mark=ISO passthrough=yes
add action=mark-packet chain=forward connection-mark=ISO disabled=no \
new-packet-mark=ISO passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MOV \
new-connection-mark=MOV passthrough=yes
add action=mark-packet chain=forward connection-mark=MOV disabled=no \
new-packet-mark=MOV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MPEG \
new-connection-mark=MPEG passthrough=yes
add action=mark-packet chain=forward connection-mark=MPEG disabled=no \
new-packet-mark=MPEG passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MPG \
new-connection-mark=MPG passthrough=yes
add action=mark-packet chain=forward connection-mark=MPG disabled=no \
new-packet-mark=MPG passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=WAV \
new-connection-mark=WAV passthrough=yes
add action=mark-packet chain=forward connection-mark=WAV disabled=no \
new-packet-mark=WAV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=RAR \
new-connection-mark=RAR passthrough=yes
add action=mark-packet chain=forward connection-mark=RAR disabled=no \
new-packet-mark=RAR passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=WMV \
new-connection-mark=WMV passthrough=yes
add action=mark-packet chain=forward connection-mark=WMV disabled=no \
new-packet-mark=WMV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=3GP \
new-connection-mark=3GP passthrough=yes
add action=mark-packet chain=forward connection-mark=3GP disabled=no \
new-packet-mark=3GP passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=7z \
new-connection-mark=7z passthrough=yes
add action=mark-packet chain=forward connection-mark=7z disabled=no \
new-packet-mark=7z passthrough=no
Bisa di perhatikan paket di bawah menggunakan postrouting dan in interface Proxy yang akan membuat lebih Besar HIT nya,beda dengan tutorial sebelumnya:
Edit sebelum di Pastekan di “New Terminal” winbox
/ip firewall mangleQueue Type
add action=mark-connection chain=prerouting comment=HTTP disabled=no \
dst-port=80 in-interface=Proxy new-connection-mark=\
"garashinet HTTP" passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=\
"garashinet HTTP" disabled=no dst-address=192.168.5.0/24 \
new-packet-mark="garashinet HTTP D" passthrough=no
add action=mark-packet chain=postrouting connection-mark=\
"garashinet HTTP" disabled=no new-packet-mark=\
"garashinet HTTP U" passthrough=no src-address=\
192.168.5.0/24
Di bawah adalah Queue type untuk Bandwidth 1 MB,Jika Bandwidth anda 2 MB dan upload di bawah adalah 512KB ,jika anda mempunyai upload yang berbeda silahkan sesuaikan
Edit sebelum di Pastekan di “New Terminal” winbox
/queue typeQueue TreeDi bawah ini adalah queue tree “ALL DOWN” yang child nya nanti adalah
add kind=pcq name="PROXY DOWN" pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=\
src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=1024
add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
5s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=1024
add kind=pcq name=UP pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,src-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=512
add kind=pfifo name=PING pfifo-limit=64
add kind=pcq name=DLL pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,dst-address,src-port,dst-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=1024
add kind=pcq name=HTTPS pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=\
src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=1024
A.BROWSING,
C.HTTPS,
D.LIMIT EXTENTION,
E.DLL
800k untuk bandwidth 3 MB ,200k saya sisakan , silahkan sesuaikan dengan bandwidth anda:
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDibawah ini adalah queue tree “LIMIT EXTENTION” yang childnya nanti adalah ZIP,RAR,YOUTUBE dan lain-lain , 500k adalah setengah dari total bandwidth,silahkan sesuaikan dengan bandwidth anda:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=800k name="4.ALL DOWN" packet-mark="" parent=global-out \
priority=3
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “YOUTUBE” yang nantinya childnya adalah YOUTUBE STREAMING dan YOUTUBE DOWNLOAD :
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=500k name="D.LIMIT EXTENTION" packet-mark="" parent=\
"4.ALL DOWN" priority=4
Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “PORN” yang nantinya childnya adalah PORN1, PORN2, PORN3, PORN4:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=YOUTUBE packet-mark="" parent="D.LIMIT EXTENTION" \
priority=4
Pastekan di “New Terminal” winbox
/queue treeDi bawah Ini adalah queue tree “GAME” yang nantinya childnya adalah GAME ONLINE dan GAME FACEBOOK , yang bertulisan merah di bawah silahkan disesuaikan dengan bandwidth anda:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN packet-mark="" parent="D.LIMIT EXTENTION" priority=4
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “BROWSING DOWNLOAD”:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=3M name=3.GAME packet-mark="" parent=global-out priority=2
Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “BROWSING UPLOAD” , yang bertulisan merah di bawah silahkan sesuaikan dengan bandwidth anda:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=A.BROWSING packet-mark="garashinet HTTP D" \
parent="4.ALL DOWN" priority=3 queue=DOWN
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree LIMIT EXTENTION RAR,ZIP,YOUTUBE dan lain-lain:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=300k name="2.BROWSING UPLOAD" packet-mark=\
"garashinet HTTP U" parent=global-out priority=2 queue=UP
Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “PROXY HIT” dengan limit 80M:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE STREAMING" packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MKV packet-mark=MKV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP3 packet-mark=MP3 parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP4 packet-mark=MP4 parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ZIP packet-mark=ZIP parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=EXE packet-mark=EXE parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ISO packet-mark=ISO parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=AVI packet-mark=AVI parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MOV packet-mark=MOV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPEG packet-mark=MPEG parent="D.LIMIT EXTENTION" \
priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPG packet-mark=MPG parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAR packet-mark=RAR parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WAV packet-mark=WAV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WMV packet-mark=WMV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3GP packet-mark=3GP parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=7z packet-mark=7z parent="D.LIMIT EXTENTION" priority=4 \
queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE DOWNLOAD" packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN1 packet-mark=PORN1 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN2 packet-mark=PORN2 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN3 packet-mark=PORN3 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN4 packet-mark=PORN4 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=FLV packet-mark=FLV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree “GAME ONLINE dan GAME FACEBOOK”:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=80M \
max-limit=80M name="1.PROXY HIT" packet-mark=\
"garashinet SPH" parent=Local priority=2 queue="PROXY DOWN"
Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree HTTPS ,yg bertulisan merah di bawah ini silahkan sesuaikan dengan bandwidth anda (recomendasi 75% dari bandwidth) :
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A.GAME ONLINE" packet-mark="garashinet GO" \
parent=3.GAME priority=2 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B.GAME FACEBOOK" packet-mark=\
"garashinet GF" parent=3.GAME priority=2 queue=DOWN
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree DLL,yang bertulisan merah di bawah silahkan sesuaikan dengan bandwidth anda (recomendasi 30% dari bandwidth):
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2M name=C.HTTPS packet-mark="garashinet H" parent=\
"4.ALL DOWN" priority=2 queue=HTTPS
Edit sebelum di Pastekan di “New Terminal” winbox
/queue treeDi bawah ini adalah queue tree ICMP dan DNS:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=E.DLL packet-mark="garashinet DLL" parent=\
"4.ALL DOWN" priority=8 queue=DLL
Pastekan di “New Terminal” winbox
/queue treeCatatan Penting:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=4.ICMP packet-mark="garashinet I" \
parent=global-out priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=6.DNS packet-mark="garashinet D" parent=\
global-out priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=5.ICMP packet-mark="garashinet I" \
parent=Public priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=7.DNS packet-mark="garashinet D" parent=\
Public priority=1 queue=PING
Bgi yang mempunyai Mikrotik Routerboard CPU Frequency di bawah 600 Mhz seperti RB750,RB750G,RB,RB750UP,RB,Dll,CPU Frequency bisa di lihat di Winbox bagian “System” kemudian “Resources”
Harap Di edit Priority Queue Tree nya sebagai berikut ,Double Klik Point di bawah ini dan Edit Prioritynya:
1.PROXY HIT : Priority : 1
4.ALL HTTP DOWN : Priority : 8
A.BROWSING : Priority : 8
C.HTTPS: Priority : 8
D.LIMIT EXTENTION: Priority : 8
3GP,7z,AVI,EXE,FLV,ISO,MKV,MOV,MP3,MP4,MPEG,MPG,PORN,PORN1,PORN2,PORN3,PORN4,RAR : Priority : 8
YOUTUBE,YOUTUBE DOWNLOAD,YOUTUBE STREAMING,ZIP : Priority : 8
E.DLL : Priority : 8
Tujuan..karna Processor kurang cepat jadi mesti di jauhkan priority dari PROXY HIT dengan yang lainnya.
Supaya terbaca Hit dahulu baru yang laindan jangan Lupa habis di setting restart Mikrotik anda
Selesai ..dan selamat mencoba…..
Terima Kasih.
ReplyDeleteSama-sama..
DeleteTelah berkunjung
Komentar ini telah dihapus oleh pengarang.
ReplyDeletePake salah satunya aja, tergantung tipe warnetnya mas.. kalo untuk warnet..
ReplyDeleteSesuaikan juga b/w
apa stelah cara setting diatas kecepatann bertambah kak
ReplyDeletesaya langganan speedy 2 mbps
Fungsi external proxy adalah untuk menyimpan data yang pernah di download, jadi jika browsing membuka halaman/data situs yang pernah dibuka maka browsing tidak lagi mengambil ke internet langsung tapi mengambil data dari external proxy, jadi bisa lebih cepat dan tidak membutuhkan bandwidt lagi.. itu logikanya.
Deletemaaf,,,bisa tolong untuk settingan bandwith 3mb.....apakah bandwith speedy yang sering turun juga mempengaruhi kinerja di mikrotik...trima kasih.....
ReplyDeleteBisa..
ReplyDeleteSering turun maksudnya gmna mas?
ketika pake mikrotik, internet kadang lambat mas.....tp ketika tanpa mikrotik lancar....pengaruh dari apanya mas......puyaanku pake sistem brigde...
ReplyDeleteJika modemnya dijadikan bridge brarti yg dial up adalah mikrotik... bukan modem..
DeleteSaran saya... biarkan modem yang dial up dan mikrotik sebagai b/w managementnya jadi kerja mikrotik jadi maksimal
untuk setting 3mb, bisa gk scripnya diemailkan ke alamat saya...saifulhuda59@gmail.com....terima kasih
ReplyDeleteMaaf mas mau tanya lagi…..untuk pembagian bandwith di queue type dan queue tree, dibagian mana yang harus dirubah…soalnya saya masih baru belajar…..punyaan saya bandwithnya 3MB….trima kasih….
ReplyDeletePada queue type..
DeleteUP 1M
DOWN 4M
Pada queue tree sesuikan dengan kebutuhan warnet... DOWNLOAD ama HTTP Downloadnya yg di robah
Maaf gan masih bingung..ga ngerti atau bagaimana..sudah dicoba-coba dengan berbagai cara sampai kepala mumet (mungkin iq ga nyampe..hehehe)masalah tetap sama.. Ga Bisa Akses web http, kalau https bisa. Dimana settingannya yang/salah blum juga ketemu (ipcopnya sudah beberapa x di install ulang tpi problemnya ya itu-itu juga). Tolong di bantu gan (sebelumnya saya ucapkan terima kasih)
ReplyDeleteMaaf baru sempat jawab..
DeleteSetelah kita membuat proxy, coba masuk ke salah satu website, kemudian perhatikan dimikrotik apakah ada hit,jika ada hit berarti setingannya bener. walau situsnya belum muncul url akan disimpan di proxy dulu, dan itu memang memakan waktu.. harap bersabar, jika tidak ada hit, cek kembali scrip di ipcop nya..