Mikrotik ROS 3.20 - Better (Kecuali 3.25, X86 atau RB terserah)
IPCOP 1.4.20 + Addons
Bandwidth 1Mbps or better
Sample :
IP Lan MT : 172.10.64.64/25
IP SQUID MT : 190.1.1.1/25
IP SQUID : 190.1.1.2/25
Tujuan :
Agar port HTTP, SSL, dan aktifitas Download tidak mengganggu PointBlank.
Inget, PB itu penting, gak bikin jadi banci.
Start !
Buat dulu NAT-nya.
/ip fi nat
add action=redirect chain=dstnat comment=TOS disabled=no in-interface=lan protocol=icmp
add action=dst-nat chain=dstnat comment="DNS Redirected" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53
add
action=dst-nat chain=dstnat comment="IPCOP is here.." disabled=no
dst-port=81 protocol=tcp to-addresses=190.1.1.2 to-ports=81
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=445 protocol=tcp to-addresses=190.1.1.2 to-ports=445
add
action=dst-nat chain=dstnat comment="[SQUID] Proxy" disabled=no
dst-port=80 protocol=tcp src-address=!190.1.1.025 to-addresses=190.1.1.2
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=no
dst-port=8080 protocol=tcp src-address=!190.1.1.025
to-addresses=190.1.1.2 to-ports=3128
add action=dst-nat chain=dstnat
comment="" disabled=no dst-port=82 protocol=tcp src-address=!190.1.1.025
to-addresses=190.1.1.2 to-ports=3128
add action=dst-nat chain=dstnat
comment="" disabled=no dst-port=3128 protocol=tcp
src-address=!190.1.1.025 to-addresses=190.1.1.2 to-ports=3128
add action=masquerade chain=srcnat comment=Masquerading disabled=no
Kemudian buat MANGLE.
Contohnya begindang nek :
/ip fi mang
add
action=mark-connection chain=forward comment="Cache SQUID"
content="X-Cache" disabled=no new-connection-mark=ipcop-squid-con
passthrough=yes
add action=mark-packet chain=forward comment=""
connection-mark=ipcop-squid-con disabled=no
new-packet-mark=ipcop-squid-pkt passthrough=no
add
action=mark-connection chain=forward comment=PointBlank disabled=no
dst-address-list=KREON dst-port=40000-40010
new-connection-mark=GAME-Conn passthrough=yes protocol=udp
add
action=mark-connection chain=forward comment="" disabled=no
dst-address-list=KREON dst-port=39100 new-connection-mark=GAME-Conn
passthrough=yes protocol=tcp
add action=mark-connection chain=forward
comment="" disabled=no dst-address-list=KREON dst-port=39110
new-connection-mark=GAME-Conn passthrough=yes protocol=tcp
add
action=mark-connection chain=forward comment="" disabled=no
dst-address-list=KREON dst-port=39220 new-connection-mark=GAME-Conn
passthrough=yes protocol=tcp
add action=mark-connection chain=forward
comment="" disabled=no dst-address-list=KREON dst-port=39190
new-connection-mark=GAME-Conn passthrough=yes protocol=tcp
add
action=mark-connection chain=forward comment="" disabled=no
dst-address-list=KREON dst-port=49100 new-connection-mark=GAME-Conn
passthrough=yes protocol=tcp
add action=mark-connection chain=forward
comment="" connection-bytes=1024000-4294967295 disabled=yes
dst-address-list=KREON dst-port=80 new-connection-mark=GAME-Conn
passthrough=yes protocol=tcp
add action=mark-connection chain=forward
comment=FreeStyle disabled=no dst-address-list=KREON
dst-port=40045,40047,40502 new-connection-mark=GAME-Conn passthrough=yes
protocol=udp
add action=mark-connection chain=forward comment=""
disabled=no dst-address-list=KREON dst-port=10000-10015
new-connection-mark=GAME-Conn passthrough=yes protocol=tcp
add
action=mark-packet chain=forward comment="GAME Online Packet -
Directtion" connection-mark=GAME-Conn disabled=no
dst-address=172.10.64.0/25 in-interface=wan
new-packet-mark=Direct-GAMES-Packet passthrough=no
add
action=mark-connection chain=forward comment=Poker disabled=no
dst-port=9339 new-connection-mark=poker-conn passthrough=yes
protocol=tcp
add action=mark-packet chain=forward comment="Poker
Direction" connection-mark=poker-conn disabled=no
dst-address=172.10.64.0/25 in-interface=wan new-packet-mark=poker-packet
passthrough=no
add action=mark-packet chain=forward comment="HTTP
& SSL - DIRECT Packet" connection-bytes=1024000-4294967295
connection-mark=ipcop-squid-con disabled=no in-interface=wan
new-packet-mark=http-packet passthrough=no protocol=tcp src-port=80
add
action=mark-packet chain=forward comment=""
connection-mark=ipcop-squid-con disabled=no in-interface=wan
new-packet-mark=ssl-packet passthrough=no protocol=tcp src-port=443
Kemudian mainkan QUEUE. Dalam hal ini ada 2 bagian, PCQ dan QUEUE Tree.
/que type
add kind=pcq name=Download-HTTP pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
/que tree
add
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k
max-limit=1024k name=GAMEZ packet-mark=Direct-GAMES-Packet
parent=global-out priority=1 queue=default
add burst-limit=0
burst-threshold=0 burst-time=0s disabled=no limit-at=128k
max-limit=15360k name=HTTP packet-mark=http-packet parent=global-out
priority=2 queue=Download-HTTP
add burst-limit=0 burst-threshold=0
burst-time=0s disabled=no limit-at=128k max-limit=512k name=SSL
packet-mark=ssl-packet parent=global-out priority=1 queue=default
add
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k
max-limit=256k name=Poker packet-mark=poker-packet parent=global-out
priority=8 queue=default
Selesai !
Tidak ada komentar:
Posting Komentar