Pada tutor kali ini saya coba uraikan settingan mikrotik untuk game online dicampur dengan kepentingan browsing (ngenet) agar berjalan serasi dan seimbang.
Note:
Langsung ke TKP..!!!
Code:
/interface
set 0 name=speedy ----------->(public)
set 1 name=lan ----------------> (local)
/ip address
add address=192.168.0.2/30 interface=speedy
add address=192.168.1.1/24 interface=lan
/ip route
add gateway=192.168.0.1 -------->(alamat modem ADSL)
/ip dns
set primary-dns=222.124.204.34
set secondary-dns=202.134.0.155
set allow-remote-requests=yes
/ip fi nat
add chain=srcnat action=masquerade out-interface=speedy
INI ROUTING UNTUK GAME ONLINE:
Note:
- Script di bawah hanya berjalan pada mikrotik versi 3.30 ke atas.
- Bandwidth yang diimplementasikan 1Mbps/256Kbps (SPEEDY)
Langsung ke TKP..!!!
Code:
/interface
set 0 name=speedy ----------->(public)
set 1 name=lan ----------------> (local)
/ip address
add address=192.168.0.2/30 interface=speedy
add address=192.168.1.1/24 interface=lan
/ip route
add gateway=192.168.0.1 -------->(alamat modem ADSL)
/ip dns
set primary-dns=222.124.204.34
set secondary-dns=202.134.0.155
set allow-remote-requests=yes
/ip fi nat
add chain=srcnat action=masquerade out-interface=speedy
INI ROUTING UNTUK GAME ONLINE:
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6001,6000-6152,7777" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,7451,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15002" \
new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49100" \
new-connection-mark="zar-goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="zar-goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="zar-goc" \
passthrough=yes protocol=udp
GAME DIBUAT PREROUTING AGAR TIDAK BERLIKU DI TUBUH ROUTER
/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="zar-goc" \
new-packet-mark="zar-gopd" passthrough=no
INI ROUTING UNTUK GAME FACEBOOK
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="zar-gfc" passthrough=yes \
protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" disabled=no \
dst-address=192.168.1.0/24 new-packet-mark="zar-gfpd" \
passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="zar-gfc" new-packet-mark="zar-gfpu"\
passthrough=no src-address=192.168.1.0/24
INI PCQ UNTUK SPEED BAGI RATA
/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port
/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port
INI QUEUE UNTUK GAME ONLINE
/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2
/queue tree \
add name="3.GAME UPLOAD" \
parent=speedy priority=2
/queue tree \
add name="1.GAME ONLINE DOWN" \
packet-mark="zar-gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN
/queue tree \
add max-limit=256000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="zar-gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN
/queue tree \
add name="1.GAME ONLINE UPLOAD" \
packet-mark="zar-gopd" \
parent="3.GAME UPLOAD" priority=2 queue=UP
/queue tree \
add limit-at=0 max-limit=128000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="zar-gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP
INI UNTUK LIMIT FILE EXTENSI, SEPERTI .EXE .RAR .YOUTUBE, DLL
/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1) \
[\\x09-\\x0d ][1-5][0-9][0-9] \
[\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie
INI ROUTING UNTUK EXTENSI
/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no
INI ROUTING UNTUK BROWSING (DOWNLOAD/UPLOAD)
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP dst-port=21,80 \
new-connection-mark="browsing-con" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
dst-address=192.168.1.0/24 \
new-packet-mark="download" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
new-packet-mark="upload" \
passthrough=no src-address=192.168.1.0/24
INI QUEUE UNTUK KEGIATAN BROWSING-DOWNLOAD-UPLOAD
/queue tree \
add max-limit=128000 \
name="UPLOAD-BROWSING" \
packet-mark="upload" parent=speedy \
priority=4 queue=UP
/queue tree \
add max-limit=750000 \
name="1.2 HTTP-DOWN" \
parent=global-out priority=2
/queue tree \
add max-limit=750000 \
name="1.3 BROWSING DOWN" \
packet-mark="download" \
parent="1.2 HTTP-DOWN" \
priority=4 queue=DOWN
/queue tree \
add max-limit=512000 \
name="1.4 LIMIT EXTENTION" \
parent="1.2 HTTP-DOWN" priority=5
/queue tree
add name=YOUTUBE \
parent="1.4 LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="1.4 LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="1.4 LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"1.4 LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
1. Game online dirouting langsung ke alamat port game online dan menggunakan bandwith maksimal (unlimited) karena tidak terlalu memakan bandwith sekalipun game PB hanya butuh koneksi dengan trafic yang mulus.
2. Browsing dirouting pada port 80 dan 21 dan diberikan bandwith maksimal 750Kbps untuk download dan 128Kbps untuk upload dan tidak boleh melebihi dari itu atau game online akan nge-lag.
3. Limit Extensi dirouting berdasarkan layer 7 protocol dan diberikan maksimal bandwidth 512Kbps dan tidak boleh lebih dari itu atau browsing dan game online akan terganggu.
CATATAN PENTING :
- Tutorial di atas untuk 10 PC saja dengan Bandwidthnya 1Mbps,.
- Jika PC lebih dari 10 dan BW tetap 1 MBPS, maka pada queue tree download menjadi 512Kbps dan limit extensi menjadi 256Kbps.
- Jika mempunyai BW 2Mbps ke atas, silahkan 2x lipatkan saja pada queue tree-nya atau gunakan logika anda sendiri.
Source :
http://bandungjarkom.blogspot.com
Sekian.
Semoga menambah pengetahuan dan bermanfaat.
Salam
MerahPutihSegoroasat
Thanks
permisi gan setting diatas mencakup semua game facebook gak gk gan
BalasHapusYup bisa..
HapusGame facebook portnya macam2, agan tinggal search portnya aja lihat di mikrotiknya dan tinggal menambahkan portnya.
Komentar ini telah dihapus oleh pengarang.
Hapusok makasih gan,,,,
BalasHapusada lagi nih kalo mau bikin pengecualian ip address server biar gak ikut kelimit alias biar ip address server full konesinya gimana ya caranya?????
Jika ada IP yang ingin di Bypass.
HapusSilahkan anda mengelompokan IP yang akan di Bypass dengan address list
dst-address-list=!Bypass
address-list:Bypass ( IP Lan Lokal/IP berapa aja )
masih bingung nih gan soalnya saya masih newbitol nih hehehhe =D
Hapusminta scriptnya deh ip address yang mau di bypass 192.168.2.2
/ip firewall address-list \
Hapusadd list="Bypass" \
address=192.168.2.2 \
comment="IP Yang Di Bypass 192.168.2.2"
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP dst-port=21,80 \
new-connection-mark="browsing-con" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
dst-address-list=!Bypass \
new-packet-mark="download" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="browsing-con" disabled=no \
new-packet-mark="upload" \
passthrough=no src-address-list=!Bypass
------------------
NI ROUTING UNTUK EXTENSI
/ip firewall mangle
add action=mark-packet chain=forward \
dst-address-list=!Bypass
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no.............
............................
............................
Jadi keterangannya :
Selain IP yang ada di address-list yaitu dengan nama "Bypass"
Akan di limit.
Jika mau menambahkan Ip yang akan di bypass tinggal menambahkan di Address-listnya : misal mau menambahkan lagi ip yang akan dibypass 192.168.2.3
/ip firewall address-list \
add list="Bypass" \
address=192.168.2.3 \
comment="IP Yang Di Bypass 192.168.2.3"
setelah di config, jangan lupa reboot mikrotiknya.
Silahkan dicoba.
oke makasih banyak ya gan ,,,,,
Hapusbagi script kok di copas nggak boleh. pakek acara di disable pelit amat sh
BalasHapussya sudah mencoba script yang di bypass ternyata ip yang di bypass kok masih kelimit ya?
BalasHapuspak bisa remot mikrotik saya dan setting :) soalnya emng ga ngerti sama sekali pak kalo berminat bantu ini Hp saya 085246117762. terima kasih sebelumnya pak
BalasHapusHi Pak Segoro,
BalasHapussaya sudah aplikasikan script nya untuk mikrotik di tempat saya.
tapi beberapa web tidak bsa saya buka seperti instagram.com dan microsoft.com,
dan saya rasa ada pengaruhnya dari routing HTTP mark connection dst-address port 21,80
karena ketika mangle tersebut saya disable saya bsa buka alamat web nya.
Bagaimana solusi nya pak?