keunggulan dari dns unbound adalah simple dan bisa dituning lebih
tinggi. jadi belum dikasih squid saja udah cepet sekali koneknya heuheuhue.
OK kangsung saja ini panduannya yang benar wkwkwkkwkw di internet ga ada yang benar.
cari referensi sulit yaa langsung ke web alsina aja wess website unbound ambil dengan wget di putty
sebelumnya uninstall dulu bind9 dengan tasksel
# tasksel
hilangkan tanda bintang pada dns-server dengan tombol space
[ * ] Server DNS
jadi
[ ] Server DNS
install DNS UNBOUND
# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# chown unbound:root unbound_*
# chmod 440 unbound_*
saya menganjurkan backup unbound.conf dulu sebelum diobok-obok
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.asli
hapus semua isi tulisan file /etc/unbound/unbound.conf dan isikan ini
server:
verbosity: 1
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no
interface: 192.168.2.2 # saya revisi harus ada lan / eth1
interface: 127.0.0.1 # penggunaan cpu, nilai 1 = no threading, nilai 2 = go threading
num-threads: 2
# nilai 2 kali dari num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
# gunakan 1/10 dari memory misal memory 512 mb
# msg-cache size = 512 / 10 = 51,2 ato 50 m
# untuk rrset-cache-size = msg-cache-size X 2
rrset-cache-size: 100m
msg-cache-size: 50m
# rumus untuk single core pentium 4 adalah memory : 2
# sedangkan untuk dual core dan lainya rumusnya 1024/cores - 50
outgoing-range: 256
# Larger socket buffer. OS may need config.
so-rcvbuf: 4m
num-queries-per-thread: 1024
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
key-cache-size: 4m
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control:192.168.2.0/24 allow # saya revisi juga harus ada lan / eth1
access-control: 127.0.0.0/8 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address:192.168.2.0/24 # saya revisi harus ada lan / eth1
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone cjmedia.net, samakan dengan dhcp
local-zone: "cjmedia.net." staticlocal-data: "cjmedia.net. 86400 IN NS ns1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN SOA cjmedia.net. hostmaster.cjmedia.net. 3 3600 1200 604800 86400"
local-data: "cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "www.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "ns1.cjmedia.net. 86400 IN A 192.168.2.2" # sama didhcp server
# layanan mail
local-data: "mail1.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "cjmedia.net. 86400 IN MX 10 mail1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN TXT v=spf1 a mx ~all"
# dns bind hanya diremove systemnya bukan file nya dengan tasksel
local-zone: "168.192.in-addr.arpa." staticlocal-data: "168.192.in-addr.arpa. 10800 IN NS cjmedia.net."
local-data: "168.192.in-addr.arpa. 10800 IN SOA cjmedia.net. hostmaster.cjmedia.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR cjmedia.net."
forward-zone:
name: "."
forward-addr:192.168.2.2 # ini saya revisi forward dns local harus ada
forward-addr: 180.131.144.144forward-addr: 180.131.145.145
# anda bisa menambah lebih banyak lagi dns spidol
remote-control:
control-enable: yes
control-interface:192.168.2.2 # saya revisi lan / eth1 harus ada
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
save dan tutup kemudian check konfigurasi unbound diputty
# unbound-checkconf /etc/unbound/unbound.conf
jika komeng keluarnya gini
unbound-checkconf: no errors in /etc/unbound/unbound.conf
berarti konfigurasi sudah betul.
tambahkan dns option pada file /etc/network/interfaces agar modem bisa mengarah ke localhost 127.0.0.1
buka file /etc/network/interfaces. tambahakan baris berikut setelah gateway modem dan sebelum auto eth1
lihat tulisan merah
auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255
save dan restart networking
# services networking restart
restart unbound
# /etc/init.d/unbound restart
kemudian check dns lookup dengan cara
# nslookup
> 192.168.2.2
> 127.0.0.1
> localhost
> cjmedia.net
> www.cjmedia.net
> mail1.cjmedia.net
> google.com
> yahoo.com
> gmail.com
> exit
jika tidak ada masalah maka sudah benar dan reboot kompie anda
# reboot
lihat prosesnya di kompi ubuntu server jika lihat prosesnya berarti sudah ok
recursive DNS server unbound [ OK ]
Pdnsd adalah DNS cache proxy...Proses meminta terjemahan nama domain ke
IP address ini dari komputer kita ke DNS server ISP tidak lama,
rata-rata memakan waktu 500 milidetik, alias setengah detik. namun
bayangkan jika DNS server ISP itu bisa kita pindahkan ke dalam jaringan
lokal di rumah, maka proses penerjemahan nama domain tadi bisa disingkat
sampai cuma tinggal 1 milidetik. jika seharian kita melakukan ratusan
permintaan penerjemahan nama domain, banyak waktu yang bisa dihemat jika
DNS server-nya ada di jaringan lokal.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
langkah - langkah :
# sudo apt-get update
# sudo apt-get install pdnsd
edit usr/share/pdnsd/pdnsd-resolvconf.conf
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit lagi di /etc/default/pdnsd :
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
edit lagi di /etc/pdnsd.conf :
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit /etc/resolv.conf
name-server nameserver 127.0.0.1
edit /etc/dhcp/dhclient.conf :
#prepend domain-name-servers 127.0.0.1; hilangkan tanda #
tambahkan pada rc.local :
/etc/init.d/pdnsd restart
langsung di test :
sudo /etc/init.d/pdnsd restart
semua langkah pengeditan harus di simpan setelah di edit/ditambahkan...
192.168.2.2 IP server... di sesuaikan IP server anda...
Selamat Mencoba ^_^
Pada
jaringan yang dilimit, ketika batas bandwidth suatu client telah
maksimal digunakan, maka ping akan membesar nilai reply-nya, hal ini
dikarenakan pengantrian koneksi dari client itu sendiri. Sehingga
seolah-olah koneksi yang kita pakai memiliki kualitas jelek karena ping
yang besar.
Bagaimana caranya agar ping tetap stabil walau
koneksi telah full digunakan oleh client itu sendiri, begitu juga
halnya dengan DNS (port 53) agar lebih cepat dalam pengalokasian
address, pada tulisan ini kita akan membuat jalur sendiri icmp dan dns,
dan diharapkan tanpa adanya gangguan dari koneksi, sehingga koneksi
penyampaian ping dan dns bisa lebih cepat.
/ ip firewall mangle
add chain=prerouting protocol=icmp src-address=192.168.10.0/24 action=mark-connection new-connection-mark=icmp-c comment="--> ping" disabled=no
add chain=prerouting connection-mark=icmp-c action=mark-packet new-packet-mark=icmp-p comment="" disabled=no
add chain=prerouting packet-mark=icmp-p action=change-tos new-tos=min-delay comment="" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="--> dns" disabled=no
add chain=prerouting src-address=192.168.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="" disabled=no
add chain=prerouting connection-mark=dns-c action=mark-packet new-packet-mark=dns-p comment="" disabled=no
add chain=prerouting packet-mark=dns-p action=change-tos new-tos=min-delay comment="" disabled=no
Jika
pada mangle terdapat mark packet nya koneksi (IIX / INT) letakkan di
bagian bawah mangle tersebut, dan jangan diletakkan di bagian atas.
Selanjutnya pada queue type:
/ queue typePada queue tree:
add name="64" kind=pfifo pfifo-limit=64
/ queue tree
add name="64" parent=global-in packet-mark="" limit-at=0 queue=64 priority=5 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ping" parent=64 packet-mark=icmp-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="dns" parent=64 packet-mark=dns-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ip firewall layer7-protocol
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”
/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
drop idm
/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp
/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53
Menggunakan Internal Proxy nya mikrotik versi crack(2.9)
ternyata masih bisa. dari pada pakai komputer lagi mending pakai
Internal Proxy nya saja. cuman hasilnya memang belum seoptimal kalo
pakai external proxy(terutama di bagain bandwith manjemennya) tetapi
masih memuaskan. (sudah ditest cuman kadang terasa kurang memuaskan,
tetapi bisa membantu meningkatkan perfoma)
Seting IP untuk Internal Proxy pada mikrotik
1. IP Modem:
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
3. IP Client: 192.168.1.0/24
Seting Rule Internal Proxy di Winbox :
/ ip address
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no
/ ip dns
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
/ ip firewall nat
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
/ queue simple
add name=”proxy-HIT” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no
Beberapa tool tambahan yang mungkin perlu anda periksa/instal:
# vi /etc/network/interfaces
# sudo ufw disable
# apt-get install nmap
Lakukan instalasi dependensi yang di butuhkan: # sudo apt-get update # sudo apt-get install squid # sudo apt-get install squid squidclient squid-cgi # sudo apt-get install gcc # sudo apt-get install build-essential # sudo apt-get install sharutils # sudo apt-get install ccze # sudo apt-get install libzip-dev # sudo apt-get install automake1.9 # sudo apt-get install multitail
# sudo apt-get install unzip
# sudo apt-get install acpid
Download LUSCA_HEAD-r14809:
# cd /tmp# tar -xvjf LUSCA_HEAD-r14809-patch.tar.bz2# cd LUSCA_HEAD-r14809
Compile, configure dan install Lusca Squid dengan perintah berikut:
# make clean./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \# make# sudo make install
Konfigurasi dan Tunnelling Lusca Squid :
# cd /etc/squid# mv squid.conf squid.conf.original# unzip squid.conf.ubuntu.zip# mv squid.conf.ubuntu squid.conf# tar -xvzf storeurl.pl.tar.gz# chown proxy:proxy /cache1# chown proxy:proxy /cache2# chmod 777 /cache1# chmod 777 /cache2# chown proxy:proxy /etc/squid/storeurl.pl# chmod 777 /etc/squid/storeurl.pl
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah:
# squid -f /etc/squid/squid.conf -z
Periksa konfigurasi squid
squid -NDd1 &
Jika tidak terdapat error jalankan squid:
# sudo /etc/init.d/squid restart
Reboot/restart CPU Ubuntu anda
# shutdown -r now sumber : indoit.web.id
|
