karena banyak nya pertanyaan ke gw tentang memisah bw internasional dan IIX
maka gw buat tutor ini :
TOPOLOGI
ISP ---- MIKROTIK ---- hub --- client1
..................................|----- client2
..................................|----- client3
ip ISP :
202.152.100.1/30
mikrotik
ether1
ip 202.152.100.2/30
gateway 202.152.100.1
ether2
ip 192.168.100.1/24
DNS : 202.152.0.2
command dasar masukin ip ga usah gw ajarin lah ya..
malu2 in klo musti di ajarin lagi
mari kita mulai :
pertama :
nat biar user bisa lewat :
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.100.0/24
kedua :
nyalain komputer pake os windows
isi ip nya :
ip : 192.168.100.2
nmask : 255.255.255.0
gateway : 192.168.100.1
ketiga :
sambungin kabel nya ke hub dan coba buka router nya pake browser :
http://192.168.100.1
kalo kebuka ambil winbox nya dengan mengklik gambar winbox. klo ga kebuka cek kabel
keempat :
ambil file nice.rsc dari openixp taro di desktop
http://ixp.mikrotik.co.id/download/nice.rsc
kelima :
buka winbox nya dengan mengetikan ip address router di winbox
user admin pass nya kosong
okeee..... lanjut
kita masukin file nice.rsc nya
di winbox klik file trus drag file nice.src nya ke winbox file
jadi masuk ke winbox dan setelah selesai klik terminal
ketik
import nice.rsc
ke enam.. mangle...
karena ini NATed network maka chain mangle nya juga prerouting
jika routed end2end maka pake nya forward
mangle untuk src-address dan dst-address jadi naek turun traffic di mangle
klo mau yang gampang tinggal copy paste aja lah
Quote:
[[admin@BandwidtMANAGEMENT] > /ip firewall mangle pr
Flags: X - disabled, I - invalid, D - dynamic
chain=forward connection-mark=ping action=mark-packet new-packet-mark=ping passthrough=yes
chain=forward src-address-list=nice action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes
chain=forward dst-address-list=nice action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes
chain=forward src-address-list=!nice action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes
chain=forward dst-address-list=!nice action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes
chain=prerouting connection-mark=mark-con-indonesia action=mark-packet new-packet-mark=indonesia passthrough=yes
chain=prerouting connection-mark=mark-con-overseas action=mark-packet new-packet-mark=overseas passthrough=yes
perhatiin PASTROUGH nya jangan sampe salah, sesuaikan dengan topologi masing-msaing. gunakan Prerouting atau FORWARD
perhatiin di winbox. semua traffic harus ketangkep
buka ip --> firewall ---> mangle
jika telah ketangkep... maka tinggal di seting que
misalkan :
client 1
dengan ip :
192.168.100.2
mau kita kasi bandwith iix 512kbps internasional 64 kbps
maka :
Quote:
/que simple
add
name="client1-iix" target-addresses=192.168.100.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=indonesia direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=512000/512000 total-queue=default-small
name="client1-int" target-addresses=192.168.100.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=overseas direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=64000/64000 total-queue=default-small
jika sudah maka test pake http://www.speedtest.net
untuk test iix pilih jakarta untuk test internasional pilih yang singapore atau amerika sekalian
lanjuuuuuuuuuttt.....
client2
dengan ip : 192.168.100.3
hanya di berikan IIX saja sebesar 64 kbps dan tidak di berikan internasional sama sekali..
maka :
kita buat firewall untuk client 2 blokir jalur internasional
Quote:
[admin@BandwidtMANAGEMENT] > ip firewall filter add
chain=forward src-address=192.168.100.3 connection-mark=mark-con-overseas action=drop
kemudian coba test dari client2 buka www.yahoo.com
jika tidak terbuka sukses kita memblokir jalur internasional untuk client 2
jika masih kebuka cek lagi configurasi yg kita buat.
setting ini biasanya di gunakan untuk game center yang hanya di beri akses IIX saja
kemudian kita tinggal membatasi untuk IIX saja atau malah buat saja que simple biasa saja karena kita tau bahwa
client 2 mustahil bisa akses internasional
contoh berikut ini beserta rule iix nya :
Quote:
/que simple
add
name="client2-iix" target-addresses=192.168.100.3/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=indonesia direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=64000/64000 total-queue=default-small
jika kita tetap paranoid apabila si client masih bisa akses internasional alias takut bocor (padahal udah ga bisa lagi)
maka tambahin aja que untuk internasional dengan besar 8 kbps
Quote:
/que simple
add
name="client2-int" target-addresses=192.168.100.3/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=overseas direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=8/8 total-queue=default-small
contoh selanjut nya untuk client 3
dengan ip 192.168.100.4
dengan besar bandwith 64 kbps.
maka kita buat que biasa aja :
Quote:
/que simple
add
name="client3" target-addresses=192.168.100.4/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=64000/64000 total-queue=default-small
okeee... selesai..
yang penting paham prinsipnya...
selanjut nya kembangkan imajinasi sendiri
jika ada pertanyaan silahkan
=================================================================================
nambahin bro deva deh..
buat queue tree nya..
di mangle, mark paket buat klien
Quote:
/ip firewall mangle
add action=mark-packet chain=forward comment="Popon" disabled=no \
dst-address=192.168.5.22 in-interface=ether2 new-packet-mark="D IIX Popon" \
out-interface=wlan1 passthrough=yes src-address-list="IP IIX"
add action=mark-packet chain=forward comment="" disabled=no \
dst-address=192.168.5.22 in-interface=ether2 new-packet-mark="D INT Popon" \
out-interface=wlan1 passthrough=yes src-address-list="!IP IIX"
add action=mark-packet chain=forward comment="" disabled=no \
dst-address-list="IP IIX" in-interface=wlan1 new-packet-mark="U IIX Popon" \
out-interface=ether2 passthrough=yes src-address=192.168.5.22
add action=mark-packet chain=forward comment="" disabled=no \
dst-address-list="!IP IIX" in-interface=wlan1 new-packet-mark="U INT Popon" \
out-interface=ether2 passthrough=yes src-address=192.168.5.22
trus buat queue tree nya..
IIX Download
Quote:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1000000 name="IIX D 512" packet-mark="" parent=wlan1 priority=8 \
queue=default
add burst-limit=512000 burst-threshold=0 burst-time=1m disabled=no \
limit-at=32000 max-limit=128000 name="D IIX Popon" packet-mark="D IIX Popon" \
parent="IIX D 512" priority=8 queue=default
IIX Upload
Quote:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512000 name="IIX U 512" packet-mark="" parent=ether2 priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32000 \
max-limit=32000 name="U IIX Popon" packet-mark="U IIX Popon" parent="IIX U \
512" priority=8 queue=default
Int Upload
Quote:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=128000 name="INT U 64" packet-mark="" parent=ether2 priority=8 \
queue=default
add burst-limit=32000 burst-threshold=0 burst-time=10s disabled=no limit-at=0 \
max-limit=32000 name="U INT Popon" packet-mark="U INT Popon" parent="INT U \
64" priority=8 queue=default
Int Download
Quote:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=90000 name="INT D 64" packet-mark="" parent=wlan1 priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=10s disabled=no limit-at=0 \
max-limit=32000 name="D INT Popon" packet-mark="D INT Popon" parent="INT D \
64" priority=7 queue=default
oia, biar bisa dipisahin, web-proxy nya di mikrotik jangan dipake..
dulu berpusing2 ria bareng bro deva ngeliatin mangle yg gak jalan2.. hehe..
sumber :http://www.forummikrotik.com/tutorial/962-misahin-iix-dan-internasional.html
EmoticonEmoticon