MikroTik Rule For Gaming, Download And Browsing

Jul 18th, 2010

Leave a comment | Trackback
Pembagian Port Prioritas untuk Game, Download Dan Browsing kira-kira sebagai ber
ikut.
Dengan paket Speedy Office ( DownStream UpTo 1mbps UpStream UpTo 128kbps )
Asumsi Jaringan sudah terhubung dengan internet
1. Add Queue Type
/queue type
set default-small kind=pfifo name=default-small pfifo-limit=10
2. Add Firewall > Filter
/ip firewall filter
add action=drop chain=forward comment= Limit Simulation Connection connection-l
imit=32,32 disabled=no protocol=tcp \
src-address=192.168.0.0/24 tcp-flags=syn
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.exe \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.7z \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.iso \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.zip \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mpeg \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mpg \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.flv \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.3gp \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.rm \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.avi \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.rar \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mp4 \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mkv \
 disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mov \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.msi \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.wav \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.wmv \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.wma \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=.mp3 \
disabled=no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=DOWNLOAD address-list-timeou
t=1h chain=forward comment= " content=\
videoplayback disabled=no protocol=tcp src-address=192.168.0.0/24
Catatan *** : Tulisan berwarna merah berarti melimit jumlah Koneksi per client m
ax 32
3. Add Firewall > Mangle
/ip firewall mangle
add action=mark-connection chain=prerouting comment= ICMP & DNS disabl
no dst-port=53,123 in-interface=LAN new-connection-mark=QoS_0_con passthroug
h=yes protocol=udp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_0_con d
isabled=no new-packet-mark=QoS_0 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no in-interfac
e=LAN new-connection-mark=QoS_0_con \
passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_0_con d
isabled=no new-packet-mark=QoS_0 \
passthrough=no
add action=mark-connection chain=prerouting comment=SSH \
disabled=no dst-port=22 in-interface=LAN new-connection-mark=QoS_1_con passt
hrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_1_con d
isabled=no new-packet-mark=QoS_1 \
passthrough=no
add action=mark-connection chain=prerouting comment= World of Warcraft di
no dst-port=1119,3724,6881,6112,24783,4000 in-interface=LAN new-connection-m
ark=QoS_1_con passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment= " disabled=no dst-port=10
28 in-interface=LAN new-connection-mark=\
QoS_1_con passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_1_con d
isabled=no new-packet-mark=QoS_1 \
passthrough=no
add action=mark-connection chain=prerouting comment= POINT BLANK disabl
dst-port=39100-49100 in-interface=LAN new-connection-mark=QoS_1_con passthro
ugh=yes protocol=tcp
 add action=mark-packet chain=prerouting comment= " connection-mark=QoS_1_con d
isabled=no new-packet-mark=QoS_1 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no dst-port=40
000-40009 in-interface=LAN \
new-connection-mark=QoS_1_con passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_1_con d
isabled=no new-packet-mark=QoS_1 \
passthrough=no
add action=mark-connection chain=prerouting comment= RF ONLINE - \
disabled=no dst-port=27780,10007 in-interface=LAN new-connection-mark=QoS_2_
con passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_2_con d
isabled=no new-packet-mark=QoS_2 \
passthrough=no
add action=mark-connection chain=prerouting comment= DOTA ONLINE - disabl
dst-port=6100-6250 in-interface=LAN new-connection-mark=QoS_2_con passthroug
h=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_2_con d
isabled=no new-packet-mark=QoS_2 \
passthrough=no
add action=mark-connection chain=prerouting comment= AYO DANCE disable
no dst-port=18900-18910 in-interface=LAN new-connection-mark=QoS_2_con passt
hrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_2_con d
isabled=no new-packet-mark=QoS_2 \
passthrough=no
add action=mark-connection chain=prerouting comment=CABAL \
disabled=no dst-port=63123,38122 in-interface=LAN new-connection-mark=QoS_2_
con passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_2_con d
isabled=no new-packet-mark=QoS_2 \
passthrough=no
add action=mark-connection chain=prerouting comment= Hold em Poker disabled=no ds
t-port=9339,843,1935 in-interface=LAN \
new-connection-mark=QoS_2_con passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_2_con d
isabled=no new-packet-mark=QoS_2 \
passthrough=no
add action=mark-connection chain=prerouting comment= PW ONLINE disable
no dst-port=29000 in-interface=LAN new-connection-mark=QoS_3_con passthrough
=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_3_con d
isabled=no new-packet-mark=QoS_3 \
passthrough=no
add action=mark-connection chain=prerouting comment=DOWNLOAD - disabled=n
dst-address-list=DOWNLOAD dst-port=80,8080,3128 in-interface=LAN new-connect
ion-mark=QoS_5_con passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_5_con d
isabled=no new-packet-mark=QoS_5 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no dst-address
-list=DOWNLOAD dst-port=\
110,995,143,993,25,20,21 in-interface=LAN new-connection-mark=QoS_5_con pass
through=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_5_con d
isabled=no new-packet-mark=QoS_5 \
passthrough=no
add action=mark-connection chain=prerouting comment=BROWSING disabled=n
 dst-port=80,8080,3128,443,7778 in-interface=LAN new-connection-mark=QoS_4_co
n packet-size=0-666 passthrough=yes \
protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_4_con d
isabled=no new-packet-mark=QoS_4 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no dst-port=80
,8080,3128,443,7778 in-interface=LAN \
new-connection-mark=QoS_4_con packet-size=0-666 passthrough=yes protocol=tcp
tcp-flags=ack
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_4_con d
isabled=no new-packet-mark=QoS_4 \
passthrough=no
add action=mark-connection chain=prerouting comment= " connection-bytes=0-1000
000 disabled=no dst-port=\
80,8080,3128,443,7778 in-interface=LAN new-connection-mark=QoS_4_con passthr
ough=yes protocol=tcp
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_4_con d
isabled=no new-packet-mark=QoS_4 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no dst-port=11
0,995,143,993,25,20,21 in-interface=LAN \
new-connection-mark=QoS_4_con packet-size=0-666 passthrough=yes protocol=tcp
tcp-flags=syn
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_4_con d
isabled=no new-packet-mark=QoS_4 \
passthrough=no
add action=mark-connection chain=prerouting comment= " disabled=no dst-port=11
0,995,143,993,25,20,21 in-interface=LAN \
new-connection-mark=QoS_4_con packet-size=0-666 passthrough=yes protocol=tcp
tcp-flags=ack
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_4_con d
isabled=no new-packet-mark=QoS_4 \
passthrough=no
add action=mark-connection chain=prerouting comment= P2P Kelaut Aja \
disabled=no in-interface=LAN new-connection-mark=QoS_8_con p2p=all-p2p passt
hrough=yes
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_8_con d
isabled=no new-packet-mark=QoS_8 \
passthrough=no
add action=mark-connection chain=prerouting comment=Other \
disabled=no in-interface=LAN new-connection-mark=QoS_7_con passthrough=yes
add action=mark-packet chain=prerouting comment= " connection-mark=QoS_7_con d
isabled=no new-packet-mark=QoS_7 \
passthrough=no
4. Add Queue > Simple
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=128k/1M name=TOTAL parent=none priority=8 queue=\
default-small/default-small target-addresses=192.168.0.0/24 total-queue=\
default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
8k/16k max-limit=16k/64k name= QoS_0 ICMP & DNS packet-marks=QoS_0 \
parent=TOTAL priority=1 queue=pfifo-64/pfifo-64 target-addresses=\
192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
16k/32k max-limit=128k/1M name= QoS_1 WoW, PB packet-marks=QoS_1 \
parent=TOTAL priority=1 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
16k/64k max-limit=128k/1M name=\
QoS_2 RF | Dota | Poker | Ayo Dance | Cabal packet-marks=QoS_2 \
parent=TOTAL priority=2 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
16k/32k max-limit=128k/1M name= QoS_3 Perfect World packet-marks=QoS_3 \
parent=TOTAL priority=3 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
32k/128k max-limit=128k/1M name= QoS_4 Browsing packet-marks=QoS_4 \
parent=TOTAL priority=4 queue=UpStream/DownStream target-addresses=\
192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
16k/32k max-limit=32k/1M name= QoS_5 Download packet-marks=QoS_5 \
parent=TOTAL priority=5 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=QoS_6 packet-marks=QoS_6 parent=TOTAL priority=6 \
queue=default-small/default-small target-addresses=192.168.0.0/24 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=32k/128k name= QoS_7 Lain Lain packet-marks=QoS_7 \
parent=TOTAL priority=7 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment= " \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=8k/32k name= QoS_8 Peer To Peer packet-marks=QoS_8 \
parent=TOTAL priority=8 queue=default-small/default-small \
target-addresses=192.168.0.0/24 total-queue=default-small