Rabu, 14 November 2012

sektoral slotted waveguide

http://www.wikarekare.org/Antenna/8Waveguide.html
Diposting oleh di Tidak ada komentar:

Jumat, 02 November 2012

Cara Membagi Bandwidth dan Membuat Voucher Hotspot di Usermanager 5


Cara Membagi Bandwidth Hotspot Dengan Mikrotik atau Cara Membagi Bandwidth Hotspot dengan Usermanager 5 di Mikrotik.



Misalnya di Mikrotik Usermanager kita akan membuat 3 paket voucher dengan limit bandwidth yang berbeda2, contoh:
PAKET 1 JAM CHATTING RP.3000 = 128Kbps UP / 128Kbps Down
PAKET 1 JAM BROWSING RP.3000 = 128Kbps Up / 512Kbps Down
PAKET 1 JAM GAMES RP.3000 = 256Kbps UP / 256Kbps Down

Mari kita mulai..
Remote Usermanager Mikrotik anda di Browser ipaddress/userman contoh:192.168.11.1/userman,selanjutnya pilih “Profile” dan di Tab “Profile” klik + dan “Name” seperti gambar di bawah ini:

Untuk PAKET 1 JAM CHATTING:






Untuk PAKET 1 JAM BROWSING:





Untuk PAKET 1 JAM GAMES:





Selanjutnya Beralih ke tab “Limitations” dan “Add” dan “New” dan isi :
Name= PAKET 1 JAM CHATTING
Uptime=1h ( 1 jam )
1 jam=1h,24 jam=1d,1 minggu= 1w, 1 bulan=4w3d
Rate Limit:Rx=128k / Tx=128k
Rx artinya Upload
Tx artinya Download

Dan klik “Add”

Seperti gambar di bawah ini:


Selanjutnya klik lagi “Add” dan “New” dan isi :
Name= PAKET 1 JAM BROWSING
Uptime=1h ( 1 jam )
Rate Limit:Rx=128k / Tx=512k
Dan klik “Add”
Seperti gambar di bawah ini:



Selanjutnya klik lagi “Add” dan “New” dan isi :
Name= PAKET 1 JAM GAMES
Uptime=1h ( 1 jam )
Rate Limit:Rx=256k / Tx=256k
Dan klik “Add”
Seperti gambar di bawah ini:


Selanjutnya beralih lagi ke tab “Profiles” dan di Profile= PAKET 1 JAM CHATTING klik “Add new limitation” dan centang PAKET 1 JAM CHATTING dan klik “add” dan “Save profile” seperti gambar di bawah ini:



Selanjutnya ganti ke Profile= PAKET 1 JAM BROWSING klik “Add new limitation” dan centang PAKET 1 JAM BROWSING dan klik “add” dan “Save profile” seperti gambar di bawah ini:



Selanjutnya ganti ke Profile= PAKET 1 JAM GAMES klik “Add new limitation” dan centang PAKET 1 JAM GAMES dan klik “add” dan “Save profile” seperti gambar di bawah ini:


Selanjutnya silahkan Generate Vouchernya di “User”....


http://www.wirelessrouterproxy.com/2011/11/cara-membagi-bandwidth-hotspot-dengan.html
Diposting oleh di 2 komentar:

Selasa, 23 Oktober 2012

Radius Server Is Not Responding


Radius Server Is Not Responding

Untuk pengguna Mikrotik dengan feature HotSopt dan User Manager, pasti pernah mengalami info Radius Server Is Not Responding ketika masuk ke dalam login page. Ada beberapa penyebab dari Info Error ini yaitu:
  1. IP Routers pada user manager belum ter isi untuk ip 127.0.0.1 . Syntax : / radius add service=hotspot address=127.0.0.1 secret=123456
  2. Upgrade OS Versi Routerboard anda, untuk melihat versi OS Router anda bisa di cek dengan cara: System-> Packages
  3. Jika masih, reset router mikrotik anda. Kemudian ulangi langkah-langkah penyetingan HotSpot anda.
Diposting oleh di Tidak ada komentar:

Kamis, 18 Oktober 2012

Windows Lusca Proxy

Sistem Caching Lusca For Windows
Sesuai dengan permintaan agan2 dan sista2 tentang sistem caching… ni ane kasih yang lusca for windows..

Topologi :
Stand alone
Modem – pc proxy – hub
Modem – pc proxy – hub – akses point
Modem – 3G router – pc proxy – hub
Modem – 3G router – pc proxy – hub – akses point

1. Pertama download dulu Strawberry Perl ma Lusca For Windows.. nang ngisor iki (di bawah ini) hehehe
http://strawberryperl.com/
http://www.wupload.com/file/2660671912/Lusca_for_ComStuff_V2.2b_rev1.rar
https://hotfile.com/dl/150328055/b7bf36c/Lusca_for_ComStuff_V2.2b_rev1.rar.html
2. Install kedua software tersebut.. install strawberry pearl kemudian Lusca for windows…

3. setelah selesai edit squid.conf.. klik start - lusca proxy for comstuff – configuration - edit squid.conf

4. Beri  tanda ( # ) sebelum
acl jshack url_regex -i "C:/squid/etc/jshack.block"
deny_info http://adspit.net/lusca/hack.js jshack
http_access deny jshack
acl popads url_regex -i "C:/squid/etc/popads.block"
deny_info http://adspit.net/popkiller.html popads
http_access deny popads
acl advertise url_regex -i "C:/squid/etc/ads.block"
deny_info http://adspit.net/fill.png advertise http_access deny advertise

5. Hilangka tanda ( # ) sebelum
Dns_nameserver 127.0.0.1

6. Hilangkan Tanda ( # ) sebelum
storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
storeurl_rewrite_children 2 storeurl_rewrite_concurrency 99

7. Kemudian save

8.  Klik start – Lusca For Windows – klik apply squid lusca configuration

9. kalo ada berarti konfigurasinya sukses.. kalo blum coba force unisntall lalu ulang dari awal


Untuk stand alone kita tinggal setting di browser…

1. Mozilla Firefox
1. masuk ke tools => options => advanced => tab network => setting
2. pilih manual proxy configuration
3. set HTTP proxy 127.0.0.1 port 8000 => centang pilihan use this proxy server for all protocols
4. ok
Agar tidak ikut tercache oleh Firefox
- masuk ke tools => options => privasy => pilih never remember history => ok
2. Opera
  1. buka Preferences melalui Tools => Preferences
  2. pilih tab Advanced lalu lihat di bagian Network
  3. klik Proxy Servers ...
  4. pada jendela baru yang muncul, isi HTTP dengan 127.0.0.1 dan PORT 8000
  5. hapus 127.0.0.1 (jika ada) pada bagian Do Not Use Proxy On Adresses Below
3. Safari / IE / Chrome
  1. buka Control Panel => Internet Options tab Connections
  2. klik Lan Settings lalu klik Advanced
  3. pada jendela baru yang muncul, isi HTTP dengan 127.0.0.1 dan PORT 8000
  4. hapus 127.0.0.1 (jika ada) pada bagian Do Not Use Proxy Server for Adresses Begining With

Untuk stand alone cukup sampai di sini

Yang di share butuh software tambahan Softperpect bandwidth manager…

  1. Download Softperpect Bandwidth manager
http://www.mediafire.com/?07vwy6funmhezh3
2. Restart PC
3. Masukkan SN-nya ( hidup bajakan :ngakak )
4. Jalankan Softperfect Bandwidth Manager.
5 . Langsung klik ok. Jgn perdulikan yg lain
6. Klik Tools => Port Mapping => New Mapping 
Name: squid_port ( nama Terserah ) 
7. Redirect to Local Port: 8000 (sesuaikan dengan port squid yang Anda gunakan), lalu OK 
8. Klik Rules => Add Rule  
9.Tab General 
-          Rule Name : transparent_proxy ( Nama terserah )
-          Direction: Both
-          Transfer Rate Limit: Unlimited (dilimit ok.. di los juga ok )
-          Protocol: TCP and UDP
-          Apply Rule on Interface: LAN (pilih interface yang terhubung langsung ke switch/hub atau client)

10.  Tab Source
-          Source Address is: Whole IP Range From 192.168.0.1 To 192.168.0.253 (sesuaikan dengan kondisi jaringan Anda)
-          Source Port is: Any

11.  Tab Destination
-          Destination Address is: Any IP Address
-          Destination Port is: Single Port 80

12.  Tab Advanced
-          Contreng Process through the following mapping
-          Lalu pilih squid_port

13.  Klik ok

ni Post tambahannya Unbound DNS


Sekarang tinggal di coba di client masing2 tanpa merubah apapun…

Ane dah coba setting dengan cara ini berkali2 dan sukses di warnet ane…

Kalo sukses jgn lupa di share hasil speedtest-nya.. n cendol-nya..
Kalo masih bingung gak perlu sungkan hub ane…
Ane bantu sebisa ane…
Happy Caching……… 
Diposting oleh di Tidak ada komentar:

Kamis, 11 Oktober 2012

Me-remote Mikrotik yang ber-IP Dinamis


Me-remote Mikrotik yang ber-IP Dinamis

19MAR2012Leave a Comment
by rumahmikrotik
Terkadang kita dibingungkan saat akan me-remote mikrotik yang mempunyai ip publik yang dinamis. Untuk mengatasi nya kita perlu membuat akun ke website yang menyediakan fasilitas DDNS. Untuk tutor kali ini kita akan menggunakanChangeIP yang menyediakan free ddns.
Pertama kita mendaftar ke ChangeIP dan menambah satu domain pada account kita.
Setelah kita punya account dan domain di ChangeIP, langkah selanjutnya adalah membuat script agar mikrotik kita mengupdate ip  :
/system script
add name=DDNS policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=”# Dynamic DNS for ChangeIP.com behind NAT\r\
\n# Modified by Jorge Amaral, officelan.pt\r\
\n# For support send mail to support at offficelan dot pt\r\
\n#\r\
\n# The original script was written by \”webasdf\” on the Mikrotik forums,\
\_i just modified it to work with ChangeIP.com\r\
\n#\r\
\n# Here is where you need to set your definitions\r\
\n:local user \”vUSER\”\r\
\n:local pass \”vPASSWORD\”\r\
\n:local host \”vDOMAIN\”\r\
\n##############\r\
\n##############\r\
\n:global lastwanip;\r\
\n:if ([ :typeof \$lastwanip ] = \”nothing\” ) do={ :global lastwanip 0.0.\
0.0 };\r\
\n:local wanip [:resolve \$host];\r\
\n:if ( \$wanip != \$lastwanip ) do={\r\
\n\t/tool fetch mode=http address=\”checkip.dyndns.org\” src-path=\”/\” ds\
t-path=\”/dyndns.checkip.html\”\r\
\n\t:local result [/file get dyndns.checkip.html contents]\r\
\n\t:local resultLen [:len \$result]\r\
\n\t:local startLoc [:find \$result \": \" -1]\r\
\n\t:set startLoc (\$startLoc + 2)\r\
\n\t:local endLoc [:find \$result \"</body>\" -1]\r\
\n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n\t:set lastwanip \$currentIP;\r\
\n\t:put [/tool dns-update name=\$host address=\$currentIP key-name=\$user\
\_key=\$pass ]\r\
\n}”
Ganti :
vUSER dengan UserName account ChangeIP anda
vPASSWORD dengan Password account ChangeIP anda
vDOMAIN dengan domain yang sudah anda daftarkan di ChangeIP. (ex: me.MyNetAV.NET)
Setelah kita buat script untuk meng-update ip dinamis, langkah selanjutnya adalah membuat jadwal seberapa sering script kita akan kita eksekusi. Sebagai contoh saya akan buat scheduler untuk setiap 15 menit mengeksekusi script DDNS yang sudah kita buat.
/system scheduler
add disabled=no interval=15m name=UpdateDDNS on-event=DDNS policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2002 start-time=00:00:00
Setelah scheduler kita buat, maka pada saat router Mikrotik anda berubah ip publik nya akan terupdate maksimal 15 menit setelahnya.
Untuk mengakses router mikrotik anda bisa anda masukkan alamat vDOMAIN anda yang sudah anda daftarkan di ChangeIP.
Diposting oleh di Tidak ada komentar:

Senin, 08 Oktober 2012

Speedy ‎2 line + External proxy untuk game online 30 client


/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
    l2mtu=1526 mac-address=00:0C:42:85:A4:13 mtu=1500 name=Public1 speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:14 \
    master-port=none mtu=1500 name=Public2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:15 \
    master-port=none mtu=1500 name=Proxy speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:16 \
    master-port=none mtu=1500 name=Local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:17 \
    master-port=none mtu=1500 name=ether5 speed=100Mbps

/ip firewall layer7-protocol
add comment="" name=EXE regexp="^.*get.+\\.exe.*\$"
add comment="" name=RAR regexp="^.*get.+\\.rar.*\$"
add comment="" name=ZIP regexp="^.*get.+\\.zip.*\$"
add comment="" name=7z regexp="^.*get.+\\.7z.*\$"
add comment="" name=FLV regexp="^.*get.+\\.flv.*\$"
add comment="" name=WMV regexp="^.*get.+\\.wmv.*\$"
add comment="" name=MP3 regexp="^.*get.+\\.mp3.*\$"
add comment="" name=MP4 regexp="^.*get.+\\.mp4.*\$"
add comment="" name=3GP regexp="^.*get.+\\.3gp.*\$"


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1G name="A. INBOUND" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=2048k name="A5. DOWNLOAD" parent="A. INBOUND" priority=8

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
add kind=pcq name=pcq_down pcq-classifier=dst-address,dst-port pcq-limit=50 \
    pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1G name="A1. PROXY HIT" packet-mark=proxy-hit parent=\
    "A. INBOUND" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=100M name="A2. GAMES" packet-mark=games_pkt parent="A. INBOUND" \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1024k name="A3. BROWSING" packet-mark=http_pkt parent=\
    "A. INBOUND" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name="A4. A/V STREAM" packet-mark=stream_pkt parent=\
    "A. INBOUND" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH01 packet-mark=ApisTECH01.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH02 packet-mark=ApisTECH02.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH03 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH04 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH05 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH06 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH07 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH08 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH09 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH010 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH011 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH012 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH013 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH014 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH015 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH016 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH017 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH018 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH019 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH020 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH021 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH022 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH023 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH024 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH025 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH026 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH027 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH028 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH029 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH030 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down


/ip address
add address=192.168.11.2/30 broadcast=192.168.11.3 comment="" disabled=no \
    interface=Public1 network=192.168.11.0
add address=192.168.22.2/30 broadcast=192.168.22.3 comment="" disabled=no \
    interface=Public2 network=192.168.22.0
add address=192.168.3.30/30 broadcast=192.168.3.31 comment="" disabled=no \
    interface=Proxy network=192.168.3.28
add address=192.168.2.30/27 broadcast=192.168.2.31 comment="" disabled=no \
    interface=Local network=192.168.2.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=192.168.3.29

/ip firewall address-list
add address=192.168.2.0/27 comment="" disabled=no list=LocalNET
add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET
add address=172.22.10.0/28 comment="" disabled=no list=HotspotNET
add address=192.168.11.1 comment="" disabled=no list=Transparent
add address=192.168.22.1 comment="" disabled=no list=Transparent
add address=192.168.3.29 comment="" disabled=no list=Transparent
add address=192.168.2.30 comment="" disabled=no list=Gateway
add address=172.22.10.1 comment="" disabled=no list=Gateway
add address=63.251.101.0/25 comment="" disabled=no list=GAMES
add address=74.114.8.0/21 comment="" disabled=no list=GAMES
add address=192.168.2.1 comment="" disabled=no list=Local
add address=192.168.2.2 comment="" disabled=no list=Local
add address=192.168.2.3 comment="" disabled=no list=Local
add address=192.168.2.4 comment="" disabled=no list=Local
add address=192.168.2.5 comment="" disabled=no list=Local
add address=192.168.2.6 comment="" disabled=no list=Local
add address=192.168.2.7 comment="" disabled=no list=Local
add address=192.168.2.8 comment="" disabled=no list=Local
add address=192.168.2.9 comment="" disabled=no list=Local
add address=192.168.2.10 comment="" disabled=no list=Local
add address=192.168.2.11 comment="" disabled=no list=Local
add address=192.168.2.12 comment="" disabled=no list=Local
add address=192.168.2.13 comment="" disabled=no list=Local
add address=192.168.2.14 comment="" disabled=no list=Local
add address=192.168.2.15 comment="" disabled=no list=Local
add address=192.168.2.16 comment="" disabled=no list=Local
add address=192.168.2.17 comment="" disabled=no list=Local
add address=192.168.2.18 comment="" disabled=no list=Local
add address=192.168.2.19 comment="" disabled=no list=Local
add address=192.168.2.20 comment="" disabled=no list=Local
add address=192.168.2.21 comment="" disabled=no list=Local
add address=192.168.2.22 comment="" disabled=no list=Local
add address=192.168.2.23 comment="" disabled=no list=Local
add address=192.168.2.24 comment="" disabled=no list=Local
add address=192.168.2.25 comment="" disabled=no list=Local
add address=192.168.2.26 comment="" disabled=no list=Local
add address=192.168.2.27 comment="" disabled=no list=Local
add address=192.168.2.28 comment="" disabled=no list=Local
add address=192.168.2.29 comment="" disabled=no list=Local


/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="Port scanners to list " \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="NMAP FIN Stealth scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no \
    src-address-list="port scanners"
add action=accept chain=input comment="Allow Input from LOOPBACK" disabled=no \
    src-address=127.0.0.1
add action=accept chain=input comment="Allow Input from LOCAL Network" \
    disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=input comment="Allow Input from PROXY Network" \
    disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
add action=jump chain=forward comment="Packet Filtering" disabled=no \
    jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
    protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
    protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
    protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
    111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
    135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137,138,139 \
    protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
    protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
    12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
    protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
    31337 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
    protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137,138,139 \
    protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
    31337 protocol=udp
add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=tarpit chain=forward comment="Limit Download Conn" \
    connection-limit=10,32 connection-mark=download_conn disabled=no \
    in-interface=Local protocol=tcp src-address-list=Local
add action=tarpit chain=forward comment="Limit Streaming Conn" \
    connection-limit=5,32 connection-mark=streaming_conn disabled=no \
    in-interface=Local protocol=tcp src-address-list=Local
add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
    disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=forward comment="Allow Forward from PROXY Network" \
    disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=forward comment="Allow Forward from PUBLIC1 Network" \
    disabled=no in-interface=Public1 src-address-list=Transparent
add action=accept chain=forward comment="Allow Forward from PUBLIC2 Network" \
    disabled=no in-interface=Public2 src-address-list=Transparent
add action=drop chain=forward comment="Drop everything else" disabled=no


/ip firewall mangle
add action=mark-packet chain=postrouting comment="MARK PROXY-HIT" disabled=no \
    dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-connection chain=prerouting comment="PROXY CONNMARK" \
    connection-state=new disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new \
    disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new \
    disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_1 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_2 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_3 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="PROXY PCC" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_3 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="PROXY ROUTE" \
    connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    proxy.pppoe_2 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    proxy.pppoe_3 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" \
    connection-state=new disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_1 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 \
    protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" \
    connection-mark=local.pppoe_1 disabled=no in-interface=Local \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" \
    connection-state=new disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_1 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 \
    protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" \
    connection-mark=local.pppoe_1 disabled=no in-interface=Local \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="MARK LOCAL-IN CONN" \
    disabled=no dst-address-list=!Gateway in-interface=Local \
    new-connection-mark=all.pre_conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
    all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-connection chain=forward comment="MARK LOCAL-OUT CONN" \
    disabled=no new-connection-mark=all.post_conn out-interface=Local \
    passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \
    disabled=no new-packet-mark=all.post_pkt passthrough=yes
add action=mark-connection chain=prerouting comment="MARK HTTP/S CONN" \
    connection-mark=all.pre_conn disabled=no dst-port=80,443 \
    new-connection-mark=browsing_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 7z" \
    connection-mark=browsing_conn disabled=no layer7-protocol=7z \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn EXE" \
    connection-mark=browsing_conn disabled=no layer7-protocol=EXE \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn RAR" \
    connection-mark=browsing_conn disabled=no layer7-protocol=RAR \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn ZIP" \
    connection-mark=browsing_conn disabled=no layer7-protocol=ZIP \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP3" \
    connection-mark=browsing_conn disabled=no layer7-protocol=MP3 \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn WMV" \
    connection-mark=browsing_conn disabled=no layer7-protocol=WMV \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 3GP" \
    connection-mark=browsing_conn disabled=no layer7-protocol=3GP \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn FLV" \
    connection-mark=browsing_conn disabled=no layer7-protocol=FLV \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP4" \
    connection-mark=browsing_conn disabled=no layer7-protocol=MP4 \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn Youtube" \
    connection-mark=browsing_conn content=videoplayback disabled=no \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=BROWSING connection-mark=\
    browsing_conn disabled=no new-connection-mark=http_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-131072 \
    connection-mark=http_conn disabled=no new-packet-mark=http_pkt \
    passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=GAMES connection-mark=\
    all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes \
    protocol=tcp src-address-list=GAMES src-port=9339,843,39190
add action=mark-connection chain=forward comment="" connection-mark=\
    all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes \
    protocol=udp src-address-list=GAMES src-port=40000-40010
add action=mark-packet chain=forward comment="" connection-mark=games_conn \
    disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=forward comment="A/V STREAM" \
    connection-mark=all.post_conn disabled=no new-connection-mark=stream_conn \
    passthrough=yes protocol=tcp src-port=554,8000,88,1935
add action=mark-packet chain=forward comment="" connection-mark=stream_conn \
    disabled=no new-packet-mark=stream_pkt passthrough=no
add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=\
    131072-0 connection-mark=all.post_conn disabled=no dst-address=\
    192.168.2.1 new-packet-mark=ApisTECH01.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.2 \
    new-packet-mark=ApisTECH02.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.3 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.4 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.5 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.6 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.7 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.8 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.9 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.10 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.11 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.12 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.13 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.14 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.15 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.16 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.17 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.18 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.19 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.20 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.21 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.22 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.23 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.24 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.25 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.26 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.27 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.28 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.29 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.30 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-128 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    53,123 new-packet-mark=pppoe1.time_critical_pkt packet-mark=\
    pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    22,8291 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-256 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=\
    pppoe1.critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=\
    pppoe1.critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=\
    udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=443 new-packet-mark=pppoe1.high_prio_pkt \
    packet-mark=pppoe1.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no \
    new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=80 new-packet-mark=pppoe1.low_prio_pkt packet-mark=\
    pppoe1.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    110,995,143,993,25,20,21,69 new-packet-mark=pppoe1.low_prio_pkt \
    packet-mark=pppoe1.out_pkt packet-size=0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no \
    new-packet-mark=pppoe1.bulk_pkt packet-mark=pppoe1.out_pkt passthrough=no
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-128 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    53,123 new-packet-mark=pppoe2.time_critical_pkt packet-mark=\
    pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    22,8291 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-256 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=\
    pppoe2.critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=\
    pppoe2.critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=\
    udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=443 new-packet-mark=pppoe2.high_prio_pkt \
    packet-mark=pppoe2.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no \
    new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=80 new-packet-mark=pppoe2.low_prio_pkt packet-mark=\
    pppoe2.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    110,995,143,993,25,20,21,69 new-packet-mark=pppoe2.low_prio_pkt \
    packet-mark=pppoe2.out_pkt packet-size=0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no \
    new-packet-mark=pppoe2.bulk_pkt packet-mark=pppoe2.out_pkt passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
    dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.3.29 \
    to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
    in-interface=Local protocol=tcp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT LOCAL PROXY" disabled=no \
    dst-address-list=!Transparent dst-port=80,81,8080,3128 in-interface=Local \
    protocol=tcp to-addresses=192.168.3.29 to-ports=3128
add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no \
    dst-address-list=Gateway dst-port=22,81,10000 in-interface=Local \
    protocol=tcp to-addresses=192.168.3.29
add action=masquerade chain=srcnat comment="MASQUERADE MODEM1" disabled=no \
    out-interface=Public1
add action=masquerade chain=srcnat comment="MASQUERADE MODEM2" disabled=no \
    out-interface=Public2

/queue interface
set Public1 queue=ethernet-default
set Public2 queue=ethernet-default
set Proxy queue=ethernet-default
set Local queue=ethernet-default
set ether5 queue=ethernet-default

Diposting oleh di 1 komentar:
Langganan: Komentar (Atom)