Areksitiung’s Blog

MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

/ interface ethernet
set Local name=”Local” mtu=1500 mac-address=0A:C0:18:1A:3C:8A arp=enabled disable-running-check=yes auto-negotiation=no \
full-duplex=yes cable-settings=default speed=100Mbps comment=”" disabled=no
set Speedy1 name=”Speedy1″ mtu=1500 mac-address=0A:C0:18:1A:3C:75 arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”" disabled=no
set Speedy2 name=”Speedy2″ mtu=1500 mac-address=C0:10:18:C0:30:94 arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”" disabled=no
set Speedy3 name=”Speedy3″ mtu=1500 mac-address=00:0C:6E:D3:0D:FC arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”" disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server
add name=”vpn” user=”" disabled=no
/ interface pptp-server server
set enabled=yes max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 default-profile=vpn
/ interface pppoe-client
add name=”pppoe-out1″ max-mtu=1480 max-mru=1480 interface=Speedy2 user=”111401104174@telkom.net” password=”sttlqg13mc” \
profile=default service-name=”" ac-name=”" add-default-route=yes dial-on-demand=no use-peer-dns=no \
allow=pap,chap,mschap1,mschap2 disabled=no
/ ip pool
add name=”dhcp_pool1″ ranges=10.2.1.1-10.2.1.252,10.2.1.254
add name=”vpn” ranges=172.16.1.1-172.16.1.6
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=yes
set www port=7479 address=0.0.0.0/0 disabled=no
set ssh port=1981 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip dns static
add name=”www.ktr-pjk-pdg.org” address=10.2.1.253 ttl=1d
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=10.2.1.253/24 network=10.2.1.0 broadcast=10.2.1.255 interface=Local comment=”" disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Speedy1 comment=”" disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Speedy2 comment=”" disabled=no
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=Speedy3 comment=”" disabled=no
add address=172.16.1.1/29 network=172.16.1.0 broadcast=172.16.1.7 interface=Local comment=”" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip neighbor discovery
set Local discover=yes
set Speedy1 discover=yes
set Speedy2 discover=yes
set Speedy3 discover=yes
set pppoe-out1 discover=no
set vpn discover=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=speedy1 comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 target-scope=10 routing-mark=speedy2 comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 routing-mark=speedy3 comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 target-scope=10 comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes comment=”Prio \
P2P” disabled=yes
add chain=prerouting connection-mark=prio_conn_p2p action=mark-packet new-packet-mark=prio_p2p_packet passthrough=no \
comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”Prio Download_Services” disabled=yes
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=yes
add chain=prerouting connection-mark=prio_conn_download_services action=mark-packet new-packet-mark=prio_download_packet \
passthrough=no comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”Prio Ensign_Services” disabled=yes
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000 action=mark-connection \
new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting connection-mark=prio_conn_ensign_services action=mark-packet new-packet-mark=prio_ensign_packet \
passthrough=no comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_user_services passthrough=yes comment=”Prio User_Request” disabled=yes
add chain=prerouting protocol=tcp dst-port=8291 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_user_services passthrough=yes comment=”" disabled=yes
add chain=prerouting connection-mark=prio_conn_user_services action=mark-packet new-packet-mark=prio_request_packet \
passthrough=no comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”Prio_Communication” disabled=yes
add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=udp dst-port=5060 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”" disabled=yes
add chain=prerouting protocol=ipencap action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=gre action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=ipsec-esp action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=ipsec-ah action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=ipip action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting protocol=encap action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”" disabled=yes
add chain=prerouting connection-mark=prio_conn_comm_services action=mark-packet new-packet-mark=prio_comm_packet \
passthrough=no comment=”" disabled=yes
add chain=prerouting in-interface=Local connection-state=new nth=2,1,0 action=mark-connection new-connection-mark=speedy1 \
passthrough=yes comment=”LB 3 Line Speedy” disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy1 action=mark-routing new-routing-mark=speedy1 \
passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=2,1,1 action=mark-connection new-connection-mark=speedy2 \
passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy2 action=mark-routing new-routing-mark=speedy2 \
passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=2,1,2 action=mark-connection new-connection-mark=speedy3 \
passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy3 action=mark-routing new-routing-mark=speedy3 \
passthrough=no comment=”" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy1 action=src-nat to-addresses=192.168.1.2 to-ports=0-65535 comment=”NAT 2 CLIENT” \
disabled=no
add chain=srcnat connection-mark=speedy2 action=src-nat to-addresses=125.165.115.184 to-ports=0-65535 comment=”" \
disabled=no
add chain=srcnat connection-mark=speedy3 action=src-nat to-addresses=192.168.3.2 to-ports=0-65535 comment=”" disabled=no
add chain=srcnat src-address=172.16.1.0/29 action=masquerade comment=”NAT VPN” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment=”Block Bogus IP Address” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=forward src-address=192.168.1.99 protocol=tcp content=www action=drop comment=”block browsing 1″ disabled=yes
add chain=forward src-address=192.168.1.7 content=!www action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.8 protocol=tcp content=www action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.9 action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.10 content=!www action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.11 protocol=tcp content=www action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.12 protocol=tcp content=www action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.99 protocol=tcp content=http: action=drop comment=”block browsing 2″ disabled=yes
add chain=forward src-address=192.168.1.4 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.5 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.6 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.7 content=!http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.8 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=input src-address=192.168.1.9 action=drop comment=”" disabled=yes
add chain=input src-address=192.168.1.10 content=!http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.11 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=forward src-address=192.168.1.12 protocol=tcp content=http: action=drop comment=”" disabled=yes
add chain=forward protocol=icmp icmp-options=11:0 action=drop comment=”Drop Traceroute” disabled=no
add chain=forward protocol=icmp icmp-options=3:3 action=drop comment=”Drop Traceroute” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop SSH brute forcers” \
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list \
address-list=ssh_blacklist address-list-timeout=1w3d comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list \
address-list=ssh_stage3 address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list \
address-list=ssh_stage2 address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”Port Scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter FTP to Box” \
disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”" \
disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h comment=”" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate Protocol into Chains” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”" disabled=no
add chain=input protocol=tcp action=jump jump-target=tcp comment=”" disabled=no
add chain=input protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking UDP Packet” disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=445 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=25 action=drop comment=”Bloking TCP Packet” disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”———— Virus — Conficker” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited Ping Flood” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp action=drop comment=”" disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
add chain=input connection-state=established action=accept comment=”Connection State” disabled=no
add chain=input connection-state=related action=accept comment=”" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”" disabled=no
add chain=input connection-state=invalid action=drop comment=”" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=yes
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=yes
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”" html-directory=hotspot rate-limit=”" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
transparent-proxy=yes open-status-page=always advertise=no
/ ip dhcp-server
add name=”dhcp1″ interface=Local lease-time=3d address-pool=dhcp_pool1 bootp-support=static authoritative=after-2sec-delay \
disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.2.1.0/24 gateway=10.2.1.253 comment=”"
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” disabled=no
/ system logging
add topics=info prefix=”" action=memory disabled=no
add topics=error prefix=”" action=memory disabled=no
add topics=warning prefix=”" action=memory disabled=no
add topics=critical prefix=”" action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=”"
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”" disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”ROUTER-NET”
/ system note
set show-at-login=yes note=”"
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default \
change-tcp-mss=yes comment=”"
add name=”vpn” local-address=vpn remote-address=vpn use-compression=default use-vj-compression=default \
use-encryption=required only-one=default change-tcp-mss=default dns-server=203.130.193.74 comment=”"
set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes \
only-one=default change-tcp-mss=yes comment=”"
/ ppp secret
add name=”areksitiung” service=pptp caller-id=”" password=”sentot” profile=vpn routes=”" limit-bytes-in=0 \
limit-bytes-out=0 comment=”" disabled=no
/ ppp aaa
set use-radius=yes accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \
red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”DreamNet” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 interface=Local parent=none direction=both \
priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Down_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_download_packet direction=both \
priority=5 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Ensign_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_ensign_packet direction=both \
priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”User_Request” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_request_packet direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Communication” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=prio_comm_packet direction=both priority=3 queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name=”Kasir” target-addresses=192.168.1.99/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default-small \
disabled=no
add name=”Client1″ target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client2″ target-addresses=192.168.1.4/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client3″ target-addresses=192.168.1.5/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client4″ target-addresses=192.168.1.6/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client5″ target-addresses=192.168.1.7/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client6″ target-addresses=192.168.1.8/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client7″ target-addresses=192.168.1.9/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client8″ target-addresses=192.168.1.10/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client9″ target-addresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client10″ target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” disabled=yes
add name=”areksitiung” group=full address=0.0.0.0/0 comment=”" disabled=no
add name=”nanda” group=full address=0.0.0.0/0 comment=”" disabled=no
add name=”riko” group=full address=0.0.0.0/0 comment=”" disabled=no
add name=”padang” group=full address=0.0.0.0/0 comment=”" disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=”" location=”"
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”" file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no \
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import=”" \
prefix-list-export=”" disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no \
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

IP address
Load balancer = 192.168.8.10
Mikrotik dengan 3 lan card:
—> Eth1 = 192.168.8.1 (ke load balancer)
—> Eth2 = 192.168.15.1 (ke IPCOP)
—> Eth3 = 192.168.1.1 (ke Switch/hub)
IPCOP = 192.168.15.10

Modem di set mode bridge, jadi yang dial PPPoE dari loadbalancer nya

2. Setting Mikrotik

—> Ethernet Card

name=”Speedy” mtu=1500 mac-address=4C:00:10:1B:4E:6F arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Lokal” mtu=1500 mac-address=00:02:2A:BF:E2:08 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Squid” mtu=1500 mac-address=00:0E:2E:01:62:24 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

—> IP address

[admin@satelit-internet]/ip address
add address=192.168.8.1/24 interface=Speedy
add address=192.168.1.1/24 interface=Lokal
add address=192.168.15.1/24 interface=Squid

—> DNS

[admin@satelit-internet]/ip dns
set primary-dns=192.168.8.10 allow-remote-request=yes

—> Route

[admin@satelit-internet]/ip route
add gateway=192.168.8.10

—> NAT

[admin@satelit-internet]/ip firewall nat
add chain=dstnat src-address=!192.168.8.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.8.10 to-ports=818

add chain=srcnat out-interface=Speedy action=masquerade

tujuannya membelokkan semua port 80 dari client ke port 818 (squid IPCOP) yang berfungsi sebagai web proxy

—> Mangle

tujuannya
memisahkan bandwidth internasional dan lokal (OpenIXP dan IIX)
Daftar IP Address yang diadvertise di OpenIXP dan IIX dapat di download di http://www.mikrotik.co.id/getfile.php?nf=nice.rsc
File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia setiap pagi sekitar pk 05.30, dan merupakan data yang telah di optimasi untuk menghilangkan duplikat entry dan tumpang tindih subnet.
Untuk tutorial auto import script ke mikrotik bisa diintip disini

[admin@satelit-internet] >/ip firewall mangle

add chain=forward dst-address=192.168.1.0/24 action=change-ttl new-ttl=set:1 comment=”change TTL”

add chain=forward out-interface=internet protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 comment=”change mss”

add chain=forward content=X-Cache: HIT action=mark-connection new-connection-mark=squid_conn passthrough=yes comment=”squid proxy”

chain=forward connection-mark=squid_conn action=mark-packet new-packet-mark=squid_packet passthrough=no

/* Prioritaskan ping dan DNS */

add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp passthrough=yes comment=”icmp”

add chain=prerouting connection-mark=icmp action=change-tos new-tos=min-delay

add chain=prerouting connection-mark=icmp action=mark-packet new-packet-mark=icmp passthrough=no

add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS passthrough=yes comment=”DNS”

add chain=prerouting connection-mark=DNS action=change-tos new-tos=max-throughput

add chain=prerouting protocol=udp dst-port=53 connection-mark=DNS action=mark-packet new-packet-mark=DNS passthrough=no

add chain=forward protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=IRC passthrough=yes comment=”irc”

add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=6000-7000 action=mark-packet new-packet-mark=irc passthrough=no

add chain=forward connection-mark=IRC action=mark-packet new-packet-mark=irc passthrough=no

/* Upload Connections */

add chain=prerouting src-address=192.168.1.0/24 dst-address-list=!nice action=mark-packet new-packet-mark=upload comment=”upload” passthrough=no

/* Download Connections hanya untuk bandwidth internasional (OpenIXP) */

add chain=forward dst-address=!192.168.1.0/24 connection-mark=!squid_conn dst-address-list=!nice action=mark-connection new-connection-mark=download passthrough=yes comment=”download”

add chain=forward connection-mark=download action=mark-packet new-packet-mark=download passthrough=no

—> Queue type

[admin@satelit-internet]/queue tree

add name=”pfifo-64″ kind=pfifo pfifo-limit=64

add name=”pcq-down” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

add name=”pcq-up” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

—> Queue Tree

[admin@satelit-internet]/queue tree

add name=”download” parent=lan packet-mark=download limit-at=0 queue=pcq-down priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

—> Queue simple

[admin@satelit-internet]/queue simple

add name=”squid” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_packet direction=both priority=8 queue=default-small/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”irc” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=irc direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 max-limit=16000/16000 total-queue=default-small

add name=”DNS” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=DNS direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”icmp” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”parent” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=download,upload direction=both priority=8 queue=default-small/pcq-down limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”Satelit-01″ target-addresses=192.168.1.100/32 dst-address=0.0.0.0/0 interface=all parent=parent packet-marks=download,upload direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
.
.
.
dst sampe 15 client

source: http://echo.or.id

Sedoyo, bagi yg lagi belajar bhs inggris-jawa intensip nih, biar
di kate pede spiking-spiking,

1. yes mother dont do that: Yo mbok ojo ngono..
2. your head = enDas mu..
3. your eyes = Matamu.
4. your bald head = GUNDUL MU !!
5. your knees falling down = Dengkulmu anjlog !!
6. your bellybutton on fire = Udhelmu kobong !!
7. your auntie’s money = duwite mbokdemu tah ?
8. your grandfather money = Duwite mBahmu !!
9. your auntie teach you about that? = mbokdemu sing ngajari yoo??
10.your mother goalkeeper = makmu kiper .
11.like that yes like that but don’t be like that = ngono yo ngono ning ojo ngono
12. my body is not delicious today = awakku lagi gak enak.
13.your face far away = raimu adoh
14.your lips = lambemu
Kata2 tambahan terpopuler :
a. your bellybutton turn up = udelmu bodong
b. your head smell gum benzoin = nDhasmu mambu menyan
c. cricket !!! = jangkrik/diancuk
d. your head was blown = ndasmu njeblug
e. your eyes blind = matamu picek
f. wanna eat your head = Tak kletak ndasmu !

1.Water mouth = iler
water eyes = luh
blood high = budrek
writing plenthing = jerawat
ass wind = entut

2.Eye-Waste : BloBog
Nose-Waste : Upil
Tooth-Waste : Gadul-Slilit
Body-Waste : Dangkal

3.Lagu2 translate boso jowo:

All out of love (Air Supply) = katresnan kebablasan
Good Bye (Air SUpply) = Minggat
WOrds (Bee Gees) = Nggedebus
More Than Words (Extreme) = Nggedebus pol
Soldier of fortune Deep Purple) = Prajurit raiso mati
Frozen (Madonna) = Njendel
Don’t Cry for me, Argentina (Madonna) = Ojo nagis Sragen
Billy Jean (M.Jackson) = Tuku Clono Levis
Killing me softly (Roberta Flack) = Di-ithik-ithik sak modar’e
My Way (Frank Sinatra) = Sak-Karepku
Wild Woman (MLTR) = Morotuwo
Don’t Speak (No Doubt) = Meneng’a wae
Something stupid (R William-Nicole K) = nggobloki
Bohemian Rhapsody (Queen) = Bu Hemo nge-rap
We Will rock you (Queen) = Balang2an watu
Always (Bon Jovi) = Mesti ngono
Bed of Roses (Bon Jovi) = Peti mati
Alone (heart) = Ijen (album ‘Kendel Tenan’)
Warrior (pat benatar) = sepatu basket
self control (laura b) = Poso
the temple of the king (rainbow) = candi
sailing (Rod S) = isih eling (ora edan)
Jump (Van H) Njondil (album ‘kaget’)
Black magic woman (santana) = Mak lampir
Smooth (santana) = Lunyu (album ‘kepleset’)
Always SOmewere (scorpion) = mblayang wae
Still loving you (scorpion) = ra nduwe isin
So young (the corrs) = bocah SD

Lagu “Suweh Ora Jamu” versi English

So why or a jump you.
Jump you go down tell a..
So why or a cat em you. Cat em
you peace and ga why gell a

Lagu Barat versi bahasa Jawa

*All out of love (Air Supply) : Katresnan Kebablasan
* Goodbye (Air Supply) : Minggat
* Lost in love (Air Supply) : Wis Ora Tresno
* Grease (Bee Gees) : Kinclong
* I started a joke (Bee Gees) : Wiwit Ndagel
* In the morning (Bee Gees) : Isuk Utuk2
* Saturday night fever (Bee Gees) : Meriang ning Nekat Ngapel

* Summertime (jazz) : Loro Panas
* Words (Bee Gees) : Nggedebus
* More than words (Extreme) : Nggedebus Pol
* Smoke on the water (Deep Purple) : Umob (album ‘Nggodog Wedang’)
* Soldier of fortune (Deep Purple) : Prajurit Ra Iso Mati (kethoprakan….)
* Mama (Genesis) : Mak’e
* Another day in paradise (Phill Collins) : Liyo Dina neng Suwargo
* Againts all odds (Phill Collins) : Ongko Ganep
* All night long (Lionel Richie) : Lek-lekan (Begadang)
* Still (Lionel Richie) : Isih (durung entek)
* Stuck on you (Lionel Richie) : Kecanthol
* Truly (Lionel Richie) : Tenane
* Frozen (Madonna) : Njendel
* Black & white (Michael Jackson) : Sebrangan Dalan
* Killing me softly (Roberta Flack) : Diithik-ithik sak Modare
* My way (Frank Sinatra) : Sak Karepku
* I don’t like to sleep alone (Paul Anka) : Kelonana Aku
* Hands clean (Alanis Morissette) : Bar Wisuh
* Believe (Cher) : Percoyo
* I still believe (Brenda K Star) : Ngengkelan
* Shy Guy (Diana King) : Clingus
* Wild Woman (Michael Learns to Rock) : Simbok Morotuwo
* Torn (Natalie Imbruglia) : Suwek Dhedhel Dhuel
* Don’t speak (No Doubt) : Menenga Wae
* Something stupid (R William & Nicole Kidman) : Nggobloki
* Don’t stop me now (Queen) : Ojo Ngganduli
* Always (Bon Jovi) : Mesthi Ngono
* Bed of roses (Bon Jovi) : Trebela
* Alone (Heart) : Ijen (album ‘Kendel Tenan’)
* Self control (Laura Branigan) : Poso
* Jump (Van Halen) : Njondhil (album ‘Kaget’)
* Almost unreal (Roxette) : Ora Umum
* Black magic woman (Santana) : Mak Lampir
* Smooth (Santana) : Lunyu (album’Kepleset’ )
* Always somewhere (Scorpion) : Mblayang Wae!
* So young (The Corrs) : Isih kinyis-kinyis
* Forever young (Alphaville) : Awet Nom
* Suddenly (Billy Ocean) : Ujug-ujug
* If (Bread) : Yen
* My heart will go on (Celine Dion) : Loro Hepatitis
* Hard to say I’m sorry (Chicago) : Kisinan
* Zombie (Cranberries) : Gendruwo
* Boulevard (Dan Byrd) : Dalan Gedhe
* Emotion (Destiny’s Child) : Muntab
* If we hold on together (Diana Ross) : Yen Gegandengan Tangan
* It’s you (Dionne W & Stevie W) : Jebul Sliramu
* Big big world (Emilia) : Donyane Gedhe Banget
* Careless whisper (George Michael) : Seneng Rasan2
* I don’t have the heart (James Ingram) : Rempela Thok
* Just once (James Ingram) : Sepisan Wae
* Beautiful girl (Jose Mari Chan) : Cah Ayu
* To all the girls I loved before (Julio Iglesias) : Kanggo Randha-Randhaku
* Pretty boy (M2M) : Banci
* Smile again (Manhatan Transfer) : Ayo Ngguyu (Waljinah)
* I’ll be here waiting for you (Richard Marx) : Tak Cegat Neng Kene
* 2 Become 1 (Spice Girls) : Ilang Siji
* Just the way you are (Billy Joel) : Sak karepmu
* Smoke gets in your eyes (jazz) : Keculek Rokok
* Long train running (Doobie W) : Kepancal Sepur
* All blues (George Benson) : Kelunturan (Biru Kabeh)
* O Danny boy (tradisional Irlandia) : O, Jebul Anake Dani!
* Another clown (Leon) : Koyo Bad
* Are you Ready (Boney James) : Wis Siap opo urung…
* Deep Waters (Incognito): Njeroo
* Never say goodbye (bon jovi) : kerasan
* Try again (skyline) : gagal maning

a.. Enemy at the Gates — Musuhe Wis Tekan Gapuro
b.. Die Another Day — Modare Ojo Saiki
c.. Die Hard — Matine Angel
d.. Die Hard II — Matine Angel Tenan
e.. Die Hard III With A Vengeance — Kowe Kok Ra Mati-Mati To?
f.. Die Hard IV (Die) – Jan Tenanan, Arep Mati Kok Angel Tenan
g.. Bad Boys — Bocah-Bocah Elek

h.. Catwoman – Kucing Wedok
i.. Man of Fire — Wong Lanang Kesumuken
j.. No Way Back — Ora Iso Mulih (kesasar to?)
k.. Just Married – Mantenan
l.. Red Eye — Matane Abang (klilipan opo?)
m.. Casino Royale – Togel Akeh Duite
n.. The Hoax — Ngapusi
o.. Harry Potter – Harry Dodol
p.. Pot Lost in Space — Ilang Neng Awang-awang
q.. X-Men — Wong Lanang Saru
r.. X-Men 2 — Wong Lanang Saru Tenan
s.. Cheaper by the Dozen — Tuku Selusin Luwih Murah
t.. Paycheck — Kasbon
u.. Independence Day — Pitulasan
v.. There is Something About Marry — Meri Ono Apa-Apane
w.. Silence of the Lamb — Wedhuse Mutung
x.. All The Pretty Horses — Jarane Ayu-Ayu
y.. Planet of the Apes — Planete Wong Apes
z.. Gone in Sixty Second — Minggat Sakcepete
aa.. Original Sin — Dosa Tenanan
ab.. The Abyss — Entek-Entekan
ac… Deja Vu — Pangling
ad.. Seabiscuit — Klethikan Neng Laut
ae.. Terminator — Terminal Montor
af.. How To Lose A Guy in 10 Days — Piye Carane Megat Lanangan Mung 10 Dino
ag.. Lord Of The Ring — Pedagang Akik
ah.. Deep Impact — Ngantem Njero
ai.. Million Dollar Baby — Babi Regone Sayuto
aj.. Blackhawk Down — Manuk Ireng Kenek Bedhil
ak.. Saving Private Ryan — Ngelesi Privat Mas Ryan (pancene goblog tenan opo?)
al.. Gone With The Wind — Wes Ewes Ewes, Bablas Angine
am.. Because I Said So — Dikandani Kok Ngeyel Temen Sih
an.. Superman — Gatot Koco

Bagi banyak orang yang berkecimpung di RT/RW-net atau ISP atau WARNET, sering kali yang menjadi masalah adalah kehadiran pelanggan yang ‘MANIAK DOWNLOAD‘ dimana bandwidth kita akan tersedot habis oleh 1 orang user yang nota bene membayar sama dengan yang lain namun berdampak sangat buruk bagi yang lain.

Gara-gara satu orang user, maka kita terpaksa dikomplain seluruh pelanggan yang lain. Namun untuk memberikan peringatan pada satu orang itu, rasanya juga sulit karena dia merasa membayar sehingga merasa berhak untuk menggunakan akses internet sesuka hati.

Ada cara yang cukup efektif untuk menahan hal semacam ini dengan cara membuat shaper berbasis quota. Misalnya begini : jika pemakaian download masih dibawah 75 MB maka user akan mendapat kecepatan maksimal 128 kbps. Tapi jika dia sudah menggunakan lebih dari 75 MB tapi masih kurang dari 150 MB, maka kecepatannya menurun menjadi hanya 92 kbps. Tapi kalau dia sudah mendownload lebih dari 150 MB, maka kecepatannya kita batasi hanya tersisa 64 kbps.

Cara untuk melakukan hal semacam itu adalah dengan memasang script berikut ini :

/queue simple
:local traf;
:local maxi;
:set traf [get [find name="<eddy>"] total-bytes]
:set maxi [get [find name="<eddy>"] max-limit]
:set ips [get [find name="<eddy>"] target-address]
:if ($traf  > 150000000) do = { :log info “Si Eddy sudah melampaui 150MB”;
set [find name="<eddy>"] max-limit= “64000/64000″}
:if ($traf  < 150000000) do = { :log info “Si Eddy masih dibawah 150MB”;
set [find name="<eddy>"] max-limit= “92000/92000″}
:if ($traf  < 75000000) do = { :log info “Si Eddy masih dibawah 75MB”;
set [find name="<eddy>"] max-limit= “128000/128000″}

Keterangan :

• 150000000 : artinya 150 MB
• <eddy> : adalah nama queue yang sudah kita setting di queue simple list
• :log info  : untuk membuat keterangan dibagian LOG agar kita bisa lihat proses yang dijalankan
• max-limit adalah perintah untuk melakukan perubahan limiter

Script ini kita letakkan di bagian /system scheduler dengan menambahkan schedule (misalnya):

start-date=feb/20/2009 start-time=02:25:00 interval=30m

Kemudian pada bagian on-event kita tuliskan script kita tersebut di atas. Artinya, setiap 30 menit sekali, mikrotik akan menjalankan script cek tadi dan user eddy akan diaudit setiap 30 menit sekali. Dengan demikian setiap 30 menit akan dicek pemakaian si eddy apakah sudah melampaui batas atau belum.

Kita bisa mengatur interval menjadi lebih cepat ataupun lebih lambat sesuai dengan kehendak kita. Selamat mencoba dan semoga berguna.

Untuk menginstall Mikrotik kita perlu mendownload ISO filenya dari mikrotik kemudian di-burn ke CD.

Setelah di burn ke CD, booting komputer menggunakan CD mikrotik dan tunggu sampai menu pilihan muncul seperti ini :

Kita tinggal memilih paket-paket yang kita butuhkan dengan menekan tombol spasi. Paket-paket yang kita perlukan misalnya ppp, dhcp, advanced tools, hotspot, ntp, routing, security, telephony, ups, user manager, web-proxy. Untuk system harus dicentang karena kalau tidak salah-salah tidak nginstall mikrotik tapi nginstall windows… hahaha…

Setelah itu tekan huruf ‘i’ untuk mulai menginstall dan tunggu selama proses installasi. Setelah proses installasi selesai, maka komputer akan reboot sendiri. Lepas CD mikrotik dan biarkan komputer booting dari harddisk. Tunggu selama proses booting pertama ini sampai muncul halaman login seperti ini :

Untuk bisa login, username yang kita pakai adalah ‘admin’ dan passwordnya kosong (langsung enter saja). Pada kondisi default, mikrotik yang baru terinstall tidak memiliki IP sehingga kita tidak bisa meremote ke Mikrotik. Untuk melakukan setting awal, gunakan perintah ini :

* interface print

gunanya untuk mengetahui interface yang aktif di mikrotik. Hasilnya kurang lebih akan seperti ini :

[ayom@Heliconia-RT/RW-net] > interface print
Flags: D – dynamic, X – disabled, R – running, S – slave
#     NAME                                              TYPE             MTU
0     ether1                                             ether            1500
1     ether2                                            ether            1500
[ayom@Heliconia-RT/RW-net] >

Setelah itu kita bisa memberikan IP ke interface yang kita mau dengan cara :

* ip address add interface=ether1 address=192.168.1.254/24

maka interface ether1 sudah akan berisi IP 192.168.1.254/24. Dan mikrotik kita sudah bisa kita remote dari PC dengan menuliskan http://192.168.1.254 di web-browser (IE atau Firefox). Jika benar, akan muncul halaman layar seperti berikut :

Silakan download WINBOX yang ada di sebelah kiri atas web ini untuk memudahkan kita melakukan remote mikrotik. Kalau sudah di-download, maka akan muncul program seperti berikut :

Tekan tanda titik-titik yang ada disebelah kiri Connect untuk menemukan mac address atau IP address dari mikrotik yang baru saja kita install. Username yang dipakai masih sama yaitu admin dengan password masih kosong. Setelah itu, kita sudah akan melihat menu lengkap Mikrotik melalui Winbox seperti berikut ini :

Setelah itu maka kita bisa dengan mudah mengisi dan mempelajari Mikrotik.

sumber: http://www.istanaku.biz

Satu hal yang menyenangkan dari Mikrotik adalah tersedianya sistem shaper atau bandwitdh management (BM) yang sudah built-in dan mudah dalam penggunaannya. Bahkan bagi pemula sekalipun!

Dalam tutorial ini saya ingin memberikan sedikit tata cara untuk membuat shaper atau BM di Mikrotik secara mudah dan simple dengan SIMPLE QUEUE. Untuk dapat mengikuti tutorial ini, silakan menggunakan WINBOX untuk login ke Mikrotik anda dan mengisi IP, username, dan password sesuai dengan yang tersedia di Mikrotik anda. Jika sudah, kita akan mulai dari tampilan menu seperti dibawah ini :

Setelah tampil menu seperti diatas, maka kita memulai semua proses shaper atau BM dari menu Queues yang ada di sebelah kiri nomor 7 dari atas. Kalau kita client Queues maka akan muncul tampilan baru sebagai berikut :

Untuk membuat shaper, ada 2 cara yaitu menggunakan langkah yang mudah melalui Simple Queue, dan langkah yang lebih rumit namun bisa untuk berbagai macam kebutuhan melalui Queue Tree. Untuk pelajaran awal, saya menerangkan cara untuk membuat shaper menggunakan Simple Queue untuk mudah dimengerti dan dapat segera diimplementasikan.

Untuk membuat entry pada Simple Queue, kita bisa menekan tanda + (tambah) di sebelah kiri atas pada tab Simple Queue. Jika sudah, maka akan muncul tab baru sebagai berikut :

Untuk mengisi, cukup mudah.

• Name adalah nama yang ingin kita pakai untuk menerangkan shaper yang kita buat ini. Misalnya PC1
• target address adalah IP address yang ingin kita shaper misalnya : 192.168.0.2. Kita tidak boleh menuliskan subnet /24 atau /29 jika kita hanya ingin menshaper 1 IP saja. Jika beberapa IP yang tidak berada dalam satu subnet kita bisa menekan tanda panah ke bawah disisi kanan Target Address untuk mendapatkan baris kedua IP Address.
• Target upload : adalah kecepatan maksimal yang kita inginkan untuk berikan untuk client tersebut untuk bisa mengirim data ke luar network (UPLOAD).
• Target download : adalah kecepatan maksimal yang kita inginkan untuk berikan ke client tersebut untuk bisa menerima atau mendownload data ke komputernya.
• Burst adalah kondisi khusus yang ingin kita berikan kepada client tersebut dimana pada kondisi tertentu dia bisa melampaui batas yang sudah kita berikan pada Target Upload ataupun target Download. Burst adalah bandwidth extra yang kita berikan kepada client.
• Burst limit adalah batas atas burst yang kita berikan sebagai batas tertinggi client bisa mendapat bandwidth
• Burst threshold adalah batas control pada sistem burst. Biasanya threshold adalah angka bandwidth yang akan menjadi rata-rata pemakaian jika pengguna akses terus menerus menghabiskan bandwidth yang tersedia. Bagian ini agak rumit untuk diterangkan di tulisan, tapi akan lebih mudah dimengerti dalam implementasi di lapangan.
• Burst Time : adalah waktu burst yang diizinkan. Konsep burst adalah client boleh menggunakan angka bandwidth yang tersedia di burst limit selama sekian detik yang ditentukan oleh burst time. Setelah sekian detik itu, maka limit akan dikembalikan kepada bandwidth yang sebenarnya. Kurang lebih aturannya begitu walaupun mungkin tidak 100% seperti itu.
• Time adalah saat dimana kita ingin shaper ini difungsikan. Diluar jam/hari yang ditentukan, shaper ini tidak akan berfungsi. Hal ini berguna untuk mengatur misalnya : selama jam kerja, shaper dibuat ketat, namun diluar jam kerja, shaper menjadi tidak ada.

Contoh mengisi shaper adalah seperti berikut :

Pada contoh tersebut, saya mengisi shaper dengan nama pc1 yang diperuntukkan untuk IP 192.168.0.3 dengan kecepatan upload maksimal 32 kbps dan download maksimal 64 kbps. Untuk kecepatan 1024 kbps kita bisa juga menuliskan 1M. Jika kita tidak menuliskan tanda ‘k’ maka artinya adalah bits.

Setelah itu klik Apply dan OK. Maka selesailah sudah shaper kita. Kita bisa juga membuat shaper-shaper yang lain dengan cara yang sama. Paling tidak kita bisa mendapatkan shaper seperti berikut :

Tampak pada gambar diatas, pc1 mendapat bandwidth yang lebih banyak untuk download dibanding pc2 hingga pc6, namun semuanya mendapat bandwidth yang sama besar untuk upload yaitu hanya 32k.

Jika Simple Queue yang kita berikan benar, maka begitu di apply, maka shaper ini akan segera berfungsi. Dan jika berfungsi, kita akan melihat angka Upload Rate dan Download Rate akan bergerak dan berubah-ubah sesuai dengan pemakaian masing-masing komputer.

Warna merah menandakan komputer tersebut sudah menggunakan bandwidth secara penuh atau hampir penuh. Sedangkan warna kuning menandakan separo kapasitas sudah terpakai. Sedangkan warna hijau artinya tidak terpakai atau hanya terpakai kurang dari separo batas.

Dengan demikian selesai sudah shaper yang kita kerjakan untuk network kita. Dengan shaper, kita bisa menjaga operasional network kita agar berfungsi secara maksimal dan sesuai dengan semustinya. Dan membuat everybody happy.

source:  http://www.istanaku.biz

untuk para juragan yang punya warnet yang pake koneksinya lewat speedy di sini akan saya berikan sedikit tips dan trik supaya… low cost hight performance…

1). Alangkah baiknya jika.. anda tidak men-dial langsung lewat modem… tetapi menggunakan router (pengalaman saya pribadi dalam setahun saya sudah membeli sekitar 3 bh modem) selain *jare wong dermayue sih di awet-awet* kita juga bisa melakukan sedikit penghematan bandwith dengan tunning di squid sehingga… bikin koneksi joss 24jam full….

Oh iya… disini saya hanya akan menjelaskan… cara dial & tunning Squid pake OpenBSD OS sebagai router “kenapa tidak menggunakan mikrotik OS??” karena mikrotik OS berlisensi perlevel alias tidak gratis!!!

Lanjut ya…
1. Editlah ppp.conf nya

# /etc/ppp/ppp.conf
default:
        set log Phase Chat LCP IPCP CCP tun command
        set redial 15 0
        set reconnect 15 10000
pppoe0:
        set device "!/usr/sbin/pppoe -i sk0"
        disable acfcomp protocomp
        deny acfcomp
        set mtu max 1492
        set mru max 1492
        set crtscts off
        set speed sync
        enable lqr
        set lqrperiod 5
        set cd 5
        set dial
        set login
        set timeout 0
        set authname userlogin@telkom.net
        set authkey passyangdikasihadminspeedy
        add! default HISADDR
        enable dns
        enable mssfixup

2. forward  /etc/sysctl.conf

net.inet.ip.forwarding=1

aktifkan pf nya di /etc/rc.conf

pf enable=YES

3. dial koneksinya

# ppp -ddial pppoe0

4. jika berhasil terkoneksi maka openBSd akan membinding otomatis

tun0: flags=8051 mtu 1492
        groups: tun egress
        inet 125.xxx.xxx.7 --> 125.163.72.1 netmask 0xffffffff

5. buatlah rules di firewallnya
#edit /etc/pf.conf

lan_net = "192.168.1.0/24"
int_if  = "xl0"
ext_if = "tun0"
# scrub all
scrub in all
#  nat outgoing connections on each internet interface
nat on $ext_if from $lan_net to any -> ($ext_if)

6. agar openbsd mendial secara otomasti pada saat startup aktifkan di /etc/rc.local

# aktifkan speedy
ppp -ddial pppoe0

Oke… anda sekarang sudah cukup menghemat cost dan membuat awet modem anda, sampai disini ada pertanyaan??? kalo tidak ada kita lanjut ke proses tunning Squid 2.7 stable 4. Kenapa menggunakan squid 2.7?? karena squid 2.7-stable4 adalah fungsi zph yang sudah terintegrasi.
ZPH sendiri adalah Zero Penalty Hit, penjelasan-nya bisa dibaca di http://zph.bratcheda.org/ (http://zph.bratcheda.org/) dan bisa menyimpan mencache Youtube (streaming dan lain2)

1. unduhlah paket Squid2.7 stable 4 (atau bisa juga STABLE 4 keatas)
2. Extraklah di sembarang tempat
3. configlah Squidnya…

./configure \
--sysconfdir=/etc/squid \
--prefix=/usr \
--enable-async-io \
--enable-removal-policies=lru,heap \
--disable-delay-pools \
--disable-wccp \
--disable-wccp2 \
--enable-kill-parent-hack \
--enable-snmp \
--enable-default-err-languages=English --enable-err-languages=English \
--enable-linux-netfilter \
--disable-auth

4. lalu di

#make

( dudu di mek-mek kaya apa bae.. )
5. terus di

#make install

( dudu di mek terus di install )
6. Pada squid.conf masukan dibawah ini adalah hasil parsing td

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.1.0/24	# RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /nfs/cache 20000 16 256
maximum_object_size 64 MB
cache_swap_low 98
cache_swap_high 99
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
log_fqdn off
storeurl_rewrite_program /etc/squid/store_url_rewrite
acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
storeurl_access allow store_rewrite_list
storeurl_access deny all
cache allow store_rewrite_list
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
vary_ignore_expire on
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
reload_into_ims on
coredump_dir /usr/var/cache
pipeline_prefetch on

7.kalo sudah bikin swap cache dan jalankan squidnya

/sbin/squid -z

/sbin/squid -D

8.Aktifkan pada saat startup

/sbin/squid -sYD

9.Sisipkan redirect pada /etc/pf.conf, yang fungsinya meredirect protocol TCP dr locallan menuju squid
rdr on $lnt_if  proto tcp from any to any port 80 -> 192.168.1.1 port 3128

selesai…. kalo belum berhasil… silahkan kirim messeg ke saya yah… 

source:  http://www.indramayucc.org

disini adalah contoh yang saya terapkan dimesin FreeBSD 7 dimana juga sebagai NAT dengan menggunakan 2 ethernet card yaitu fxp0 dan rl0,

Pertama tama aktifkan dulu tcp forwarding di FreeBSD anda dengan perintah

yunand# sysctl -w net.inet.ip.forwarding=1

agar bisa dijalankan saat mesin hidup edit di /etc/sysctl.conf

masukkan di sysctl.conf net.inet.ip.forwarding=1

Setelah itu bikin file config ppp seperti dibawah ini :

yunand# cat ppp.conf
#
# ppp.conf: PPPoE configuration
#

default:
# PPP over Ethernet
set device PPPoE:fxp0 (tergantung landcard yang dipasang modem adsl)
set speed sync
set mru 1492
set mtu 1492
set ctsrts off

# monitor line quality
enable lqr

# log just a bit
set log phase tun

# insert default route upon connection
add default HISADDR

# download /etc/resolv.conf
enable dns

speedy:
set authname user speedy
set authkey password speedy

untuk dialnya menggunakan perintah

yunand# ppp -ddial papchap

Loading /lib/libalias_cuseeme.so
Loading /lib/libalias_ftp.so
Loading /lib/libalias_irc.so
Loading /lib/libalias_nbt.so
Loading /lib/libalias_pptp.so
Loading /lib/libalias_skinny.so
Loading /lib/libalias_smedia.so
Working in ddial mode
Using interface: tun0

jika berhasil cek ip

yunand # ifconfig

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
inet 125.163.*.* –> 125.163.*.* netmask 0xffffffff
Opened by PID 994

jika keluar seperti itu berarti koneksi berhasil

setelah itu coba tes ping ke google

yunand# ping www.google.com

PING google.com (72.14.207.99): 56 data bytes
64 bytes from 72.14.207.99: icmp_seq=0 ttl=242 time=593.632 ms
64 bytes from 72.14.207.99: icmp_seq=1 ttl=242 time=624.894 ms
64 bytes from 72.14.207.99: icmp_seq=2 ttl=242 time=617.091 ms
64 bytes from 72.14.207.99: icmp_seq=3 ttl=242 time=619.140 ms

kalau reply seperti diatas berarti koneksi berjalan lancar

kalau ingin mematikan koneksi adslnya pake perintah

yunand# killall ppp

untuk sharing internetnya saya menggunakan packet filter openbsd, aktifkan packet filternya agar bisa

dijalankan setiap boot

yunand#pico /etc/rc.conf

pf=”YES”

sedangkan script pf.conf nya saya pakai seperti ini

yunand# cat pf.conf
lan_net  = “192.168.2.0/24″ #ip client
int_if1  = “fxp0″ #lancard yg ke modem adsl
int_if2  = “rl0″ #lancard yg ke akses point/client
ext_if   = “tun0″

# nat outgoing connections on each internet interface
nat on $ext_if from $lan_net to any -> ($ext_if)
nat on $int_if1 from $lan_net to any -> ($int_if1)

lalu jalankan pf nya

yunand# pfctl -f /etc/pf.conf

setelah itu cek clientnya apakah bisa konek keinternet

source : http://www.yunand.info