You Are Here: Home » Load Balance » -LB Prolink » configuration speedy connection with load balancing prolink

configuration speedy connection with load balancing prolink

configuration speedy connection with load balancing prolink

this example internet cafe use speedy connection. this costumer use 2 line adsl connection

1.the connection using office unlimted package 384/64 up to

resize-of-dsc00484.jpg

the equitment we use :

1. 2 adsl modem

2. 1 loadbalancing machine

3. 1 router pc linux and 1 mirktoik box


a. hasil monitoring load balacing

Data Monitor

Time : 12:31:41

Load Balance Mode : Weight round robin

Session
WAN1    WAN2    WAN3    WAN4
TCP Session    39    41    0    0
UDP Session    5    5    0    0
ICMP Session    1    2    0    0
Current Session    45    48    0    0
Accumulative Session    25094    30166    0    0

Current Bandwidth
WAN1    WAN2    WAN3    WAN4
Download Speed (byte/sec)    3310    20358    0    0
Upload Speed (byte/sec)    2331    7127    0    0

Accumulative Data Counter
WAN1    WAN2    WAN3    WAN4
Usage (%)    63    36    0    0
Byte Received (Kbytes)    938673    671939    0    0
Byte Transmitted (Kbytes)    414539    97349    0    0
Total Bytes (Kbytes)    1353212    769288    0    0

Config Show

System Configuration Setting

=========================================================================

Firmware:       Version       : TMH141-A V1023-MB2.4-E

Release Date  : Dec 28 2006

Printout Time : FRI JAN 02 12:35:04 1970

Time Zone     : GM+06:00

Primary NTP IP: time.nist.gov

Secondary NTP : stdtime.gov.hk

=========================================================

LAN status:     IP address    : 192.168.1.254

MAC address   : 00:D0:DA:00:3B:5F

Mask          : 255.255.255.0

Dhcp status   : Disable

Dhcp IP Start : 192.168.1.12 – 192.168.1.20

DNS IP address: 168.95.1.1

=========================================================

DHCP

reserved IP:    MAC address         IP address

———————————–

=========================================================

WAN status:   1.IP address    : 192.168.11.100

Netmask       : 255.255.255.0

MAC address   : 00.d0.da.00.3b.60

Connect To    : InterNet

Current status: Enable

Healthy Check : NoDefault

Type          : Static IP

Primary DNS   : 203.130.193.74

Secondary DNS : 202.134.0.155

GatewayAddress: 192.168.11.254

Schedule      : Disable

———————————————————

2.IP address    : 192.168.12.100

Netmask       : 255.255.255.0

MAC address   : 00.d0.da.00.3b.61

Connect To    : InterNet

Current status: Enable

Healthy Check : NoDefault

Type          : Static IP

Primary DNS   : 203.130.193.74

Secondary DNS : 202.134.0.155

GatewayAddress: 192.168.12.254

Schedule      : Disable
Routing setup:  Work mode     : Basic NAT mode

Static Route  :

Network         NetMask         Gateway         Status

——————————————————-

———————————————————

Dynamic Route : Status: Disable

=========================================================

Routing Table:  Network           NetMask           Gateway

—————————————————

0.0.0.0           0.0.0.0           192.168.12.254

192.168.1.0       255.255.255.0     192.168.1.254

192.168.11.0      255.255.255.0     192.168.11.100

192.168.12.0      255.255.255.0     192.168.12.100

=========================================================

IP Filtering:   No. IP address                     Port                                   Pass/Drop  status

——————————————————————————————-

=========================================================

Remote

IP Filtering:   No.  IP address      Status

—————————

=========================================================

DoS Defense:    Function                    Parameter Time of Lock Status

———————————————————

Oversized Ping                   32                Enable

Port Scan                      1000         5      Enable

TCP SYN Flooding (Wan)         1000         5      Enable

TCP SYN Flooding (Lan)         1000         5      Enable

ICMP Flooding (Wan)            1000         5      Enable

ICMP Flooding (Lan)            1000         5      Enable

UDP Flooding (Wan)             1000         5      Enable

UDP Flooding (Lan)             1000         5      Enable

=========================================================

ALG:            Options              Status

———————————————————

Ipsec Pass Through (Port 500)  Disable

PPTP Pass Through (Port 1723)  Disable

VOIP Pass Through            Disable

=========================================================

Virtual Server: ID  Global_Port  Local_Port  Local_IP_address  Status

—————————————————–

———————————————————

Group: StartPort  EndPort  Local_IP_address  TCP/UDP  Status

—————————————————–

=========================================================

Multi-DMZ Host: No. DMZ_Host_IP_address   IP_address_from_ISP  Status

—————————————————–

———————————————————

Dynamic-IP-DMZ: Wan   HOST_IP_address   Status

———————————-

1      0.0.0.0         Disable

2      0.0.0.0         Disable

3      0.0.0.0         Disable

4      0.0.0.0         Disable

=========================================================

Multi-NAT:      No LAN_IP_address  NetMask         Wan_IP          Wan_No

———————————————————

=========================================================

Load Balance:   Weight Round Robin

Wan 1:     1

Wan 2:     1

Wan 3:     1

Wan 4:     1

=========================================================

Dynamic DNS:    Status       : Disable

=========================================================

Proxy Server:   Status: Disable

=========================================================

Mail Alert  :   Status: Disable

=========================================================

URL Filtering : Status: Disable

=========================================================

Throughput

Control       : Wan DownLoad(kbits/s) UpLoad(kbits/s) Port  Usage% Status

———————————————————

1.       384                64

———————————————————

2.       384                64           80   60   Enable

25    1   Enable

21   30   Enable

3128   30   Enable

8080   30   Enable

———————————————————

3.         0                 0

———————————————————

4.         0                 0

=========================================================

WAN CONTROL:

Special       : StartPort  EndPort   Select-WAN   Status

Application     —————————————-

1000       3000        Wan1      Enable

3000       3028        Wan1      Enable

3128       3128        Wan2      Enable

3129       8079        Wan1      Enable

8080       8080        Wan2      Enable

8081      40000        Wan1      Enable

0         80        Wan2      Enable

21         21        Wan2      Enable

6000       7000        Wan1      Enable

———————————————————

IP binding    : No  Start-Remote-IP  End-Remote-IP   StartPort EndPort Select-WAN  Status

————————————————————————-

1. 0.0.0.0          0.0.0.0           1000      3000     Wan1     Enable

2. 0.0.0.0          0.0.0.0           3000      3028     Wan1     Enable

3. 0.0.0.0          0.0.0.0           3128      3128     Wan2     Enable

4. 0.0.0.0          0.0.0.0           3129      8079     Wan1     Enable

5. 0.0.0.0          0.0.0.0           8080      8080     Wan2     Enable

6. 0.0.0.0          0.0.0.0           8081     40000     Wan1     Enable

7. 0.0.0.0          0.0.0.0              0        80     Wan2     Enable

8. 0.0.0.0          0.0.0.0             21        21     Wan2     Enable

9. 0.0.0.0          0.0.0.0           6000      7000     Wan1     Enable

———————————————————

Special IP    : Start-IP-Address End-IP-Address  WAN  Status

Assignment      ——————————————–

=========================================================

QoS IP Control: Local_IP_address DownLoad(kbits) UpLoad(kbits) Wan-Apply  Min/Max Status

————————————————————————

=========================================================

Remote Control: Status: Disable

=========================================================

MAC IP binding: Status: Disable

========================================================================
b. mikrotik configuration
# jan/26/2008 20:00:05 by RouterOS 2.9.27
# software id = IMAX-IAN
#
/ interface ethernet
set Public name=”Public” mtu=1500 mac-address=00:19:21:5E:E4:9D arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
set Local name=”Local” mtu=1500 mac-address=00:1C:F0:5C:BA:5F arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
/ ip pool
add name=”dhcp_pool1″ ranges=192.168.0.1-192.168.0.29

/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip address
add address=192.168.0.30/27 network=192.168.0.0 broadcast=192.168.0.31 \
interface=Local comment=”” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Public comment=”” disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=255 target-scope=10 \
comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.0/27 protocol=icmp \
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes \
comment=”ToS” disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet \
new-packet-mark=ICMP-PM passthrough=yes comment=”” disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay \
comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/27 protocol=tcp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/27 protocol=udp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment=”” disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet \
new-packet-mark=DNS-PM passthrough=yes comment=”” disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay \
comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”Services” \
disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=3128 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=http passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
new-connection-mark=ym_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet \
new-packet-mark=ym passthrough=no comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
new-connection-mark=cs_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet \
new-packet-mark=cs passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=6667-7000 action=mark-connection \
new-connection-mark=irc_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
new-packet-mark=irc passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=mt_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
new-packet-mark=mt passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet \
new-packet-mark=email passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
new-connection-mark=ssh_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet \
new-packet-mark=ssh passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=500-3127 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=3129-6665 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=7001-65535 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=500-3127 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=3129-6665 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=7001-65535 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=games_conn action=mark-packet \
new-packet-mark=games passthrough=no comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/27 action=mark-packet \
new-packet-mark=Naik passthrough=no comment=”Up Traffic” disabled=no
add chain=forward src-address=192.168.0.0/27 action=mark-connection \
new-connection-mark=Koneksi passthrough=yes comment=”Conn-Mark” \
disabled=no
add chain=forward in-interface=Public connection-mark=Koneksi \
action=mark-packet new-packet-mark=Turun passthrough=no \
comment=”Down-Direct Connection” disabled=no
add chain=output out-interface=Local dst-address=192.168.0.0/27 \
action=mark-packet new-packet-mark=Turun passthrough=no comment=”Down-Via \
Proxy” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment=”Nat” \
disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=80 \
action=redirect to-ports=8080 comment=”Tanpa proxy Linux” disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=3128 \
action=redirect to-ports=8080 comment=”” disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=8080 \
action=redirect to-ports=8080 comment=”” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Public action=accept comment=”Allow connection \
to router from local network” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
address-list=knock address-list-timeout=15s comment=”” disabled=no
add chain=input protocol=tcp dst-port=7331 src-address-list=knock \
action=add-src-to-address-list address-list=safe address-list-timeout=15m \
comment=”” disabled=no
add chain=input connection-state=established action=accept comment=”accept \
established connection packets” disabled=no
add chain=input connection-state=related action=accept comment=”accept related \
connection packets” disabled=no
add chain=input connection-state=invalid action=drop comment=”drop invalid \
packets” disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and \
drop port scan connections” disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tarpit comment=”suppress DoS attack” disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment=”detect DoS attack” disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to \
chain ICMP” disabled=no
add chain=input action=jump jump-target=services comment=”jump to chain \
services” disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow \
Broadcast Traffic” disabled=no
add chain=input action=log log-prefix=”Filter:” comment=”” disabled=no
add chain=input action=accept comment=”Allow access to router from known \
network” disabled=no
add chain=input src-address=192.168.0.0/27 action=accept comment=”” \
disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment=”” \
disabled=no
add chain=input src-address=63.219.6.0/24 action=accept comment=”” disabled=no
add chain=input src-address=125.0.0.0/8 action=accept comment=”” disabled=no
add chain=input action=drop comment=”drop everything else” disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment=”0:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment=”3:3 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment=”3:4 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment=”8:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment=”11:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp action=drop comment=”Drop everything else” \
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”Port \
scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping \
port scanners” disabled=no
add chain=forward connection-state=established action=accept comment=”allow \
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid \
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” \
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop \
Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor \
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop \
Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop \
Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop \
MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop \
SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, \
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus \
chain” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop Invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop \
comment=”drop invalid connections” disabled=no
add chain=forward connection-state=established action=accept comment=”allow \
already established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”” \
disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”” \
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”” \
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP” \
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC \
portmapper” disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC \
portmapper” disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT” \
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs” \
disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS” \
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny \
NetBus” disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus” \
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny \
BackOriffice” disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP” \
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP” \
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRC \
portmapper” disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRC \
portmapper” disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT” \
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS” \
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”deny \
BackOriffice” disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop \
invalid connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allow \
established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=”allow \
already established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow \
source quench” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow \
echo request” disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow \
time exceed” disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=”allow \
parameter bad” disabled=no
add chain=icmp action=drop comment=”deny all other types” disabled=no
add chain=input connection-state=established action=accept comment=”Accept \
established connections” disabled=no
add chain=input connection-state=related action=accept comment=”Accept related \
connections” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow \
limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=”Drop excess pings” \
disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment=”SSH for secure \
shell” disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment=”winbox” \
disabled=no
add chain=input src-address=159.148.172.192/28 action=accept comment=”From \
Mikrotikls network” disabled=no
add chain=input src-address=192.168.0.0/27 action=accept comment=”From our \
private LAN” disabled=no
add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything \
else” disabled=no
add chain=tcp protocol=tcp p2p=all-p2p action=drop comment=”deny DHCP” \
disabled=no
add chain=tcp src-address=192.168.0.2 protocol=tcp dst-port=3133 p2p=all-p2p \
action=drop comment=”deny BackOriffice” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-server
add name=”dhcp1″ interface=Local lease-time=3d address-pool=dhcp_pool1 \
bootp-support=static add-arp=yes authoritative=after-2sec-delay \
disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.29 mac-address=00:14:2A:8D:66:D1 \
client-id=”1:0:14:2a:8d:66:d1″ server=dhcp1 comment=”” disabled=no
/ ip dhcp-server network
add address=192.168.0.0/27 gateway=192.168.0.30 \
dns-server=192.168.1.1,203.130.193.74,202.134.0.155 comment=””
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 \
hostname=”proxy.smart.war.net.id” transparent-proxy=yes \
parent-proxy=0.0.0.0:0 cache-administrator=”[email protected]” \
max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” \
disabled=no
add url=”suck***” action=deny comment=”” disabled=yes
add url=”nude****” action=deny comment=”” disabled=yes
add url=”bugil****” action=deny comment=”” disabled=yes
add url=”gay***” action=deny comment=”” disabled=yes
add url=”penis” action=deny comment=”” disabled=yes
add url=”vagina” action=deny comment=”” disabled=yes
add url=”vagina” action=deny comment=”” disabled=yes
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” \
disabled=no
add url=”\\.exe\$” action=allow comment=”” disabled=no
add url=”\\.zip\$” action=allow comment=”” disabled=no
add url=”\\.mpeg\$” action=allow comment=”” disabled=no
add url=”\\.mp3\$” action=allow comment=”” disabled=no
add url=”\\.avi\$” action=allow comment=”” disabled=no
add url=”\\.pdf\$” action=allow comment=”” disabled=no
add url=”\\.rar\$” action=allow comment=”” disabled=no
add url=”\\.mov\$” action=allow comment=”” disabled=no
add url=”\\.mpg\$” action=allow comment=”” disabled=no
add url=”\\.dat\$” action=allow comment=”” disabled=no
add url=”\\.3gp\$” action=allow comment=”” disabled=no
add url=”\\.jpg\$” action=allow comment=”” disabled=no
add url=”\\.gif\$” action=allow comment=”” disabled=no
add action=allow comment=”” disabled=no
add url=”http*youtube*get_video*” action=allow comment=”YouTube” disabled=no
add url=”http*friendster.com” action=allow comment=”Friendster” disabled=no
add url=”http*pu.go.id” action=allow comment=”PU” disabled=no
add url=”http*detik*com” action=allow comment=”Detik” disabled=no
add url=”http*domai.com” action=allow comment=”Domai” disabled=no
add url=”http*nigmae.net” action=allow comment=”Nigmae” disabled=no
add url=”http*kompas.com” action=allow comment=”Kompas” disabled=no
add url=”http*lalatx.com” action=allow comment=”Lalatx” disabled=no
add url=”http*yahoo.com” action=allow comment=”Yahoo” disabled=no
add url=”http*kapanlagi.com” action=allow comment=”Kapanlagi” disabled=no
add url=”http*plasa.com” action=allow comment=”Plasa” disabled=no
add url=”http*kaskus.us” action=allow comment=”Kaskus” disabled=no
add url=”http*avaxhome*org” action=allow comment=”Avaxhome” disabled=no
add url=”www.worth1000.com” action=allow comment=”Worth1000″ disabled=no
add url=”http*rf-online*.web.id” action=allow comment=”Eramuslim” disabled=no
add url=”http***” action=allow comment=”semua http” disabled=no
add url=”http*hi5.com” action=allow comment=”PU” disabled=no
add action=allow comment=”Allow sado alahe” disabled=no
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” \
disabled=no
add url=”cgi-bin \\?” action=deny comment=”” disabled=no
/ system logging
add topics=info prefix=”” action=disk disabled=no
add topics=error prefix=”” action=disk disabled=no
add topics=warning prefix=”” action=disk disabled=no
add topics=critical prefix=”” action=echo disabled=no
add topics=debug prefix=”” action=disk disabled=no
add topics=web-proxy prefix=”” action=disk disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514

/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
add name=”pcq-download” kind=pcq pcq-rate=384000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-upload” kind=pcq pcq-rate=64000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”Smart.Net” target-addresses=192.168.0.0/27 dst-address=0.0.0.0/0 \
interface=Local parent=none direction=both priority=1 \
queue=ethernet-default/ethernet-default limit-at=0/512000 \
max-limit=0/512000 total-queue=default disabled=no
add name=”Kasir” target-addresses=192.168.0.29/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=8 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”01″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”02″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”03″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”04″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”05″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”06″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”07″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”08″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”09″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”16″ target-addresses=192.168.0.16/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”17″ target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”18″ target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”19″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”20″ target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”21″ target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”22″ target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”23″ target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”24″ target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”25″ target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”27″ target-addresses=192.168.0.27/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”28″ target-addresses=192.168.0.28/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
add name=”26″ target-addresses=192.168.0.26/32 dst-address=0.0.0.0/0 \
interface=Local parent=Smart.Net direction=both priority=1 \
queue=default/default limit-at=0/8000 max-limit=16000/48000 \
total-queue=default disabled=no
/ queue tree
add name=”ICMP” parent=global-in packet-mark=ICMP-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”DNS” parent=global-in packet-mark=DNS-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”downstream” parent=Local packet-mark=Turun limit-at=0 \
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”upstream” parent=global-in packet-mark=Naik limit-at=0 \
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ system identity
set name=”Smart.net”
c. linux router configuration

this example internet cafe use speedy connection. this costumer use 2 line adsl connection

1.the connection using office unlimted package 384/64 up to

resize-of-dsc00484.jpg

the equitment we use :

1. 2 adsl modem

2. 1 loadbalancing machine

3. 1 router pc linux and 1 mirktoik box

 

a. hasil monitoring load balacing

Data Monitor

Time : 12:31:41

Load Balance Mode : Weight round robin

Session

WAN1 WAN2 WAN3 WAN4
TCP Session 39 41 0 0
UDP Session 5 5 0 0
ICMP Session 1 2 0 0
Current Session 45 48 0 0
Accumulative Session 25094 30166 0 0

Current Bandwidth

WAN1 WAN2 WAN3 WAN4
Download Speed (byte/sec) 3310 20358 0 0
Upload Speed (byte/sec) 2331 7127 0 0

Accumulative Data Counter

WAN1 WAN2 WAN3 WAN4
Usage (%) 63 36 0 0
Byte Received (Kbytes) 938673 671939 0 0
Byte Transmitted (Kbytes) 414539 97349 0 0
Total Bytes (Kbytes) 1353212 769288 0 0

Config Show

 

                System Configuration Setting

=========================================================================

Firmware:       Version       : TMH141-A V1023-MB2.4-E

               Release Date  : Dec 28 2006

               Printout Time : FRI JAN 02 12:35:04 1970

               Time Zone     : GM+06:00

               Primary NTP IP: time.nist.gov

               Secondary NTP : stdtime.gov.hk

               =========================================================

LAN status:     IP address    : 192.168.1.254

               MAC address   : 00:D0:DA:00:3B:5F

               Mask          : 255.255.255.0

               Dhcp status   : Disable

               Dhcp IP Start : 192.168.1.12 - 192.168.1.20

               DNS IP address: 168.95.1.1

               =========================================================

DHCP

reserved IP:    MAC address         IP address

               ———————————–

               =========================================================

WAN status:   1.IP address    : 192.168.11.100

               Netmask       : 255.255.255.0

               MAC address   : 00.d0.da.00.3b.60

               Connect To    : InterNet

               Current status: Enable

               Healthy Check : NoDefault

               Type          : Static IP

               Primary DNS   : 203.130.193.74

               Secondary DNS : 202.134.0.155

               GatewayAddress: 192.168.11.254

               Schedule      : Disable

               ———————————————————

             2.IP address    : 192.168.12.100

               Netmask       : 255.255.255.0

               MAC address   : 00.d0.da.00.3b.61

               Connect To    : InterNet

               Current status: Enable

               Healthy Check : NoDefault

               Type          : Static IP

                Primary DNS   : 203.130.193.74

               Secondary DNS : 202.134.0.155

               GatewayAddress: 192.168.12.254

               Schedule      : DisableRouting setup:  Work mode     : Basic NAT mode

               Static Route  :

                 Network         NetMask         Gateway         Status

                 ——————————————————-

               ———————————————————

               Dynamic Route : Status: Disable

               =========================================================

Routing Table:  Network           NetMask           Gateway

               —————————————————

               0.0.0.0           0.0.0.0           192.168.12.254

               192.168.1.0       255.255.255.0     192.168.1.254

                192.168.11.0      255.255.255.0     192.168.11.100

               192.168.12.0      255.255.255.0     192.168.12.100

               =========================================================

IP Filtering:   No. IP address                     Port                                   Pass/Drop  status

               ——————————————————————————————-

               =========================================================

Remote

IP Filtering:   No.  IP address      Status

               —————————

               =========================================================

DoS Defense:    Function                    Parameter Time of Lock Status

               ———————————————————

               Oversized Ping                   32                Enable

               Port Scan                      1000         5      Enable

               TCP SYN Flooding (Wan)         1000         5      Enable

               TCP SYN Flooding (Lan)         1000         5      Enable

               ICMP Flooding (Wan)            1000         5      Enable

               ICMP Flooding (Lan)            1000         5      Enable

               UDP Flooding (Wan)             1000         5      Enable

               UDP Flooding (Lan)             1000         5      Enable

               =========================================================

ALG:            Options              Status

               ———————————————————

               Ipsec Pass Through (Port 500)  Disable

               PPTP Pass Through (Port 1723)  Disable

               VOIP Pass Through            Disable

                =========================================================

Virtual Server: ID  Global_Port  Local_Port  Local_IP_address  Status

               —————————————————–

               ———————————————————

        Group: StartPort  EndPort  Local_IP_address  TCP/UDP  Status

               —————————————————–

               =========================================================

Multi-DMZ Host: No. DMZ_Host_IP_address   IP_address_from_ISP  Status

               —————————————————–

               ———————————————————

Dynamic-IP-DMZ: Wan   HOST_IP_address   Status

               ———————————-

                1      0.0.0.0         Disable

                2      0.0.0.0         Disable

                3      0.0.0.0         Disable

                4      0.0.0.0         Disable

               =========================================================

Multi-NAT:      No LAN_IP_address  NetMask         Wan_IP          Wan_No

               ———————————————————

               =========================================================

Load Balance:   Weight Round Robin

                  Wan 1:     1

                  Wan 2:     1

                  Wan 3:     1

                  Wan 4:     1

               =========================================================

Dynamic DNS:    Status       : Disable

               =========================================================

Proxy Server:   Status: Disable

               =========================================================

Mail Alert  :   Status: Disable

               =========================================================

URL Filtering : Status: Disable

               =========================================================

Throughput

Control       : Wan DownLoad(kbits/s) UpLoad(kbits/s) Port  Usage% Status

               ———————————————————

               1.       384                64

               ———————————————————

               2.       384                64           80   60   Enable

                                                        25    1   Enable

                                                         21   30   Enable

                                                      3128   30   Enable

                                                      8080   30   Enable

               ———————————————————

               3.         0                 0

               ———————————————————

               4.         0                 0

               =========================================================

WAN CONTROL:

Special       : StartPort  EndPort   Select-WAN   Status

Application     —————————————-

                1000       3000        Wan1      Enable

                3000       3028        Wan1      Enable

                3128       3128        Wan2      Enable

                3129       8079        Wan1      Enable

                8080       8080        Wan2      Enable

                8081      40000        Wan1      Enable

                   0         80        Wan2      Enable

                  21         21        Wan2      Enable

                6000       7000        Wan1      Enable

               ———————————————————

IP binding    : No  Start-Remote-IP  End-Remote-IP   StartPort EndPort Select-WAN  Status

               ————————————————————————-

                1. 0.0.0.0          0.0.0.0           1000      3000     Wan1     Enable

                2. 0.0.0.0          0.0.0.0           3000      3028     Wan1     Enable

                3. 0.0.0.0          0.0.0.0           3128      3128     Wan2     Enable

                4. 0.0.0.0          0.0.0.0           3129      8079     Wan1     Enable

                5. 0.0.0.0          0.0.0.0           8080      8080     Wan2     Enable

                6. 0.0.0.0          0.0.0.0           8081     40000     Wan1     Enable

                7. 0.0.0.0          0.0.0.0              0        80     Wan2     Enable

                8. 0.0.0.0          0.0.0.0             21        21     Wan2     Enable

                9. 0.0.0.0          0.0.0.0           6000      7000     Wan1     Enable

               ———————————————————

Special IP    : Start-IP-Address End-IP-Address  WAN  Status

Assignment      ——————————————–

               =========================================================

QoS IP Control: Local_IP_address DownLoad(kbits) UpLoad(kbits) Wan-Apply  Min/Max Status

               ————————————————————————

               =========================================================

Remote Control: Status: Disable

               =========================================================

MAC IP binding: Status: Disable

========================================================================
b. mikrotik configuration
# jan/26/2008 20:00:05 by RouterOS 2.9.27
# software id = IMAX-IAN
#
/ interface ethernet
set Public name="Public" mtu=1500 mac-address=00:19:21:5E:E4:9D arp=enabled \
   disable-running-check=yes auto-negotiation=yes full-duplex=yes \
   cable-settings=default speed=100Mbps comment="" disabled=no
set Local name="Local" mtu=1500 mac-address=00:1C:F0:5C:BA:5F arp=enabled \
   disable-running-check=yes auto-negotiation=yes full-duplex=yes \
   cable-settings=default speed=100Mbps comment="" disabled=no
/ ip pool
add name="dhcp_pool1" ranges=192.168.0.1-192.168.0.29

/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 \
   allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip address
add address=192.168.0.30/27 network=192.168.0.0 broadcast=192.168.0.31 \
   interface=Local comment="" disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
   interface=Public comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=255 target-scope=10 \
   comment="" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.0/27 protocol=icmp \
   action=mark-connection new-connection-mark=ICMP-CM passthrough=yes \
   comment="ToS" disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet \
   new-packet-mark=ICMP-PM passthrough=yes comment="" disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay \
   comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/27 protocol=tcp dst-port=53 \
   action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
   comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/27 protocol=udp dst-port=53 \
   action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
   comment="" disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet \
   new-packet-mark=DNS-PM passthrough=yes comment="" disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay \
   comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
   new-connection-mark=http_conn passthrough=yes comment="Services" \
   disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
   new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection \
   new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3128 action=mark-connection \
   new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
   new-packet-mark=http passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
   new-connection-mark=ym_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet \
   new-packet-mark=ym passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
   new-connection-mark=cs_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet \
   new-packet-mark=cs passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6667-7000 action=mark-connection \
   new-connection-mark=irc_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
   new-packet-mark=irc passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
   new-connection-mark=mt_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
   new-packet-mark=mt passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
   new-connection-mark=email_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
   new-connection-mark=email_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet \
   new-packet-mark=email passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
   new-connection-mark=ssh_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet \
   new-packet-mark=ssh passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=500-3127 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3129-6665 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7001-65535 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=500-3127 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=3129-6665 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=7001-65535 action=mark-connection \
   new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=games_conn action=mark-packet \
   new-packet-mark=games passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/27 action=mark-packet \
   new-packet-mark=Naik passthrough=no comment="Up Traffic" disabled=no
add chain=forward src-address=192.168.0.0/27 action=mark-connection \
   new-connection-mark=Koneksi passthrough=yes comment="Conn-Mark" \
   disabled=no
add chain=forward in-interface=Public connection-mark=Koneksi \
   action=mark-packet new-packet-mark=Turun passthrough=no \
   comment="Down-Direct Connection" disabled=no
add chain=output out-interface=Local dst-address=192.168.0.0/27 \
   action=mark-packet new-packet-mark=Turun passthrough=no comment="Down-Via \
   Proxy" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment="Nat" \
   disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=80 \
   action=redirect to-ports=8080 comment="Tanpa proxy Linux" disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=3128 \
   action=redirect to-ports=8080 comment="" disabled=no
add chain=dstnat src-address=192.168.0.0/27 protocol=tcp dst-port=8080 \
   action=redirect to-ports=8080 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
   tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
   tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
   tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
   udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
   tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop invalid \
   connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow \
   esatblished connections" disabled=no
add chain=input connection-state=related action=accept comment="Allow related \
   connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input in-interface=!Public action=accept comment="Allow connection \
   to router from local network" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
   address-list=knock address-list-timeout=15s comment="" disabled=no
add chain=input protocol=tcp dst-port=7331 src-address-list=knock \
   action=add-src-to-address-list address-list=safe address-list-timeout=15m \
   comment="" disabled=no
add chain=input connection-state=established action=accept comment="accept \
   established connection packets" disabled=no
add chain=input connection-state=related action=accept comment="accept related \
   connection packets" disabled=no
add chain=input connection-state=invalid action=drop comment="drop invalid \
   packets" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and \
   drop port scan connections" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
   action=tarpit comment="suppress DoS attack" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
   action=add-src-to-address-list address-list=black_list \
   address-list-timeout=1d comment="detect DoS attack" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump to \
   chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="jump to chain \
   services" disabled=no
add chain=input dst-address-type=broadcast action=accept comment="Allow \
   Broadcast Traffic" disabled=no
add chain=input action=log log-prefix="Filter:" comment="" disabled=no
add chain=input action=accept comment="Allow access to router from known \
   network" disabled=no
add chain=input src-address=192.168.0.0/27 action=accept comment="" \
   disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment="" \
   disabled=no
add chain=input src-address=63.219.6.0/24 action=accept comment="" disabled=no
add chain=input src-address=125.0.0.0/8 action=accept comment="" disabled=no
add chain=input action=drop comment="drop everything else" disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
   comment="0:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
   comment="3:3 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
   comment="3:4 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
   comment="8:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
   comment="11:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp action=drop comment="Drop everything else" \
   disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
   address-list="port scanners" address-list-timeout=2w comment="Port \
   scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
   action=add-src-to-address-list address-list="port scanners" \
   address-list-timeout=2w comment="NMAP FIN Stealth scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
   address-list="port scanners" address-list-timeout=2w comment="SYN/FIN \
   scan" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
   address-list="port scanners" address-list-timeout=2w comment="SYN/RST \
   scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
   action=add-src-to-address-list address-list="port scanners" \
   address-list-timeout=2w comment="FIN/PSH/URG scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
   action=add-src-to-address-list address-list="port scanners" \
   address-list-timeout=2w comment="ALL/ALL scan" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
   action=add-src-to-address-list address-list="port scanners" \
   address-list-timeout=2w comment="NMAP NULL scan" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="dropping \
   port scanners" disabled=no
add chain=forward connection-state=established action=accept comment="allow \
   established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow \
   related connections" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid \
   connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop \
   Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop \
   Messenger Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
   Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster \
   Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" \
   disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" \
   disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" \
   disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" \
   disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" \
   disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" \
   disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" \
   disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
   disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" \
   disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" \
   disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" \
   disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \
   disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" \
   disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop \
   Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" \
   disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor \
   OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" \
   disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" \
   disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" \
   disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" \
   disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop \
   Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop \
   Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop \
   MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" \
   disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" \
   disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop \
   SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, \
   Agobot, Gaobot" disabled=no
add chain=forward action=jump jump-target=virus comment="jump to the virus \
   chain" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop Invalid \
   connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow \
   Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop \
   comment="drop invalid connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow \
   already established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow \
   related connections" disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment="" \
   disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" \
   disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" \
   disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" \
   disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC \
   portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC \
   portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" \
   disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" \
   disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" \
   disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny \
   NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" \
   disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny \
   BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" \
   disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" \
   disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC \
   portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC \
   portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" \
   disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" \
   disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny \
   BackOriffice" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop \
   invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow \
   established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow \
   already established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow \
   source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow \
   echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow \
   time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow \
   parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
add chain=input connection-state=established action=accept comment="Accept \
   established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related \
   connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid \
   connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow \
   limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" \
   disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment="SSH for secure \
   shell" disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" \
   disabled=no
add chain=input src-address=159.148.172.192/28 action=accept comment="From \
   Mikrotikls network" disabled=no
add chain=input src-address=192.168.0.0/27 action=accept comment="From our \
   private LAN" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything \
   else" disabled=no
add chain=tcp protocol=tcp p2p=all-p2p action=drop comment="deny DHCP" \
   disabled=no
add chain=tcp src-address=192.168.0.2 protocol=tcp dst-port=3133 p2p=all-p2p \
   action=drop comment="deny BackOriffice" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-server
add name="dhcp1" interface=Local lease-time=3d address-pool=dhcp_pool1 \
   bootp-support=static add-arp=yes authoritative=after-2sec-delay \
   disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.29 mac-address=00:14:2A:8D:66:D1 \
   client-id="1:0:14:2a:8d:66:d1" server=dhcp1 comment="" disabled=no
/ ip dhcp-server network
add address=192.168.0.0/27 gateway=192.168.0.30 \
   dns-server=192.168.1.1,203.130.193.74,202.134.0.155 comment=""
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
   lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 \
   hostname="proxy.smart.war.net.id" transparent-proxy=yes \
   parent-proxy=0.0.0.0:0 cache-administrator="[email protected]" \
   max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
   max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
   disabled=no
add url="suck***" action=deny comment="" disabled=yes
add url="nude****" action=deny comment="" disabled=yes
add url="bugil****" action=deny comment="" disabled=yes
add url="gay***" action=deny comment="" disabled=yes
add url="penis" action=deny comment="" disabled=yes
add url="vagina" action=deny comment="" disabled=yes
add url="vagina" action=deny comment="" disabled=yes
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
   disabled=no
add url="\\.exe\$" action=allow comment="" disabled=no
add url="\\.zip\$" action=allow comment="" disabled=no
add url="\\.mpeg\$" action=allow comment="" disabled=no
add url="\\.mp3\$" action=allow comment="" disabled=no
add url="\\.avi\$" action=allow comment="" disabled=no
add url="\\.pdf\$" action=allow comment="" disabled=no
add url="\\.rar\$" action=allow comment="" disabled=no
add url="\\.mov\$" action=allow comment="" disabled=no
add url="\\.mpg\$" action=allow comment="" disabled=no
add url="\\.dat\$" action=allow comment="" disabled=no
add url="\\.3gp\$" action=allow comment="" disabled=no
add url="\\.jpg\$" action=allow comment="" disabled=no
add url="\\.gif\$" action=allow comment="" disabled=no
add action=allow comment="" disabled=no
add url="http*youtube*get_video*" action=allow comment="YouTube" disabled=no
add url="http*friendster.com" action=allow comment="Friendster" disabled=no
add url="http*pu.go.id" action=allow comment="PU" disabled=no
add url="http*detik*com" action=allow comment="Detik" disabled=no
add url="http*domai.com" action=allow comment="Domai" disabled=no
add url="http*nigmae.net" action=allow comment="Nigmae" disabled=no
add url="http*kompas.com" action=allow comment="Kompas" disabled=no
add url="http*lalatx.com" action=allow comment="Lalatx" disabled=no
add url="http*yahoo.com" action=allow comment="Yahoo" disabled=no
add url="http*kapanlagi.com" action=allow comment="Kapanlagi" disabled=no
add url="http*plasa.com" action=allow comment="Plasa" disabled=no
add url="http*kaskus.us" action=allow comment="Kaskus" disabled=no
add url="http*avaxhome*org" action=allow comment="Avaxhome" disabled=no
add url="www.worth1000.com" action=allow comment="Worth1000" disabled=no
add url="http*rf-online*.web.id" action=allow comment="Eramuslim" disabled=no
add url="http***" action=allow comment="semua http" disabled=no
add url="http*hi5.com" action=allow comment="PU" disabled=no
add action=allow comment="Allow sado alahe" disabled=no
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
   disabled=no
add url="cgi-bin \\?" action=deny comment="" disabled=no
/ system logging
add topics=info prefix="" action=disk disabled=no
add topics=error prefix="" action=disk disabled=no
add topics=warning prefix="" action=disk disabled=no
add topics=critical prefix="" action=echo disabled=no
add topics=debug prefix="" action=disk disabled=no
add topics=web-proxy prefix="" action=disk disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514

/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
   sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 \
   red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
   sfq-allot=1514
add name="PFIFO-64" kind=pfifo pfifo-limit=64
add name="pcq-download" kind=pcq pcq-rate=384000 pcq-limit=50 \
   pcq-classifier=dst-address pcq-total-limit=2000
add name="pcq-upload" kind=pcq pcq-rate=64000 pcq-limit=50 \
   pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=10
/ queue simple
add name="Smart.Net" target-addresses=192.168.0.0/27 dst-address=0.0.0.0/0 \
   interface=Local parent=none direction=both priority=1 \
   queue=ethernet-default/ethernet-default limit-at=0/512000 \
   max-limit=0/512000 total-queue=default disabled=no
add name="Kasir" target-addresses=192.168.0.29/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=8 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="01" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="02" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="03" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="04" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="05" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="06" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="07" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="08" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="09" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="10" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="11" target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="12" target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="13" target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="14" target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="15" target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="16" target-addresses=192.168.0.16/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="17" target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="18" target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="19" target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="20" target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="21" target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="22" target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="23" target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="24" target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="25" target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="27" target-addresses=192.168.0.27/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="28" target-addresses=192.168.0.28/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
add name="26" target-addresses=192.168.0.26/32 dst-address=0.0.0.0/0 \
   interface=Local parent=Smart.Net direction=both priority=1 \
   queue=default/default limit-at=0/8000 max-limit=16000/48000 \
   total-queue=default disabled=no
/ queue tree
add name="ICMP" parent=global-in packet-mark=ICMP-PM limit-at=8000 \
   queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
   burst-time=0s disabled=no
add name="DNS" parent=global-in packet-mark=DNS-PM limit-at=8000 \
   queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
   burst-time=0s disabled=no
add name="downstream" parent=Local packet-mark=Turun limit-at=0 \
   queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
   burst-time=0s disabled=no
add name="upstream" parent=global-in packet-mark=Naik limit-at=0 \
   queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
   burst-time=0s disabled=no
/ system identity
set name="Smart.net"
c. linux router configuration

About The Author

harrychanputra.web.id

Number of Entries : 295

Leave a Comment

© 2011 Powered By Wordpress, Goodnews Theme By Geeks Docuementation

Scroll to top