Load Balancing Mikrotik

/ ip addressadd address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \disabled=noadd address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \comment="" disabled=noadd address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \comment="" disabled=no/ ip firewall mangleadd chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \action=mark-connection new-connection-mark=odd passthrough=yes comment="" \disabled=noadd chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \new-routing-mark=odd...

Read More

Script Failover via netwatch

/ tool netwatchadd host=125.163.xx.xx timeout=100ms interval=15s up-script="/ip route enable \[/ip route find comment="GATEWAY-DSL"\]" down-script="/ip route disable \[/ip route find comment="GATEWAY-DSL"\]" comment="Ping Gateway IIX >> jika koneksi wireless putus script jalan >> " disabled...

Read More

Prioritas Upstream agar browsing tetep wuss wuss

/ ip firewall mangleadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=syn \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn passthrough=yes comment="Testing TCP \Flags" disabled=noadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=rst \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn passthrough=yes comment="" disabled=noadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=ack \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn...

Read More

Prioritas Upstream agar browsing tetep wuss wuss

/ ip firewall mangleadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=syn \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn passthrough=yes comment="Testing TCP \Flags" disabled=noadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=rst \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn passthrough=yes comment="" disabled=noadd chain=postrouting out-interface=MAIN-LB protocol=tcp tcp-flags=ack \connection-state=new packet-size=40-100 action=mark-connection \new-connection-mark=upstream_conn...

Read More

Bogon address List

/ ip firewall address-listadd list=bogons address=1.0.0.0/8 comment="" disabled=noadd list=bogons address=2.0.0.0/8 comment="" disabled=noadd list=bogons address=5.0.0.0/8 comment="" disabled=noadd list=bogons address=10.0.0.0/8 comment="" disabled=noadd list=bogons address=23.0.0.0/8 comment="" disabled=noadd list=bogons address=27.0.0.0/8 comment="" disabled=noadd list=bogons address=31.0.0.0/8 comment="" disabled=noadd list=bogons address=36.0.0.0/8 comment="" disabled=noadd list=bogons address=37.0.0.0/8 comment="" disabled=noadd list=bogons address=39.0.0.0/8 comment="" disabled=noadd list=bogons...

Read More

preventing natted access

How to prevent NATed accessSesuai dengan judul diatas,inti dari kasus ini adalah penyedia jasa tidak ingin BW yang diberikan kepada user di sharing lagi mempergunakan nat-router.Ilmu baru buat saya, dengan memberikan TTL=1 ?, mmmm aneh sekali.Hasil dari googling di wikipedia di dapat informasi sebagai berikut :The TTL field is set by the sender of the datagram, and reduced by every host on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (11 - Time Exceeded) is sent back to the...

Read More

drop flooding

/ip firewall filter add chain=syn-flood action=return tcp-flags=syn,!fin,!rst,!ack protocol=tcp limit=5,10/ip firewall filter add chain=syn-flood action=return protocol=!tcp disabled=yes/ip firewall filter add chain=syn-flood action=return tcp-flags=!,syn,!fin,!rst,!ack protocol=tcp disabled=yes/ip firewall filter add chain=syn-flood action=log log-prefix=”SYN FLOOD:”/ip firewall filter add chain=syn-flood action=drop disabled=...

Read More

Burst for each TCP connection

This is little how-to create manual burst using queue tree.As it is bandwidth control using queue tree first we need to mangle trafficfirst i mangle all connections, then i mark first 2Mbytes then i mark the rest of packets/ip firewall mangle add chain=forward protocol=tcp action=mark-connection new-connection-mark=new_conn passthrough=yes comment="mark all new connections" disabled=no/ip firewall mangle add chain=forward protocol=tcp connection-mark=new_conn connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet passthrough=no comment="mark packets" disabled=no/ip firewall mangle...

Read More

Block Trace Route

ngeblok trace route gini boz,/ip firewall filter add chain=forward protocol=icmp icmp-options=11:0 action=drop comment="DropTraceroute"/ip firewall filter add chain=forward protocol=icmp icmp-options=3:3 action=drop comment="Drop Traceroute"Batasin ping, ada client yang iseng banjiri traffic dengan ping yang gak jelas, cara batasi ping-nya/ip firewall filter add chain=input action=accept protocol=icmp limit=50/5...

Read More

bagi rata koneksi

/ip firewall mangle add chain=forward src-address=172.16.0.0/12 \action=mark-connection new-connection-mark=users-con/ip firewall mangle add connection-mark=users-con action=mark-packet \new-packet-mark=users chain=forward/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address/queue tree add name=Download parent=Lan max-limit=2048000/queue tree add parent=Download queue=pcq-download packet-mark=users/queue tree add name=Upload parent=Public max-limit=1024000/queue tree add parent=Upload queue=pcq-upload packet-mark=users/queue...

Read More

drop port scanner pada mikrotik

/ip firewall filteradd chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \address-list="port scanners" address-list-timeout=2w \comment="Port scanners to list " disabled=noadd chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg\action=add-src-to-address-list address-list="port scanners"\address-list-timeout=2w comment="NMAP FIN Stealth scan"add chain=input protocol=tcp tcp-flags=fin,syn\action=add-src-to-address-list address-list="port scanners"\address-list-timeout=2w comment="SYN/FIN scan"add chain=input protocol=tcp tcp-flags=syn,rst\action=add-src-to-address-list...

Read More

Mikrotik Router Protection

/ip firewall filteradd chain=input connection-state=invalid action=drop \comment="Drop Invalid connections"add chain=input connection-state=established action=accept \comment="Allow Established connections"add chain=input protocol=icmp action=accept \comment="Allow ICMP"add chain=input src-address=192.168.0.0/24 action=accept \in-interface=!ether1add chain=input action=drop comment="Drop everything else"/ip firewall filteradd chain=forward protocol=tcp connection-state=invalid \action=drop comment="drop invalid connections"add chain=forward connection-state=established action=accept \comment="allow...

Read More

burst Queue

keterangan:(N = x * y / z)N = long burst-time (interval / durasi)x = burst-thresholdy = burst-timez = burst-limitlangkah-langkah :1. menghitung perkiraan waktu rata-rata yang dibutuhkan untuk loading page, pada contoh ini saya kira2 aja = 8detik2. seting max-limit, saya berikan = 256k3. set N = 8detik4. set y = 20detik5. set z = 1M (perhitungan BW untuk meLOAD page, dengan BW 1M saya rasa sudah lumayan cepat)6. nahh, sekarang kita hitung burst-thresholdnya,Quote:N = ( x * y ) / z8 = ( x * 20 ) / 1000x = 400k, jadi burst-threshold di set 400kQuote:N = 8x = 400ky = 10z = 1000k (1M)penjelasan :pada...

Read More