Features Title Here. Consectetur adipisicing

Features Content Here. Sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

PCC load balancing for equal WANs

Thursday, 15 November 2012

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade

for un equal Wans

/ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

DNS setting

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
Posted by Geo at 00:25 0 comments

mikrotik how to bloch facebook and youtube....

Tuesday, 13 November 2012


ATURDAY, NOVEMBER 5, 2011

Mikrotik : How to Block Facebook - Youtube and Other sites using L7 (Layer7)

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

STEP 1:
you have to create new Regexp rule at Layer7 Protocols by Press  , and name it as "DENIED" (withoue quote), see details below:
You can Copy & Paste the code above at below:
^.+(facebook.com|youtube).*$

STEP 2:
Now create Filter Rules, as follow:
At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select 'DENIED' (rule that you have create at step 1) for Layer7 Protocols

Choose Action 'DROP' 
And At last, your Filter rule to block facebook and youtube should have effected to your network.
try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.
Posted by Geo at 22:02 0 comments

Limit download with IDM in Mikrotik


/Ip firewall layer7-protocol add comment = "" name = http-video regexp = \
"Http / (0 \ \ .9 | 1 \ \ .0 | 1 \ \ .1) [\ \ x09-\ \ x0d] [1-5] [0-9] [0-9] [\ \ x09 - \ \ x0d -~]*( content-type: video)"
/Ip firewall mangle
add chain = forward action = mark-connection comment = "limit download" connection-bytes = 1024000-4294967295 in-interface = lan5 new-connection-mark = Action-Download passthrough = yes disabled = no

add action = mark-packet chain = forward comment = "" connection-mark = Action-Download disabled = no in-interface = lan5 new-packet-mark = download_pkt passthrough = yes

add action = mark-packet chain = prerouting comment = "limit video streaming" disabled = no protocol = http layer7-new-video-packet-mark = http-video-up passthrough = yes protocol = tcp

add action = mark-packet chain = prerouting comment = "limit the audio stream" disabled = no protocol = http layer7-audio-new-packet-mark = http-audio-ups passthrough = yes protocol = tcp
/Queue type
add kind = pcq name = pcq-classifier = batasidownload dst-address pcq-limit = 50 pcq-rate = 256000 pcq-total-limit = 2000
/Queue simple
add burst-limit = 0 / 0 burst-threshold = 0 / 0 burst-time = 0s/0s comment = "" direction = Both disabled = no dst-address = 0.0.0.0 / 0 interface = all limit-at = 0 / 8k max-limit = 128k/128k name = "HTTP Video Traffict" packet-marks = http-video-up parent = none priority = 8 queue = default-small/default-small total-queue = default-small

add burst-limit = 0 / 0 burst-threshold = 0 / 0 burst-time = 0s/0s comment = "" direction = Both disabled = no dst-address = 0.0.0.0 / 0 interface = all limit-at = 0 / 0 max-limit = 128k/128k name = "HTTP Video Queue" packet-marks = http-video-up parent = "HTTP Video Traffict" priority = 8 queue = default-small/default-small target-addresses = 0.0.0.0 / 0 total-queue = default-small
/Queue tree
add burst-limit = 0 burst-threshold = 0 burst-time = 0s disabled = no limit-at = 0 max-limit = 256k name = batasidownloadfreebrowsing packet-mark = download_pkt parent = global-out priority = 8 queue = batasidownload


Posted by Geo at 21:57 1 comments

Limit Youtube Video streaming on MikroTik

/ip firewall layer7-protocol add name=http-video regexp="http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)"

 /ip frewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" \ disabled=no layer7-protocol=http-video new-packet-mark=http-video \ passthrough=no

 /queue simple add max-limit=0/64000 name=http-video packet-marks=http-video

other

/ip firewall layer7-protocol
add comment="" name="YouTube Download" regexp=videoplayback

add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube Download" new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=tcp 


/queue type
set default-small kind=pcq name=default-small pcq-classifier=src-address,dst-address,src-port,dst-port pcq-limit=50 pcq-rate=0 pcq-total-limit=2000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=512K name=queue1 packet-mark=youtube parent=global-out priority=8 queue=default-small
Posted by Geo at 21:53 6 comments

load blancer 10 wan 1 lan BY qAmAr


/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4
add address=192.168.5.2/24 network=192.168.5.0 broadcast=192.168.5.255 interface=WAN5
add address=192.168.6.2/24 network=192.168.6.0 broadcast=192.168.6.255 interface=WAN6
add address=192.168.7.2/24 network=192.168.7.0 broadcast=192.168.7.255 interface=WAN7
add address=192.168.8.2/24 network=192.168.8.0 broadcast=192.168.8.255 interface=WAN8
add address=192.168.9.2/24 network=192.168.9.0 broadcast=192.168.9.255 interface=WAN9
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=WAN10

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn
add chain=input in-interface=WAN5 action=mark-connection new-connection-mark=WAN5_conn
add chain=input in-interface=WAN6 action=mark-connection new-connection-mark=WAN6_conn
add chain=input in-interface=WAN7 action=mark-connection new-connection-mark=WAN7_conn
add chain=input in-interface=WAN8 action=mark-connection new-connection-mark=WAN8_conn
add chain=input in-interface=WAN9 action=mark-connection new-connection-mark=WAN9_conn
add chain=input in-interface=WAN10 action=mark-connection new-connection-mark=WAN10_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=output connection-mark=WAN5_conn action=mark-routing new-routing-mark=to_WAN5
add chain=output connection-mark=WAN6_conn action=mark-routing new-routing-mark=to_WAN6
add chain=output connection-mark=WAN7_conn action=mark-routing new-routing-mark=to_WAN7
add chain=output connection-mark=WAN8_conn action=mark-routing new-routing-mark=to_WAN8
add chain=output connection-mark=WAN9_conn action=mark-routing new-routing-mark=to_WAN9
add chain=output connection-mark=WAN10_conn action=mark-routing new-routing-mark=to_WAN10

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.6.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.7.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.8.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.9.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.10.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/4 action=mark-connection new-connection-mark=WAN5_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/5 action=mark-connection new-connection-mark=WAN6_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/6 action=mark-connection new-connection-mark=WAN7_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/7 action=mark-connection new-connection-mark=WAN8_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/8 action=mark-connection new-connection-mark=WAN9_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/9 action=mark-connection new-connection-mark=WAN10_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting connection-mark=WAN5_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN5
add chain=prerouting connection-mark=WAN6_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN6
add chain=prerouting connection-mark=WAN7_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN7
add chain=prerouting connection-mark=WAN8_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN8
add chain=prerouting connection-mark=WAN9_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN9
add chain=prerouting connection-mark=WAN10_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN10

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-mark=to_WAN5 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.6.1 routing-mark=to_WAN6 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.7.1 routing-mark=to_WAN7 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.8.1 routing-mark=to_WAN8 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.9.1 routing-mark=to_WAN9 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN10 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
Posted by Geo at 21:48 0 comments

SOFTWARE

Posted by Geo at 04:00 0 comments

mikrotik seting

Monday, 12 November 2012


ip firewall mangle add chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190 comment=”Point Blank”

ip firewall mangle add chain=game  action=mark-connection new-connection-mark=Game passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010

ip firewall mangle add chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no connection-mark=Game

ip firewall mangle add chain=prerouting action=jump jump-target=game

queue type add name=”Game” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

queue tree add name=”Game” parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

ip firewall mangle add chain=prerouting protocol=tcp dst-port=9339 connection-state=new   action=mark-connection new-connection-mark=poker passthrough=yes    comment="poker" disabled=no

ip firewall mangle add chain=prerouting connection-mark=poker action=mark-packet  new-packet-mark=poker1 passthrough=no comment="" disabled=no

queue tree add name="poker mania" parent=global-out packet-mark=poker1 limit-at=0    queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0   burst-time=0s disabled=no

ip firewall mangle add chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=speedy  out-interface=lokal packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment=”BROWSE”

ip firewall mangle add chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http

queue type add name=”Http” kind=pcq pcq-rate=768k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

queue tree add name=”Main_Browse” parent=lokal limit-at=0 priority=8 max-limit=768k burst-limit=0 burst-threshold=0 burst-time=0s

queue tree add name=”Browse” parent=Main_Browse packet-mark=http_pkt limit-at=0 queue=Http priority=8 max-limit=768k burst-limit=0 burst-threshold=0 burst-time=0s

firewall layer7 protocol

http-video
http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)

ip firewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video passthrough=no

queue simple add name="youtube" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=http-video direction=both priority=8  queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0   burst-time=0s/0s total-queue=default-small

ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
ip firewall layer7-protocol add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
ip firewall layer7-protocol add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
ip firewall layer7-protocol add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
ip firewall layer7-protocol add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
ip firewall layer7-protocol add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
ip firewall layer7-protocol add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
ip firewall layer7-protocol add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"

ip firewall layer7-protocol add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
ip firewall layer7-protocol add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
ip firewall layer7-protocol add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
ip firewall layer7-protocol add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
ip firewall layer7-protocol add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
ip firewall layer7-protocol add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
ip firewall layer7-protocol add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"

ip firewall layer7-protocol add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
ip firewall layer7-protocol add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
ip firewall layer7-protocol add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
ip firewall layer7-protocol add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
ip firewall layer7-protocol add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"

ip firewall layer7-protocol add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
ip firewall layer7-protocol add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
ip firewall layer7-protocol add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
ip firewall layer7-protocol add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
ip firewall layer7-protocol add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"

ip firewall mangle add action=mark-connection chain=prerouting comment="7z DOWNS" disabled=no layer7-protocol="Extension \" .7z \"" new-connection-mark="7z DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="7z DOWNS" disabled=no new-packet-mark=7z passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="asf DOWNS" disabled=no layer7-protocol="Extension \" .asf \"" new-connection-mark="asf DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="asf DOWNS" disabled=no new-packet-mark=asf passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="avi DOWNS" disabled=no layer7-protocol="Extension \" .avi \"" new-connection-mark="avi DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="avi DOWNS" disabled=no new-packet-mark=avi passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="bin DOWNS" disabled=no layer7-protocol="Extension \" .bin \"" new-connection-mark="bin DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="bin DOWNS" disabled=no new-packet-mark=bin passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="flv DOWNS" disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" disabled=no new-packet-mark=flv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="flv DOWNS" disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" disabled=no new-packet-mark=flv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="iso DOWNS" disabled=no layer7-protocol="Extension \" .iso \"" new-connection-mark="iso DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark= "iso DOWNS" disabled=no new-packet-mark=iso passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mkv DOWNS" disabled=no layer7-protocol="Extension \" .mkv \"" new-connection-mark="mkv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mkv DOWNS" disabled=no new-packet-mark=mkv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="exe DOWNS" disabled=no layer7-protocol="Extension \" .exe \"" new-connection-mark="exe DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="exe DOWNS" disabled=no new-packet-mark=exe passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mov DOWNS" disabled=no layer7-protocol="Extension \" .mov \"" new-connection-mark="mov DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mov DOWNS" disabled=no new-packet-mark=mov passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mp3 DOWNS" disabled=no layer7-protocol="Extension \" .mp3 \"" new-connection-mark="mp3 DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mp3 DOWNS" disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mp4 DOWNS" disabled=no layer7-protocol="Extension \" .mp4 \"" new-connection-mark="mp4 DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mp4 DOWNS" disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mpeg DOWNS" disabled=no layer7-protocol="Extension \" .mpeg \"" new-connection-mark="mpeg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mpeg DOWNS" disabled=no new-packet-mark=mpeg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mpg DOWNS" disabled=no layer7-protocol="Extension \" .mpg \"" new-connection-mark="mpg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mpg DOWNS" disabled=no new-packet-mark=mpg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="nrg DOWNS" disabled=no layer7-protocol="Extension \" .nrg \"" new-connection-mark="nrg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="nrg DOWNS" disabled=no new-packet-mark=nrg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="ram DOWNS" disabled=no layer7-protocol="Extension \" .ram \"" new-connection-mark="ram DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="ram DOWNS" disabled=no new-packet-mark=ram passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="rar DOWNS" disabled=no layer7-protocol="Extension \" .rar \"" new-connection-mark="rar DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rar DOWNS" disabled=no new-packet-mark=rar passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="rm DOWNS" disabled=no layer7-protocol="Extension \" .rm \"" new-connection-mark="rm DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rm DOWNS" disabled=no new-packet-mark=rm passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="rmvb DOWNS" disabled=no layer7-protocol="Extension \" .rmvb \"" new-connection-mark="rmvb DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rmvb DOWNS" disabled=no new-packet-mark=rmvb passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wav DOWNS" disabled=no layer7-protocol="Extension \" .wav \"" new-connection-mark="wav DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wav DOWNS" disabled=no new-packet-mark=wav passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wma DOWNS" disabled=no layer7-protocol="Extension \" .wma \"" new-connection-mark="wma DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wma DOWNS" disabled=no new-packet-mark=wma passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wmv DOWNS" disabled=no layer7-protocol="Extension \" .wmv \"" new-connection-mark="wmv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wmv DOWNS" disabled=no new-packet-mark=wmv passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="zip DOWNS" disabled=no layer7-protocol="Extension \" .zip \"" new-connection-mark="zip DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="zip DOWNS" disabled=no new-packet-mark=zip passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=t

/ip firewall mangle add action=mark-connection chain=prerouting comment="daa DOWNS" disabled=no layer7-protocol="Extension \" .daa \"" new-connection-mark="daa DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="daa DOWNS" disabled=no new-packet-mark=daa passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=tcp

queue simple add  name="exe" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=exe direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="rar" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=rar direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="zip" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=zip direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="7z" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=7z direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="cab" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=cab direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="asf" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=asf direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="mov" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mov direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="wmv" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=wmv direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="mpg" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mpg direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="mpeg" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mpeg direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="mkv" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mkv direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="avi" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=avi direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="flv" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=flv direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="wav" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=wav direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="rm" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=rm direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="mp3" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mp3 direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="mp4" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=mp4 direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="ram" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=ram direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="rmvb" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=rmvb direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="dat" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=dat direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="daa" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=daa direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="iso" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=iso direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

queue simple add  name="nrg" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=nrg direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small
queue simple add  name="bin" dst-address=0.0.0.0/0 interface=all parent=none   packet-marks=bin direction=both priority=8   queue=default-small/default-small limit-at=0/0 max-limit=128k/128k    burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s    total-queue=default-small

Posted by Geo at 05:04 0 comments

Installing Mikrotik RouterOS in VirtualBox


MikroTik RouterOS is a Linux based operating system that runs on  proprietary hardware (RouterBOARD), or on standard x86-based computers.
Some training videos here

You can install it in VirtualBox and play around with this virtual device.

Go to their website and download the latest Router OS for PC/86
At this time v5.18 is latest stable available version. Also available in torrent.

Create a new Virtual Machine in VirtualBox as per example below.

















Check the interfaces 
 [admin@MikroTik] > interface print  
 Flags: D - dynamic, X - disabled, R - running, S - slave  
 # NAME TYPE MTU L2MTU MAX-L2MTU  
 0 R ether1 ether 1500

and add  dhcp-client on ether1 and enable it
 ip dhcp-client add interface=ether1  
 ip dhcp-client enable number=0

Previously I have setup the network adapter to be "Bridge" so the virtual Mikrotik machine can see the my 3rd party (dhcp) router and get ip address
 [admin@MikroTik] > ip address print   
 Flags: X - disabled, I - invalid, D - dynamic  
 # ADDRESS NETWORK INTERFACE  
  0 D 192.168.0.102/24 192.168.0.0 ether1

I then added a second Ethernet adapter on my computer and in order to see it on Mikrotik as ether2 I had to restart it.
 [admin@MikroTik] > interface print  
 Flags: D - dynamic, X - disabled, R - running, S - slave   
 # NAME TYPE MTU L2MTU MAX-L2MTU   
 0 R ether1 ether 1500   
 1 R ether2 ether 1500   
 [admin@MikroTik] > interface print   
 Flags: D - dynamic, X - disabled, R - running, S - slave   
 # NAME TYPE MTU L2MTU MAX-L2MTU   
 0 R ether1 ether 1500   
 1 R ether2 ether 1500
I enable dhcp client on ether2 and as it was connected to another DHCP server it got ip address. 
 [admin@MikroTik] > ip dhcp-client add interface=ether2  
 [admin@MikroTik] > ip dhcp-client print  
 [admin@MikroTik] > ip dhcp-client enable numbers=0   
 Flags: X - disabled, I - invalid   
 # INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS  
 0 X ether2 yes yes  
 [admin@MikroTik] > ip address print  
 Flags: X - disabled, I - invalid, D - dynamic  
 # ADDRESS NETWORK INTERFACE  
 1 D 192.168.2.10/24 192.168.2.0 ether2


Then we can check if it can reach the Internet.
 [admin@MikroTik] > ping 8.8.8.8  
 HOST SIZE TTL TIME STATUS  
 8.8.8.8 56 49 62ms  
 8.8.8.8 56 49 63ms  
 8.8.8.8 56 49 63ms  
 8.8.8.8 56 49 62ms  
 sent=4 received=4 packet-loss=0% min-rtt=62ms avg-rtt=62ms max-rtt=63ms
Posted by Geo at 04:47 0 comments

Mangle Mikrotik Bandwidth 


add add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=yes dscp=12 
add add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no content=X-Cache:HIT 

 ;;; LB

add chain=prerouting action=mark-connection new-connection-mark=2mb1 passthrough=yes connection-state=new protocol=tcp 
in-interface=ether4 dst-port=80,8080 nth=3,3 

add chain=prerouting action=mark-routing new-routing-mark=2mb1 passthrough=no in-interface=ether4 connection-mark=2mb1 

add chain=prerouting action=mark-connection new-connection-mark=2mb2 passthrough=yes connection-state=new protocol=tcp 
in-interface=ether4 dst-port=80,8080 nth=3,2 

add chain=prerouting action=mark-routing new-routing-mark=2mb2 passthrough=no in-interface=ether4 connection-mark=2mb2 

add chain=prerouting action=mark-connection new-connection-mark=1mb passthrough=yes connection-state=new protocol=tcp in-interface=ether4 dst-port=80,8080 nth=3,1 

add chain=prerouting action=mark-routing new-routing-mark=1mb passthrough=no in-interface=ether4 connection-mark=1mb 

;;; "GAME ONLINE"

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=tcp \
in-interface=ether2-lan dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=tcp \
in-interface=ether2-lan dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=tcp in-interface=ether2-lan dst-port=10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=tcp in-interface=ether2-lan dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=tcp      in-interface=ether2-lan dst-port=14009-14010 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=udp      in-interface=ether2-lan dst-port=14009-14010 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=udp      in-interface=ether2-lan dst-port=1293,1479,6100-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010 

add chain=prerouting action=mark-connection new-connection-mark="GAME ONLINE" passthrough=yes protocol=udp      in-interface=ether2-lan dst-port=42051-42052,11100-11125,11440-11460 

add chain=prerouting action=mark-packet new-packet-mark=online passthrough=no connection-mark="GAME ONLINE" 

;;; LOSTSAGA

add chain=prerouting action=mark-routing new-routing-mark=lost-saga passthrough=yes src-address=!192.168.88.1 src-address-list=lost-saga 

;;; PING

add chain=prerouting action=mark-connection new-connection-mark=icmp-con passthrough=yes protocol=icmp 

add chain=prerouting action=mark-packet new-packet-mark=icmp-pkt passthrough=no protocol=icmp connection-mark=icmp-con 

;;; UPLOAD
add chain=prerouting action=mark-connection new-connection-mark=con-up passthrough=yes 

;;; HIT
add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no connection-mark=con-up 

add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=no connection-mark=con-up content=X-Cache: HIT 

add chain=forward action=mark-connection new-connection-mark=direct-con passthrough=yes 

add chain=forward action=mark-packet new-packet-mark=all-pkt passthrough=no protocol=tcp connection-mark=direct-con 

;;; FB
add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes content=facebook.com 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes content=fbcdn.net 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes content=facebook.net 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes content=zynga.com 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes \
content=static.ak.connect.facebook.com 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes \
content=statics.poker.static.zynga.com 

add chain=prerouting action=mark-connection new-connection-mark=fb_game passthrough=yes protocol=tcp dst-port=9339,843 

add chain=prerouting action=mark-packet new-packet-mark=gamefb passthrough=no connection-mark=fb_game 

add chain=prerouting action=mark-packet new-packet-mark=hit passthrough=yes protocol=tcp dst-address=192.168.3.0/24 \
src-address-list=IP dst-port=8291
Posted by Geo at 02:24 0 comments

Setup mangle

Mikrotik Operating System: 
Linux Mikrotik is actually already made ​​by the developers in such a way that is
easy to install and Configure with many features and functions in it
Explanation:
- Mikrotik Router with 2 Network Interface Card (NIC) and ether2 ether1 where ether1 is Ethernet
connected directly to the ISP and ether2 is connected directly to the Ethernet network 192.168.1.1/30
- The bandwidth of the ISP such as international 256Kbps and 1024Kbps IIX local
- Computer 192.168.1.2/30 128Kbps bandwidth allocation will be international and local 256Kbps IIX To separate the
between local traffic IIX with international traffic way is to mark data packets to or
derived from the local network using a mangle IIX.
The question is how can know the package Mikrotik
headed to or coming from local jairngan IIX?
[Admin @ dimas]> In this explanation I use the techniques include a list of ip blocks directly to the / ip firewall mangle, with this technique I have to enter twice ip list obtained from NICE to the router / ip firewall mangle.
[Admin @ dimas]> Another way is better is to include a list of ip blocks from NICE to the router / ip firewall address-list and thus the / ip firewall mangle there are only a few lines and the separation of Indonesia and international traffic
This can be more accurate because the mangle can be done by address-list only.
Here's how to share with local or international bandwidth is often called the ix by iix
for example:


style="text-align: justify;"> international comment =-ix
add chain = prerouting action = mark-packet
new-packet-mark = ix passthrough = no connection-mark = conn-Indonesia-ix
add chain = prerouting src-address-list = nice
action = mark-connection new-connection-mark = Indonesia-iix-conn passthrough = yes
comment = Indonesia-iix
add chain = prerouting action = mark-packet
new-packet-mark = iix passthrough = no connection-mark = conn-Indonesia-iix

Block icmp packages
Example:
[Admin @ dimas] ip firewall mangle>
add chain = forward action = mark-packet new-packet-mark = icmp-packet-fwd passthrough = yes protocol = icmp
add chain = output action = mark-packet new-packet-mark = out-icmp-packet passthrough = yes protocol = icmp
add chain = input action = mark-packet new-packet-mark = in-icmp-packet passthrough = yes protocol = icmp
add chain = forward action = mark-packet new-packet-mark = icmp-packet-fwd passthrough = yes protocol = icmp
add chain = postrouting action = mark-packet new-packet-mark = icmp-packet post-passthrough = yes protocol = icmp
add chain = prerouting action = mark-packet new-packet-mark = icmp-packet pre-passthrough = yes protocol = icmp

Bandwidth sharing:
Example:
[Admin @ dimas] queue simple>
add name = "dimas" target-addresses = 192.168.1.2/30 \
dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks =
Indonesia-conn-iix \
direction = both priority = 8 queue = default / default limit-at = 0/0 \
max-limit = 256000/256000 total-queue = default disabled = no
add name = "dimas" = 192.168.1.2/30 \
dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = ix \
direction = both priority = 8 queue = default / default limit-at = 0/0 \
max-limit = 128000/128000 total-queue = default disabled = no
Read more about script by seoblogger4.blogspot.com


Posted by Geo at 02:21 0 comments
Subscribe to: Posts (Atom)