Agar orang luar lain bisa masuk:
chain=dstnat dst-address=a.b.c.d protocol=tcp dst-port=6113
action=dst-nat to-addresses=w.x.y.z to-ports=6113
Satu (1 lan) bisa join
chain=srcnat
src-address=w.x.y.0/24 action=src-nat
to-addresses=a.b.c.d to-ports=0-65535
Hanya 2 RULES! buat main dota WAN dan LAN
Peace!
a.b.c.d = ip public
w.x.y.z = ip local
Sabtu, 29 November 2008
Sabtu, 08 November 2008
Rabu, 02 Juli 2008
Smoothwall : add DNS resolve
Edit file vim /var/smoothwall/ethernet/settings tambahkan DNS telkom seperti ini:
………………..
DNS1=203.130.196.155
DNS2=202.134.1.10
DNS3=202.134.0.155
DNS4=203.130.196.5
…………………
Kalo mo nambahin tinggal diurutkan aja, misal DNS5, DNS6, dst
Setelah itu edit file vim /etc/rc.d/rc.updatered tambahkan juga baris seperti ini :
………………..
elif [ “$RED_TYPE” = “STATIC” ]; then
DNSMASQ_DNS1=$DNS1
DNSMASQ_DNS2=$DNS2
DNSMASQ_DNS3=$DNS3
DNSMASQ_DNS4=$DNS4
……………….
echo “$DNSMASQ_DNS1″ >/var/smoothwall/red/dns1
echo “$DNSMASQ_DNS2″ >/var/smoothwall/red/dns2
echo “$DNSMASQ_DNS3″ >/var/smoothwall/red/dns3
echo “$DNSMASQ_DNS4″ >/var/smoothwall/red/dns4
/usr/bin/smoothcom dnsproxyrestart $DNSMASQ_DNS1 $DNSMASQ_DNS2 $DNSMASQ_DNS3 $DNSMASQ_DNS4
…………………
Selesai, kemudian reboot dan hasilnya seperti ini
(root) ~ $ cat /etc/resolv.conf.dnsmasq
nameserver 203.130.196.155
nameserver 202.134.1.10
nameserver 202.134.0.155
nameserver 203.130.196.5
source:
http://bayuart.wordpress.com/2007/12/25/opendns-di-linux-router/
………………..
DNS1=203.130.196.155
DNS2=202.134.1.10
DNS3=202.134.0.155
DNS4=203.130.196.5
…………………
Kalo mo nambahin tinggal diurutkan aja, misal DNS5, DNS6, dst
Setelah itu edit file vim /etc/rc.d/rc.updatered tambahkan juga baris seperti ini :
………………..
elif [ “$RED_TYPE” = “STATIC” ]; then
DNSMASQ_DNS1=$DNS1
DNSMASQ_DNS2=$DNS2
DNSMASQ_DNS3=$DNS3
DNSMASQ_DNS4=$DNS4
……………….
echo “$DNSMASQ_DNS1″ >/var/smoothwall/red/dns1
echo “$DNSMASQ_DNS2″ >/var/smoothwall/red/dns2
echo “$DNSMASQ_DNS3″ >/var/smoothwall/red/dns3
echo “$DNSMASQ_DNS4″ >/var/smoothwall/red/dns4
/usr/bin/smoothcom dnsproxyrestart $DNSMASQ_DNS1 $DNSMASQ_DNS2 $DNSMASQ_DNS3 $DNSMASQ_DNS4
…………………
Selesai, kemudian reboot dan hasilnya seperti ini
(root) ~ $ cat /etc/resolv.conf.dnsmasq
nameserver 203.130.196.155
nameserver 202.134.1.10
nameserver 202.134.0.155
nameserver 203.130.196.5
source:
http://bayuart.wordpress.com/2007/12/25/opendns-di-linux-router/
15 istilah sex
1. Anilingus
Istilah ini berhubungan dengan oral sex di seputar anus. Namun tetap harus anda ingat anilingus sangat beresiko, karena berhubungan seks melalui anus sangat rentan terhadap bakteri dan mudah menyebarkan infeksi.
2. Barebacking
Barebacking melibatkan sexual penetration tanpa menggunakan alat pengaman (kondom). Istilah ini biasanya berhubungan dengan hubungan seks anal dan vaginal seks.
3. BDSM
BDSM adalah acronim dari Bondage and Discipline, Sadism and Masochism. Istilah ini berkaitan dengan penggabungan praktek seksual yang melibatkan rasa sakit dan unsur-unsur kekerasan saat berhubungan seks, melukai pasangan atau diri sendiri untuk mencapai kepuasan saat berhubungan seks.
4. Bukkake
Bukkake berhubungan dengan "facial," istilah ini berkait dengan ejakulasi pada wajah wanita. Bukkake merupakan tindakan dimana pria berejakulasi di wajah pasangannya, aksi seperti ini banyak kita jumpai di film-film blue produksi Jepang.
5. Dental dam
Istilah ini biasanya sering kita jumpai pada oral seks wanita, sebuah dental dam biasanya terbuat dari sheer latex dan digunakan sebagai sebuah pelindung seks cunnilingus. Cunnilingus ialah memberikan perangsangan pada alat kelamin wanita dengan menggunakan lidah pada Miss. V.
6. Dirty Sanchez
Istilah yang merujuk pada praktek seks yang jarang sekali bisa membuat seseorang berselera untuk melakukannya.
a. berhubungan seks dimana seorang wanita mengoral organ seks pasangannya setelah terlebih dahulu melakukan anal seks.
b. Melap Mr. P atau tangan anda dengan 'miliiknya' setelah sebelumnya dimasukkan di anusnya. Seperti halnya anilingus, Dirty Sanchez beresiko tinggi dan dengan mudah menyebarkan infeksi karena bakteri yang terdapat di anus.
7. Edgeplay
Edgeplay, sesuatu yang diasumsikan sebagi sebuah perilaku seksual yang berbahaya dan beresiko.
8. Felching
Felching yaitu ejakulasi secara tiba-tiba ke anus wanita dan menghisap dan menjilat air mani yang keluar.
9. Frottage
Sebuah istilah yang mewakili perilaku seksual yang lebih halus dibanding perilaku seksual sebelumnya. Frottage merujuk pada sebuah gerakan saling menggosok untuk meraih kenimatan seksual tanpa sekalipun melakukan penetrasi. Frottage juga disebut dry humping.
10. Pearl necklace
Istilah yang diberikan saat seorang pria berejakulasi disekitar atau didekat leher wanita dan membentuknya menyerupai kalung mutiara pearl necklace.
11. Pudendum (pudenda)
Istilah yang digunakan untuk menyebut organ genital luar wanita: vulva
12. Queef
Queef berhubungan dengan kentut pada vagina. Kadang, saat Mr. P menjelajah keluar masuk Ms V secara berkala, udara akan terjebak dalam dinding Ms. V yang memicu udara keluar, bisanya dikenal dengan kentut. Tak seperti model anal seks, Queef tak menyebabkan bau, dan tidak terlalu beresiko menyebarkan bakteri.
13. Shrimping
Tak semua orang menyukai atau menyertakan gaya bercinta model ini, shrimping, merujuk pada tindakan menghisap dan menjilat jari-jari kaki pasangan sebelum atau sesudah berhubungan seks. Memang tak semua pasangan menyukai hal ini, namun wanita menyukai kaki mereka disentuh, dipijat, bahkan dihisap ataupun dijilat. Beranggapan bahwa kaki mereka benar-benar bersih, para wanita mengaku jika mereka menyukai pasangan mereka lebih memperhatikan telapak kaki, tumit maupun jari-jari kaki mereka, menggelitiknya dan membuatnya kegirangan, karena rasa sensitif pada jari-jari dan telapak kaki.
14. Smegma
Substansi yang menyerupai dadih berwarna putih yang keluar melalui kelenjar sebaceous pada Mr. P yang terkumpul dibawah kulup zakar penis pria yang tak sunat. Sedikit sekali jumlah dari susbtasi tersebut yang berguna untuk penis, biasanya substansi ini terdapat pada Mr. P yang jarang dibersihkan.
15. Snowballing
Seringkali seks oral disebut sebagai bagian proses foreplay. Dimana melibatkan alat kelamin dan mulut. Seks oral bagi wanita disebut dengan cunnilingus. Cunnilingus ialah memberikan perangsangan pada alat kelamin wanita dengan menggunakan lidah pada Ms. V. Sementara seks oral bagi pria disebut dengan fellatio. Fellatio adalah memberikan perangsangan pad Mr.P dengan cara diisap, dijilat dan dicium.
Snowballing, sebuah istilah dimana wanita melakukan fellatio pada pria dan dia berejakulasi, wanita akan menjaga cairan yang keluar saat ejakulasi dalam mulutnya dan mulai menciumnya. Saat berciuman, cairan akan saling berpindah dari mulut wanita ke pria, sampai salah satu menelan cairan tersebut.
Istilah ini berhubungan dengan oral sex di seputar anus. Namun tetap harus anda ingat anilingus sangat beresiko, karena berhubungan seks melalui anus sangat rentan terhadap bakteri dan mudah menyebarkan infeksi.
2. Barebacking
Barebacking melibatkan sexual penetration tanpa menggunakan alat pengaman (kondom). Istilah ini biasanya berhubungan dengan hubungan seks anal dan vaginal seks.
3. BDSM
BDSM adalah acronim dari Bondage and Discipline, Sadism and Masochism. Istilah ini berkaitan dengan penggabungan praktek seksual yang melibatkan rasa sakit dan unsur-unsur kekerasan saat berhubungan seks, melukai pasangan atau diri sendiri untuk mencapai kepuasan saat berhubungan seks.
4. Bukkake
Bukkake berhubungan dengan "facial," istilah ini berkait dengan ejakulasi pada wajah wanita. Bukkake merupakan tindakan dimana pria berejakulasi di wajah pasangannya, aksi seperti ini banyak kita jumpai di film-film blue produksi Jepang.
5. Dental dam
Istilah ini biasanya sering kita jumpai pada oral seks wanita, sebuah dental dam biasanya terbuat dari sheer latex dan digunakan sebagai sebuah pelindung seks cunnilingus. Cunnilingus ialah memberikan perangsangan pada alat kelamin wanita dengan menggunakan lidah pada Miss. V.
6. Dirty Sanchez
Istilah yang merujuk pada praktek seks yang jarang sekali bisa membuat seseorang berselera untuk melakukannya.
a. berhubungan seks dimana seorang wanita mengoral organ seks pasangannya setelah terlebih dahulu melakukan anal seks.
b. Melap Mr. P atau tangan anda dengan 'miliiknya' setelah sebelumnya dimasukkan di anusnya. Seperti halnya anilingus, Dirty Sanchez beresiko tinggi dan dengan mudah menyebarkan infeksi karena bakteri yang terdapat di anus.
7. Edgeplay
Edgeplay, sesuatu yang diasumsikan sebagi sebuah perilaku seksual yang berbahaya dan beresiko.
8. Felching
Felching yaitu ejakulasi secara tiba-tiba ke anus wanita dan menghisap dan menjilat air mani yang keluar.
9. Frottage
Sebuah istilah yang mewakili perilaku seksual yang lebih halus dibanding perilaku seksual sebelumnya. Frottage merujuk pada sebuah gerakan saling menggosok untuk meraih kenimatan seksual tanpa sekalipun melakukan penetrasi. Frottage juga disebut dry humping.
10. Pearl necklace
Istilah yang diberikan saat seorang pria berejakulasi disekitar atau didekat leher wanita dan membentuknya menyerupai kalung mutiara pearl necklace.
11. Pudendum (pudenda)
Istilah yang digunakan untuk menyebut organ genital luar wanita: vulva
12. Queef
Queef berhubungan dengan kentut pada vagina. Kadang, saat Mr. P menjelajah keluar masuk Ms V secara berkala, udara akan terjebak dalam dinding Ms. V yang memicu udara keluar, bisanya dikenal dengan kentut. Tak seperti model anal seks, Queef tak menyebabkan bau, dan tidak terlalu beresiko menyebarkan bakteri.
13. Shrimping
Tak semua orang menyukai atau menyertakan gaya bercinta model ini, shrimping, merujuk pada tindakan menghisap dan menjilat jari-jari kaki pasangan sebelum atau sesudah berhubungan seks. Memang tak semua pasangan menyukai hal ini, namun wanita menyukai kaki mereka disentuh, dipijat, bahkan dihisap ataupun dijilat. Beranggapan bahwa kaki mereka benar-benar bersih, para wanita mengaku jika mereka menyukai pasangan mereka lebih memperhatikan telapak kaki, tumit maupun jari-jari kaki mereka, menggelitiknya dan membuatnya kegirangan, karena rasa sensitif pada jari-jari dan telapak kaki.
14. Smegma
Substansi yang menyerupai dadih berwarna putih yang keluar melalui kelenjar sebaceous pada Mr. P yang terkumpul dibawah kulup zakar penis pria yang tak sunat. Sedikit sekali jumlah dari susbtasi tersebut yang berguna untuk penis, biasanya substansi ini terdapat pada Mr. P yang jarang dibersihkan.
15. Snowballing
Seringkali seks oral disebut sebagai bagian proses foreplay. Dimana melibatkan alat kelamin dan mulut. Seks oral bagi wanita disebut dengan cunnilingus. Cunnilingus ialah memberikan perangsangan pada alat kelamin wanita dengan menggunakan lidah pada Ms. V. Sementara seks oral bagi pria disebut dengan fellatio. Fellatio adalah memberikan perangsangan pad Mr.P dengan cara diisap, dijilat dan dicium.
Snowballing, sebuah istilah dimana wanita melakukan fellatio pada pria dan dia berejakulasi, wanita akan menjaga cairan yang keluar saat ejakulasi dalam mulutnya dan mulai menciumnya. Saat berciuman, cairan akan saling berpindah dari mulut wanita ke pria, sampai salah satu menelan cairan tersebut.
Penelitian: Suami Jangan Tidur Bareng Istri
Vienna, Sepiring berdua boleh saja, tapi seranjang berdua, nanti dulu! Penelitian membuktikan, jika ingin bahagia, suami sebaiknya tidur terpisah dari istri.
Dilansir Softpedia, Jumat (19/1/2007), hampir semua orang setuju, manusia tidur untuk beristirahat nyenyak, lari dari kehidupan yang bikin pusing, dan istirahat dan berbagai masalah yang menghadang.
Walau tujuannya sama, tapi pola tidur pria dan wanita ternyata berbeda. Ketika tidur, ingatan pria istirahat, emosinya melemah, kemampuan kognitifnya berkurang. Pria menjadi sangat santai dan tenang.
Tapi entah kenapa, ketika tidur dengan wanita, kondisi tersebut berubah. Kenyamanan tidur pria berkurang, ia pun jarang bisa tertidur pulas. Demikian hasil penelitian Universitas Vienna.
Ketika tidur bersama wanita, pria mudah terbangun dan terganggung dengan gerakan-gerakan yang terjadi di sekitarnya. Walau dalam keadaan tertidur, ia tidak bisa beristirahat tenang.
Sebenarnya, tidur terpisah bukan hal yang aneh. Zaman aristrokrat dulu, suami-istri tidur terpisah sudah biasa.
Pertanyaannya, mengapa pria tak bisa tidur pulas ketika bersama wanita?
Peneliti Universitas Vienna menjelaskan alasan historisnya. Sejak zaman primitif, pria memang dibiasakan setengah tidur untuk keperluan perlindungan diri dan kelompoknya. Di keadaan yang penuh ancaman dan binatang buas, pria memang dibiasakan tak tidur lelap.
Ketika tidur bersama wanita, pria semakin waspada. Tentunya untuk melindungi sang istri dari berbagai ancaman. Kebiasaan itu dipercaya terbawa di dalam pikiran pria hingga kini. Di era sekarang, pria juga harus bersikap protektif ketika bersama istri. Ancaman pencuri, bencana alam, dan beberapa gangguan lain juga masih membuat pria was-was.
Nah, karena itulah tidur di ranjang sendirian sangat baik bagi pria. Dengan tertidur pulas, pria bisa mengembalikan tenaga yang terbuang dan energi pikiran yang dikuras seharian. Selamat tidur!(fta/fta)
Dilansir Softpedia, Jumat (19/1/2007), hampir semua orang setuju, manusia tidur untuk beristirahat nyenyak, lari dari kehidupan yang bikin pusing, dan istirahat dan berbagai masalah yang menghadang.
Walau tujuannya sama, tapi pola tidur pria dan wanita ternyata berbeda. Ketika tidur, ingatan pria istirahat, emosinya melemah, kemampuan kognitifnya berkurang. Pria menjadi sangat santai dan tenang.
Tapi entah kenapa, ketika tidur dengan wanita, kondisi tersebut berubah. Kenyamanan tidur pria berkurang, ia pun jarang bisa tertidur pulas. Demikian hasil penelitian Universitas Vienna.
Ketika tidur bersama wanita, pria mudah terbangun dan terganggung dengan gerakan-gerakan yang terjadi di sekitarnya. Walau dalam keadaan tertidur, ia tidak bisa beristirahat tenang.
Sebenarnya, tidur terpisah bukan hal yang aneh. Zaman aristrokrat dulu, suami-istri tidur terpisah sudah biasa.
Pertanyaannya, mengapa pria tak bisa tidur pulas ketika bersama wanita?
Peneliti Universitas Vienna menjelaskan alasan historisnya. Sejak zaman primitif, pria memang dibiasakan setengah tidur untuk keperluan perlindungan diri dan kelompoknya. Di keadaan yang penuh ancaman dan binatang buas, pria memang dibiasakan tak tidur lelap.
Ketika tidur bersama wanita, pria semakin waspada. Tentunya untuk melindungi sang istri dari berbagai ancaman. Kebiasaan itu dipercaya terbawa di dalam pikiran pria hingga kini. Di era sekarang, pria juga harus bersikap protektif ketika bersama istri. Ancaman pencuri, bencana alam, dan beberapa gangguan lain juga masih membuat pria was-was.
Nah, karena itulah tidur di ranjang sendirian sangat baik bagi pria. Dengan tertidur pulas, pria bisa mengembalikan tenaga yang terbuang dan energi pikiran yang dikuras seharian. Selamat tidur!(fta/fta)
PCQ (Per Connection Queue)
Marking packet
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no
Menentukan pemakaian bandwidth upload dan download dengan PCQ
/queue type add name=”PCQ_download” kind=pcq pcq-rate=128000 pcq-classifier=dst-address
/queue type add name=”PCQ_upload” kind=pcq pcq-rate=64000 pcq-classifier=src-address
/queue tree add parent=global-in queue=PCQ_download packet-mark=all
/queue tree add parent=global-out queue=PCQ_upload packet-mark=all
/queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.1.0/24
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no
Menentukan pemakaian bandwidth upload dan download dengan PCQ
/queue type add name=”PCQ_download” kind=pcq pcq-rate=128000 pcq-classifier=dst-address
/queue type add name=”PCQ_upload” kind=pcq pcq-rate=64000 pcq-classifier=src-address
/queue tree add parent=global-in queue=PCQ_download packet-mark=all
/queue tree add parent=global-out queue=PCQ_upload packet-mark=all
/queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.1.0/24
Selasa, 22 April 2008
Mangle, Queue Tree and prio by fly man ... almost done
From: MikroTik Wiki
As we know ‘simple queue’ marks packets from/to target ip and queues them using global-in/global-out parents for packets at the local side of router. If we want to queue services using ‘queue tree’ we can do it at the local or public side. However if we want to use ‘simple queue’ and ‘queue tree’ for services we don’t have that choice. Packets are marked at the local side and queued by ‘simple queue’ (we can’t see it in /ip firewall mange and /queue tree). The second marking and the ‘queue tree’ at the local side won’t work. That’s why, for services we need to mark packets incoming/outgoing (prerouting/postrouting) at the public side of router.
/interface set ether1 name=wan
/interface set ether2 name=lan
/ip address add address=192.168.0.1/24 interface=lan
/ip address add address=1.0.0.2/24 interface=wan
/ip route add gateway=1.0.0.1
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.0.0/24
At first we make simple queue, for example:
:for z from 2 to 254 do={/queue simple add name=(0. . $z) target-addresses=(192.168.0. . $z) \
parent=192.168.0.0/24 interface=all priority=4 queue=default/default max-limit=128000/530000 \
total-queue=default}
Now we mark packets for the services
/ ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=icmp_in passthrough=no \
in-interface=wan protocol=icmp comment="icmp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=icmp_out \
passthrough=no out-interface=wan protocol=icmp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=p2p_in passthrough=no \
p2p=all-p2p in-interface=wan comment="p2p" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=p2p_out \
passthrough=no p2p=all-p2p out-interface=wan comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=pop3_in passthrough=no \
in-interface=wan src-port=110 protocol=tcp comment="pop3" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=pop3_out \
passthrough=no out-interface=wan dst-port=110 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=smtp_in passthrough=no \
in-interface=wan src-port=25 protocol=tcp comment="smtp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=smtp_out \
passthrough=no out-interface=wan dst-port=25 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=imap_in passthrough=no \
in-interface=wan src-port=143 protocol=tcp comment="imap" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=imap_out \
passthrough=no out-interface=wan dst-port=143 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=ssh_in passthrough=no \
in-interface=wan dst-port=22 protocol=tcp comment="ssh" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=ssh_out \
passthrough=no out-interface=wan src-port=22 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=winbox_in \
passthrough=no in-interface=wan dst-port=8291 protocol=tcp \
comment="winbox" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=winbox_out \
passthrough=no out-interface=wan src-port=8291 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=dns_in passthrough=no \
in-interface=wan src-port=53 protocol=udp comment="dns" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=dns_out \
passthrough=no out-interface=wan dst-port=53 protocol=udp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=www_in passthrough=no \
in-interface=wan src-port=80 protocol=tcp comment="www" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=www_out \
passthrough=no out-interface=wan dst-port=80 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=ssl_in passthrough=no \
in-interface=wan src-port=443 protocol=tcp comment="ssl" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=ssl_out \
passthrough=no out-interface=wan dst-port=443 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=udp_in passthrough=no \
in-interface=wan protocol=udp comment="udp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=udp_out \
passthrough=no out-interface=wan protocol=udp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=tcp_in passthrough=no \
in-interface=wan protocol=tcp comment="tcp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=tcp_out \
passthrough=no out-interface=wan protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=other_in \
passthrough=no in-interface=wan comment="other" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=other_out \
passthrough=no out-interface=wan comment="" disabled=no
after that we can make queue tree:
/queue tree
add name="upload_wan1" parent=global-out packet-mark="" limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="icmp_down" parent=global-in packet-mark=icmp_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="icmp_up" parent=global-out packet-mark=icmp_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="winbox_down" parent=global-in packet-mark=winbox_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="winbox_up" parent=global-out packet-mark=winbox_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="dns_down" parent=global-in packet-mark=dns_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="dns_up" parent=global-out packet-mark=dns_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="www_up" parent=upload_wan1 packet-mark=www_out limit-at=0 \
queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssl_up" parent=upload_wan1 packet-mark=ssl_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="p2p_up" parent=upload_wan1 packet-mark=p2p_out limit-at=0 \
queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="udp_up" parent=upload_wan1 packet-mark=udp_out limit-at=0 \
queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="tcp_up" parent=upload_wan1 packet-mark=tcp_out limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="other_up" parent=upload_wan1 packet-mark=other_out limit-at=0 \
queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="download_wan1" parent=global-in packet-mark="" limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="www_down" parent=download_wan1 packet-mark=www_in limit-at=0 \
queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssl_down" parent=download_wan1 packet-mark=ssl_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="p2p_down" parent=download_wan1 packet-mark=p2p_in limit-at=0 \
queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="udp_down" parent=download_wan1 packet-mark=udp_in limit-at=0 \
queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="tcp_down" parent=download_wan1 packet-mark=tcp_in limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="other" parent=download_wan1 packet-mark=other_in limit-at=0 \
queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssh_down" parent=global-in packet-mark=ssh_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssh_up" parent=global-out packet-mark=ssh_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="pop3_down" parent=download_wan1 packet-mark=pop3_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="smtp_down" parent=download packet-mark=smtp_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="imap_down" parent=download packet-mark=imap_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="imap_up" parent=upload packet-mark=imap_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="smtp_out" parent=upload packet-mark=smtp_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="pop3_up" parent=upload packet-mark=pop3_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
We have several basic download/upload queues:
- wan
- icmp
- winbox
- dns
Icmp, dns and winbox have the highest priority to ensure low ping, quick answer of dns server and winbox connection without any problems. The second is wan. In wan tree we decide which service has the highest priority, for which one we want to guarantee bandwidth or decrease speed.
Retrieved from "http://wiki.mikrotik.com/wiki/Mangle,_Queue_Tree_and_prio_by_fly_man_..._almost_done"
As we know ‘simple queue’ marks packets from/to target ip and queues them using global-in/global-out parents for packets at the local side of router. If we want to queue services using ‘queue tree’ we can do it at the local or public side. However if we want to use ‘simple queue’ and ‘queue tree’ for services we don’t have that choice. Packets are marked at the local side and queued by ‘simple queue’ (we can’t see it in /ip firewall mange and /queue tree). The second marking and the ‘queue tree’ at the local side won’t work. That’s why, for services we need to mark packets incoming/outgoing (prerouting/postrouting) at the public side of router.
/interface set ether1 name=wan
/interface set ether2 name=lan
/ip address add address=192.168.0.1/24 interface=lan
/ip address add address=1.0.0.2/24 interface=wan
/ip route add gateway=1.0.0.1
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.0.0/24
At first we make simple queue, for example:
:for z from 2 to 254 do={/queue simple add name=(0. . $z) target-addresses=(192.168.0. . $z) \
parent=192.168.0.0/24 interface=all priority=4 queue=default/default max-limit=128000/530000 \
total-queue=default}
Now we mark packets for the services
/ ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=icmp_in passthrough=no \
in-interface=wan protocol=icmp comment="icmp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=icmp_out \
passthrough=no out-interface=wan protocol=icmp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=p2p_in passthrough=no \
p2p=all-p2p in-interface=wan comment="p2p" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=p2p_out \
passthrough=no p2p=all-p2p out-interface=wan comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=pop3_in passthrough=no \
in-interface=wan src-port=110 protocol=tcp comment="pop3" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=pop3_out \
passthrough=no out-interface=wan dst-port=110 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=smtp_in passthrough=no \
in-interface=wan src-port=25 protocol=tcp comment="smtp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=smtp_out \
passthrough=no out-interface=wan dst-port=25 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=imap_in passthrough=no \
in-interface=wan src-port=143 protocol=tcp comment="imap" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=imap_out \
passthrough=no out-interface=wan dst-port=143 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=ssh_in passthrough=no \
in-interface=wan dst-port=22 protocol=tcp comment="ssh" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=ssh_out \
passthrough=no out-interface=wan src-port=22 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=winbox_in \
passthrough=no in-interface=wan dst-port=8291 protocol=tcp \
comment="winbox" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=winbox_out \
passthrough=no out-interface=wan src-port=8291 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=dns_in passthrough=no \
in-interface=wan src-port=53 protocol=udp comment="dns" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=dns_out \
passthrough=no out-interface=wan dst-port=53 protocol=udp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=www_in passthrough=no \
in-interface=wan src-port=80 protocol=tcp comment="www" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=www_out \
passthrough=no out-interface=wan dst-port=80 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=ssl_in passthrough=no \
in-interface=wan src-port=443 protocol=tcp comment="ssl" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=ssl_out \
passthrough=no out-interface=wan dst-port=443 protocol=tcp comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=udp_in passthrough=no \
in-interface=wan protocol=udp comment="udp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=udp_out \
passthrough=no out-interface=wan protocol=udp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=tcp_in passthrough=no \
in-interface=wan protocol=tcp comment="tcp" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=tcp_out \
passthrough=no out-interface=wan protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=other_in \
passthrough=no in-interface=wan comment="other" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=other_out \
passthrough=no out-interface=wan comment="" disabled=no
after that we can make queue tree:
/queue tree
add name="upload_wan1" parent=global-out packet-mark="" limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="icmp_down" parent=global-in packet-mark=icmp_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="icmp_up" parent=global-out packet-mark=icmp_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="winbox_down" parent=global-in packet-mark=winbox_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="winbox_up" parent=global-out packet-mark=winbox_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="dns_down" parent=global-in packet-mark=dns_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="dns_up" parent=global-out packet-mark=dns_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="www_up" parent=upload_wan1 packet-mark=www_out limit-at=0 \
queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssl_up" parent=upload_wan1 packet-mark=ssl_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="p2p_up" parent=upload_wan1 packet-mark=p2p_out limit-at=0 \
queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="udp_up" parent=upload_wan1 packet-mark=udp_out limit-at=0 \
queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="tcp_up" parent=upload_wan1 packet-mark=tcp_out limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="other_up" parent=upload_wan1 packet-mark=other_out limit-at=0 \
queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="download_wan1" parent=global-in packet-mark="" limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="www_down" parent=download_wan1 packet-mark=www_in limit-at=0 \
queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssl_down" parent=download_wan1 packet-mark=ssl_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="p2p_down" parent=download_wan1 packet-mark=p2p_in limit-at=0 \
queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="udp_down" parent=download_wan1 packet-mark=udp_in limit-at=0 \
queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="tcp_down" parent=download_wan1 packet-mark=tcp_in limit-at=0 \
queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="other" parent=download_wan1 packet-mark=other_in limit-at=0 \
queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssh_down" parent=global-in packet-mark=ssh_in limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="ssh_up" parent=global-out packet-mark=ssh_out limit-at=0 \
queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="pop3_down" parent=download_wan1 packet-mark=pop3_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="smtp_down" parent=download packet-mark=smtp_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="imap_down" parent=download packet-mark=imap_in limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="imap_up" parent=upload packet-mark=imap_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="smtp_out" parent=upload packet-mark=smtp_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="pop3_up" parent=upload packet-mark=pop3_out limit-at=0 \
queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
We have several basic download/upload queues:
- wan
- icmp
- winbox
- dns
Icmp, dns and winbox have the highest priority to ensure low ping, quick answer of dns server and winbox connection without any problems. The second is wan. In wan tree we decide which service has the highest priority, for which one we want to guarantee bandwidth or decrease speed.
Retrieved from "http://wiki.mikrotik.com/wiki/Mangle,_Queue_Tree_and_prio_by_fly_man_..._almost_done"
Sabtu, 12 April 2008
nod32 v3 valid server update!
;=============================
http://for.vpcit.ru/eset_upd/
;=============================
http://211.120.51.143/irda/
;=============================
http://for.vpcit.ru/eset_upd/
;=============================
http://211.120.51.143/irda/
;=============================
Senin, 24 Maret 2008
MikroTik - QoS with Script
Assumptions
Firstly, we have to make movement marking.
Marking is a process consisting in virtually data mark, which has some distinctive features (e.g. IP address or port).In order to form dynamic movement for users group, there are two ways:
by IP address – it is a effective way in case of routing and NAT.
by MAC address – very effective way in case of transparent bridge.
We will take up first way – the marking by user IP address.
1.2 A few words about scripts:
I would like to recommend using of scripts with a lot of entries generating, because the script makes it more comfortable.
In order to use of scripts (winbox) one should choose 'System -> Scripts' from left menu.
At follow up of report, the script made by internal scripts interpreter at the system will be marked as “(script)”.
Then, at new window, click on “+” symbol.
Entry the script content to field “Source”. One should avoid too much spaces in the script.
After accepting, one should mark script chosen and click the “Run Script” button.
Packets marking - configuration
The first script we have to make is:
(script)
for x from 2 to 254 do={ /ip firewall mangle add chain=prerouting src-address=(192.168.0. . $x ) action=mark-packet new-packet-mark=( $x . upload ) passthrough=no }
This script marks movement from user, that is its upload.
In order to change address class from 192.168.0 one should entry edit “src-address=(192.168.0.)”. It is very important to put full stops at the same place as at above example.
The situation is similar in case of scope from 2 to 254. We might edit that scope very easily by entering value, which are satisfied for us.
(skrypt)
:for x from 2 to 254 do={ /ip firewall mangle add chain=postrouting dst-address=(192.168.0. . $x ) action=mark-packet new-packet-mark=( $x . download ) passthrough=no }
and this is the mark at the internet -> user direction, that is its download.
New queue type creating
The preceded entries (terminal) one should make by entering from terminal:
(terminal)
/queue type add name="sfq" kind=sfq sfq-perturb=5 sfq-allot=1514
The element above has decided about the algorithm, which enables bandwidth division process at range of one group/ category.
The main queue creating
The process of clearly forming movement occure at the main queue, which are consistent with htb on algorithm rule. This algorithm is defined by “queue type”.
The bandwidth limiting : “input” <=> “output” at the system is made ours purpose up. So, we ought to create the main queue (parent), which will take control at secondary queues “(children)”, and also appropriately on:
external interface (Internet) – forming queue UPLOAD
local interface – LAN – forming queue DOWNLOAD
By the way, we will use from possible of maximal bandwidth control, acessing for given transmit direction, in order to control eventually global transgressions.
(terminal)
/queue tree add name="Download" parent=Lan queue=sfq max-limit=1730k
The new queue will be come into, which will be assigned to interial LAN.
(terminal)
/queue tree add name="Upload" parent=Internet queue=sfq max-limit=1730k
The new queue will be come into, which will be assigned to external Internet interface.
The above example assumes use of symmetrical connection POLPAK 2Mbps. As we could see, the 2048 Kbps was reduced at about 10%, in order to ensure service level by maximal queue use. Additional upload protection for DSL connections is very important, that is why I suggest maximal (real) value reducing by even 30%.
Adding proper queues
Having the main queues (parent), the subscribers are assigned to 'parent' and at appropriately priorities they would divide theirs band. The scripts, which are selected well, will make the situation effectively and quickly for entire range: from 2 to 254.
(script)
:for z from 2 to 254 do={ /queue tree add parent=Download packet-mark=( $z . download ) limit- at=32000 queue=sfq priority=7 max-limit=256000 }
The script will generate 254 queues. Each of those will be limiting the download for single mark (IP address), guaranteeing it the 32Kbps bandwidth and limiting to 256Kbps. The guarantee would be consisted in accounting two virtually queues: first, the limit-at counting (guaranteed speed), and the second one, max-limit (maximal speed), taking into consideration that limit-at queue will proceed through separate and higher prioritised path for the moment of limit-at value exceeding.
After limit-at exceeding, the value of priority becomes ignorable (an equal as lowest: 8). It means, that users who blocking up the link would be ignored at the moment, when new user will have wanted to use to 32Kbps of bandwidth. Thanks to such action- one might receive a quite steady put of link and also appropriate access level for service. The limit-at value should be equal to divided real value of link by users number and multiplied by simultaneity ratio (at about 3).
(script)
:for b from 2 to 254 do={ /queue tree add parent=Upload packet-mark=( $b . upload ) limit-at=32000 queue=sfq priority=7 max-limit=220000 }
Now, the Upload. I recommend saving of upload, even for symmetrical links, especially by large overbooking (when we send more than we have), because lower of upload in p2p programs causes low of download load.
Optimisation
We might remove the ICMP movement from the mark. It is very useful when we want to provide good PINGs, regardless of exploit degree for link and individula queues of users.
In this case, one have to add following (terminal) at the beginnig (before others rules at/IP firewall mangle):
(terminal)
/ip firewall mangle add chain=prerouting protocol=icmp action=accept
The rule above will remove the ICMP movement from the rest of disguise rules.
We also may use a few of another marks for every user, individually set amount of given movement type, which user can operate.However one should remember that a lot of entries number is not necessarily good. All depends on movement generating and computational power of device.
The test device based on the Pentium III 1000MHz processor will be proved useful even by movement of 1000 users ,but on condition we resign many additional functions, (as 'connection tracking' or wide use of firewall) and create almost transparently bandwidth – manger.
At the RouterOS 3.0 system it is possible to use multithreading and theoretically the additional processor should performance redouble, but in practise, I would not raly on that. The strong devices by Intel with one-kernel are the best for the movement forming with MikroTik.
Jumat, 14 Maret 2008
Repo Kambing
Langsung saja, kita maunya pake repo dengan database index paket yang minimal. Asumsinya kita tau paket apa aja yang akan di install :)
Klik Menu > Run Command… > Console
localhost $ su -
Password :
localhost #
urpmi.addmedia main http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update main_updates http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia main_backports http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/backports with media_info/synthesis.hdlist.cz
urpmi.addmedia contrib http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update contrib_updates http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia contrib_backports http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/backports with media_info/synthesis.hdlist.cz
Dikambing repo nya hanya itu, untuk tambahan bisa juga ditambahi repo berikut :
urpmi.addmedia --update plf-free http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/free/release/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia plf-free_backports http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/free/backports/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia --update plf-nonfree http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/non-free/release/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia plf-nonfree_backports http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/non-free/backports/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia non-free http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update non-free_updates http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia non-free_backports http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/backports with media_info/synthesis.hdlist.cz
===============
Cara install driver Pixma iP1000 di mandriva 2007 & 2008:
Klik Menu > Run Command… > Console
localhost $ su -
Password :
localhost #
urpmi.addmedia main http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update main_updates http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia main_backports http://kambing.ui.edu/mandriva/official/2008.0/i586/media/main/backports with media_info/synthesis.hdlist.cz
urpmi.addmedia contrib http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update contrib_updates http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia contrib_backports http://kambing.ui.edu/mandriva/official/2008.0/i586/media/contrib/backports with media_info/synthesis.hdlist.cz
Dikambing repo nya hanya itu, untuk tambahan bisa juga ditambahi repo berikut :
urpmi.addmedia --update plf-free http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/free/release/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia plf-free_backports http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/free/backports/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia --update plf-nonfree http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/non-free/release/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia plf-nonfree_backports http://mdk.linux.org.tw/ftp/pub/plf/mandriva/2008.0/non-free/backports/binary/i586/ with media_info/synthesis.hdlist.cz
urpmi.addmedia non-free http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/release with media_info/synthesis.hdlist.cz
urpmi.addmedia --update non-free_updates http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/updates with media_info/synthesis.hdlist.cz
urpmi.addmedia non-free_backports http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.0/i586/media/non-free/backports with media_info/synthesis.hdlist.cz
===============
Cara install driver Pixma iP1000 di mandriva 2007 & 2008:
download paket ini dulu
http://www.webforos.phpnet.us/descarga.php?d=1
http://www.webforos.phpnet.us/descarga.php?d=2
http://www.webforos.phpnet.us/descarga.php?d=3
ekstrak, trus instal barengan langsung pake perintah
urpmi nama_paket1 nama_paket2 nama_paket3
kalo udah, masuk ke Mandriva Control Center, pilih bagian Hardware, trus pilih Printer
udah ntar disitu canon pixma ip1000 sudah dikenali dengan baik
Source:
http://bayuart.wordpress.com/2007/12/13/mandriva-2008-add-repo-kambing/
Rabu, 30 Januari 2008
Port Port Game! ^_^
Ragnarok : Port : 5000
Warcraft/BNET : Port : 6120
CS : 27015 dst
RF : 10007 ama 27780
Ayodance : port 10000-10010 / 18900 - 18904
Warcraft/BNET : Port : 6120
CS : 27015 dst
RF : 10007 ama 27780
Ayodance : port 10000-10010 / 18900 - 18904
Jumat, 11 Januari 2008
2 ISP IN 1 ROUTER WITH LOADBALANCING
2 ISP IN 1 ROUTER WITH LOADBALANCING
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no comment="gateway for the router itself"
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no comment="gateway for the router itself"
Load Balancing 2 Line TELKOM Speedy dengan MikroTik
3 bagian yang pokok dalam script Load Balance ini adalah difirewall mangle, nat dan route ...
/ ip address
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \interface=local comment=”to-switch” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \interface=internet comment=”to-speedy-1” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \interface=swap comment=”to-speedy-2” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=local connection-state=new nth=1,1,0 \action=mark-connection new-connection-mark=speedy-1 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-1 \action=mark-routing new-routing-mark=speedy-1 passthrough=no disabled=no
add chain=prerouting in-interface=local connection-state=new nth=1,1,1 \action=mark-connection new-connection-mark=speedy-2 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-2 \action=mark-routing new-routing-mark=Speedy-2 passthrough=no disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy-1 action=src-nat to-addresses=192.168.1.2 \to-ports=0-65535 disabled=no
add chain=srcnat connection-mark=speedy-2 action=src-nat to-addresses=192.168.2.2 \to-ports=0-65535 disabled=no
Lebih baik jika dial-up nya tidak langsung dari modem karena beban modem akan menjadi lebih ringan ( terlebih jika digunakan 24 jam ), tapi karena keduanya sama-sama menggunakan TELKOM Speedy, gateway-nya menjadi sama (dalam hal ini 125.163.255.1) dan menyebabkan salah satu-nya tidak bisa connect ( tergantung mana yang lebih dulu tersambung entah speedy-1 atau speedy-2 ),
so.. speedy-2 dial langsung dari modem dan speedy-1 dial dari MikroTik,Script untuk dial-up Speedy :
/interface
pppoe-client add name=pppoe-user-speedy user=xxxx@telkom.net password=******* \ interface=internet service-name=internet disabled=no
Routing menjadi kunci utama dalam Load balancing ini, gateway di rule ketiga berarti speedy-1 akan menjadi primary.
/ ip route
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ routing-mark=speedy-1 comment="speedy-1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \ routing-mark=speedy-2 comment="speedy-2" disabled=no
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ comment="primary connection" disabled=no
Semoga bermanfaat,
xerophie.blogspot.com
/ ip address
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \interface=local comment=”to-switch” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \interface=internet comment=”to-speedy-1” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \interface=swap comment=”to-speedy-2” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=local connection-state=new nth=1,1,0 \action=mark-connection new-connection-mark=speedy-1 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-1 \action=mark-routing new-routing-mark=speedy-1 passthrough=no disabled=no
add chain=prerouting in-interface=local connection-state=new nth=1,1,1 \action=mark-connection new-connection-mark=speedy-2 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-2 \action=mark-routing new-routing-mark=Speedy-2 passthrough=no disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy-1 action=src-nat to-addresses=192.168.1.2 \to-ports=0-65535 disabled=no
add chain=srcnat connection-mark=speedy-2 action=src-nat to-addresses=192.168.2.2 \to-ports=0-65535 disabled=no
Lebih baik jika dial-up nya tidak langsung dari modem karena beban modem akan menjadi lebih ringan ( terlebih jika digunakan 24 jam ), tapi karena keduanya sama-sama menggunakan TELKOM Speedy, gateway-nya menjadi sama (dalam hal ini 125.163.255.1) dan menyebabkan salah satu-nya tidak bisa connect ( tergantung mana yang lebih dulu tersambung entah speedy-1 atau speedy-2 ),
so.. speedy-2 dial langsung dari modem dan speedy-1 dial dari MikroTik,Script untuk dial-up Speedy :
/interface
pppoe-client add name=pppoe-user-speedy user=xxxx@telkom.net password=******* \ interface=internet service-name=internet disabled=no
Routing menjadi kunci utama dalam Load balancing ini, gateway di rule ketiga berarti speedy-1 akan menjadi primary.
/ ip route
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ routing-mark=speedy-1 comment="speedy-1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \ routing-mark=speedy-2 comment="speedy-2" disabled=no
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ comment="primary connection" disabled=no
Semoga bermanfaat,
xerophie.blogspot.com
Memanipulasi ToS ICMP & DNS di MikroTik
Tujuan :
Memperkecil delay ping dari sisi klien ke arah Internet.
Mempercepat resolving hostname ke ip address.
Memperkecil delay ping dari sisi klien ke arah Internet.
Mempercepat resolving hostname ke ip address.
Asumsi : Klien-klien berada pada subnet 10.10.10.0/28
- Memanipulasi Type of Service untuk ICMP Packet :> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes > ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes > ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
- Memanipulasi Type of Service untuk DNS Resolving :> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes > ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes> ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
- Menambahkan Queue Type :> queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
- Mengalokasikan Bandwidth untuk ICMP Packet :> queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
- Mengalokasikan Bandwidth untuk DNS Resolving :> queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
Load-balancing & Fail-over di MikroTik
Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .
Yang akan dilakukan :
Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
Menjadikan salah satunya sebagai back-up dengan teknik fail-over.
OK, mari saja kita mulai eksperimennya :
IP address untuk akses ke LAN :> /ip address add address=192.168.0.1/28 interface=LANIP address untuk akses ke jalur DSL :> /ip address add address=10.32.57.253/29 interface=DSLIP address untuk akses ke jalur Wireless :> /ip address add address=10.9.8.2/29 interface=WIRELESSTentukan gateway dengan rasionya masing-masing :> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping> /ip route add gateway=10.32.57.254
Good Luck!!
Yang akan dilakukan :
Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
Menjadikan salah satunya sebagai back-up dengan teknik fail-over.
OK, mari saja kita mulai eksperimennya :
IP address untuk akses ke LAN :> /ip address add address=192.168.0.1/28 interface=LANIP address untuk akses ke jalur DSL :> /ip address add address=10.32.57.253/29 interface=DSLIP address untuk akses ke jalur Wireless :> /ip address add address=10.9.8.2/29 interface=WIRELESSTentukan gateway dengan rasionya masing-masing :> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping> /ip route add gateway=10.32.57.254
Good Luck!!
Langganan:
Postingan (Atom)
