Ragnarok : Port : 5000
Warcraft/BNET : Port : 6120
CS : 27015 dst
RF : 10007 ama 27780
Ayodance : port 10000-10010 / 18900 - 18904
Rabu, 30 Januari 2008
Jumat, 11 Januari 2008
2 ISP IN 1 ROUTER WITH LOADBALANCING
2 ISP IN 1 ROUTER WITH LOADBALANCING
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no comment="gateway for the router itself"
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no comment="gateway for the router itself"
Load Balancing 2 Line TELKOM Speedy dengan MikroTik
3 bagian yang pokok dalam script Load Balance ini adalah difirewall mangle, nat dan route ...
/ ip address
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \interface=local comment=”to-switch” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \interface=internet comment=”to-speedy-1” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \interface=swap comment=”to-speedy-2” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=local connection-state=new nth=1,1,0 \action=mark-connection new-connection-mark=speedy-1 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-1 \action=mark-routing new-routing-mark=speedy-1 passthrough=no disabled=no
add chain=prerouting in-interface=local connection-state=new nth=1,1,1 \action=mark-connection new-connection-mark=speedy-2 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-2 \action=mark-routing new-routing-mark=Speedy-2 passthrough=no disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy-1 action=src-nat to-addresses=192.168.1.2 \to-ports=0-65535 disabled=no
add chain=srcnat connection-mark=speedy-2 action=src-nat to-addresses=192.168.2.2 \to-ports=0-65535 disabled=no
Lebih baik jika dial-up nya tidak langsung dari modem karena beban modem akan menjadi lebih ringan ( terlebih jika digunakan 24 jam ), tapi karena keduanya sama-sama menggunakan TELKOM Speedy, gateway-nya menjadi sama (dalam hal ini 125.163.255.1) dan menyebabkan salah satu-nya tidak bisa connect ( tergantung mana yang lebih dulu tersambung entah speedy-1 atau speedy-2 ),
so.. speedy-2 dial langsung dari modem dan speedy-1 dial dari MikroTik,Script untuk dial-up Speedy :
/interface
pppoe-client add name=pppoe-user-speedy user=xxxx@telkom.net password=******* \ interface=internet service-name=internet disabled=no
Routing menjadi kunci utama dalam Load balancing ini, gateway di rule ketiga berarti speedy-1 akan menjadi primary.
/ ip route
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ routing-mark=speedy-1 comment="speedy-1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \ routing-mark=speedy-2 comment="speedy-2" disabled=no
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ comment="primary connection" disabled=no
Semoga bermanfaat,
xerophie.blogspot.com
/ ip address
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \interface=local comment=”to-switch” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \interface=internet comment=”to-speedy-1” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \interface=swap comment=”to-speedy-2” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=local connection-state=new nth=1,1,0 \action=mark-connection new-connection-mark=speedy-1 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-1 \action=mark-routing new-routing-mark=speedy-1 passthrough=no disabled=no
add chain=prerouting in-interface=local connection-state=new nth=1,1,1 \action=mark-connection new-connection-mark=speedy-2 passthrough=yes disabled=no
add chain=prerouting in-interface=local connection-mark=speedy-2 \action=mark-routing new-routing-mark=Speedy-2 passthrough=no disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy-1 action=src-nat to-addresses=192.168.1.2 \to-ports=0-65535 disabled=no
add chain=srcnat connection-mark=speedy-2 action=src-nat to-addresses=192.168.2.2 \to-ports=0-65535 disabled=no
Lebih baik jika dial-up nya tidak langsung dari modem karena beban modem akan menjadi lebih ringan ( terlebih jika digunakan 24 jam ), tapi karena keduanya sama-sama menggunakan TELKOM Speedy, gateway-nya menjadi sama (dalam hal ini 125.163.255.1) dan menyebabkan salah satu-nya tidak bisa connect ( tergantung mana yang lebih dulu tersambung entah speedy-1 atau speedy-2 ),
so.. speedy-2 dial langsung dari modem dan speedy-1 dial dari MikroTik,Script untuk dial-up Speedy :
/interface
pppoe-client add name=pppoe-user-speedy user=xxxx@telkom.net password=******* \ interface=internet service-name=internet disabled=no
Routing menjadi kunci utama dalam Load balancing ini, gateway di rule ketiga berarti speedy-1 akan menjadi primary.
/ ip route
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ routing-mark=speedy-1 comment="speedy-1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \ routing-mark=speedy-2 comment="speedy-2" disabled=no
add dst-address=0.0.0.0/0 gateway=125.163.255.1 scope=255 target-scope=10 \ comment="primary connection" disabled=no
Semoga bermanfaat,
xerophie.blogspot.com
Memanipulasi ToS ICMP & DNS di MikroTik
Tujuan :
Memperkecil delay ping dari sisi klien ke arah Internet.
Mempercepat resolving hostname ke ip address.
Memperkecil delay ping dari sisi klien ke arah Internet.
Mempercepat resolving hostname ke ip address.
Asumsi : Klien-klien berada pada subnet 10.10.10.0/28
- Memanipulasi Type of Service untuk ICMP Packet :> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes > ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes > ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
- Memanipulasi Type of Service untuk DNS Resolving :> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes > ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes> ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
- Menambahkan Queue Type :> queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
- Mengalokasikan Bandwidth untuk ICMP Packet :> queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
- Mengalokasikan Bandwidth untuk DNS Resolving :> queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
Load-balancing & Fail-over di MikroTik
Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .
Yang akan dilakukan :
Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
Menjadikan salah satunya sebagai back-up dengan teknik fail-over.
OK, mari saja kita mulai eksperimennya :
IP address untuk akses ke LAN :> /ip address add address=192.168.0.1/28 interface=LANIP address untuk akses ke jalur DSL :> /ip address add address=10.32.57.253/29 interface=DSLIP address untuk akses ke jalur Wireless :> /ip address add address=10.9.8.2/29 interface=WIRELESSTentukan gateway dengan rasionya masing-masing :> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping> /ip route add gateway=10.32.57.254
Good Luck!!
Yang akan dilakukan :
Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
Menjadikan salah satunya sebagai back-up dengan teknik fail-over.
OK, mari saja kita mulai eksperimennya :
IP address untuk akses ke LAN :> /ip address add address=192.168.0.1/28 interface=LANIP address untuk akses ke jalur DSL :> /ip address add address=10.32.57.253/29 interface=DSLIP address untuk akses ke jalur Wireless :> /ip address add address=10.9.8.2/29 interface=WIRELESSTentukan gateway dengan rasionya masing-masing :> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping> /ip route add gateway=10.32.57.254
Good Luck!!
Langganan:
Postingan (Atom)
