Shoeisparrows’s Weblog

Just another WordPress.com weblog

Archive for August, 2009

UBUNTU 8.10 with SQUID 2.7.STABLE3 + MYSQL_AUTH

Posted by shoeisparrows on August 6, 2009

UBUNTU 8.10 (Intrepid Ibex)

with SQUID 2.7.STABLE3 + MYSQL_AUTH

Installasi paket ubuntu 8.10

1. Install squid dengan perintah
# apt-get install squid
lalu ikuti intruksinya

2. Install gcc dan g++ dengan perintah
# apt-get install gcc g++

3. Install mysql perlengkapannya dengan perintah
# apt-get install mysql-server mysql-client libmysqlclient15-dev
ikuti istruksi-intruksi (seperti memasukan password root My SQL)

~ New password for the MySQL “root” user: <– yourrootsqlpassword
~ Repeat password for the MySQL “root” user:
<– yourrootsqlpassword

Setelah MySQL terinstall, buat database untuk menyimpan username dan password untuk autentifikasi proxy. Perintahnya sebagai berikut :
# mysql -u root -p

~ Enter password: masukan password MySQL
~ Welcome to the MySQL monitor. Commands end with ; or \g.
~ Your MySQL connection id is 108
~ Server version: 5.0.67-0ubuntu6 (Ubuntu)
~
~ Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
~
~ mysql>

Sekarang kita akan mebuat database untuk mysql_auth
~mysql> CREATE DATABASE dbsquid;

~mysql> USE dbsquid;

~Reading table information for completion of table and column names

~You can turn off this feature to get a quicker startup with -A

~

~Database changed

~mysql> CREATE TABLE user (username text, password text);

~mysql> INSERT INTO user VALUE (’nobody’,’nobody’);

Download dan compilasi

4. Download mysql_auth dengan perintah
# wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz

5. Download patch dari mysql_auth 0.8 dengan perintah
# wget http://www.zero-sys.net/portal/download/additionalselect.patch

6. Extract paket mysql_auth 0.8 dengan perintah
# tar xvzf mysql_auth-0.8.tar.gz
lalu masuk ke directory mysql_auth-0.8
# cd mysql_auth-0.8

7. Patch paket mysql_auth 0.8 dengan perintah
# patch -p1 < additionalselect.patch

8. Karena mysql_auth haris di compile dulu, dan mysql_auth memerlukan file library mysql.h dan libmysqlclient.a, maka cari dua file tersebut dan lakukan perubahan file Makefile
# locate mysql.h
~ /usr/include/mysql/mysql.h
# locate libmysqlclient.a
~ /usr/lib/libmysqlclient.a
# nano Makefile
karena file mysql.h terapat pada directory /usr/include/mysql dan libmysqlclient.a pada /usr/lib, makacari dan rubah bagian CFLAGS = … menjadi CFLAGS = -I/usr/include/mysql/ -L/usr/lib/
lalu cari juga bagian
$(INSTALL) -o nobody -g nogroup -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf
rubah menjadi
$(INSTALL) -o nobody -g nogroup -m 644 $(CONF) /usr/local/squid/etc/mysql_auth.conf


“ini nih yg biking gw mabok knapa mysql_auth ga jalan2 n portnya ajah ga kebuka2,
tapi pas liat
syslog ada error
(mysql_auth): Can’t open mysql_auth config file: /usr/local/squid/etc/mysql_auth.conf!
ya dah dech dirubah lah permission file /usr/local/squid/etc/mysql_auth.conf jadi 644. Buat keamanan setelah selesai dijalanin squid-nya, rubah lagih permission-ny ke 600 ^^”

9. Sekarang rubah file Konfigurasi dari mysql_auth dengan perintah
# nano src/mysql_auth.conf
baca baik-baik, karena kita harus merubah atribut MYSQL (nama user mysql dan passworny, nama databases, nama table, nama field username, nama filed password) dengan konfigurasi MYSQL.
(blom di bahas ya installasi mysql?? ^^ tar lah, yg penting ini dulu)

10. Terakhir Compile dan install dengan perintah
# make
# make install

Kalo compilasi berhasi, dengan tampilan empat baris paling bawah seperti ini :

~ /usr/bin/install -o nobody -g nogroup -m 755 mysql_auth /usr/local/squid/libexec/mysql_auth
~ /usr/bin/install -o root -g root -m 700 mypasswd /usr/local/bin/mypasswd
~ /usr/bin/install -o nobody -g nogroup -m 644 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf
~ /usr/bin/install -o nobody -g nogroup -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf.default

Brarti kopilasi berhasil ^^. Sekarang kita test mysql_auth berfungsi atau tidak, dengan menjalan kan perintah berikut :
# /usr/local/squid/libexec/mysql_auth

Lalu masukan <username> <password>
ini salah

ERR

nobody nobody

OK

Akan muncuk OK jika username/password ada di database, atau ERR jika username/password tidak dalam database atau ada masalah.

Untuk selanjutnya, bisa juga menambah user dan password dalam database dengan menggunakan program bawaan mysql_auth, yaitu mypasswd dengan menjalankan perintah :
# /usr/local/bin/mypasswd <username> <password>

Contoh :
# /usr/local/bin/mypasswd apnet informatika

Squid Configurasi

11. Karena dah ngantuk berat, baca sendiri yah file configurasi saya
# mv /etc/squid/squid.conf.cadangan
# nano /etc/squid/squid.conf

#— keterangan masing2 perintah di tandai # dibawah perintah
http_port 2323
#port 2323 untuk proxy 2323 transparent
visible_hostname boerzproxy
#sebagai penjunjuk nama host
dns_nameservers 127.0.0.1
#karena saya junga menyeting DNS jadi, nameservernya di arahkan ke komputersendiri
cache_mgr mathofany@boerz.com
#cuman unutk mejeng nama
auth_param basic realm BoerZ Network
auth_param basic program /usr/local/squid/libexec/mysql_auth
auth_param basic children 5
auth_param basic credentialsttl 1 minutes
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
acl kompgw src 192.168.3.23/255.255.255.255
#inditifikasi computer gw..he..he.. biat khusus
acl lan src 192.168.16.0/24
#menginditifikasi network 192.168.3.x sebagai jaringan khusus (SSID BOERZ_WiFi)
acl kamar src 192.168.3.0/24
#menginditifikasi network 192.168.3.x sebagai kamar
acl umum src 172.16.23.0/24
#menginditifikasi network 172.16.23.x sebagai umum (SSID boerz_internet)
acl all src 0.0.0.0/0.0.0.0
#standar inditifikasi squid
acl pemakai proxy_auth REQUIRED
http_access allow pemakai
# ini neh2 yg network ga jelas pake autentifikasi
http_access deny kompgw
#khusus komputer gw di matiin, biar nge NAT ajah
http_access allow umum
#umum diijinkan untuk berSquid
http_access deny kamar
#karena mau coba mysql_auth jadi di matiin ajah
http_access allow lan
#lan untuk bisa kemana2
http_access deny all
#network ja jelas di matiin biar lewat mysql_auth
#untuk di bawah ini standarlah, bisa di baca di http://www.brennan.id.au/11-Squid_Web_Proxy.html
icp_port 0
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
log_fqdn off
# delay ah bwt SSID boerz_internet
delay_pools 1
delay_class 1 1
#delay_access 1 allow umum
delay_parameters 1 8000/8000
#========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM# ======================================================================$
dead_peer_timeout 30 seconds
mcast_icp_query_timeout 10
log_icp_queries on
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
request_timeout 30 seconds
#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin ?
#no_cache deny QUERY
# ======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$
cache_mem 32 MB
#nanti ganti ke 128
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

12. Terkahir jalankan atau restart daemon squid dengan perintah
# /etc/init.d/squid restart
klo terdapat [OK] berarti selesai sudah

Karena untuk autentifikasi squid ga bisa di setting transparent, maka harus menyeting browser client dengan IP dan PORT squid server ^^. Klo di mozila masuk ke Tools, Options, Advanced, Network, dan klik tombol Setting. Setelah keluar jendela Connection setting, pilih Manual Proxy Configuration, lalu masukan alamat proxy server kita dan portnya, lalu klik Use this proxy server for all protocol

Pada konfigurasi file squid.conf, untuk acl yg di http_access allow, bisa menggunakan proxy transparent. Jadi tidak usah memasukan ip proxy server dan port-nya. Dengan memasukan firewall iptables sebagai berikut :

#iptables -t nat -A PREROUTING -i eth3 -p tcp -m tcp –dport 80 -j DNAT –to-destination 192.168.1.1:2323

#iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp -dport 80 -j REDIRECT –to-ports 2323

Dimana 192.168.1.1 merupakan IP computer squid server dan 2323 adalah port squid server
Dan karena ada acl kompgw src 192.168.3.23/255.255.255.255 yg di NAT, jadi kita tambahkan

# iptables -t nat -I POSTROUTING -s 192.168.3.23 -o eth2 -j MASQUERADE

Referensi :

http://www.howtoforge.com/perfect-server-ubuntu-8.10
http://people.arxnet.hu/airween/mysql_auth/
http://www.zero-sys.net/portal/squid+mysql_auth+patch.html
http://boerz.wordpress.com/2008/03/17/nat_dhcp_firewall/
http://www.boerz.com

Time Quota With SQUID and MySQL_AUTH

Setelah melakukan installasi di atas,

1. Tambahkan field quota di table dbsquid yg dibuat di atas

2. Buka file source code mysql_auth.c
# nano src/ mysql_auth.c

3. Edit file tersebut sehingga menjadi seperti di bawah ini :

/*
* mysql_auth – mysql based authenticator for Squid Proxy
*
* mysql_auth.c
* (C) 2002 Ervin Hegedus
* edited by boerz
* Released under GPL, see COPYING-2.0 for details.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <stdio.h>
#include <mysql/mysql.h>
#include <syslog.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <ctype.h>
#include <time.h>
#include <locale.h>
#include “define.h”
#include “extern.h”
long waktu(char namauser[]){
FILE *handle;
char buffer[256],kata[256],sukukata[10][256],nama[256],status[256];
int i,j,k;
time_t clockval;
time_t now=time(NULL);
struct tm tnow, datatgl;
tnow = *localtime(&now);
char bulan[3],tahun[5];
int nbulan,ntahun,dtbulan,dttahun;
strftime(bulan,3,”%m”,&tnow);
strftime(tahun,5,”%Y”,&tnow);
nbulan=atoi(bulan);
ntahun=atoi(tahun);
long totaldurasi,durasi;
if((handle=fopen(”/var/log/squid/access.log”,”r”))==NULL){
printf(”File na atuh cauu…!\n”);
return(0);
}
totaldurasi=0;
while(!feof(handle)){
fgets(buffer,256,handle);
i=j=k=0;
durasi=0;
while(buffer[i]){
if(i>0){
if(isspace(buffer[i])){
if(isspace(buffer[i-1])){
i++;
}else{
strcpy(sukukata[k],kata);
bzero(kata,256);
i++;
j=0;
k++;
if(k>=10)break;
}
}else{
kata[j]=buffer[i];
i++;
j++;
}
}else{
kata[j]=buffer[i];
i++;
j++;
}
}
sscanf(sukukata[3],”%s”,&status);
if(strcmp(status,”TCP_DENIED/407″)!=0){
//simpan nama
sscanf(sukukata[7],”%s”,&nama);
if(strcmp(nama,namauser)==0){
sscanf(sukukata[1],”%ld”,&durasi);
sscanf(sukukata[0],”%lu”,&clockval);
datatgl=*localtime(&clockval);
strftime(bulan,3,”%m”,&datatgl);
strftime(tahun,5,”%Y”,&datatgl);
dtbulan=atoi(bulan);
dttahun=atoi(tahun);
if((nbulan==dtbulan) && (ntahun==dttahun)){
totaldurasi+=durasi;
//printf(”%s = %ld\n”,nama,durasi);
}
}
}
}
fclose(handle);
return(totaldurasi-durasi);
} //long waktu
int main ()
{
MYSQL connect;
MYSQL_RES *result;
MYSQL_ROW row;
struct my_params parameters;
char user[MAX_STRLEN], password[MAX_STRLEN];
long quota;
char query[MAXLENGTH], input[MAX_STRLEN];
char *tstring;
setbuf (stdout, NULL);
/*
* try open and read config file, config file place’ see define.h
*/
if (parse (&parameters) != 0) {
// question to squid devels: is require print ERR message
// when some error occur at initialize of authenticator?
fprintf (stdout, “ERR\n”);
exit (1);
}
/*
* first, it must to initialize MYSQL variable
*/
mysql_init (&connect);
if (&connect == NULL) {
syslog (LOG_WARNING, “Can’t initialize MYSQL structure!”);
puts (”ERR”);
exit (1);
}
/*
* try connect to mysql database, with those user/password, what are
* defined in mysql_auth.conf – this is the squid -> mysql connect pair!
*/
mysql_real_connect (&connect, parameters.var_host_name, parameters.var_user_name,\
parameters.var_user_password, parameters.var_database_name,\
0, parameters.var_mysqld_socket, 0);
/*
* if error returns, log trough syslog
*/
if (mysql_errno (&connect)) {
syslog (LOG_WARNING, “Can’t connect to mysql server: %s.\n”, parameters.var_host_name);
syslog (LOG_WARNING, “Error was: %d – %s.\n”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
exit (1);
}
/*
* try to select from table – there is all the same,
* what will the result
*/
memset (query, 0, strlen (query) + 1);
sprintf (query, “SELECT * FROM %s WHERE %s LIKE ’squid’ AND %s LIKE ’squid’”, \
parameters.var_table_name,\
parameters.var_user_column,\
parameters.var_password_column);
mysql_query (&connect, query);
// error occur, example invalid table name…
if (mysql_errno (&connect)) {
syslog (LOG_WARNING, “Can’t select from table – error was: %d – %s”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
exit (1);
}
/*
* these are requires for mysql fuctions
*/
result = mysql_use_result (&connect);
while (mysql_fetch_row (result));
mysql_free_result(result);
/**********************************
* start of auth method
**********************************/
memset (input, 0, MAX_STRLEN);
while (fgets(input, MAX_STRLEN, stdin)) {
user[0] = ”;
password[0] = ”;
/*
* may be this method is too difficult – who knows more about safety of strtok()?
*/
tstring = strtok (input, ” “);
if (tstring == NULL) { // empty username
puts (”ERR”);
continue;
}
else {
strcpy (user, tstring);
tstring = strtok (NULL, ” \n”);
if (tstring == NULL) { // empty password
puts (”ERR”);
continue;
}
else {
if (strcasecmp (parameters.var_encrypt_password_form, “yes”) == 0) {
sprintf (password, “password (\”%s\”)”, tstring);
}
else {
sprintf (password, “‘%s’”, tstring);
}
}
}
memset (query, 0, strlen (query) + 1);
//waktu(user) ukurannya per milli second jadi 1 jam = 1* 60 * 60 * 1000 = 3600000 milisecond
// waktu ukuran -1 berarti unlimited
sprintf (query, “SELECT * FROM %s WHERE %s LIKE ‘%s’ AND %s LIKE %s AND (quota >= ‘%ld’ OR quota = ‘-1′)”, \
parameters.var_table_name,\
parameters.var_user_column, user,\
parameters.var_password_column, password, waktu(user)
);
//printf(”%ld\n”,waktu(user));
mysql_query (&connect, query);
/*
* may be when mysql_auth runs, meantime lost
* connection,
* mysql admin change permission, etc…
* in this case don’t will exit, just return ERR
* message
*/
if (mysql_errno (&connect)) { syslog (LOG_WARNING, “Can’t select from table – error was: %d – %s”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
}
else {
result = mysql_use_result (&connect);
while ((row = mysql_fetch_row (result)));
/*
* the number of result is 1 – this doesn’t allow
* more than one account!!!
*/
if (mysql_num_rows (result) == 1) {
puts (”OK”);
}
else {
syslog (LOG_WARNING, “%s login failed.”, user);
puts (”ERR”);
}
mysql_free_result(result);
}
memset (input, 0, MAX_STRLEN);
}
mysql_close (&connect);
return 0;
}

4. Compile code di atas menggunakan perintah berikut :

# gcc -o mysql_auth src/mysql_auth.c src/confparser.c -lmysqlclient -I/usr/include/mysql/ -L/usr/lib/

5. Stop daemon squid

# /etc/init.d/squid stop

6. Copikan hasil compilasi source code untuk auth_param basic program ke target file /usr/local/squid/libexec/mysql_auth dengan perintah
# cp ./mysql_auth /usr/local/squid/libexec/mysql_auth

Jalankan kembali daemon squid
# /etc/init.d/squid start

7. Lakukan test authentifikasi dengan menjalankan file compilasi

# /usr/local/squid/libexec/mysql_auth

# boerz 12345
~ ERR

8. Isikan field quota di database dbsquid dengan nilai besar seperti 50000000 ( dalam ukuran milidetik).

9. Jalankan kembali langkah 7 di dapatkan hasil seperti di bawah ini

# /usr/local/squid/libexec/mysql_auth

# boerz 12345
~ OK

10. Test di browser ^^… karena credentialsttl 1 minutes maka coneksi terputus authentifikasi dalam 1 menit setelah tidak melakukan browsing ^^

referensi ini saya ambil dari http://boerz.wordpress.com/2009/01/01/ubuntu-810-with-squid-27stable3-mysql_auth/#more-201

Advertisements

Posted in Linux Ubuntu | Leave a Comment »

paket priority mikrotik

Posted by shoeisparrows on August 2, 2009

0   ;;; .::By shoei::.  Prio P2P
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=prio_conn_p2p passthrough=yes

1   chain=prerouting connection-mark=prio_conn_p2p action=mark-packet
new-packet-mark=prio_p2p_packet passthrough=no

2   ;;; Prio Download_Services
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

3   chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

4   chain=prerouting protocol=tcp dst-port=143 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

5   chain=prerouting protocol=tcp dst-port=993 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

6   chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

7   chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

8   chain=prerouting protocol=tcp dst-port=80 connection-bytes=500000-0
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

9   chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

10   chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

11   chain=prerouting connection-mark=prio_conn_download_services
action=mark-packet new-packet-mark=prio_download_packet passthrough=yes

12   ;;; Prio Ensign_Services
chain=prerouting protocol=tcp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

13   chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
14   chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

15   chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

16   chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

17   chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

18   chain=prerouting protocol=tcp dst-port=179 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

19   chain=prerouting protocol=tcp dst-port=8000 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

20   chain=prerouting connection-mark=prio_conn_ensign_services
action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no

21   ;;; Prio User_Request
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

22   chain=prerouting dst-address-list=user_request action=mark-connection
new-connection-mark=prio_conn_user_services passthrough=yes

23   chain=prerouting connection-mark=prio_conn_user_services
action=mark-packet new-packet-mark=prio_request_packet passthrough=yes

24   chain=prerouting protocol=gre action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

25   ;;; Prio_Communication
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

26   chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

27   chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

28   chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

29   chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

30   chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

31   chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

32   chain=prerouting protocol=ipencap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

33   chain=prerouting protocol=ipsec-esp action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

34   chain=prerouting protocol=ipsec-ah action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

35   chain=prerouting protocol=ipip action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

36   chain=prerouting protocol=encap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

37   chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet new-packet-mark=prio_comm_packet passthrough=no

nah kl skrip ini bwt paket pritory berdasarkan bandwitch
38 X ;;; .:: By Rendy ::.   mark basic client
chain=forward src-address-list=Basic_class_client action=mark-connection
new-connection-mark=Basic_client_conn passthrough=yes

39 X chain=forward connection-mark=basic_client_conn action=mark-packet
new-packet-mark=basic_clien_traffic passthrough=no

40 X ;;; mark srandard client traffic
chain=forward src-address-list=Standard_class_client
action=mark-connection new-connection-mark=standard_client_conn
passthrough=yes

41 X chain=forward connection-mark=standard_client_conn action=mark-packet
new-packet-mark=standard_client_traffic passthrough=no

42 X ;;; mark business client traffic
chain=forward src-address-list=Business_class_client
action=mark-connection new-connection-mark=business_client_conn
passthrough=yes

43 X chain=forward connection-mark=Business_client_conn action=mark-packet
new-packet-mark=business_client_traffic passthrough=no

44 X ;;; Check for unmarked traffic
chain=forward action=log log-prefix=””

Posted in Mikrotik | Leave a Comment »