IP Firewall Mangle

Memisahkan bandwidth local dan international dengan mikrotik

Melihat ip address
[koen@Warnet] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
#   ADDRESS            NETWORK         BROADCAST       INTERFACE
0   10.0.10.1/24       10.0.10.0       10.0.10.255     LAN
1   192.168.23.5/24    192.168.23.0    192.168.23.255  WAN

Berikut konfigurasinya
[koen@Warnet] ip firewall mangle> print
Flags: X – disabled, I – invalid, D – dynamic
0   ;;; int
chain=prerouting src-address=10.0.10.0/24 dst-address-list=!nice
action=mark-connection new-connection-mark=int passthrough=yes

1   chain=prerouting dst-address=192.168.23.5 src-address-list=!nice
action=mark-connection new-connection-mark=int passthrough=yes

2   chain=prerouting connection-mark=int action=mark-packet
new-packet-mark=int-nya passthrough=yes

3   ;;; iix mangle
chain=prerouting src-address=10.0.10.0/24 dst-address-list=nice
action=mark-connection new-connection-mark=iix passthrough=yes

4   chain=prerouting dst-address=192.168.23.5 src-address-list=nice
action=mark-connection new-connection-mark=iix passthrough=yes

5   chain=prerouting connection-mark=iix action=mark-packet
new-packet-mark=iix passthrough=yes

Langkah selanjutnya adalah mengatur bandwith melalui queue simple, untuk mengatur bandwith international 128Kbps dan bandwidth local IIX 256Kbps pada komputer dengan IP 10.0.10.2 dapat dilakukan dengan contoh script sbb:

[koen@Warnet] > queue simple print
Flags: X – disabled, I – invalid, D – dynamic
0    name=”Total int” target-addresses=10.0.10.0/24 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=int-nya direction=both
priority=1 queue=default-small/default-small limit-at=1000000/1000000
max-limit=1000000/1000000 total-queue=default

1    name=”PC-01 int” target-addresses=10.0.10.2/24 dst-address=0.0.0.0/0
interface=all parent=Total int packet-marks=int-nya direction=both
priority=1 queue=default-small/default-small limit-at=128000/128000
max-limit=128000/128000 total-queue=default

0    name=”Total iix” target-addresses=10.0.10.0/24 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=iix direction=both priority=8
queue=default/default limit-at=2000000/2000000 max-limit=2000000/2000000
total-queue=default-small total-max-limit=2000000

1    name=”PC-01 iix” target-addresses=10.0.10.2/24 dst-address=0.0.0.0/0
interface=all parent=Total iix packet-marks=iix direction=both
priority=1 queue=default-small/default-small limit-at=256000/256000
max-limit=256000/256000 total-queue=default-small

Script diatas berarti hanya komputer dengan IP 10.0.10.2 saja yang di batasi bandwidthnya 128Kbps internasional (overseas) dan 256Kbps local IIX (indonesia) sedangkan yang lainnya tidak dibatasi. Dengan demikian berarti Mikrotik telah berhasil mengatur pemakaian bandwidth internasional dan lokal IIX sesuai dengan yang diharapkan pada komputer 10.0.10.2 dan hanya dapat mendownload atau mengupload sebesar 128Kbps untuk internasional dan 256Kbps untuk local IIX.

This entry was posted in MikroTik and tagged . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s