Graphic Web Design, Computer Network, Balinese Culture

Loading...
28 comments
In order to create the system that is a little bit more complex, we must start from the simple things. Although this a simple do not think that it does not mean anything. I am sure the understanding of a simple things will help us to improve it into a more complex system that has never been seen before. Regardless of any shortcomings that exist in this blog, there are a negative comments and dislike in the video that I get, the passion in the new exploration is become the soul of agratitudesign want to brings a little solve for the knowledge through the case study using the experience and experiment.

In this article I will show you about the implementation QoS ROS V6 in building a simple hotspot network, how we can manage of the bandwidth management. As probably you know QoS ROS Version 6 is the improvements of all the shortcomings during along the review of  the previous versions. Also i want to show you the initial configuration in building a network using your favorite router. As an example in this case I will build a simple hotspot network using QoS V6. You can see in detail the entire configuration process through this following video!


1. Setup and Configuring Mikrotik to build a Simple Hotspot


In order to build a simple hotspot system you see the schematic picture above! Using the internet connection to the hotspot network system. I am using a modem that that will shared through 1 unit computer server connected win lan cable leading to the interface ether1 of the interface Mikrotik router RB 750. The internet will be distribute via ether2 interface to the hotspot network that will be routed through the Wireless TP-link as the access point where the client by using wifi terminal connected to the access point at first.

For that you have to do some configuration to your access point that is adjusted to the ip address of the router network configuration. You can use another access point if you don't have wireless router terminal on mikrotik router. If your router already have wireless terminal you can directly configure the router network that allow the client that is connected to your network.


The above pictures are an example of the configuration of wireless TP-Link as an access point of your router if the router don't have any wireless terminal for the access point. If you are using wireless TP-Link, please adjust the IP configuration to your network Mikrotik interfaces that you are using. The access points must use router gateway. In this case I do not use dhcp server of the access point, because the final I want to do much configuration using dhcp server from Mikrotik router centrally!

Assuming that you've done in configuring of your access point , and has connected to the router that has the Internet gateway, then we will do the mikrotik configuration using Winbox from the client that is connected to the access point. You need to set up the IP address as you have planned for the final configuration as the schematic plan above.

We have not done anything on the mikrotik configuration, we can only access the Winbox from the client using mac address as shown like the picture above. Once we enterd to Winbox, we do not use the default configuration of the router. Click on the Remove Configuration, we will do some configuration manually according to the schematic plan.
  
Give the name of your interface list, adjust it depends on where the interface router that you put with, in this case I have use ether1 and ether2, if it is not so clear, let you see the video tutorial
Ether1=wan |Ip Network =192.168.137.2/24 (public interface)
Ether2=hotspot |Ip Network =192.168.1.1/24 (local interface)
Then for more quickly you enter this following scripts to the new terminal winbox!
/ip address
add address=192.168.137.2/24 interface=wan
add address=192.168.1.1/24 interface=hotspot
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.137.1
/ip firewall nat 
add action=masquerade chain=srcnat out-interface=wan src-address=192.168.1.0/24 disabled=no comment="Masquerade Public Traffic"
Implementing QoS ROS V6 in Building DHCP Hotspot Network
Make sure your network interfaces and the gateway has been reachable, see on the Route List of your router as the left picture above, then you can setup your dhcp server for your clients. And now you can restart the router and reconnect your wireless access point to get a new ip address as a client from the dhcp server router. After this you can access the winbox using ip address 192.168.1.1 as the gateway of your router. Untill this step your internet access has been occurred. 


2. Mangle and Queue tree rules as the QoS implementation in version 6

In this case we are not using hotspot to manage the bandwidth for each client logins, I will talk about this next time. For now just enough in using general QoS to manage your clients bandwidth that connected to dhcp server so you can see about the QoS works in version 6. Ok we start by defining the configuration in Layer 7 Protocols, for more quickly, please insert the script below as usually you do in version 5!

/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"
add comment="video" name=youtube_matcher regexp="(GET \\/videoplayback\\\?|GET \\/crossdomain\\.xml)"
You can add any definition else to create the kind of connection packets that you need as the QoS of your router. Now how can we mark the connection packets in version 6, look at the mangle scripts below!
/ip firewall mangle
add action=mark-connection chain=forward disabled=no in-interface=wan new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"
 
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD FILES"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=dpkt packet-mark=all-outpkt protocol=tcp comment=""
 
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO STREAMING"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""
 
/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp comment="CLIENT BROWSING"

We just need to create the mangle rules using chain=forward with in-interface=wan (public interface) then we will separate into the kind of connection packet else, how long can you defining the connection packets, you can expand this rules as your requirements!
And second you can create the mangle rules using chain=postrouting with out-interface=hotspot (local interface) as you can see on the scripts below!

/ip firewall mangle
add action=mark-connection chain=postrouting disabled=no out-interface=hotspot new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
add action=mark-packet chain=postrouting connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"

/ip firewall mangle
add action=mark-packet chain=postrouting layer7-protocol=high new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD"
add action=mark-packet chain=postrouting layer7-protocol=document new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=postrouting connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=dpkt packet-mark=all-outpkt protocol=tcp comment=""

/ip firewall mangle
add action=mark-packet chain=postrouting layer7-protocol=youtube new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO"
add action=mark-packet chain=postrouting layer7-protocol=streaming new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=postrouting layer7-protocol=youtube_matcher new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""

 /ip firewall mangle
add action=mark-packet chain=postrouting connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp comment="CLIENT BROWSING"

Choose the mangle rule from the above scripts as you like, but don’t use both methods together, understand ? next we will implemented the queue type of the pcq rules in order to manage the bandwidth equal for all clients without knowing the ip address clients that was given by dhcp server. Then adjust this rates depends on how much bandwidth do you have, right?
/queue type
add name=pcq_upsteam kind=pcq pcq-rate=512k pcq-classifier=src-address
add name=pcq_downsteam kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_browsing kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_download kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_video kind=pcq pcq-rate=512k pcq-classifier=dst-address

And this is going to be the most important and specific rules in queue tree in QoS Version 6, how you can capture the kind connection packets that you have marked along as mangle rules. We don’t need to give any marking for upload connection packets. So this will makes the mangle rules more short against in version 5. Look at the queue tree rules below!
/queue tree
add name=Upsteam parent=wan queue=pcq_upsteam packet-mark=all-outpkt priority=8 max-limit=1000k
add name=Downsteam parent=global queue=pcq_downsteam packet-mark=all-outpkt priority=8 max-limit=1000k
add name=1.Browsing parent=Downsteam queue=pcq_browsing packet-mark=bpkt priority=1 limit-at=256k max-limit=512k
add name=2.Download parent=Downsteam queue=pcq_download packet-mark=dpkt priority=2 limit-at=256k max-limit=512k
add name=3.Video parent=Downsteam queue=pcq_video packet-mark=spkt priority=3 limit-at=256k max-limit=512k

We use the same packet-mark for upload and download, which decisive is the parent that you have used in queue tree rules. In this case upload using parent=wan as the public interface of the router and Download using parent=global then you can continue for the kind of download packets else. So this is the different when we implement the QoS in Router OS Version 6. And finally can expand this rules as your requirements to manage your bandwidth system as you like, see you!
Share This Article :
Related Articles

28 comments :

  1. sambungan..
    /ip firewall mangle
    add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BIT TORRENT"
    add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="TORRENT"
    add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="ALLP2P"
    add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no protocol=tcp comment="TORRENT PORT"

    /ip firewall mangle
    add action=mark-packet chain=forward connection-bytes=0-1000000 passthrough=no packet-mark=all-outpkt new-packet-mark=bpkt protocol=tcp comment="BROWSING"

    /queue tree
    add name=Upsteam parent=ether2 queue=default packet-mark=all-outpkt priority=8 max-limit=3M
    add name=1.Upsteam parent=Upsteam queue=default packet-mark=all-outpkt priority=3 max-limit=1250M
    add name=Downsteam parent=global queue=default packet-mark=all-outpkt priority=8 max-limit=17M
    add name=1.Browsing parent=Downsteam queue=default packet-mark=bpkt priority=2 limit-at=256k max-limit=3M
    add name=2.Download Extensions parent=Downsteam queue=default packet-mark=dpkt priority=3 limit-at=256k max-limit=2M
    add name=3.Android parent=Download queue=default packet-mark=all-outpkt priority=5 limit-at=150k max-limit=2M
    add name=4.Video parent=Downsteam queue=default packet-mark=spkt priority=7 limit-at=128k max-limit=384k
    add name=5.P2P&Torrent parent=Download queue=default packet-mark=tpkt priority=7 limit-at=128k max-limit=384k

    Menurut pak ketut apakah sdh benar utk rule diatas?.
    Oh iya saya tdk menerapkan konsep pcq, jd sy buat default.

    Terimaksh,
    Salam Anggoro WP

    ReplyDelete
    Replies
    1. what is WP, I've just remember WP=Wordpress? lol..!
      /queue tree
      add name=Upsteam parent=ether2 queue=default packet-mark=all-outpkt priority=8 max-limit=3M
      add name=1.Upsteam parent=Upsteam queue=default packet-mark=all-outpkt priority=3 max-limit=1250M

      this is using the same packet-mark=all-outpkt, so what's point the second rule ? in this case enough just using first rule for capturing the upload packet. Yang lainnya sudah benar tp ingat layer 7 ditambahkan difinisi torrent

      Delete
    2. Sorry sir for my comment, agak acak2an.. wp is my lastname pak ketut.
      this's first mangle and then 'sambungan' is second rule..
      My point is, in rule 2.Mangle forward and postrouting , which used? or one only.. `
      in my concept network: modem > rb450/750 > swicth/hub(tplink wireless n lan hub)
      1.ether2=local(lan/wifi) > 192.168.x.x/24
      2.ether1=publik(isp) > 192.168.x.x/24

      /ip firewall mangle
      add action=mark-connection chain=forward disabled=no in-interface=ether1 new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
      add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"
      or
      /ip firewall mangle
      add action=mark-connection chain=postrouting disabled=no in-interface=ether1 new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
      add action=mark-packet chain=postrouting connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"

      /ip firewall mangle
      add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD"
      add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment=""

       /ip firewall mangle
      add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO"
      add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""
      add action=mark-packet chain=forward layer7-protocol=youtube1 new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""

      /ip firewall mangle
      add action=mark-packet chain=forward layer7-protocol=ANDROID packet-mark=all-outpkt new-packet-mark=all-apkt passthrough=no comment="ANDROID"
      add action=mark-packet chain=forward layer7-protocol=OBB packet-mark=all-outpkt new-packet-mark=all-apkt passthrough=no comment=""
      add action=mark-packet chain=forward layer7-protocol=PS packet-mark=all-outpkt new-packet-mark=all-apkt passthrough=no comment=""

      i will try implement to rb450 n rb750, please correction sir..

      Delete
    3. Maaf baru bisa menjawab!
      mangle chain postrouting harusnya ini ya

      /ip firewall mangle
      add action=mark-connection chain=postrouting disabled=no in-interface=ether2 new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"

      ke public interface, kemudian layer7 android dll sudah dilengkapi? selebihnya saya kira anda sudah mengerti

      Delete
    4. Trims pak ketut koreksi dan jwbnnya, berarti ether2 publik interface / utk parent upload ya pak, akan sy coba. layer7 android dstnya sdh pak, seperti ini:
      /ip firewall layer7-protocol
      add comment="android" name=playstore regexp="^.+.c.android.clients.google.com.*\$"
      /ip firewall layer7-protocol
      add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov|cab|dat|bin|asf|msi|msu|rm|vcd|wmv|wav|daa).*\$"
      add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt|img|jpg|png|bmp|gif|jpeg).*\$"
      /ip firewall layer7-protocol
      add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
      add comment="video" name=youtube1 regexp="(GET \\/videoplayback\\\?|GET \\/crossdomain\\.xml)"
      add comment="video" name=streaming regexp="videoplayback|video"

      regex pd android=c.android.clients.google.com, sy ambil dr dns cache klo di routerOs_v5 ini tertangkap jika client pakai wifi, tp yg aneh setelah sy coba malah tertangkap pd regex="videoplayback|video" baik itu streaming n playstore.
      adakah saran pak utk tangkap paket playstore sendiri dan tdk mengikat regex 'video'? atau mungkin sdh bawaan dr google, ini asumsi sy saja :)

      Delete
    5. Oh iya pak ketut, mark-paket pd mangle postrouting bknnya hrs out-interface ya, krn utk paket yg keluar. klo in-interface tdk mau.. sperti ini bukan:
      /ip firewall mangle
      add action=mark-connection chain=postrouting disabled=no out-interface=ether2 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
      add action=mark-packet chain=postrouting connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment=""

      lalu utk upload queue tree sy buat begini:
      /queue tree
      add name=Upsteam parent=ether1 queue=default packet-mark=all-inpkt priority=8 max-limit=3M
      add name=1.Upsteam parent=Upsteam queue=default packet-mark=all-inpkt priority=3 max-limit=1250k

      sdh sy coba dan jalan beserta mangle-postrouting, layer7 dstnya. ada kendala saat sy coba upload file, ping jd besar.. sy coba siasati dgn mangle ping, mangle sy taruh paling bwh. sperti ini:
      /ip firewall mangle add chain=prerouting \
      protocol=icmp action=mark-connection \
      new-connection-mark=ICMP_CONNECTION \
      passthrough=yes comment="ICMP_CONNECTION" \
      disabled=no
      /ip firewall mangle add chain=prerouting \
      protocol=icmp connection-mark=ICMP_CONNECTION \
      action=mark-packet new-packet-mark=ICMP_PACKET \
      passthrough=no comment="ICMP_PACKET" \
      disabled=no
      /queue tree add name="PING" \
      parent=global packet-mark=ICMP_PACKET \
      limit-at=0 queue=default priority=1 max-limit=0 \
      burst-limit=0 burst-threshold=0 burst-time=0s

      ping sdh tdk besar lg, tp akan sy pantau kestabilannya. Trims pak ketut

      Delete
    6. Oh ya bener pake out-inteface, salah ketik, maaf lagi fokus sama hal lain. Terima kasih sudah sharing pengalamannya, sebagai catatan juga buat temen-temen semua! terutama yang msh belum berhasil menerapkannya. Paket playstore Untuk aplikasi untuj mobile ya? saya belum pernah melakukan penelitian, maklum hpnya jadul

      Delete
    7. Yup bnr pak ketut utk mobile/smartphone android (playstore). Ini yg msh sy telusur, krn menguras bandwith jika client donlot aplikasi 'playstore' serta 'streaming' dan transmit ping jd besar. klo by web streaming paket tertangkap, tp klo melalui smartphone tdk ada byte-packet yg msk. Solusi dr sy sendiri menggunakan routerOs_v5.26 dgn konsep 'Complete Queue Tree for Dynamic and Static IP' yg pak ketut tulis diblog dan sedikit sy modif. Jd paket macem 'playstore' dan 'streaming' tertangkap pd mangle lalu diteruskan pd HTB QoS queue tree > all-outpkt. Jd sedikit curhat pak..hehehe.

      Delete
    8. Excellent!, bagus sekali...!
      regexp="^.+.c.android.clients.google.com.*\$"
      berlaku untuk semua aplikasi android kah? ada pertanyaan juga untuk membatasi aplikasi Android Apps - Viber ( Free Calls & Messages), pernah makek ga?

      Delete
    9. Ini untuk membuat paket koneksi P2P dari Wiki Mikrotik
      jika error masukin secara manual regexpnya, kl ada waktu di cek validitasnya!

      [pre]
      =============================
      P2P
      =============================
      /ip firewall layer7-protocol
      add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
      add name=goboogy regexp="|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
      add name=soribada regexp="^GETMP3\r\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$"
      add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\r\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)"
      add name=poco regexp="^\80\94\n\01....\1F\9E"
      add name=applejuice regexp="^ajprot\r\n"
      add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\nEnd(Public|AES)Key\n\$"
      add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
      add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
      add name=hotline regexp="^....................TRTPHOTL\01\02"
      add name=kugoo regexp="^1..\8E"
      add name=ares regexp="^\03[]Z].\?.\?\05\$"
      add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
      add name=100bao regexp="^\01\01\05\n"
      add name=gnucleuslan regexp="gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
      add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
      add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
      add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
      add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
      add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
      add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\n\0B](glob|who are you\$|query data)"
      add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>................................</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host:\_imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)"
      [/pre]

      Delete
    10. maaf br smpat bls pak, utk regexp="^.+.c.android.clients.google.com.*\$" klo sy perhatikan tdk semua, hny aplikasi besar. dgn notifikasi 'Download using Wi-Fi only'. tp kdng kala utk aplikasi small semisal file beberapa mb sempat terbaca jg. utk percobaan krn sy msh test, sy membuat beberapa mangle:
      /ip firewall mangle
      add action=mark-packet chain=forward action=mark-packet new-packet-mark=apkt passthrough=no layer7-protocol=ANDROID packet-mark=all-outpkt
      add action=mark-packet chain=forward action=mark-packet new-packet-mark=apkt passthrough=no layer7-protocol=OBB packet-mark=all-outpkt
      add action=mark-packet chain=forward action=mark-packet new-packet-mark=apkt passthrough=no layer7-protocol=PS packet-mark=all-outpkt

      [wisnu@RTMIDJKT] > /ip firewall layer7 print
      # NAME REGEXP
      0 ;;; BIT TORENT
      bittorrent ^(\13bittorrent protocol|azver1$|get /scrape\\?info_hash=)|d1:ad2:id20:|87P\)[RP]
      1 ;;; TORRENT WEBSITES
      torrentsites ^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|f...
      2 ANDROID ^.+.c.android.clients.google.com.*$
      3 high ^.*get.+\.(aac|asf|bin|daa|cab|dat|exe|rar|iso|zip|mpe|mpeg|7zip|0[0-9][1-9]|flv|m...
      4 document ^.*get.+\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt|jpg|png|bmp|gif|jpeg|tiff|wmf).*$
      5 OBB ^.*get.+\.(c.play.google.com).*$
      6 PS ^.+.c.play.google.com.*$
      7 youtube ^.*get.+\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*$
      8 streaming videoplayback|video
      agar tdk lost, sy buat 3 mangle.. Jika msh lost, packet tercapture/terlimit pd queue tree di field/parent child undefined > all-outpacket > mangle download.
      perhatikan jg pd mangle video/streaming > dgn regexp=videoplayback|video, ini yg sempat sy bingungkan pak, krn byte-packet playstore msk pd mangle video..hehehe atau bs didisable dahulu utk melihat 3 mangle diatas msk atau ndak.

      aplikasi - viber sy blm pernah pakai pak ketut hehe.. mungkin bs ditelusur dgn tools dr mikrotik > torch utk lht jalur koneksinya. atau bs jg melihat cache dr dns mikrotiknya.

      Delete
  2. klu setingan di atas kan untuk satu hotspot mas. klu untuk dua hotspot dan masing2 hotspot saya kasi bandwith 1MB gmana mas caranya..........

    ReplyDelete
    Replies
    1. Maaf kalau jawaban saya agak lama ya! saya masih sedang melakaukan research building and managing hotspot. Untuk sekarang ini silankan membaca referensi ini dulu ya! building hotspot server

      Delete
  3. how can i empliment this method with doul wan load balancing in pc sir ???

    ReplyDelete
    Replies
    1. Ali Gohar what do you talking about? is this your face? I want to ask you, what the series routerboard that you use? I think I have explained and implemented dual wan load balancing in version 5. I have not implemented it in version 6, but i think is not so different. For now I just can advice you to try this in version 5 you can downgrade the system at first

      Delete
  4. kalau bandwith 20M kira2 berapa setting idealnya bli?

    ReplyDelete
  5. kalau untuk Qos vesi 5. apa tinggal di ganti parenya aja apa gimana mas.
    contoh :
    add name=Upsteam parent=wan DIGANTI MENJADI global-in
    add name=Downsteam parent=global DIGANTI MENJADI global-out
    tolong pencerahanya master......

    ReplyDelete
  6. Hallo Mas Agus,
    Gimana kl mau diterapkan mrnggunakan proxy eksternal sejajar mikrotik nya, cara buat mangle untuk tangkap paket dari proxy, baik paket HIT maupun paket koneksi proxy ke internet, karena kl paket proxt ke internet tidak dibatasi maka bandwidth akan terpakai semua oleh proxy?

    Thanks,

    ReplyDelete
    Replies
    1. Kok pertanyaan saya ini nggak di jawab jawab, tolong dong mas di jawab, sekalian saya mau coba tambah satu local network lagi di ether3 dan proxy external di ether4. Di tolong ya mas bro untuk bantuan ilmu nya..
      Makasih mas bro

      Delete
    2. Maaf pertanyaannya sangat inspiratif, sebetulnya di blog ini banyak referensi yang secara implisit, bisa akang kombinasikan untuk mencapai tujuan ini. Saya belum bisa memperagakan secara eksplisit karena jaringan saya hanya menggunakan 1 network mask. Next time I will back for this, but sebagai referensi kita bisa membuat masquerade untuk masing2 network mask kemudian membuat mangle rule untuk masing2 network mask dan redirect each networks to the proxy.

      Delete
    3. Malam mas, masalah ku di atas sudah terpecahkan, aku coba obok obok sendiri dan berhasil juga ahirnya, kemaren cuma bingung mau pake preproting dan postrouting di gabung bisa apa nggak? tapi setelah di coba akhirnya bisa mas..terima kasih untuk tutor nya yang bermanfaat untuk nambah ilmu, maklum newbe mas. sekali lagi terima kasih untuk semua nya.

      Delete
  7. This is extremely helpful info!! Very good work. Everything is very interesting to learn and easy to understood. Thank you for giving information.
    Signature:
    download free Descargar Whatsapp Para Android and download baixar whatsapp para celular online and descargar whatsapp , baixar whatsapp gratis

    ReplyDelete
  8. Mas kalau pakai preroting di mikroti v6 bisa nggak? Karena tutor di atas kan cm ada dua pilihan, pakai forward atau postrouting.
    Thanks

    ReplyDelete
  9. When you're tired, you want to relax after a stressful working hours, you need to have time to take care of the kids active.
    Please visit our website and play exciting flash games.
    Thanks you for sharing!
    Friv 4

    ReplyDelete
  10. Satu lagi mas, kl mau menambahkan mangle untuk menstabilkan ping di taruh dimana mangle nya, tolong di bantu ya mas...thanks

    ReplyDelete
  11. Thank you very much for this blog. Having actual script that I can examine was more help than you can imagine !

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete

Back to Top