Load Balancing 4 Line Speedy

•May 11, 2009 • Leave a Comment

MMM      MMM       KKK                          TTTTTTTTTTT      KKK
MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

# may/11/2009 10:24:04 by RouterOS 2.9.27
# software id = 2RS9-M0T
# Continue reading ‘Load Balancing 4 Line Speedy’

Load Balancing 3 Line Speedy

•May 10, 2009 • Leave a Comment

ilustrasi_mikrotik_speedyMencoba berbagi pengalaman karena baru saja disuruh load balancing 3 line speedy dengan mikrotik. Walaupun mungkin bisa dikatakan belum sempurna, tapi tidak ada salahnya tho bagi-ilmu?? :D

Load balancing yang coba aku bahas saat ini dilakukan pada mikrotik 2.9 (Jadul euy) yang diinstall pada PC pentium 3 dengan ethernet card sebanyak 4 buah yang diinstal di slot PCI.

Gambaran topologi yang aku tulis seperti ini :

topology-balancing

Langkah-langkah load balancing :

  1. Ubah IP dan Nama interface ethernet tiap port ehternet seperti contoh gambar di atas.
    Ex : Ether1 -> Nama interface diganti menjadi “local” dan IP di set 192.168.10.1/24
  2. Mulai dengan menambah  gateway di mikrotik
    ip route add dst-address=0.0.0.0/0 gateway 192.168.1.1 scope=255 target-scope=10 routing-mark=satu comment="" disabled=no
    
    ip route add dst-address=0.0.0.0/0 gateway 192.168.2.1 scope=255 target-scope=10 routing-mark=dua comment="" disabled=no
    
    ip route add dst-address=0.0.0.0/0 gateway 192.168.3.1 scope=255 target-scope=10 routing-mark=tiga comment="" disabled=no
  3. Dilanjutkan dengan menggunakan ip firewall mangle
    ip firewall mangle
    
    add chain=prerouting in-interface=local connection-state=new nth=2,3,0 action=mark-connection new-connection-mark=satu passtrough=yes comment="load balancing" disabled=no
    
    add chain=prerouting in-interface=local connection-mark=satu action=mark-routing new-routing-mark=satu passthrough=no comment="" disabled=no
    
    add chain=prerouting in-interface=local connection-state=new nth=2,3,1 action=mark-connection new-connection-mark=dua passtrough=yes comment="" disabled=no
    
    add chain=prerouting in-interface=local connection-mark=dua action=mark-routing new-routing-mark=dua passthrough=no comment="" disabled=no
    
    add chain=prerouting in-interface=local connection-state=new nth=2,3,2 action=mark-connection new-connection-mark=tiga passtrough=yes comment="" disabled=no
    
    add chain=prerouting in-interface=local connection-mark=tiga action=mark-routing new-routing-mark=tiga passthrough=no comment="" disabled=no
  4. dan yan terakhir dengan proses NAT
    ip firewall nat add chain=srcnat out-interface=speedy1 action=masquerade
    
    ip firewall nat add chain=srcnat out-interface=speedy2 action=masquerade
    
    ip firewall nat add chain=srcnat out-interface=speedy3 action=masquerade

Selamat mencoba… :)

Sumber : http://infonesia.info

Cara Mengatasi Error “NTLDR” is Missing di Windows XP

•May 6, 2009 • Leave a Comment

Kadang kita menemui komputer Windows XP kita tidak bisa booting lagi dan muncul pesan error “NTLDR is Missing“. Hal ini terjadi karena hilang atau corrupt-nya file-file berikut :

  • NTLDR
  • Ntdetect.com
  • boot.ini

Untuk mengatasi error “NTLDR is Missing” ini bisa dilakukan dengan panduan yang diberikan oleh pihak Microsoft. Cara ini telah saya coba sendiri dan terbukti, panduannya silahkan diterjemahkan sendiri OK !

Microsoft : Generally there are 2 methods to resolve this NTLDR issue.

A. Manual File Re-Patching
This method attempts to copy and replace the corrupted file from the Windows Installation disc to your hard disk. To start, follow these steps:

1. Insert the Windows XP CD into your computer as default boot up media.
2. Enter Windows Recovery Console
3. At the command prompt, assuming drive D refers to your CD Drive, type in the following and hit Enter:
Press Y when prompted to overwrite any existing file.
* copy D:\i386\ntldr C:\
* copy D:\i386\ntdetect.com C:\
4. Restart the computer

If the error message still persist, it is likely that your boot.ini file is corrupted. Try to fix your corrupted boot.ini file instead. Follow the next step.

B. Manually Editing the Boot.ini File

1. Boot from your Windows XP CD in your computer
2. Enter Windows Recovery Console
3. Type in: type c:\Boot.ini
This command checks for a valid Boot.ini file. If your boot file is working fine, you should see like the following:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect

4. If you receive the following error messages instead of the above message being displayed, your boot.ini file is corrupted or missing:
* The system cannot find the file or directory specified
* File not found – boot.ini

5. To write a new boot.ini file, follow these steps:
* Type in: edit.com
The MS-DOS editor will launch.
* Type in the following and save it as a boot.ini

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect

IMPORTANT: partition(1) refers to your first partition of your hard disk which Windows is typically installed on. You may need to change the value if Windows is installed in a different partition.

6. Reboot your computer and the problem should be resolved.

sumber: http://blog.nazmi.web.id

Cara Ampuh Amankan Facebook Anda

•May 3, 2009 • Leave a Comment

Akhir-akhir ini marak kita dengar usaha pembobolan account Facebook di sekitar kita. Bagaimana hal ini bisa terjadi? Padahal sebagian besar dari kita telah sangat mempercayai layanan social networking ini dalam komunikasi sehari-hari. Kemudian, pertanyaan berikutnya setidaknya adalah bagaimana cara mengamankan account Facebook kita dari ancaman ini.

Berikut in merupakan langkah-langkah antisipasi yang bisa diambil untuk mengamankan account Facebook kita.

  1. Hindari Login melalui http://www.facebook.com , karena halaman ini tidak dienkripsi. Informasi Login Anda memang dienkripsi, namun karena form login ini berada dalam sebuah frame, user tidak dapat melihat apakah semuanya terenkripsi atau tidak.
  2. Lakukan proses login Anda dari halaman https://login.facebook.com/login.php?login_attempt =1. Anda dapat memastikan bahwa login yang Anda lakukan aman dengan mengecek sebelah kanan bawah browser yang menampilkan ’lock sign’.
  3. Jangan melanjutkan proses Login jika terdapat peringatan bahaya (security alert). Anda dapat segera menghentikan proses yang ’tidak aman’ tersebut dengan tombol ’Esc’.
  4. Jangan lupa untuk selalu melakukan Logout setelah selesai mengakses account Facebook Anda. Dengan hanya mematikan browser tanpa proses Logout, berarti Anda telah meninggalkan ’session’ Anda untuk diakses orang lain. Oleh karenanya sangat penting untuk Anda selalu melakukan Logout.
  5. Jangan terbiasa bekerja dengan hak sebagai system administrator. Akan sangat berbahaya jika Anda membuka email, gambar maupun dokumen dengan mempergunakan account administrator, karena hal ini akan membuka kemungkinan bagi penjahat cyber untuk mengambilalih komputer Anda.
  6. Waspada terhadap Malicious Facebook Widget. Widget atau aplikasi tambahan dapat memberikan kesempatan bagi pembuatnya untuk menyelipkan coding program untuk mengakses informasi penting dari komputer target. Hingga saat ini ada dua macam Malicious Facebook Widget yang dilaporkan menyerang pengguna Facebook, yaitu Secret Crush dan Error Check System.
  7. Hati-hati dalam memilih komputer untuk dipakai. Jika Anda terbiasa memakai komputer umum atau berganti-ganti komputer, seperti di rental atau pun warung Internet (warnet), maka Anda harus berhati-hati dalam memilih dan mempergunakan. Hal ini disebabkan tidak adanya jaminan update security yang maksimal dari komputer tersebut. Padahal komputer yang telah terinfeksi Koobface Worm, atau keylogger dapat mencuri data user beserta passwordnya.
  8. Hati-hati dalam memilih jaringan koneksi Wi-Fi Internet. Hanya proses login Facebook yang dienkripsi mempergunakan SSL/TLS (https). Sementara itu cookies Facebook akan dengan sangat mudah diambil dari udara (melalui sinyal koneksi Wi-Fi Internet). Wi-Fi diproteksi enkripsi WEP yang dengan mudah dipatahkan dalam waktu 10 menit. Saat ini setiap orang dapat saja dengan mudah membuat hotspot dan memberikan free-access kepada Anda. Tapi yang harus Anda waspadai adalah tingkat keamanan akses yang ditawarkan, karena dengan mengakses Facebook di jaringan koneksi yang tidak terlindungi, sama saja memberikan data private Anda secara cuma-cuma.
  9. Pikirkanlah masalah keamanan sebelum Anda melakukan click pada ’Wall’. Posting pada Wall merupakan salah satu cara penyebaran Koobface ataupun malware lainnya, oleh karenanya Anda harus berhati-hati mengaksesnya.
  10. Yang terakhir adalah cara bagaimana kita meningkatkan kepedulian akan bahaya keamanan Facebook ini pada orang-orang sekitar kita. Karena dengan meningkatnya kewaspadaan orang-orang di sekitar kita juga akan mendukung keamanan kita.

sumber:padangkini.com

Load Balancing 3 Line Speedy

•April 22, 2009 • Leave a Comment

MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

/ interface ethernet
set Local name=”Local” mtu=1500 mac-address=0A:C0:18:1A:3C:8A arp=enabled disable-running-check=yes auto-negotiation=no \
full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
set Speedy1 name=”Speedy1″ mtu=1500 mac-address=0A:C0:18:1A:3C:75 arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”” disabled=no
set Speedy2 name=”Speedy2″ mtu=1500 mac-address=C0:10:18:C0:30:94 arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”” disabled=no
set Speedy3 name=”Speedy3″ mtu=1500 mac-address=00:0C:6E:D3:0D:FC arp=enabled disable-running-check=yes \
auto-negotiation=no full-duplex=yes cable-settings=default speed=1Gbps comment=”” disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server
add name=”vpn” user=”” disabled=no
/ interface pptp-server server
set enabled=yes max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 default-profile=vpn
/ interface pppoe-client
add name=”pppoe-out1″ max-mtu=1480 max-mru=1480 interface=Speedy2 user=”111401104174@telkom.net” password=”sttlqg13mc” \
profile=default service-name=”” ac-name=”” add-default-route=yes dial-on-demand=no use-peer-dns=no \
allow=pap,chap,mschap1,mschap2 disabled=no
/ ip pool
add name=”dhcp_pool1″ ranges=10.2.1.1-10.2.1.252,10.2.1.254
add name=”vpn” ranges=172.16.1.1-172.16.1.6
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=yes
set www port=7479 address=0.0.0.0/0 disabled=no
set ssh port=1981 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip dns static
add name=”www.ktr-pjk-pdg.org” address=10.2.1.253 ttl=1d
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=10.2.1.253/24 network=10.2.1.0 broadcast=10.2.1.255 interface=Local comment=”” disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Speedy1 comment=”” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Speedy2 comment=”” disabled=no
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=Speedy3 comment=”” disabled=no
add address=172.16.1.1/29 network=172.16.1.0 broadcast=172.16.1.7 interface=Local comment=”” disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip neighbor discovery
set Local discover=yes
set Speedy1 discover=yes
set Speedy2 discover=yes
set Speedy3 discover=yes
set pppoe-out1 discover=no
set vpn discover=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=speedy1 comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 target-scope=10 routing-mark=speedy2 comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 routing-mark=speedy3 comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=125.165.112.1 scope=255 target-scope=10 comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes comment=”Prio \
P2P” disabled=yes
add chain=prerouting connection-mark=prio_conn_p2p action=mark-packet new-packet-mark=prio_p2p_packet passthrough=no \
comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”Prio Download_Services” disabled=yes
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection new-connection-mark=prio_conn_download_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_download_services passthrough=yes comment=”” disabled=yes
add chain=prerouting connection-mark=prio_conn_download_services action=mark-packet new-packet-mark=prio_download_packet \
passthrough=no comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”Prio Ensign_Services” disabled=yes
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000 action=mark-connection \
new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting connection-mark=prio_conn_ensign_services action=mark-packet new-packet-mark=prio_ensign_packet \
passthrough=no comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_user_services passthrough=yes comment=”Prio User_Request” disabled=yes
add chain=prerouting protocol=tcp dst-port=8291 packet-size=1400-1500 action=mark-connection \
new-connection-mark=prio_conn_user_services passthrough=yes comment=”” disabled=yes
add chain=prerouting connection-mark=prio_conn_user_services action=mark-packet new-packet-mark=prio_request_packet \
passthrough=no comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”Prio_Communication” disabled=yes
add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=udp dst-port=5060 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection new-connection-mark=prio_conn_comm_services \
passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=ipencap action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=gre action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=ipsec-esp action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=ipsec-ah action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=ipip action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting protocol=encap action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes \
comment=”” disabled=yes
add chain=prerouting connection-mark=prio_conn_comm_services action=mark-packet new-packet-mark=prio_comm_packet \
passthrough=no comment=”” disabled=yes
add chain=prerouting in-interface=Local connection-state=new nth=2,1,0 action=mark-connection new-connection-mark=speedy1 \
passthrough=yes comment=”LB 3 Line Speedy” disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy1 action=mark-routing new-routing-mark=speedy1 \
passthrough=no comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=2,1,1 action=mark-connection new-connection-mark=speedy2 \
passthrough=yes comment=”” disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy2 action=mark-routing new-routing-mark=speedy2 \
passthrough=no comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=2,1,2 action=mark-connection new-connection-mark=speedy3 \
passthrough=yes comment=”” disabled=no
add chain=prerouting in-interface=Local connection-mark=speedy3 action=mark-routing new-routing-mark=speedy3 \
passthrough=no comment=”” disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=speedy1 action=src-nat to-addresses=192.168.1.2 to-ports=0-65535 comment=”NAT 2 CLIENT” \
disabled=no
add chain=srcnat connection-mark=speedy2 action=src-nat to-addresses=125.165.115.184 to-ports=0-65535 comment=”” \
disabled=no
add chain=srcnat connection-mark=speedy3 action=src-nat to-addresses=192.168.3.2 to-ports=0-65535 comment=”” disabled=no
add chain=srcnat src-address=172.16.1.0/29 action=masquerade comment=”NAT VPN” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment=”Block Bogus IP Address” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward src-address=192.168.1.99 protocol=tcp content=www action=drop comment=”block browsing 1″ disabled=yes
add chain=forward src-address=192.168.1.7 content=!www action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.8 protocol=tcp content=www action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.9 action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.10 content=!www action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.11 protocol=tcp content=www action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.12 protocol=tcp content=www action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.99 protocol=tcp content=http: action=drop comment=”block browsing 2″ disabled=yes
add chain=forward src-address=192.168.1.4 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.5 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.6 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.7 content=!http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.8 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=input src-address=192.168.1.9 action=drop comment=”” disabled=yes
add chain=input src-address=192.168.1.10 content=!http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.11 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=forward src-address=192.168.1.12 protocol=tcp content=http: action=drop comment=”” disabled=yes
add chain=forward protocol=icmp icmp-options=11:0 action=drop comment=”Drop Traceroute” disabled=no
add chain=forward protocol=icmp icmp-options=3:3 action=drop comment=”Drop Traceroute” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop SSH brute forcers” \
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list \
address-list=ssh_blacklist address-list-timeout=1w3d comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list \
address-list=ssh_stage3 address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list \
address-list=ssh_stage2 address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”Port Scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”” disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter FTP to Box” \
disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”” \
disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h comment=”” disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate Protocol into Chains” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”” disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”” disabled=no
add chain=input protocol=tcp action=jump jump-target=tcp comment=”” disabled=no
add chain=input protocol=udp action=jump jump-target=udp comment=”” disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking UDP Packet” disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”” disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”” disabled=no
add chain=udp protocol=udp dst-port=445 action=drop comment=”” disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”” disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”” disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=25 action=drop comment=”Bloking TCP Packet” disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”———— Virus — Conficker” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”” disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”” disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited Ping Flood” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”” disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”” disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”” disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”” disabled=no
add chain=icmp protocol=icmp action=drop comment=”” disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
add chain=input connection-state=established action=accept comment=”Connection State” disabled=no
add chain=input connection-state=related action=accept comment=”” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”” disabled=no
add chain=input connection-state=invalid action=drop comment=”” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=yes
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=yes
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” html-directory=hotspot rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
transparent-proxy=yes open-status-page=always advertise=no
/ ip dhcp-server
add name=”dhcp1″ interface=Local lease-time=3d address-pool=dhcp_pool1 bootp-support=static authoritative=after-2sec-delay \
disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.2.1.0/24 gateway=10.2.1.253 comment=””
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” disabled=no
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=memory disabled=no
add topics=critical prefix=”” action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=””
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”ROUTER-NET”
/ system note
set show-at-login=yes note=””
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default \
change-tcp-mss=yes comment=””
add name=”vpn” local-address=vpn remote-address=vpn use-compression=default use-vj-compression=default \
use-encryption=required only-one=default change-tcp-mss=default dns-server=203.130.193.74 comment=””
set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes \
only-one=default change-tcp-mss=yes comment=””
/ ppp secret
add name=”areksitiung” service=pptp caller-id=”” password=”sentot” profile=vpn routes=”” limit-bytes-in=0 \
limit-bytes-out=0 comment=”” disabled=no
/ ppp aaa
set use-radius=yes accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \
red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”DreamNet” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 interface=Local parent=none direction=both \
priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Down_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_download_packet direction=both \
priority=5 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Ensign_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_ensign_packet direction=both \
priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”User_Request” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_request_packet direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Communication” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=prio_comm_packet direction=both priority=3 queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name=”Kasir” target-addresses=192.168.1.99/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default-small \
disabled=no
add name=”Client1″ target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client2″ target-addresses=192.168.1.4/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client3″ target-addresses=192.168.1.5/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client4″ target-addresses=192.168.1.6/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client5″ target-addresses=192.168.1.7/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client6″ target-addresses=192.168.1.8/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client7″ target-addresses=192.168.1.9/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client8″ target-addresses=192.168.1.10/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client9″ target-addresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
add name=”Client10″ target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=Local parent=DreamNet direction=both \
priority=8 queue=default-small/default-small limit-at=16000/32000 max-limit=32000/128000 total-queue=default \
disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” disabled=yes
add name=”areksitiung” group=full address=0.0.0.0/0 comment=”” disabled=no
add name=”nanda” group=full address=0.0.0.0/0 comment=”” disabled=no
add name=”riko” group=full address=0.0.0.0/0 comment=”” disabled=no
add name=”padang” group=full address=0.0.0.0/0 comment=”” disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=”” location=””
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no \
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import=”” \
prefix-list-export=”” disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no \
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

Load Balancing 3 Line Speedy + Setingan Dasar

•April 9, 2009 • Leave a Comment

IP address
Load balancer = 192.168.8.10
Mikrotik dengan 3 lan card:
—> Eth1 = 192.168.8.1 (ke load balancer)
—> Eth2 = 192.168.15.1 (ke IPCOP)
—> Eth3 = 192.168.1.1 (ke Switch/hub)
IPCOP = 192.168.15.10

Modem di set mode bridge, jadi yang dial PPPoE dari loadbalancer nya

2. Setting Mikrotik

—> Ethernet Card

name=”Speedy” mtu=1500 mac-address=4C:00:10:1B:4E:6F arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Lokal” mtu=1500 mac-address=00:02:2A:BF:E2:08 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Squid” mtu=1500 mac-address=00:0E:2E:01:62:24 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

—> IP address

[admin@satelit-internet]/ip address
add address=192.168.8.1/24 interface=Speedy
add address=192.168.1.1/24 interface=Lokal
add address=192.168.15.1/24 interface=Squid

—> DNS

[admin@satelit-internet]/ip dns
set primary-dns=192.168.8.10 allow-remote-request=yes

—> Route

[admin@satelit-internet]/ip route
add gateway=192.168.8.10

—> NAT

[admin@satelit-internet]/ip firewall nat
add chain=dstnat src-address=!192.168.8.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.8.10 to-ports=818

add chain=srcnat out-interface=Speedy action=masquerade

tujuannya membelokkan semua port 80 dari client ke port 818 (squid IPCOP) yang berfungsi sebagai web proxy

—> Mangle

tujuannya
memisahkan bandwidth internasional dan lokal (OpenIXP dan IIX)
Daftar IP Address yang diadvertise di OpenIXP dan IIX dapat di download di http://www.mikrotik.co.id/getfile.php?nf=nice.rsc
File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia setiap pagi sekitar pk 05.30, dan merupakan data yang telah di optimasi untuk menghilangkan duplikat entry dan tumpang tindih subnet.
Untuk tutorial auto import script ke mikrotik bisa diintip disini

[admin@satelit-internet] >/ip firewall mangle

add chain=forward dst-address=192.168.1.0/24 action=change-ttl new-ttl=set:1 comment=”change TTL”

add chain=forward out-interface=internet protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 comment=”change mss”

add chain=forward content=X-Cache: HIT action=mark-connection new-connection-mark=squid_conn passthrough=yes comment=”squid proxy”

chain=forward connection-mark=squid_conn action=mark-packet new-packet-mark=squid_packet passthrough=no

/* Prioritaskan ping dan DNS */

add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp passthrough=yes comment=”icmp”

add chain=prerouting connection-mark=icmp action=change-tos new-tos=min-delay

add chain=prerouting connection-mark=icmp action=mark-packet new-packet-mark=icmp passthrough=no

add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS passthrough=yes comment=”DNS”

add chain=prerouting connection-mark=DNS action=change-tos new-tos=max-throughput

add chain=prerouting protocol=udp dst-port=53 connection-mark=DNS action=mark-packet new-packet-mark=DNS passthrough=no

add chain=forward protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=IRC passthrough=yes comment=”irc”

add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=6000-7000 action=mark-packet new-packet-mark=irc passthrough=no

add chain=forward connection-mark=IRC action=mark-packet new-packet-mark=irc passthrough=no

/* Upload Connections */

add chain=prerouting src-address=192.168.1.0/24 dst-address-list=!nice action=mark-packet new-packet-mark=upload comment=”upload” passthrough=no

/* Download Connections hanya untuk bandwidth internasional (OpenIXP) */

add chain=forward dst-address=!192.168.1.0/24 connection-mark=!squid_conn dst-address-list=!nice action=mark-connection new-connection-mark=download passthrough=yes comment=”download”

add chain=forward connection-mark=download action=mark-packet new-packet-mark=download passthrough=no

—> Queue type

[admin@satelit-internet]/queue tree

add name=”pfifo-64″ kind=pfifo pfifo-limit=64

add name=”pcq-down” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

add name=”pcq-up” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

—> Queue Tree

[admin@satelit-internet]/queue tree

add name=”download” parent=lan packet-mark=download limit-at=0 queue=pcq-down priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

—> Queue simple

[admin@satelit-internet]/queue simple

add name=”squid” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_packet direction=both priority=8 queue=default-small/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”irc” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=irc direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 max-limit=16000/16000 total-queue=default-small

add name=”DNS” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=DNS direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”icmp” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”parent” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=download,upload direction=both priority=8 queue=default-small/pcq-down limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”Satelit-01″ target-addresses=192.168.1.100/32 dst-address=0.0.0.0/0 interface=all parent=parent packet-marks=download,upload direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
.
.
.
dst sampe 15 client

source: http://echo.or.id

Kamus Populer Inggris – Jawa

•April 9, 2009 • Leave a Comment

Sedoyo, bagi yg lagi belajar bhs inggris-jawa intensip nih, biar
di kate pede spiking-spiking,

1. yes mother dont do that: Yo mbok ojo ngono..
2. your head = enDas mu..
3. your eyes = Matamu.
4. your bald head = GUNDUL MU !!
5. your knees falling down = Dengkulmu anjlog !!
6. your bellybutton on fire = Udhelmu kobong !!
7. your auntie’s money = duwite mbokdemu tah ?
8. your grandfather money = Duwite mBahmu !!
9. your auntie teach you about that? = mbokdemu sing ngajari yoo??
10.your mother goalkeeper = makmu kiper .
11.like that yes like that but don’t be like that = ngono yo ngono ning ojo ngono
12. my body is not delicious today = awakku lagi gak enak.
13.your face far away = raimu adoh
14.your lips = lambemu
Kata2 tambahan terpopuler :
a. your bellybutton turn up = udelmu bodong
b. your head smell gum benzoin = nDhasmu mambu menyan
c. cricket !!! = jangkrik/diancuk
d. your head was blown = ndasmu njeblug
e. your eyes blind = matamu picek
f. wanna eat your head = Tak kletak ndasmu !

1.Water mouth = iler
water eyes = luh
blood high = budrek
writing plenthing = jerawat
ass wind = entut

2.Eye-Waste : BloBog
Nose-Waste : Upil
Tooth-Waste : Gadul-Slilit
Body-Waste : Dangkal

3.Lagu2 translate boso jowo:

All out of love (Air Supply) = katresnan kebablasan
Good Bye (Air SUpply) = Minggat
WOrds (Bee Gees) = Nggedebus
More Than Words (Extreme) = Nggedebus pol
Soldier of fortune Deep Purple) = Prajurit raiso mati
Frozen (Madonna) = Njendel
Don’t Cry for me, Argentina (Madonna) = Ojo nagis Sragen
Billy Jean (M.Jackson) = Tuku Clono Levis
Killing me softly (Roberta Flack) = Di-ithik-ithik sak modar’e
My Way (Frank Sinatra) = Sak-Karepku
Wild Woman (MLTR) = Morotuwo
Don’t Speak (No Doubt) = Meneng’a wae
Something stupid (R William-Nicole K) = nggobloki
Bohemian Rhapsody (Queen) = Bu Hemo nge-rap
We Will rock you (Queen) = Balang2an watu
Always (Bon Jovi) = Mesti ngono
Bed of Roses (Bon Jovi) = Peti mati
Alone (heart) = Ijen (album ‘Kendel Tenan’)
Warrior (pat benatar) = sepatu basket
self control (laura b) = Poso
the temple of the king (rainbow) = candi
sailing (Rod S) = isih eling (ora edan)
Jump (Van H) Njondil (album ‘kaget’)
Black magic woman (santana) = Mak lampir
Smooth (santana) = Lunyu (album ‘kepleset’)
Always SOmewere (scorpion) = mblayang wae
Still loving you (scorpion) = ra nduwe isin
So young (the corrs) = bocah SD

Lagu “Suweh Ora Jamu” versi English

So why or a jump you.
Jump you go down tell a..
So why or a cat em you. Cat em
you peace and ga why gell a