rianto isaac's Weblog

rianto utomo isaac sahala utomo

linux, Load Balancing dengan Mikrotik Untuk Router Warnet

with 2 comments

Disini akses yang digunakan adalah 2 Line Speedy Office Unlimitted untuk salah satu warnet yang ada di kota Padang, contoh confignya adalah :

Login: areksitiung
Password:

MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

# nov/27/2008 11:26:36 by RouterOS 2.9.27
# software id = HUI7-TQN
#
/ interface ethernet
set Local name=”Local” mtu=1500 mac-address=00:11:6B:95:D4:49 arp=enabled disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
set Speedy1 name=”Speedy1″ mtu=1500 mac-address=00:11:6B:94:F0:C5 arp=enabled disable-running-check=yes \
auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
set Speedy2 name=”Speedy2″ mtu=1500 mac-address=00:19:21:28:5F:87 arp=enabled disable-running-check=yes \
auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 \
default-profile=default-encryption
/ interface pppoe-client
add name=”pppoe-out2″ max-mtu=1480 max-mru=1480 interface=Speedy2 user=”11140xxxxx@telkom.net” password=”xxxxxx” \
profile=default service-name=”” ac-name=”” add-default-route=yes dial-on-demand=no use-peer-dns=no \
allow=pap,chap,mschap1,mschap2 disabled=no
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=yes
set www port=1979 address=0.0.0.0/0 disabled=no
set ssh port=1982 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Local comment=”” disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Speedy1 comment=”” disabled=no
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=Speedy2 comment=”” disabled=yes
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip neighbor discovery
set Local discover=yes
set Speedy1 discover=yes
set Speedy2 discover=yes
set pppoe-out2 discover=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=one comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=one \
passthrough=yes comment=”” disabled=no
add chain=prerouting in-interface=Local connection-mark=one action=mark-routing new-routing-mark=one passthrough=no \
comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=two \
passthrough=yes comment=”” disabled=no
add chain=prerouting in-interface=Local connection-mark=two action=mark-routing new-routing-mark=two passthrough=no \
comment=”” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Speedy1 connection-mark=one action=masquerade comment=”” disabled=no
add chain=srcnat out-interface=pppoe-out2 connection-mark=two action=masquerade comment=”” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445-3000 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=445-3000 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” disabled=no
add chain=virus protocol=udp dst-port=7000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=tcp dst-port=100-1000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=udp dst-port=100-1000 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=1000-3000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=udp dst-port=1000-3000 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=40000-50000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=udp dst-port=40000-50000 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=virus action=return comment=”” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”SYN/FIN scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”SYN/RST scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \
scanners” address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=yes
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=yes
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” html-directory=hotspot rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
transparent-proxy=yes open-status-page=always advertise=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=no parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=none \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” disabled=no
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=memory disabled=no
add topics=critical prefix=”” action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=””
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”ROUTER-99NET”
/ system note
set show-at-login=yes note=””
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default \
change-tcp-mss=yes comment=””
set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes \
only-one=default change-tcp-mss=yes comment=””
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \
red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”pcq-download” kind=pcq pcq-rate=384000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-upload” kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”99.net” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 interface=Local parent=none direction=both \
priority=1 queue=ethernet-default/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=yes
add name=”Server” target-addresses=192.168.1.100/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=yes
add name=”Meja-1″ target-addresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-2″ target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=64000/128000 total-queue=default-small \
disabled=yes
add name=”Meja-3″ target-addresses=192.168.1.13/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-4″ target-addresses=192.168.1.14/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-5″ target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-6″ target-addresses=192.168.1.16/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=64000/128000 total-queue=default-small disabled=no
add name=”Meja-7″ target-addresses=192.168.1.17/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-8″ target-addresses=192.168.1.18/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-9″ target-addresses=192.168.1.19/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-10″ target-addresses=192.168.1.20/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-11″ target-addresses=192.168.1.25/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small time=0s-0s, disabled=no
add name=”Meja-12″ target-addresses=192.168.1.22/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-13″ target-addresses=192.168.1.23/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-14″ target-addresses=192.168.1.24/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-15″ target-addresses=192.168.1.21/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=64000/128000 max-limit=64000/128000 \
total-queue=default-small disabled=no
add name=”Meja-16″ target-addresses=192.168.1.22/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/0 max-limit=64000/128000 total-queue=default-small \
disabled=no
add name=”Meja-17″ target-addresses=192.168.1.27/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/96000 max-limit=0/96000 total-queue=default-small \
disabled=no
add name=”Meja-18″ target-addresses=192.168.1.28/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/96000 max-limit=0/96000 total-queue=default-small \
disabled=no
add name=”Meja-19″ target-addresses=192.168.1.29/32 dst-address=0.0.0.0/0 interface=all parent=99.net direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/96000 max-limit=0/96000 total-queue=default-small \
disabled=no
add name=”Printer” target-addresses=192.168.1.26/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
/ queue tree
add name=”ICMP” parent=global-in packet-mark=ICMP-PM limit-at=8000 queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name=”DNS” parent=global-in packet-mark=DNS-PM limit-at=8000 queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” disabled=yes
add name=”areksitiung” group=full address=0.0.0.0/0 comment=”” disabled=no
add name=”99net” group=full address=0.0.0.0/0 comment=”” disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=”” location=””
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no \
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import=”” \
prefix-list-export=”” disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no \
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
[areksitiung@ROUTER-99NET] >

rianto utomo ole nyontek dari http://harinto.blogspot.com/2008/11/load-balancing-dengan-mikrotik-untuk.html

Written by isaaconi

Januari 23, 2009 pada 6:18 am

2 Tanggapan

Subscribe to comments with RSS.

  1. gan, bisa minta pake screenshot, ane bingung liat nya

    hendri

    November 28, 2010 at 1:38 am

    • klo di cli ya seperti itu screenshot-nye.. malah ga muat klo di print screen..
      coba masuk mikrotik via “putty” deh
      dah tinggal ketik semua perintah diatas baris per baris

      selamat mencoba..

      imeloni

      November 29, 2010 at 9:05 am


Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: