Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Sekrenario :
- PPPOE Telkom Speedy 2M down dan 512 up*
- 1M untuk jatah download semua client dengan batasan maksimal 256kbps/client
- Akses tanpa dibatasi limit untuk beberapa IP tertentu (dalam hal ini IP
192.168.2.27 dan 192.168.2.28)
- Browsing tidak dibatasi
- Aplikasi QOS pada outbound/paket yang keluar dari pppoe telkom speedy
/interface ethernet
set 0 comment="Public Interface" name=Public
set 1 comment="Local Interface" name=Local
set 2 comment="Proxy Interface" name=Proxy
/ip address
add address=192.168.2.30/27 broadcast=192.168.2.31 comment="" disabled=no \
interface=Local network=192.168.2.0
add address=192.168.3.30/30 broadcast=192.168.3.31 comment="" disabled=no \
interface=Proxy network=192.168.3.28
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=Public network=192.168.1.0
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
"PPPOE Speedy" dial-on-demand=no disabled=no interface=Public max-mru=\
1480 max-mtu=1480 mrru=disabled name=Speedy password=****** profile=\
default service-name="" use-peer-dns=no user=******@telkom.net
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
max-udp-packet-size=512 servers="125.160.4.82,203.130.196.155,203.130.196.\
5,222.124.204.34,202.134.0.61,8.8.4.4,8.8.8.8"
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=yes port=80
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=yes port=80
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
Nat nya
Penjelasan :
- Transparent DNS agar client tidak bisa menggunakan NS selain yang terpasang di
mikrotik
- Masquerade pada modem agar modem dapat diakses dari client*
- Mengarahkan rikwes dari client tujuan port 80,8080,3128 ke squid external
(TSL)
- Services yang digunakan pada TSL yaitu http (port 81), SSH (port 22) dan
webmin (port 10000)
*)Ditemukan secara tidak sengaja oleh senpai cipete I-HO menurut pengakuannya
sih
/ip firewall mangle
add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
dscp=12 new-packet-mark=proxy-hit passthrough=no