from my XP

Compile kernel 2.6.38 dengan patch liquorix untuk ubuntu 10.10...

2011-04-09T17:07:00.003+07:00

Pada bulan maret 2011 linus mengumumkan direleasenya kernel linux baru yaitu 2.6.38. Ada patch yang (sudah include) katanya membuat perubahan signifikan dalam hal performance yang dinamakan "wonder patch". Karena penasaran akhirnya googling2 kernel 2.6.38 untuk ubuntu, dapet juga beberapa yang bisa didonlot langsung kemudian tinggal di install via dpkg -i.

1.www.megatek.net.br

2.Liquorix.net

klo mau baca-baca bisa juga kemari

Kemudian tiba saatnya tangan gatel-gatel untuk coba compile sendiri kernelnya. Setelah baca2 dari sini kemudian saya coba-coba compile. Saya inginnya driver-driver yang memang tidak perlu agar dihilangkan dari kernel agar kernelnya sedikit ramping.
Ini step-step yang saya lakukan.

1. mendonlot base kernel di kernel.org. Saya ambilnya yang 2.6.38 bukan yang 2.6.38-2 dengan alasan tutornya pake itu dan takut patch dari liquorix gak compatible. mungkin lain waktu saya coba patch dari liquorix untuk kernel 2.6.38-2
2. mendonlot patch dari liquorix.
3. extract patch dan kernel basenya.
4. masuk ke directory hasil ekstract base kernel dan lakukan patch dengan : patch -Np1 -i ../38.2-1.patch.
5. make clean
6. make mrproper
7. copy config yang didonlot dari sini. sesuaikan dengan jenisnya apakah x86 atau amd64.
8. make menuconfig, dan silahkan explore sendiri mana aja yang mau diubah....use with your own risk.
9. make-kpkg clean
10. time CONCURRENCY_LEVEL=2 fakeroot make-kpkg --initrd --append-to-version=-liquorixdewex --revision=01.00 kernel-headers kernel-image
11. setelah selesai akan didapatkan dua file .deb, kernel-header....deb dan kernel-image...deb. installnya tinggal sudo dpkg -i *.deb
12. sudo update initramfs -c -k 2.6.38-liquorixdewex
13. sudo update-grub
14. sudo shutdown -r now

selesai.

incip incip firefox 4.0 di ubuntu 10.04 via ppa

2010-11-06T11:06:00.003+07:00

Firefox 4 (masih status beta ketika tulisan ini dibuat) diperkenalkan oleh mozilla. Untuk lengkapnya silahkan merujuk ke link yang diberikan.
Untuk incip-incip versi 4 ini tidak dengan cara build langsung via source karena keterbatasan SDM-nya, jadi menggunakan file dari ppa.
ok, langsung aja ke TKP....
silahkan pake terminalnya dan ketikan :

sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa && sudo apt-get update
sudo apt-get install firefox-4.0

dan monggo di incip-incip....

nyok...kita kompress image dilusca (Freebsd) via ziproxy....

2010-09-15T10:30:00.003+07:00

Untuk mengenal ziproxy, silahkan melihat ke ziproxy website
Untuk keperluan ini diharapkan sudah menginstall squid/lusca di freebsd anda. Dalam hal ini ziproxy digunakan sebagai parent dari squid/lusca yang sudah dibuat.
Topologi yang saya pakai:

client ---> squid ---> ziproxy ---> INET.

dimana squid dan ziproxy berada dalam satu mesin/cpu.
Langsung ke TKP, dimana saya menginstall ziproxy via ports,

#cd /usr/ports/www/ziproxy
#make install clean

jangan lupa ditambahkan di /etc/rc.conf:

ziproxy_enable="YES"
ziproxy_config="/usr/local/etc/ziproxy/ziproxy.conf"

kemudian buat directory ziproxy di /var/log/ziproxy dan ubah kepemilikan kepada user dan group squid.

#mkdir /var/log/ziproxy
#chown -R squid:squid /var/log/ziproxy

selanjutnya diubah/diedit file /usr/local/etc/ziproxy/ziproxy.conf
yang diubah hanya bagian-bagian seperti dibawah ini, satu hal yang perlu diperhatikan bahwa yang dibawah ini hanya sebagian dari isi ziproxy.conf.

Port = 8081
Address = "127.0.0.1"
RunAsUser = "squid"
RunAsGroup = "squid"
ErrorLog = "/var/log/ziproxy/error.log"
AccessLog = "/var/log/ziproxy/access.log"
TransparentProxy = false
ConventionalProxy = true
AllowMethodCONNECT = false
UseContentLength = false
LosslessCompressCT = {
"text/*",
"application/asp",
"application/awk",
"application/cgi",
"application/class",
"application/css",
"application/dvi",
"application/executable",
"application/font",
"application/futuresplash",
"application/iso9660-image",
"application/java",
"application/javascript",
"application/json",
"application/msexcel",
"application/mspowerpoint",
"application/msword",
"application/pdf",
"application/perl",
"application/php",
"application/postscript",
"application/python",
"application/rtf",
"application/shellscript",
"application/shockwave",
"application/staroffice",
"application/tar",
"application/truetype-font",
"application/vnd.*",
"application/*+xml",
"application/xml",
"application/xml-dtd",
"image/svg+xml"
}
LosslessCompressCTAlsoXST = true
ProcessJPG = true
ProcessPNG = true
ProcessGIF = true
ImageQuality = {50,50,50,50}
ProcessJP2 = false
ProcessToJP2 = true
ForceOutputNoJP2 = false
AnnounceJP2Capability = true
JP2ImageQuality = {50,50,50,50}

jangan lupa untuk menambahkan yang dibawah ini di squid.conf-nya:

cache_peer localhost parent 8081 0 no-query no-digest
never_direct allow all

sekarang silahkan di jalankan ziproxynya dan restart squid/lusca-nya.
menjalankan ziproxy:

#/usr/local/etc/rc.d/ziproxy onestart

merestart squid:

#squid -k reconfigure

selesai

yuk mainan unbound DNS resolver ........

2010-08-19T11:51:00.015+07:00

Buat yang berkecimpung di dunia jaringan komputer sudah tidak asing dengan namanya DNS resolver. Tanya mbah google aja ya tentang apa itu DNS resolver? :D
Bagi saya yang telah terbiasa dengan DNS resolver bawaan mikrotik (dulu pakenya karena segi kepraktisan saja, tidak ada yang lain :D ), sejalan dengan bertambahnya cpu untuk kepentingan pengaturan internet kantor (tambah satu buat Proxy, saya pake OS FreeBSD yang didalamnya ditanam Lusca HEAD cache) ditambah racun dari forum mikrotik indonesiamaka diputuskan untuk mencobanya. Untuk caranya (dalam hal ini di FreeBSD) bisa merujuk ke link tadi atau bisa dilihat di hasil copas ini (credit to bro siber @ forummikrotik[dot]com) :

cara install :

cd /usr/ports/dns/unbound
make config (centang  Libevent & Thread)
make install clean
cd /usr/local/etc/unbound
fetch ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:wheel unbound_*
chmod 440 unbound_*
mkdir /usr/local/etc/unbound/dev
echo "devfs   /usr/local/etc/unbound/dev      devfs   rw \
          0       0"  >> /etc/fstab
echo 'unbound_enable="YES"' >> /etc/rc.conf
echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' \
>> /etc/rc.conf

cara config:

     
verbosity: 5
statistics-interval: 120
num-threads: 2
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

access-control: 0.0.0.0/0 allow
access-control: 127.0.0.0/8 allow

chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
#logfile: "/usr/local/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/usr/local/etc/unbound/named.cache"

identity: "DNS"
version: "1.0"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. \
nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. \
nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

local-zone: "xxxxx.net." static
local-data: "xxxxx.net. 86400 IN NS ns1.xxxxx.net."
local-data: "xxxxx.net. 86400 IN NS ns2.xxxxx.net."
local-data: "xxxxx.net. 86400 IN SOA xxxxx.net. \
hostmaster.xxxxx.net.net.  3 3600 1200 604800 86400"
local-data: "xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "www.xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.20"
local-data: "mail.x.x.x.net. 86400 IN A 192.168.70.1"
local-data: "xxxxx.net. 86400 IN MX 10 mail.xxxxx.net."
local-data: "xxxxx.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "17.16.172.in-addr.arpa." static
local-data: "17.16.172.in-addr.arpa. 10800 IN NS xxxxx.net."
local-data: "17.16.172.in-addr.arpa. 10800 IN SOA xxxxx.net. \
hostmaster.xxxxx.net. 4 3600 1200 604800 864000"
local-data: "2.17.16.172.in-addr.arpa. 10800 IN PTR xxxxx.net."
local-data: "3.17.16.172.in-addr.arpa. 10800 IN PTR  nms.xxxxx.net."
local-data: "4.17.16.172.in-addr.arpa. 10800 IN PTR  sadewa.xxxxx.net."
forward-zone:
name: "."
forward-addr: 202.155.x.x
forward-addr: 202.155.x.x

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/usr/local/etc/unbound/unbound_server.key"
server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
control-key-file: "/usr/local/etc/unbound/unbound_control.key"
control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

cara pakai:
arahkan semua client untuk menggunakan DNS server dengan IP dimana unbound diinstall, semisal unbound diinstall di komputer dengan IP 192.168.0.200, maka DNS komputer client di isi dengan ip 192.168.0.200

happy oprek

(sedikit) patch untuk lusca cache

2010-07-30T08:42:00.008+07:00

Sebelumnya terima kasih untuk mereka-mereka yang telah susah payah membuat agar Lusca cache semakin sempurna dengan membuat patch-patch.
sekarang ijinkan saya untuk mencopas karya mereka. Adapun patch-patch ini memiliki kegunaan antara lain:

1. Ignore-Must-Revalidate patch.
2. Improve %nn parser patch.
3. Memoryleak on maformed requests patch.
4. Async request doesn't use store_url when available patch.
5. HTTP responses with no Date patch.
6. Squid crashes on assert patch.
7. Correct If-(None-)Match: * processing patch.
8. -F switch doesn't block requests while COSS store is being rebuilt patch.
9. Removes Cache-Control request headers, don’t let clients by-pass cache if it is primed.
10. Normalize Accept-Encoding Headers for a higher cache hit rate.
11. Clear Accept-Encoding Headers for content that should not be compressed such as image,video and audio.

berikut ini patchnya..

*** lib/rfc1738.c 2009-11-05 11:56:18.000000000 +0700
--- lib/rfc1738.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 204,233 ****
* rfc1738_unescape() - Converts escaped characters (%xy numbers) in
* given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab"
*/
void
! rfc1738_unescape(char *s)
{
! char hexnum[3];
int i, j; /* i is write, j is read */
! unsigned int x;
for (i = j = 0; s[j]; i++, j++) {
s[i] = s[j];
! if (s[i] != '%')
! continue;
! if (s[j + 1] == '%') { /* %% case */
! j++;
! continue;
! }
! if (s[j + 1] && s[j + 2]) {
! if (s[j + 1] == '0' && s[j + 2] == '0') { /* case */
! j += 2;
! continue;
! }
! hexnum[0] = s[j + 1];
! hexnum[1] = s[j + 2];
! hexnum[2] = '\0';
! if (1 == sscanf(hexnum, "%x", &x)) {
! s[i] = (char) (0x0ff & x);
j += 2;
}
}
--- 204,247 ----
* rfc1738_unescape() - Converts escaped characters (%xy numbers) in
* given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab"
*/
+ static inline int
+ fromhex(char ch)
+ {
+ if (ch >= '0' && ch <= '9')
+ return ch - '0';
+ if (ch >= 'a' && ch <= 'f')
+ return ch - 'a' + 10;
+ if (ch >= 'A' && ch <= 'F')
+ return ch - 'A' + 10;
+ return -1;
+ }
+
void
! rfc1738_unescape(char *s_)
{
! /* char hexnum[3]; */
! unsigned char *s = (unsigned char *) s_;
int i, j; /* i is write, j is read */
! /* unsigned int x; */
for (i = j = 0; s[j]; i++, j++) {
s[i] = s[j];
! if (s[j] != '%') {
! /* normal case, nothing more to do */
! } else if (s[j + 1] == '%') { /* %% case */
! j++; /* Skip % */
! } else {
! /* decode */
! int v1, v2, x;
! v1 = fromhex(s[j + 1]);
! if (v2 < 0)
! continue; /* non-hex or \0 */
! v2 = fromhex(s[j + 2]);
! if (v2 < 0)
! continue; /* non-hex or \0 */
! /* fromhex returns -1 on error which brings this out of range (|, not +) */
! x = v1 << 4 | v2;
! if (x > 0 && x <= 255) {
! s[i] = x;
j += 2;
}
}

*** src/cache_cf.c 2010-02-16 18:21:51.000000000 +0700
--- src/cache_cf.c 2010-07-09 08:31:41.000000000 +0700
***************
*** 489,494 ****
--- 489,500 ----
break;
}
for (R = Config.Refresh; R; R = R->next) {
+ if (!R->flags.ignore_must_revalidate)
+ continue;
+ debug(22, 1) ("WARNING: use of 'ignore-must-revalidate' in 'refresh_pattern' violates HTTP\n");
+ break;
+ }
+ for (R = Config.Refresh; R; R = R->next) {
if (R->stale_while_revalidate <= 0)
continue;
debug(22, 1) ("WARNING: use of 'stale-while-revalidate' in 'refresh_pattern' violates HTTP\n");
***************
*** 2261,2266 ****
--- 2267,2274 ----
storeAppendPrintf(entry, " ignore-private");
if (head->flags.ignore_auth)
storeAppendPrintf(entry, " ignore-auth");
+ if (head->flags.ignore_must_revalidate)
+ storeAppendPrintf(entry, " ignore-must-revalidate");
if (head->stale_while_revalidate > 0)
storeAppendPrintf(entry, " stale-while-revalidate=%d", head->stale_while_revalidate);
#endif
***************
*** 2293,2298 ****
--- 2301,2307 ----
int ignore_no_cache = 0;
int ignore_no_store = 0;
int ignore_private = 0;
+ int ignore_must_revalidate = 0;
int ignore_auth = 0;
#endif
int stale_while_revalidate = -1;
***************
*** 2338,2343 ****
--- 2347,2354 ----
ignore_private = 1;
else if (!strcmp(token, "ignore-auth"))
ignore_auth = 1;
+ else if (!strcmp(token, "ignore-must-revalidate"))
+ ignore_must_revalidate = 1;
else if (!strcmp(token, "reload-into-ims")) {
reload_into_ims = 1;
refresh_nocache_hack = 1;
***************
*** 2397,2402 ****
--- 2408,2415 ----
t->flags.ignore_no_store = 1;
if (ignore_private)
t->flags.ignore_private = 1;
+ if (ignore_must_revalidate)
+ t->flags.ignore_must_revalidate = 1;
if (ignore_auth)
t->flags.ignore_auth = 1;
#endif

*** src/cf.data.pre 2010-03-25 21:25:33.000000000 +0700
--- src/cf.data.pre 2010-07-09 08:31:41.000000000 +0700
***************
*** 3125,3130 ****
--- 3125,3131 ----
ignore-reload
ignore-no-cache
ignore-no-store
+ ignore-must-revalidate
ignore-private
ignore-auth
stale-while-revalidate=NN
***************
*** 3164,3169 ****
--- 3165,3175 ----
from a server, only a client, though plenty of servers
send it anyway.

+ ignore-must-revalidate ignores any ``Cache-Control: must-revalidate''
+ headers received from a server. Doing this VIOLATES
+ the HTTP standard. Enabling this feature could make you
+ liable for problems which it causes.
+
ignore-private ignores any ``Cache-control: private''
headers received from a server. Doing this VIOLATES
the HTTP standard. Enabling this feature could make you

*** src/client_side_async_refresh.c 2010-05-20 16:19:09.000000000 +0700
--- src/client_side_async_refresh.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 76,81 ****
--- 76,83 ----
accessLogLog(&al, ch);
aclChecklistFree(ch);
storeClientUnregister(async->sc, async->entry, async);
+ storeUnlockObject(async->entry->mem_obj->old_entry);
+ async->entry->mem_obj->old_entry = NULL;
storeUnlockObject(async->entry);
storeUnlockObject(async->old_entry);
requestUnlink(async->request);
***************
*** 129,134 ****
--- 131,138 ----
async->entry = storeCreateEntry(url,
request->flags,
request->method);
+ if (request->store_url)
+ storeEntrySetStoreUrl(async->entry, request->store_url);
async->entry->mem_obj->old_entry = async->old_entry;
storeLockObject(async->entry->mem_obj->old_entry);
async->sc = storeClientRegister(async->entry, async);

*** src/client_side.c 2010-07-08 14:22:01.000000000 +0700
--- src/client_side.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 975,980 ****
--- 975,1005 ----
return 1;
}

+ /*
+ * Internal helper function for If-(None-)Match logics
+ */
+ static int
+ checkIfMatch(request_t * request, MemObject * mem, http_hdr_type hdr)
+ {
+ String req_etags;
+ const char *rep_etag;
+ int etag_match = 0;
+
+ if (mem->reply->sline.status != HTTP_OK) {
+ debug(33, 4) ("checkIfMatch: Reply code %d != 200\n",
+ mem->reply->sline.status);
+ return -1; /* Can't check */
+ }
+ rep_etag = httpHeaderGetStr(&mem->reply->header, HDR_ETAG);
+ req_etags = httpHeaderGetList(&request->header, hdr);
+ if (rep_etag)
+ etag_match = strListIsMember(&req_etags, rep_etag, ',');
+ if (!etag_match)
+ etag_match = strListIsMember(&req_etags, "*", ',');
+ stringClean(&req_etags);
+ return etag_match;
+ }
+
/*
* clientCacheHit should only be called until the HTTP reply headers
* have been parsed. Normally this should be a single call, but
***************
*** 1098,1142 ****
return;
}
if (httpHeaderHas(&r->header, HDR_IF_MATCH)) {
! const char *rep_etag = httpHeaderGetStr(&e->mem_obj->reply->header, HDR_ETAG);
! int has_etag = 0;
! if (rep_etag) {
! String req_etags = httpHeaderGetList(&http->request->header, HDR_IF_MATCH);
! has_etag = strListIsMember(&req_etags, rep_etag, ',');
! stringClean(&req_etags);
! }
! if (!has_etag) {
/* The entity tags does not match. This cannot be a hit for this object.
* Query the origin to see what should be done.
*/
http->log_type = LOG_TCP_MISS;
clientProcessMiss(http);
return;
}
}
if (httpHeaderHas(&r->header, HDR_IF_NONE_MATCH)) {
! String req_etags;
! const char *rep_etag = httpHeaderGetStr(&e->mem_obj->reply->header, HDR_ETAG);
! int has_etag;
! if (mem->reply->sline.status != HTTP_OK) {
! debug(33, 4) ("clientCacheHit: Reply code %d != 200\n",
! mem->reply->sline.status);
http->log_type = LOG_TCP_MISS;
clientProcessMiss(http);
return;
}
! if (rep_etag) {
! req_etags = httpHeaderGetList(&http->request->header, HDR_IF_NONE_MATCH);
! has_etag = strListIsMember(&req_etags, rep_etag, ',');
! stringClean(&req_etags);
! if (has_etag) {
! debug(33, 4) ("clientCacheHit: If-None-Match matches\n");
! if (is_modified == -1)
! is_modified = 0;
! } else {
! debug(33, 4) ("clientCacheHit: If-None-Match mismatch\n");
! is_modified = 1;
! }
}
}
if (r->flags.ims && mem->reply->sline.status == HTTP_OK) {
--- 1123,1156 ----
return;
}
if (httpHeaderHas(&r->header, HDR_IF_MATCH)) {
! int etag_match = checkIfMatch(r, mem, HDR_IF_MATCH);
!
! if (etag_match != 1) {
/* The entity tags does not match. This cannot be a hit for this object.
* Query the origin to see what should be done.
*/
+ + debug(33, 4) ("clientCacheHit: If-Match mismatch\n");
http->log_type = LOG_TCP_MISS;
clientProcessMiss(http);
return;
}
}
if (httpHeaderHas(&r->header, HDR_IF_NONE_MATCH)) {
! int etag_match = checkIfMatch(r, mem, HDR_IF_NONE_MATCH);
!
! if (etag_match == -1) {
! debug(33, 4) ("clientCacheHit: If-None-Match failure\n");
http->log_type = LOG_TCP_MISS;
clientProcessMiss(http);
return;
}
! if (etag_match) {
! debug(33, 4) ("clientCacheHit: If-None-Match matches\n");
! if (is_modified == -1)
! is_modified = 0;
! } else {
! debug(33, 4) ("clientCacheHit: If-None-Match mismatch\n");
! is_modified = 1;
}
}
if (r->flags.ims && mem->reply->sline.status == HTTP_OK) {
***************
*** 1156,1175 ****
* where the redirect is not explicitly as uncachable.
* Deny looping here and do not cache the response.
*/
- #if 0
/*
* XXX strcmp() sucks but the strings are both C strings. Look at String'ifying it
* XXX soon!
*/
! if (mem->reply->sline.status >= 300 && mem->reply->sline.status < 400) {
! if (!strcmp(http->uri, httpHeaderGetStr(&e->mem_obj->reply->header, HDR_LOCATION))) {
! debug(33, 1) ("clientCacheHit: Redirect Loop Detected: %s\n",http->uri);
! http->log_type = LOG_TCP_MISS;
! clientProcessMiss(http);
! return;
! }
! }
! #endif
stale = refreshCheckHTTPStale(e, r);
debug(33, 2) ("clientCacheHit: refreshCheckHTTPStale returned %d\n", stale);
if (stale == 0) {
--- 1170,1188 ----
* where the redirect is not explicitly as uncachable.
* Deny looping here and do not cache the response.
*/
/*
* XXX strcmp() sucks but the strings are both C strings. Look at String'ifying it
* XXX soon!
*/
! if (mem->reply->sline.status >= 300 && mem->reply->sline.status < 400) {
! if (httpHeaderHas(&e->mem_obj->reply->header, HDR_LOCATION))
! if (!strcmp(http->uri,httpHeaderGetStr(&e->mem_obj->reply->header, HDR_LOCATION))) {
! debug(33, 2) ("clientCacheHit: Redirect Loop Detected: %s\n",http->uri);
! http->log_type = LOG_TCP_MISS;
! clientProcessMiss(http);
! return;
! }
! }
stale = refreshCheckHTTPStale(e, r);
debug(33, 2) ("clientCacheHit: refreshCheckHTTPStale returned %d\n", stale);
if (stale == 0) {

*** src/client_side_etag.c 2010-02-14 14:34:59.000000000 +0700
--- src/client_side_etag.c 2010-07-09 08:31:41.000000000 +0700
***************
*** 63,69 ****
if (etag && vary) {
char *str;
str = stringDupToC(&request->vary_encoding);
! storeAddVary(url, entry->mem_obj->method, NULL, httpHeaderGetStr(&rep->header, HDR_ETAG), request->vary_hdr, request->vary_headers, str);
safe_free(str);
}
}
--- 63,69 ----
if (etag && vary) {
char *str;
str = stringDupToC(&request->vary_encoding);
! storeAddVary(entry->mem_obj->store_url, entry->mem_obj->url, entry->mem_obj->method, NULL, httpHeaderGetStr(&rep->header, HDR_ETAG), request->vary_hdr, request->vary_headers, str);
safe_free(str);
}
}

*** src/client_side_ims.c 2010-02-19 14:57:27.000000000 +0700
--- src/client_side_ims.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 164,175 ****
/* If the ETag matches the clients If-None-Match, then return
* the servers 304 reply
*/
! if (httpHeaderHas(&new_entry->mem_obj->reply->header, HDR_ETAG) &&
! httpHeaderHas(&request->header, HDR_IF_NONE_MATCH)) {
! const char *etag = httpHeaderGetStr(&new_entry->mem_obj->reply->header, HDR_ETAG);
String etags = httpHeaderGetList(&request->header, HDR_IF_NONE_MATCH);
! int etag_match = strListIsMember(&etags, etag, ',');
stringClean(&etags);
if (etag_match) {
debug(33, 5) ("clientGetsOldEntry: NO, client If-None-Match\n");
return 0;
--- 164,182 ----
/* If the ETag matches the clients If-None-Match, then return
* the servers 304 reply
*/
! if (httpHeaderHas(&request->header, HDR_IF_NONE_MATCH)) {
String etags = httpHeaderGetList(&request->header, HDR_IF_NONE_MATCH);
! int etag_match = 0;
!
! if (httpHeaderHas(&new_entry->mem_obj->reply->header, HDR_ETAG)) {
! const char *etag = httpHeaderGetStr(&new_entry->mem_obj->reply->header, HDR_ETAG);
! etag_match = strListIsMember(&etags, etag, ',');
! }
! if (!etag_match && strListIsMember(&etags, "*", ','))
! etag_match = 1;
!
stringClean(&etags);
+
if (etag_match) {
debug(33, 5) ("clientGetsOldEntry: NO, client If-None-Match\n");
return 0;

*** src/fs/coss/store_io_coss.c 2009-07-27 10:14:38.000000000 +0700
--- src/fs/coss/store_io_coss.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 157,166 ****

/* Check to see if we need to allocate a membuf to start */
if (cs->current_membuf == NULL) {
! if (cs->curstripe < (cs->numstripes - 1))
! newmb = storeCossCreateMemBuf(SD, cs->curstripe + 1, checkf, &coll);
! else
! newmb = storeCossCreateMemBuf(SD, 0, checkf, &coll);

cs->current_membuf = newmb;
if (newmb == NULL) {
--- 157,166 ----

/* Check to see if we need to allocate a membuf to start */
if (cs->current_membuf == NULL) {
! int nextstripe = cs->curstripe + 1;
! if (nextstripe >= cs->numstripes)
! nextstripe = 0;
! newmb = storeCossCreateMemBuf(SD, nextstripe, checkf, &coll);

cs->current_membuf = newmb;
if (newmb == NULL) {
***************
*** 169,215 ****
}
cs->current_offset = cs->current_membuf->diskstart;

! /* Check if we have overflowed the disk .. */
! } else if ((cs->current_offset + allocsize) > ((off_t) SD->max_size << 10)) {
! /*
! * tried to allocate past the end of the disk, so wrap
! * back to the beginning
! */
! coss_stats.disk_overflows++;
! cs->current_membuf->flags.full = 1;
! cs->numfullstripes++;
! cs->current_membuf->diskend = cs->current_offset;
! storeCossMaybeWriteMemBuf(SD, cs->current_membuf);
! /* cs->current_membuf may be invalid at this point */
! cs->current_offset = 0; /* wrap back to beginning */
! debug(79, 2) ("storeCossAllocate: %s: wrap to 0\n", stripePath(SD));
!
! newmb = storeCossCreateMemBuf(SD, 0, checkf, &coll);
! cs->current_membuf = newmb;
! if (newmb == NULL) {
! cs->sizerange_max = SD->max_objsize;
! return -1;
! }
! /* Check if we have overflowed the MemBuf */
! } else if ((cs->current_offset + allocsize) >= cs->current_membuf->diskend) {
/*
* Skip the blank space at the end of the stripe. start over.
*/
coss_stats.stripe_overflows++;
cs->current_membuf->flags.full = 1;
cs->numfullstripes++;
! cs->current_offset = cs->current_membuf->diskend;
storeCossMaybeWriteMemBuf(SD, cs->current_membuf);
/* cs->current_membuf may be invalid at this point */
debug(79, 3) ("storeCossAllocate: %s: New offset - %" PRId64 "\n", stripePath(SD),
(int64_t) cs->current_offset);
! assert(cs->curstripe < (cs->numstripes - 1));
! newmb = storeCossCreateMemBuf(SD, cs->curstripe + 1, checkf, &coll);
cs->current_membuf = newmb;
if (newmb == NULL) {
cs->sizerange_max = SD->max_objsize;
return -1;
}
}
/* If we didn't get a collision, then update the current offset and return it */
if (coll == 0) {
--- 169,211 ----
}
cs->current_offset = cs->current_membuf->diskstart;

! } else if ((cs->current_offset + allocsize) > cs->current_membuf->diskend) {
/*
* Skip the blank space at the end of the stripe. start over.
*/
+ int nextstripe = cs->curstripe + 1;
coss_stats.stripe_overflows++;
cs->current_membuf->flags.full = 1;
cs->numfullstripes++;
! /* Check if we have overflowed the disk .. */
! if (nextstripe >= cs->numstripes) {
! /*
! * tried to allocate past the end of the disk, so wrap
! * back to the beginning
! */
! debug(79, 2) ("storeCossAllocate: %s: wrap to 0\n", stripePath(SD));
! nextstripe = 0; /* wrap back to beginning */
! coss_stats.disk_overflows++;
! #if LOOKS_WRONG
! /* Original disk wrap code also had this, but looks wrong to
! * me as it leaves garbage at the end of the disk. Either we
! * should do it in both cases, or not at all
! */
! cs->current_membuf->diskend = cs->current_offset;
! #endif
! }
storeCossMaybeWriteMemBuf(SD, cs->current_membuf);
/* cs->current_membuf may be invalid at this point */
debug(79, 3) ("storeCossAllocate: %s: New offset - %" PRId64 "\n", stripePath(SD),
(int64_t) cs->current_offset);
! assert(nextstripe <>numstripes);
! newmb = storeCossCreateMemBuf(SD, nextstripe, checkf, &coll);
cs->current_membuf = newmb;
if (newmb == NULL) {
cs->sizerange_max = SD->max_objsize;
return -1;
}
+ cs->current_offset = cs->current_membuf->diskstart;
}
/* If we didn't get a collision, then update the current offset and return it */
if (coll == 0) {

*** src/http.c 2010-04-20 12:01:43.000000000 +0700
--- src/http.c 2010-07-09 08:31:42.000000000 +0700
***************
*** 334,352 ****
*/
if (!refreshIsCachable(httpState->entry) && !REFRESH_OVERRIDE(store_stale))
return 0;
- /* don't cache objects from peers w/o LMT, Date, or Expires */
- /* check that is it enough to check headers @?@ */
- if (rep->date > -1)
- return 1;
- else if (rep->last_modified > -1)
- return 1;
- else if (!httpState->peer)
- return 1;
- /* @?@ (here and 302): invalid expires header compiles to squid_curtime */
- else if (rep->expires > -1)
- return 1;
else
! return 0;
/* NOTREACHED */
break;
/* Responses that only are cacheable if the server says so */
--- 334,341 ----
*/
if (!refreshIsCachable(httpState->entry) && !REFRESH_OVERRIDE(store_stale))
return 0;
else
! return 1;
/* NOTREACHED */
break;
/* Responses that only are cacheable if the server says so */

***************
*** 926,932 ****
*/
if (len > 0 && httpState->chunk_size == 0) {
if (Config.onoff.log_http_violations)
! debug(11, 1) ("httpReadReply: Unexpected reply body data from \"%s %s\"\n",
urlMethodGetConstStr(orig_request->method), storeUrl(entry));
comm_close(fd);
return;
--- 926,933 ----
*/
if (len > 0 && httpState->chunk_size == 0) {
if (Config.onoff.log_http_violations)
! debug(11, Config.onoff.relaxed_header_parser <= 0 || keep_alive ? 1 : 2)
! ("httpReadReply: Unexpected reply body data from \"%s %s\"\n",
urlMethodGetConstStr(orig_request->method), storeUrl(entry));
comm_close(fd);
return;
*** src/refresh.c 2010-04-10 13:40:41.000000000 +0700
--- src/refresh.c 2010-07-09 08:31:41.000000000 +0700
***************
*** 274,281 ****
debug(22, 3) ("\tcheck_time:\t%s\n", mkrfc1123(check_time));
debug(22, 3) ("\tentry->timestamp:\t%s\n", mkrfc1123(entry->timestamp));

! if (EBIT_TEST(entry->flags, ENTRY_REVALIDATE) && staleness > -1) {
! debug(22, 3) ("refreshCheck: YES: Must revalidate stale response\n");
return STALE_MUST_REVALIDATE;
}
/* request-specific checks */
--- 274,285 ----
debug(22, 3) ("\tcheck_time:\t%s\n", mkrfc1123(check_time));
debug(22, 3) ("\tentry->timestamp:\t%s\n", mkrfc1123(entry->timestamp));

! if (EBIT_TEST(entry->flags, ENTRY_REVALIDATE) && staleness > -1
! #if HTTP_VIOLATIONS
! && !R->flags.ignore_must_revalidate
! #endif
! ) {
! debug(22, 3) ("refreshCheck: YES: Must revalidate stale response\n");
return STALE_MUST_REVALIDATE;
}
/* request-specific checks */
***************
*** 334,339 ****
--- 338,353 ----
* At this point the response is stale, unless one of
* the override options kicks in.
*/
+ #if HTTP_VIOLATIONS
+ if (sf.expires && R->flags.override_expire && age <>min) {
+ debug(22, 3) ("refreshCheck: NO: age < min && override-expire\n");
+ return FRESH_OVERRIDE_EXPIRES;
+ }
+ if (sf.lmfactor && R->flags.override_lastmod && age <>min) {
+ debug(22, 3) ("refreshCheck: NO: age < min && override-lastmod\n");
+ return FRESH_OVERRIDE_LASTMOD;
+ }
+ #endif
if (entry->mem_obj) {
int stale_while_revalidate = -1;
if (entry->mem_obj->reply && entry->mem_obj->reply->cache_control && EBIT_TEST(entry->mem_obj->reply->cache_control->mask, CC_STALE_WHILE_REVALIDATE))
***************
*** 357,382 ****
if (delta < 0 && staleness + delta < 0) {
return STALE_WITHIN_DELTA;
}
! if (sf.expires) {
! #if HTTP_VIOLATIONS
! if (R->flags.override_expire && age <>min) {
! debug(22, 3) ("refreshCheck: NO: age < min && override-expire\n");
! return FRESH_OVERRIDE_EXPIRES;
! }
! #endif
return STALE_EXPIRES;
- }
if (sf.max)
return STALE_MAX_RULE;
! if (sf.lmfactor) {
! #if HTTP_VIOLATIONS
! if (R->flags.override_lastmod && age <>min) {
! debug(22, 3) ("refreshCheck: NO: age < min && override-lastmod\n");
! return FRESH_OVERRIDE_LASTMOD;
! }
! #endif
return STALE_LMFACTOR_RULE;
- }
return STALE_DEFAULT;
}

--- 371,382 ----
if (delta < 0 && staleness + delta < 0) {
return STALE_WITHIN_DELTA;
}
! if (sf.expires)
return STALE_EXPIRES;
if (sf.max)
return STALE_MAX_RULE;
! if (sf.lmfactor)
return STALE_LMFACTOR_RULE;
return STALE_DEFAULT;
}

*** src/store.c 2010-03-06 09:36:15.000000000 +0700
--- src/store.c 2010-07-09 08:31:41.000000000 +0700
***************
*** 553,559 ****
stringClean(&varyhdr);
#endif
str = stringDupToC(&vary);
! storeAddVary(mem->url, mem->method, newkey, httpHeaderGetStr(&mem->reply->header, HDR_ETAG), str, mem->vary_headers, mem->vary_encoding);
safe_free(str);
stringClean(&vary);
}
--- 553,559 ----
stringClean(&varyhdr);
#endif
str = stringDupToC(&vary);
! storeAddVary(mem->store_url, mem->url, mem->method, newkey, httpHeaderGetStr(&mem->reply->header, HDR_ETAG), str, mem->vary_headers, mem->vary_encoding);
safe_free(str);
stringClean(&vary);
}

*** src/store_client.c 2009-04-21 15:37:50.000000000 +0700
--- src/store_client.c 2010-11-24 09:51:46.000000000 +0700
***************
*** 894,905 ****
debug(20, 3) ("CheckQuickAbort2: YES !mem->request->flags.cachable\n");
return 1;
}
if (EBIT_TEST(entry->flags, KEY_PRIVATE)) {
debug(20, 3) ("CheckQuickAbort2: YES KEY_PRIVATE\n");
return 1;
}
- expectlen = mem->reply->content_length + mem->reply->hdr_sz;
- curlen = mem->inmem_hi;
minlen = Config.quickAbort.min << 10;
if (minlen < 0) {
debug(20, 3) ("CheckQuickAbort2: NO disabled\n");
--- 894,909 ----
debug(20, 3) ("CheckQuickAbort2: YES !mem->request->flags.cachable\n");
return 1;
}
+ expectlen = httpReplyBodySize(mem->method, mem->reply) + mem->reply->hdr_sz;
+ curlen = mem->inmem_hi;
+ if (expectlen == curlen) {
+ debug(20, 3) ("CheckQuickAbort2: NO already finished\n");
+ return 0;
+ }
if (EBIT_TEST(entry->flags, KEY_PRIVATE)) {
debug(20, 3) ("CheckQuickAbort2: YES KEY_PRIVATE\n");
return 1;
}
minlen = Config.quickAbort.min << 10;
if (minlen < 0) {
debug(20, 3) ("CheckQuickAbort2: NO disabled\n");

*** src/store_vary.c 2010-10-19 09:22:25.000000000 +0700
--- src/store_vary.c 2010-11-24 12:09:37.000000000 +0700
***************
*** 6,11 ****
--- 6,12 ----
StoreEntry *oe;
StoreEntry *e;
store_client *sc;
+ char *store_url;
char *url;
char *key;
char *vary_headers;
***************
*** 57,62 ****
--- 58,64 ----
storeUnlockObject(state->oe);
state->oe = NULL;
}
+ safe_free(state->store_url);
safe_free(state->url);
safe_free(state->key);
safe_free(state->vary_headers);
***************
*** 312,318 ****
* At leas one of key or etag must be specified, preferably both.
*/
void
! storeAddVary(const char *url, method_t * method, const cache_key * key, const char *etag, const char *vary, const char *vary_headers, const char *accept_encoding)
{
AddVaryState *state;
request_flags flags = null_request_flags;
--- 314,320 ----
* At leas one of key or etag must be specified, preferably both.
*/
void
! storeAddVary(const char *store_url, const char *url, method_t * method, const cache_key * key, const char *etag, const char *vary, const char *vary_headers, const char *accept_encoding)
{
AddVaryState *state;
request_flags flags = null_request_flags;
***************
*** 326,332 ****
state->accept_encoding = xstrdup(accept_encoding);
if (etag)
state->etag = xstrdup(etag);
! state->oe = storeGetPublic(url, method);
debug(11, 2) ("storeAddVary: %s (%s) %s %s\n",
state->url, state->key, state->vary_headers, state->etag);
if (state->oe)
--- 328,334 ----
state->accept_encoding = xstrdup(accept_encoding);
if (etag)
state->etag = xstrdup(etag);
! state->oe = storeGetPublic(store_url ? store_url : url, method);
debug(11, 2) ("storeAddVary: %s (%s) %s %s\n",
state->url, state->key, state->vary_headers, state->etag);
if (state->oe)

*** src/store_vary.h 2010-02-14 14:34:59.000000000 +0700
--- src/store_vary.h 2010-07-09 08:31:42.000000000 +0700
***************
*** 4,10 ****
extern void storeLocateVaryDone(VaryData * data);
extern void storeLocateVary(StoreEntry * e, int offset, const char *vary_data,
String accept_encoding, STLVCB * callback, void *cbdata);
! extern void storeAddVary(const char *url, method_t * method, const cache_key * key,
const char *etag, const char *vary, const char *vary_headers,
const char *accept_encoding);

--- 4,10 ----
extern void storeLocateVaryDone(VaryData * data);
extern void storeLocateVary(StoreEntry * e, int offset, const char *vary_data,
String accept_encoding, STLVCB * callback, void *cbdata);
! extern void storeAddVary(const char *store_url, const char *url, method_t * method, const cache_key * key,
const char *etag, const char *vary, const char *vary_headers,
const char *accept_encoding);

*** src/structs.h 2010-04-21 21:10:06.000000000 +0700
--- src/structs.h 2010-07-09 08:31:42.000000000 +0700
***************
*** 1706,1712 ****
unsigned int reload_into_ims:1;
unsigned int ignore_reload:1;
unsigned int ignore_no_cache:1;
! unsigned int ignore_no_store:1;
unsigned int ignore_private:1;
unsigned int ignore_auth:1;
#endif
--- 1706,1713 ----
unsigned int reload_into_ims:1;
unsigned int ignore_reload:1;
unsigned int ignore_no_cache:1;
! unsigned int ignore_no_store:1;
! unsigned int ignore_must_revalidate:1;
unsigned int ignore_private:1;
unsigned int ignore_auth:1;
#endif

*** src/main.c 2010-04-21 21:10:06.000000000 +0700
--- src/main.c 2010-07-12 09:35:25.444745821 +0700
***************
*** 581,587 ****

_db_init(Config.debugOptions);
_db_init_log(Config.Log.log);
! fd_open(fileno(debug_log), FD_LOG, Config.Log.log);
#if MEM_GEN_TRACE
log_trace_init("/tmp/squid.alloc");
#endif
--- 581,588 ----

_db_init(Config.debugOptions);
_db_init_log(Config.Log.log);
! if (debug_log != stderr)
! fd_open(fileno(debug_log), FD_LOG, Config.Log.log);
#if MEM_GEN_TRACE
log_trace_init("/tmp/squid.alloc");
#endif

*** src/main.c 2010-04-21 21:10:06.000000000 +0700
--- src/main.c 2010-07-15 09:08:53.385643957 +0700
***************
*** 682,688 ****
#if USE_WCCPv2
wccp2Init();
#endif
! serverConnectionsOpen();
neighbors_init();
if (Config.chroot_dir)
no_suid();
--- 682,689 ----
#if USE_WCCPv2
wccp2Init();
#endif
! if (!opt_foreground_rebuild)
! serverConnectionsOpen();
neighbors_init();
if (Config.chroot_dir)
no_suid();
***************
*** 911,916 ****
--- 912,922 ----
#endif
serverConnectionsClose();
eventAdd("SquidShutdown", SquidShutdown, NULL, (double) (wait + 1), 1);
+ } else if (opt_foreground_rebuild && !store_dirs_rebuilding) {
+ opt_foreground_rebuild = 0;
+ enter_suid();
+ serverConnectionsOpen();
+ leave_suid();
}
/* Set a maximum loop delay; it'll be lowered elsewhere as appropriate */
loop_delay = 60000;

*** src/client_side_request_parse.c 2010-04-05 14:40:47.000000000 +0700
--- src/client_side_request_parse.c 2010-07-27 11:01:51.520075515 +0700
***************
*** 516,521 ****
--- 516,569 ----
ret = -1;
goto finish;
}
+
+ /*
+ * Normalize Request Cache-Control / If-Modified-Since Headers
+ * Don't let client by-pass the cache if there is cached content.
+ */
+ if(httpHeaderHas(&request->header,HDR_CACHE_CONTROL)) {
+ httpHeaderDelByName(&request->header,"cache-control");
+ }
+
+ /*
+ * Un-comment this if you want Squid to always respond with the request
+ * instead of returning back with a 304 if the cache has not changed.
+ */
+
+ if(httpHeaderHas(&request->header,HDR_IF_MODIFIED_SINCE)) {
+ httpHeaderDelByName(&request->header,"if-modified-since");
+ }
+
+ /*
+ * Normalize Accept-Encoding Headers sent from client
+ */
+ if(httpHeaderHas(&request->header,HDR_ACCEPT_ENCODING)) {
+ String val = httpHeaderGetByName(&request->header,"accept-encoding");
+ if(val.buf) {
+ if(strstr(val.buf,"gzip") != NULL) {
+ httpHeaderDelByName(&request->header,"accept-encoding");
+ httpHeaderPutStr(&request->header,HDR_ACCEPT_ENCODING,"gzip");
+ } else if(strstr(val.buf,"deflate") != NULL) {
+ httpHeaderDelByName(&request->header,"accept-encoding");
+ httpHeaderPutStr(&request->header,HDR_ACCEPT_ENCODING,"deflate");
+ } else {
+ httpHeaderDelByName(&request->header,"accept-encoding");
+ }
+ }
+ stringClean(&val);
+ }
+
+ /*
+ * Normalize Accept-Encoding Headers for video/image content
+ */
+ char *mime_type = mimeGetContentType(http->uri);
+ if(mime_type) {
+ if(strstr(mime_type,"image") != NULL || strstr(mime_type,"video") != NULL || strstr(mime_type,"audio") != NULL) {
+ httpHeaderDelByName(&request->header,"accept-encoding");
+ }
+ }
+
+
/*
* If we read past the end of this request, move the remaining
* data to the beginning

atau bisa donlot disini

yuk mainan lusca cache di freebsd....

2010-07-27T09:17:00.021+07:00

Setelah sekian lama "bermain-main" dengan squid 2.7 STABLE7, iseng iseng mencoba lusca cache besutan Adrian Chadd. Lusca cache sebenarnya masih kerabatan sama squid 2.7 soalnya lusca dikembangkan dari sana. Perbedaannya, lusca salah satunya mencoba menitikberatkan peningkatan performa dalam peyimpanan cache ke hardisk dan beberapa script dicoba ditata ulang untuk meningkatkan performanya. Salah satu hasil signifikan adalah Modul COSS, dimana COSS lusca proses rebuildingnya lebih cepet dibanding COSS di squid aslinya.

Ok, back to topik again..
karena lusca ini nantinya akan berjalan di freebsd (saya pake freebsd 8.0) maka sudah tentu harus sukses dulu install freebsdnya :D
Untuk hanya menjalankan lusca cache difreebsd, paket yang dibutuhkan hanya perl. Anda bisa menginstallnya via port. Agar lebih "menyenangkan" , segala proses install menggunakan putty dan winscp jadi pengerjaannya via remote dari komputer/laptop basis win***s.

1. install perl via port

#cd /usr/ports/lang/perl5.10
#make install clean

tunggu beberapa saat, untuk mengetest apakah perl sudah terinstall ketikan saja diterminal perl -v

2. Download source lusca cache.

Source lusca cache versi terakhir bisa di donlot di code.google.com/p/lusca-cache/. Setelah di donlot silahkan di trasnfer ke mesin freebsd memakai winscp. Anda bisa menaruhnya di /usr/local/src
donlot juga patch ini lusca-patch nanti diesktrak dan taruh juga di /usr/local/src

3. Kompilasi lusca cache.

Setelah di transfer ke mesin freebsd via winscp dan diletakan di /usr/local/src selanjutnya kita unpack source dan lakukan patch :

#cd /usr/local/src
#tar -xvf LUSCA_HEAD-rxxxx.tar.gz
#cd LUSCA_HEAD-rxxxx
#patch -p0 < ../lusca-r14723-sum14rdi.patch #./configure --bindir=/usr/local/bin --sbindir=/usr/local/sbin --sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid --libexecdir=/usr/local/libexec/squid --localstatedir=/var/log/squid --enable-removal-policies="heap" --enable-auth="basic ntlm digest" --enable-digest-auth-helpers=password --with-pthreads --enable-async-io=24 --with-aufs-threads=24 --enable-storeio="aufs coss" --disable-ident-lookups --enable-delay-pools --enable-snmp --enable-cache-digests --disable-wccp --enable-useragent-log --enable-http-violations --enable-arp-acl --enable-pf-transparent --disable-follow-x-forwarded-for --with-large-files --enable-large-cache-files --enable-default-err-language=English #make && make install

4. Running for first time

sebelum squid dijalankan pastikan telh dibuat user dan group squid di freebsd, kemudian squid.conf yang ada di /usr/local/etc/squid diconfigure sesuai kebutuhannya. Anda bisa mencontoh squid.conf saya dan pastikan anda untuk menyesuaikan dengan kondisi jaringan anda.
Jangan lupa untuk mengubah kepemilikan directory untuk cache kepada squid. Setelah itu baru :

# squid -z
# squid -DF

agar squid dapat jalan otomatis ketika restart, maka taruh squid -DF di file /etc/rc.local, jika tidak ada maka silahkan membuatnya.

SELESAI

Install FreeBSD ke hardisk (bukan tutorial)

2010-07-27T09:17:00.017+07:00

Setelah sekian lama gak tulis-tulis (akibat lupa username dan password ke blog ini) sekarang mencoba menuangkan kembali pengalaman saya. Ini adalah yang pertama pasca ketemunya username dan passwordnya :D

Sebenarnya sudah banyak yang mengulas bagaimana cara menginstall freebsd ke hardisk. Anda bisa "sowan" ke simbah google, salah dua nya yang menurut saya simple ada disini

1. www.freebsd.org
2. freebsd.or.id

secara garis besar menginstall freebsd ke hardisk meliputi beberapa bagian besar yaitu:
1. pemilihan setup
2. pemilihan partisi.
3. pemilihan file system & swap (labeling)
4. pemilihan source
5. memulai proses instalasi

(Ter) Gila2 sama Linux Mint 7

2009-12-08T17:05:00.002+07:00

Sudah sekitar 3 bulan ini lagi berusaha untuk pindah dari lingkungan Microsoft Windows XP ke Linux Mint 7. Udah Bosen "menggauli" MW XP (karena gak punya duit buat beli yang asli) jadinya cari yang gratisan.
Dipilih Linux Mint 7 karena saya masih anak TK untuk urusan Linux dan merasa ini yang paling cocok buat saya. Walau harus dibayar dengan hardware yang harus diatas rata2 jika menggunakan linux yang lain.

Linux Mint 7 merupakan turunan dari ubuntu 9.04 alias Jaunty, jadi kita juga bisa memakai repo dari ubuntu Jaunty jika ingin menginstall software.
Yang bikin senengnya adalah hampir semua hardware yang ada dikomputer saya dapat berfungsi seperti ketika di MW XP seperti TV Tuner Pixelview, Printer HP 1020 Scanner HP 4070.

kern.maxfiles di freebsd

2009-07-02T09:27:00.002+07:00

Kejadian berawal dari perubahan settingan untuk menurunkan jumlah file deskriptor di squid yang berjalan disystem freebsd yang semula 8192 menjadi 1082. Setelah googling sana sini didapat caranya yaitu dengan merubah angka kern.maxfiles dan kern.maxfilesperproc yang ditaruh di /boot/loader.conf
maksudnya menurunkan file deskriptor squid, dari hasil googling katanya gak perlu besar-besar nilainya jika kebesaran malah membebani squidnya.
singkat kata nilai kern.maxfiles dan kern.maxfilesperproc dikasih nilai 1024 sehingga didapat nilai file deskriptor sebesar 1082, lalu komputer squidnya di restart.
karena waktu itu pengerjaannya melalui proses remote, dimana yang dioprek adalah proxy warnet dan saya ada dikantor jadinya gak tahu efeknya terhadap browsing. selang 10 menit operator warnetnya complain via ym katanya browsingnya jadi lelet.
sebetulnya saya tidak tahu klo leletnya browsing diakibatkan oleh perubahan nilai kern.maxfiles dan kern.maxfilesperproc, karena dari hasil tail -f access.log terlihat access time nya yang besar-besar setiap ada request dari client sampai 5 digit orde time accessnya. karena access time yang lama, pikiran saya tertuju sama hardisk yang digunakan untuk simpan cache. Kebetulan hardisk untuk simpan cache memang panas sekali, lalu saya pasang kipas. Tapi tidak membawa perubahan terhadap time accessnya yang masih besar.
akhirnya setelah mentok, ya kembalikan saja settingan ke awal sewaktu berjalan normal dimana:

kern.maxfiles=32768
kern.maxfilesperproc=32768

nilai ini saya pasang sembarang, jadi silahkan bereksperimen sendiri, yang pasti dengan angka segini sudah cukup gesit buat kerja proxy saya.
sebagai tambahan hardisk yang digunakan semuanya PATA IDE berjumlah 2 buah.

udah lama euy......

2009-06-26T16:54:00.002+07:00

udah lama gak "nabung" tulisan......
sedikit curhat masalah proxy freebsd. Ternyata perangkat keras komputer terutama hardisk benar2 mempengaruhi performance dari proxy. Hardisk yang cepet panas berdampak ke access time dari proxy jadi bertambah, efeknya ngenet jadi agak sedikit lag.
Jadi pastikan hardware terutama hardisknya sehat, sirkulasi udara di komputer yang buat proxy dipastikan juga lancar.
Walaupun diping sana sini masih lancar dan memberikan latency yang kecil, tapi jika hardisknya panas maka squidnya akan sedikit macet.

Berbagi ide....bandwidth management

2009-06-08T19:11:00.003+07:00

Pada kesempatan ini saya ingin menuangkan ide saya, dari hasil percobaan di tiga tempat. Ide mengenai pembagian bandwidth internet. Idenya adalah sebagai berikut, saya menginginkan agar aktifitas browsing mendapatkan bandwidth yang memadai tetapi tidak untuk aktifitas donlot, p2p dan watching video streaming.
Untuk keperluan tersebut saya menggunakan mikrotik dan squid proxy yang jalan di freebsd.Mikrotik digunakan sebagai pembatas global, dalam percobaan saya memberikan bandwidth donlot sebesar 256Kbps per klien dan upload saya batasi 32Kbps. Sedangkan squid disamping sebagai cache saya manfaatkan fungsi delay pools nya untuk menangkap aktifitas donlot extension tertentu. Untuk aktifitas donlot extension tertentu saya berikan speed 9 KBps atau setara 72Kbps.
Alasan mengapa untuk browsing diberikan sebesar 256Kbps karena saya beranggapan untuk aktifitas browsing kebutuhan bandwidthnya adalah fluxtuatif alias naik turun dan tidak kontinu, sedangkan untuk donlot dia bersifat kontinu. Namun untuk penggunaan browsing yang agresif mungkin nilai 256Kbps perlu diturunkan, karena walaupun fluxtuatif jika agresif maka kesannya juga seperti kontinu.

Untuk setting detailnya....menyusul, setelah didapatkan hasil yang pas...

Creative Theme Day 2009........

2009-05-08T10:13:00.003+07:00

satu lagi nih ide dari temen-temen yang oke punya.....Creative Theme Day.....
lebih lengkapnya kesini aja ya....
http://creativethemeday.com/ctd-update/press-release-creative-theme-day-dengung-tahun-kreatif-2009-di-dunia-maya/

ayo satukan tekad untuk indonesia yang lebih sejahtera, adil dan makmur..........amin

sedikit tips bagi yang ingin menginstall FreeBSD....

2009-04-29T10:13:00.003+07:00

Untuk kali ini saya tidak akan membahas bagaimana cara menginstall FreeBSD, Karena di website FreeBSD sendiri sudah sangat jelas sekali tentang cara-cara menginstall FreeBSD. Bagi yang membutuhkan caranya disini linknya .
Jika mengikuti petunjuk dari link tersebut dipastikan 99% berhasil menginstall FreeBSD. Namun ada beberapa hal yang perlu diperhatikan, antara lain :

Pastikan untuk membaca petunjuk/pertanyaan yang muncul sewaktu menginstall, tidak perlu tergesa-gesa untuk mengklik/meng-enter setiap pilihan jawaban.
Persiapkan Layout/gambaran tentang besaran partisi yang diinginkan. Sesuaikan dengan kapasitas hardiknya. Untuk kepeluan FreeBSD (dan kebanyakan dari Linux juga) sebenarnya kita hanya memerlukan dua buah partisi hardisk yaitu partisi swap dan / . Namun ada yang menyarankan agar partisi / juga dipecah-pecah menjadi / , /var (tempat menaruh log, jika membutuhkan log, tidak semua aplikasi dapat dihilangkan lognya (menurut saya sich :D ), /usr (partisi ini diusahakan untuk mendapat porsi yang besar karena partisi ini tempat menaruh ports dan segala setting dari aplikasi yang diinstall). Dengan kata lain partisi / dipecah menjadi 3 bagian yaitu /, /var, /usr.
Untuk pembagian partisi disesuaikan dengan kapasitas hardisknya, klo saya biasanya untuk hardisk dengan kapasitas 40 GB, untuk /swap = 2 kali kapasitas memory fisik saya, misal memory fisik 512 MB maka /swap=1 GB. Untuk / = 3 GB, /var =3 GB, /usr = 5 GB dan sisanya bisa buat simpan data.
Satu hal yang penting jangan menaruh partisi /swap di bagian pertama hardisk, karena akan berakibat setelah selesai install dan restart maka nanti dianggap tidak ada OS-nya dikarenakan default bootingnya di F1 (tempat swap jika swap di partisi pertama). Walaupun hal ini dapat diatasi dengan menekan tombol F2, F3, atau F4 tergantung di partisi mana / ditaruh. Jadi lebih baik menaruh partisi / dibagian pertama hardisk.

Selamat mencoba

Lagi Nyoba squid 2.7 stable6 di mesin FreeBSD 7.1.....

2009-04-18T18:39:00.002+07:00

Penasaran dengan mesin FreeBSD, akhirnya diputuskan untuk mencobanya. Didonlotlah FreeBSD 7.1 kemudian didalamnya di pasang squid 2.7 Stable7. Mesin sekarang (pada saat tulisan ini ditulis) sudah mulai unjuk performanya, nanti klo cachenya udah gede diatas 10 Giga baru saya akan tulis step-stepnya saya membangun mesin squid ini.

Sebagai tambahan untuk mesin yang sekarang saya menggunakan 3 buah hardisk, 1 hardisk 40 Giga untuk sistem dan cache (20 Giga untuk cachenya) dan 2 buah hardisk 10 Giga juga buat cache. Sebelumnya sewaktu menggunakan smoothwall saya menggunakan hardisk SATA, sekarang saya mencoba menggunakan hardisk tua di mesin freebsd.
Dengan memory yang saya turunkan juga yang awalnya 2 GB sekarang menjadi 512MB.

Intinya saya menginginkan dengan hardware yang winimal namun mudah-mudahan akan menghasilkan yang maksimal.....amin

Menyesuaikan Option L1 direktory smoothwall....

2009-02-27T08:39:00.005+07:00

Sesuai judul, sedikit tips ini dilakukan dismoothwall.. karena untuk linux lainnya tinggal rubah aja di squid.conf-nya lalu tinggal restart squidnya. Dalam squid.conf kita diharuskan menentukan letak directory dari cache, biasanya bentuknya seperti ini :

cache_dir aufs /var/spool/squid/cache 20000 48 256

dimana :

cache_dir = command squid-nya.
aufs = "storage format" (agak OOT saya mengartikannya...:( )
20000 = ukuran cache yang diinginkan (dalam MB) dari forum2 squid usahakan tidak lebih dari 70% total kapasitas hardisk.
48 = L1 direktory yang dihitung dengan rumus, L1=(cache_size * 2 * 1024)/(256*256*13).
256 = L2 direktory

untuk mengubah cache_dir ini di linux ya tinggal edit aja squid.conf lalu restart squid-nya. Sedangkan untuk smoothwall harus sedikit usaha untuk mengubah angka L1 dikarenakan proses penulisan squid.conf dismoothwall dilakukan via web-nya.
Setelah kita menentukan besar ukuran cache size yang disesuaikan dengan kapasitas hardisk kita dan dihitung besar L1 direktorynya dengan rumus diatas kemudian kita harus mengubah angka2 option di bagian web advanced-proxy-nya.

pada bagian "number of level 1 subdirectory" jika masih memakai yang asli tidak akan terdapat angka2 yang sesuai jika kita menggunakan rumus diatas (terutama untuk ukuran cache, 10000 MB, 15000MB, 20000MB dan 25000MB) untuk itu kita harus mengubahnya.
Dengan menggunakan winscp masuk ke directory /httpd/cgi-bin di smoothwall lalu klik kanan file advproxy.cgi dan temukan kata-kata ini

option value='16' $selected{'L1_DIRS'}{'16'}>16

ganti ganti angka 16 dengan 16, 24, 32, 36, 48, 60, 64,
kemudian simpan file tadi. maka sekarang di web adv-proxy-nya dibagian "number of level 1 subdirectory" akan muncul angka 16, 24, 32, 36, 48, dst.
Sekarang tinggal menyesuaikan dengan ukuran cache-nya, sebagai contoh untuk cache ukuran 20000MB maka L1 diset 48 lalu klik save and restart.
selesai sudah.....

schedulling akses client ke yahoo messenger........

2009-02-12T18:17:00.003+07:00

hihihi.....lanjut lagi ah mumpung ada kesempatan buat nulis...
pada intinya cara ini dimaksudkan untuk membatasi jam chating dengan menggunakan yahoo mesenger yang diinstall dan yang menggunakan web yahoo messenger. Yang dilakukan adalah dengan memblock port-port yang dipakai (dari hasil-nya didapat bahwa "hanya" dengan port-port ini sudah membuat client tidak bisa chating baik menggunakan ym yang diinstall atau dengan web yahoo messenger) sedangkan untuk cara login yang lain semisal lewat meebo atau lain2 diambil langkah ekstrim dengan memblock website-nya berdasarkan ip-nya (didapat dari hasil ping ) dan lagi-lagi ini dilakukan di mikrotik dengan menggunakan winbox.exe. Adapun port2 yang diblock adalah :

port tcp : 5100, 1677, 5050-5051, 5000-5010, 20-21, 23, 8001, 25, 27, 119, 37.
port udp : 8001

jika dibuat kebijakan yang sama dimana semuanya dibatasi jam chating termasuk admin (adalah hil yang mustahal....pinjem kata2 alm.asmuni ) maka tinggal membuat filter rule di firewall (dengan chain: forward) lalu diberi comment yang sama. Comment ini nantinya digunakan sebagai tag pada script untuk meng-enable atau disable filter rule-nya. setelah script dibuat (ada 2 buah script, satu enable rule dan satunya lagi disable rule) tinggal kita buat schedullernya disesuaikan dengan kebutuhannya.

contoh scriptnya :
1. script filter rule :

/ip firewall filter
add action=drop chain=forward comment=ym disabled=no dst-port=5000-5010 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=20-21 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=23 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=
tcp
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=
udp
add action=drop chain=forward comment=ym disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=27 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=119 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=37 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-address=\
208.81.191.110 src-address-list=LAN

yang terakhir itu untuk block meebo.
2. enable/disable script

/system script
add name=ym-on policy=ftp,reboot,read,write,policy,test,winbox,password,sniff \
source="/ip firewall filter disable [find comment=ym]"
add name=ym-off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall filter enable [find comment=ym]"

3. scheduller script

/system scheduler
add comment="" disabled=no interval=1d name=sch-ym-on on-event=ym-on \
start-date=oct/22/2008 start-time=10:00:00
add comment="" disabled=no interval=1d name=sch-ym-off on-event=ym-off \
start-date=oct/22/2008 start-time=14:00:00

contoh scheduller diatas klien bisa chating mulai jam 10.00 dan kemudian dimatikan jam 14.00.

Untuk kebijakan lain, semisal hanya ip dari komputer admin atau ada sekumpulan ip client yang bisa online selalu maka harus dibuatkan address-list yang memuat ip-ip yang bebas chating. Address list ini tinggal dimasukan ke dalam src-address-list di rule-rule diatas dan jangan pula menambahkan tanda seru (!) disamping src-address-list. klo tidak diberi tanda (!) maka hanya ip yang masuk didalam address list yang akan diblock.

selamat mencoba...

Membatasi inetan di kantor........dengan mikrotik..

2009-02-09T09:00:00.004+07:00

Wew......ketemu lagi..... :D

Lanjut ah, sharing cara membatasi inetan dikantor....lagi-lagi dengan mikrotik. Kantor saya gak terlalu gede sih, denga jumlah PC dalam jaringan LAN ada sekitar 65 buah. Saya memakai ip range 192.168.0.1/24, dengan gateway saya taruh di 192.168.0.1 ya itu mikrotik sebagai gatewayya. Dari range IP tersebut ternyata sama boss tidak diijinkan semuanya dapat mengakses inet....hehe...hehe...dan agak parahnya IP yang boleh inetan itu acak alias tidak berurutan, sebagai tambahan saya memakai DHCP untuk pengaturan IP (biar gak pusing nyatetin IP klo ada perubahan cpu atau ada tambahan cpu). Kayaknya cukup untuk alasan pembatasan inetnya, kita lanjut ke settingnya...

Oh....ya semua setting dilakukan menggunakan winbox.exe soalnya bisa-nya itu je...

Login ke mikrotik menggunakan winbox.
masuk ke menu /ip firewall address-list
klik add (tanda plus)
isikan name dengan yg unik, misalkan INET lalu isikan ip dengan ip yang punya akses inetan.
ulangi langkah 4 sehingga semua ip yang punya akses inetan tercatat dengan nama address-list yang sama.
selanjutnya kita mengubah setting masquerade kita, yang awalnya src-address diisi dengan full range ip client. Diganti dengan cara mengosongkan src-address di tab general dan pindah ke tab advanced kemudian mengisikan src-address list dengan list ip yang baru kita buat.
langkah 6 akan mengakibatkan ip-ip diluar ip adress-list tidak akan dimasquerade dan sudah tentu tidak akan bisa inetan....sesuai dengan kemauan kita khan ???
untuk lebih memastikan lagi, sebaiknya dibuatkan rule difilter rule dengan chain forward, lalu in-interface=interface yang mengarah ke client, kemudian ke tab advanced pada bagian src-address list= ip list yang baru dibuat, kemudian beri tanda seru (pentung) disamping kirinya dan untuk action=drop. rule ini ditaruh dipaling atas.
langkah ke 8 akan berakibat semua ip diluar list tidak akan diforward/diteruskan permintaannya.

ok selesai...silahkan mencoba..

(Tips....) menggabungkan adzapper, urlfilter (squidguard) dan Updatecacher di smoothwall..

2009-02-07T17:33:00.002+07:00

Terima kasih bagi anda yang setia mengikuti blog saya ini..

Jika anda telah berhasil menginstall smoothwall ditambah dengan addon seperti Advanced web proxy, urlfilter dan adzapper saya ucapkan selamat..
Sekarang saya lanjutkan dengan menambahkan satu lagi addon yaitu update cache, gunanya adalah mencache file-file update seperti dari windoz, file-file update antivirus dll. Filenya dapat di donlot disini http://mods.smurfsofwar.com/files/mods/updatecacher-swe3-0.9-beta2.tgz
Install seperti biasa (Jika smoothwall anda digunakan untuk warnet dan pada saat anda menginstall addon ini sedang banyak client, lebih baik web-proxynya di by pass dulu. Dikarenakan setelah diinstall update cache-nya akan menyebabkan web-proxy tidak berjalan. Hal ini dikarenakan terdapat lebih dari satu redirector...)

pindahkan file update cache hasil donlot ke foder /tmp di smoothwall dengan menggunakan winscp.
gunakan putty untuk mengakses konsol smoothwall lalu ketikan :

tar -zxvf updatecacher-swe3-0.9-beta2.tgz -C / ./install-updatecacher.sh

kemudian edit file include.acl yang ada di /var/smoothwall/proxy/advanced/acls cari baris yang memuat :

url_rewrite_program /var/smoothwall/mods/updatecacher/bin/redir.pl

setelah ditemukan di uncomment saja lalu disave file include.acl tadi.
kemudian kita beralih ke file wrapzap yang ada di /usr/local/adzapscripts kemudian carai baris yang memuat :

exec /usr/local/adzap/scripts/zapchain "$zapper" /usr/sbin/squidGuard

lalu diganti dengan :

exec /usr/local/adzap/scripts/zapchain "$zapper" "/usr/sbin/squidGuard -c /var/smoothwall/urlfilter/squidGuard.conf" "/var/smoothwall/mods/updatecacher/bin/redir.pl"

langkah terakhir adalah merestart advanced web-proxy dengan cara masuk ke web smoothwall lalu ke bagian service, advanced web proxy. Klik tombol save and restart

Untuk melihat apakah advanced proxy sudah berjalan atau belum, bisa dilihat dikonsol dengan mengetik :

ps ax

Jika advanced proxy sudah berjalan akan muncul tulisan seperti ini :

selamat mencoba.....

(satu lagi...) Distro karya anak negeri....

2009-01-31T16:48:00.003+07:00

Selamat....saluuuuuut.........
Atas meluncurnya distro baru turunan puppy linux, namanya Kinjeng.OS
Sebuah distro dengan 3 penampilan yaitu xp look, mac look dan vista look.
Walau belum sempet install kinjeng, tapi karena pernah install puppy linux kemungkinan akan sama saja caranya. Dan bagi pengguna linux "umumnya" dan newbie seperti saya, ketika berhadapan dengan puppy linux akan berbeda sekali, terutama gaya install aplikasi-aplikasinya.
Semoga saja dengan peluncuran distro baru turunan puppy linux ini akan membuat newbie-newbie seperti saya akan semakin mudah saja untuk memakai linux.

sekali selamat dan tetap semangat..tetap sehat...biar kita sama-sama mengexplore linux kita masing-masing

Untuk Lengkapnya mengenai kinjeng.OS silahkan kemari aja : http://linuxkinjeng.wordpress.com/

NB:mau pelurusan atau klarifikasi saja, dari beberapa komen melalui mesenger saya, beberapa menyangka ini distro buatan saya akan tetapi ini bukan buatan saya...sekali lagi ini distro bukan saya yang membuat (kasian yang sudah susah2 bikin :D ) di blog yang saya sebutkan disitu ada siapa yang membuatnya....
terima kasih...semoga tidak ada kesalahpahaman lagi...

Lock IP dan MAC address client di Mikrotik....

2009-01-28T19:30:00.007+07:00

Mungkin anda pernah mengalami, ada client nakal yang coba-coba memakai ip komputer admin untuk mendapatkan akses inet tanpa batas........wuih suuuuuebelnya....bukan apa-apa sich, tapi yang kena marah oleh atasan tentu yang mengatur akses inetnya (baca: saya).

Bagi anda yang menggunakan Mikrotik sebagai pengatur (gateway/router/web-proxy) akses ditempat anda, mungkin ini ada sedikit cara untuk mengatasi agar ip-ip yang mempunyai akses inet tidak bisa saling dipertukarkan...

Kita langsung ke TKP aja, yuk.....

Login ke Mikrotik menggunakan winbox (maaf bagi CLI mania....saya bisanya GUI..hehehehe).
Pastikan semua client sudah ON semua, karena kita akan merekam mac-address menggunakan IP SCAN yang ada diwinbox.
Masuk ke menu IP-->Firewall kebagian tab address-list
Isikan nama sesuai keinginan anda asal mudah diingat, kemudian IP client. Prosedur ini dilakukan untuk semua client dengan nama address-list yang sama. Jika semua client sudah dimasukan ke dalam address-list selanjutnya menuju tab: NAT
Gambar diatas adalah merubah rule/script dari nat-masquerade yang sudah ada, dimana biasanya di bagian general untuk src-address diisikan range ip client. Untuk kali ini dirubah, sehingga hanya client yang ada di address-list saja yang akan dimasquerade.
Langkah selanjutnya adalah merekam mac-address dari client kita, untuk itu kita menggunakan tools ip-scan. menuju menu tools dan pilih ip-scan
Interface dipilih interface yang ada dimikrotik yang mengarah ke LAN, untuk address range silahkan disesuaikan dengan ip-range client anda. Setelah itu silahkan klik start, dan tunggu beberapa saat. Setelah semua ip berhasil ditampilkan, biarkan tool ip-scan (tidak usah di close), kemudian menuju menu IP-->ARP
Maka didalam ARP list akan muncul ip dan mac-address dari client. Selanjutnya adalah membuat agar arp-list menjadi static dengan cara meng-klik kanan setiap pasangan ip dan mac-address tersebut dan pilih option make statik. Ini dilakukan untuk semua ip yang muncul. Setelah semua menjadi statik selanjutnya menuju menu INTERFACES
Pilih interface yang menuju klien, klik kiri dua kali sehingga muncul gambar seperti diatas. Kemudian pada option ARP dipilih reply-only
Selesai

Untuk mengetesnya silahkan anda ganti salah mac-address client anda dengan ip yang bukan pasangannya di arp-list tadi....

selamat mencoba..

Mengamankan web-proxy kita.....

2009-01-27T17:20:00.004+07:00

Setelah kita berhasil menggabungkan smoothwall dengan mikrotik. Apabila koneksi kita menggunakan speedy yang memiliki bandwidth uploadnya yang kecil, sudah selayaknya agar kita mengamankan web-proxy ini supaya hanya client lokal kita saja yang menggunakannya. Apabila ada client dari luar (dari WAN) ikut juga menikmati web-proxy ini maka dijamin koneksi inet kita akan loyo dikarenakan Bandwidth upload kita habis terpakai oleh client luar ini....jadi berhati-hati lah!!!

Langkah pengamanan ini sebenarnya tidak hanya diperuntukan bagi pemakai yang menggunakan koneksi speedy (dengan mengeset modem sebagai bridge modem), tetapi juga koneksi yang lainnya, dengan menyesuaikan parameter "in-interface" disesuaikan dengan jenis koneksi WAN-nya.

Kita lanjut ke tujuan utama kita:

Login ke Winbox kemudian masuk ke menu IP-->Firewall-->Filter
Ikuti option-option diatas,untuk jenis koneksi selain speedy tinggal menyesuaikan "in-interface", dimana interface yang digunakan adalah interface mikrotik yang mengarah ke WAN/internet, kemudian pindah ke tab action, diisikan drop.
Langkah ke-2 diulang untuk port-port:3128,808
Selesai

waduuuh......ribetnya install berry linux...

2009-01-16T20:00:00.003+07:00

Terbentur pada spek hardware pc untuk sekretariat RT, mau gak mau harus cari distro linux yang ringan tetapi sudah menggunakan kernel 2.6. dan tampilannya gak kuno-kuno amat :D
Ditambah pengetahuan linux yang masih seujung kuku kutu.....jadi cepede.
Iseng iseng browsing dan dapet puppy linux sama berry linux.
Pertama install puppy linux....gak masalah :D .Linux dapat diinstall dengan baik ke hardisk dan jalan tapi sayangnya program2 yang diinstall gak familiar. Tapi dari soal speed, dengan "hanya" RAM 128MB dapet leluasa ngacir...
terbentur dengan program openoffice yang belum ada (tapi selanjutnya berusaha untuk menginstall secara manual paket openoffice...dengan hasil .....gatot alias gagal total :( ). Selanjutnya diputuskan untuk menginstall berry linux....

Install bery linux.....

Sesuai kebiasaan distro sekarang, setelah berhasil booting dari CD tentunya akan mencari option untuk menginstall ke hardisk. Setelah "ubek-ubek" sana kesini...eh gak taunya ngumpet tuh option (sebenarnya agak secara kebetulan nemunya...karena tulisannya "berri installer" yang saya asumsikan buat install paket-paket diberry bukan install berry ke hardisk..)
setelah diklik dan masukan password root (paswordnya ternyata juga root...hehehehehe)
udah dech akhirnya berhasil install berry linux, yang udah ada openoffice versi 3 lagi....

Setting VPN di mikrotik memakai PPtP...

2009-01-16T16:19:00.014+07:00

Pengantar..

Sebenernya agak males untuk menulis masalah setting VPN ini, dikarenakan banyak yang sudah mengulasnya secara mendalam. Kemudian atas permintaan seorang teman dan adanya ketersediaan waktu akhirnya saya tulis juga. Namun VPN yang akan saya setting hanya menggunakan satu jenis yaitu PPtP (Point to Point tuneling protocol)

Asumsi..

Jaringan inet anda dengan menggunakan gateway/router mikrotik sudah berjalan dengan baik dan juga memiliki ip public.
IP pool untuk VPN : 192.168.15.1-192.168.15.50
IP Mikrotik yang mengarah ke LAN :192.168.0.245

Action...

silahkan login ke mikrotik anda dengan menggunakan winbox...
kemudian kita masuk ke modul Ip-->Pool
untuk nama bisa diberikan sesuai dengan keinginan anda, yang penting mudah diingat
untuk address dimasukan : 192.168.15.1-192.168.15.50 dan next pool=none lalu klik OK
Selanjutnya kita masuk ke modul PPP ke tab profiles, lalu klik tanda plus..
Untuk nama silahkan cari yang unik, kemudian local address diisikan dengan ip mikrotik yang mengarah ke LAN dan DNS server diberi ip yang sama (dengan catatan pada setting DNS di mikrotik pada option allow remote request di ceklist) lalu klik OK
Selanjutnya kita pindah ke tab secrets masih pada modul PPP, kemudian diklik tanda plus-nya
Pada bagian ini untuk memberikan akses/username untuk menggunakan atau login ke VPN kita, silahkan berikan username dan password yang unik. Untuk service silahkan klik pptp dan profile diisi dengan profile yang sudah dibuat tadi..lalu diklik OK
Setelah bagian ini selesai kemudian kita masuk ke TAB interface dan klik pada bagian PPTP Server
Silahkan diikuti semua option diatas kemudian klik OK, maka telah selesai setting VPN kita

Tes koneksi dengan menggunakan windows XP

Selesai....
Selamat mencoba

Setting Linksys AG241 dan Mikrotik untuk akses speedy

2009-01-13T10:30:00.013+07:00

Pengantar...

Kenapa yang digunakan adalah Linksys AG241 tidak yang lain? jawabnya simpel, dikantor saya pakenya ini. Kenapa harus ada mikrotik juga, pake linksys AG 241 juga sudah cukup klo cuma mau share internet? jawabnya simpel juga, karena pengaturan yang "agak" ruwet untuk kebutuhan share internet dikantor dan hal ini tidak dapat dipenuhi oleh sebuah linksys AG241.
Untuk kali ini linksys AG241 difungsikan sebagai bridge, sedangkan dial dilakukan oleh mikrotik. Beberapa hal yang menguntungkan jika dial dengan mikrotik :

Kita dapat memanage mikrotiknya secara langsung. Jika yang dial modem maka kita harus mengeset modem agar memforward ip dari speedy ke ip mikrotik.
Kerja modem tidak terlalu berat sehingga akan berdampak pada penurunan suhu modem (pernah mengalami modem panas ??) dan secara tidak langsung akan berdampak pada umur pemakaian dari modem itu sendiri.
konfigurasi filter yang lebih banyak jika menggunakan mikrotik

disamping keuntungan, juga ada beberepa kerugiannya:

dibutuhkan biaya tambahan untuk pc yang akan diinstall mikrotik.
dibutuhkan keahlian tambahan dalam mengkonfigurasi mikrotik.
dengan ada adanya tambahan device tentunya akan bertambah konsumsi listriknya, dengan kata lain ...tambahan biaya lagi :D

Kebutuhan....

account speedy yang masih aktif....
modem linksys AG241
Pc yang sudah terinstall dengan mikrotik dan modul ppp juga sudah terinstall...
kabel utp yang sudah dipatch straight untuk koneksi dari modem ke mikrotik.
Sebuah PC untuk mengkonfigure modem linksys AG241

Asumsi..

Topologi jaringan :

|Inet|----|Modem|----|Mikrotik|----|switch|----|Client|

Ip modem (standar) :192.168.1.1/255.255.255.0
Ip mikrotik yang mengarah ke modem :192.168.1.2/255.255.255.0
Ip mikrotik yang mengarah ke switch :192.168.0.1/255.255.255.0
Dimikrotik ada minimal 2 buah Lancard, 1 yang mengarah ke modem kita namakan WAN dan 1 lagi yang mengarah ke switch kita namakan LAN

action..

modem AG241.

Modem AG241 dihubungkan dengan PC menggunakan kabel UTP yang sudah disiapkan
IP PC dirubah disesuaikan dengan IP modem, misalkan menjadi :192.168.1.3/255.255.255.0
Modem dihidupkan dengan memasang adaptor ke sumber listrik, dan keluaran adaptor disambungkan ke modem.
Silahkan buka browser kesayangan anda, kemudian isikan 192.168.1.1 di url browser anda, maka akan muncul dialog untuk memasukan username dan password untuk masuk ke dalam menu configurasi modem. Pada keadaan standar isikan username dan password dengan admin
masuk ke tab setup
Setting gambar diatas untuk daerah jakarta tepatnya daerah bekasi, untuk daerah lainnya tinggal menyesuaikan VPI dan VCI saja

Mikrotik

PC dihubungkan ke switch yang terhubung dengan mikrotik (lihat topologi diatas) dan rubah kembali ip PC disesuaikan dengan IP yang ada, misalkan :192.168.0.3/255.255.255.0
Login kedalam mikrotik menggunakan winbox
klik menu ppp, klik tanda plus pilih pppoe client
Pada tab general ini yang diisi hanya bagian interface, dipilih WAN
pindah ke tab dial out
Pada tab dial out, yang diisi hanyalah username dan password saja. isikan username dan password dari account speedy anda.
Dial on demand, jika anda menginginkan mikrotik untuk dial ke speedy jika ada permintaan dari client untuk akses ke internet (cocok untuk account non unlimited) silahkan untuk diceklist. jika menginginkan agar mikrotik selalul terhubung dengan internet silahkan jangan diceklist bagian ini.
add default route, pada mikrotik akan ditambahkan default route yang telah disetting oleh speedy
Untuk Use peer DNS saya tidak begitu mengetahui jadi biarkan tidak diceklist
untuk bagian allow silahkan di checklist semuanya lalu klik OK
Klik menu IP-->firewall pilih tab NAT
Pilih chain :srcnat, src.address:192.168.0.0/24, out.interface=pppoe-out2, kemudian pindah ke tab action
untuk action silahkan pilih: masquerade

selesai,...
silahkan client untuk mencoba browsing..

lagi nyoba boosterblog nih....

2009-01-09T20:14:00.002+07:00

lagi nyari cara buat ningkatin traffic blog nih....
coba-coba ini

dan jangan tanya gimana hasilnya, ini baru coba2 :D

Gabungin Adzaper dan SquidGuard di Smoothwall

2009-01-09T11:18:00.006+07:00

Jika anda telah berhasil menginstall smoothwall yang didalamnya juga diinstall advproxy plus urlfilter. Lalu anda menginginkan juga agar iklan-iklan (ads) juga disingkirkan dengan alasan penghematan bandwidth, maka anda memerlukan adzaper for smoothwall. File installasinya dapat di donlot disini
Gunakan WinSCP untuk memindahkan file tersebut ke folder /tmp di smoothwall anda.
kemudian masuk ke console smoothwall menggunakan Putty, masuk ke folder /tmp dan jalankan ini

tar -zxvf adzap-sw3-v1.2.tgz -C /

lalu install dengan perintah

./install.sh

lalu login ke smoothwall melalui browser, masuk ke tab service->advanced web proxy
maka dibagian paling bawah sudah terdapat adzaper.

uncek option urlfilter dan ceklist option adzapper. Jika anda menceklist dua-duanya, maka advproxy anda tidak dapat berjalan sebagaimana mestinya dikarena squid hanya memperbolehkan menjalankan satu redirect_program....
lalu bagaimana caranya jika ingin menjalankan keduanya ??????
tenang.....banyak jalan menuju roma....
silahkan edit file

/usr/local/adzap/scripts/wrapzap

pada baris ke 67 & 68, yaitu :

exec "$zapper"
exec /path/to/zapchain "$zapper" /path/to/another/eg/squirm

diuncomment, lalu diganti dengan:

exec /usr/local/adzap/scripts/zapchain "$zapper" /usr/sbin/squidGuard

Lalu kembali ke web smoothwall local anda, masuk ke tab service-->advanced web proxy
dan hanya option adzapper yg diceklist, kemudian klik save and restart...

selesai,
selamat mencoba.

Blokir copy data dari komputer ke flashdisk atau usbdisk...

2009-01-09T10:53:00.003+07:00

hasil searching beberapa waktu yang lalu, dan sialnya saya lupa linknya...:(
bagi yang merasa...mohon maaf klo dicopas hasilnya.....peace man.... bukan maksud hati membajak..
Berikut caranya

open REGEDIT
HKEY_LOCALMACHINE\SYSTEM\CurrentControlSet\Control
Di folder CONTROL, ketik -> Edit>New>Key
folder baru tersebut beri nama —-> “StorageDevicePolicies”
“StorageDevicePolicies”, ketik Edit>New>Dword (32-bit)
key yang baru beri nama : “WriteProtect”
Klik 2x Key WriteProtect-nya, lalu ganti Value Data jadi 1
Restart PC-nya

Untuk membuka proteksi agar data bisa dicopy ke flashdisk dengan mengganti value di key write protect menjadi 0 (nol).

Remote Mikrotik bagi pengguna ip public dynamis....

2009-01-09T08:59:00.006+07:00

Pengantar...

Bagi anda sekalian pengguna ISP Tel**m aka Speeda, yang berlangganan paket opis atau paket lainnya yang diberikan IP dinamis dan menggunakan Mikrotik sebagai routernya ( jadi modem ADSL diconfigure sebagai "Bridge Mode only" dan dial dilakukan oleh mikrotik) dan berhasrat untuk meremote mikrotiknya dari jaringan internet, tentunya akan kesulitan. Dikarenakan IP yang berubah jika modem/mikrotiknya direstart.
Dengan bantuan sebuah website (disini websitenya) kita dapat meremote mikrotik kita tanpa perlu memikirkan berapa ip account speda kita.....

Action...

Sebelum action dilakukan diasumsikan bahwa tidak ada masalah dalam hal koneksi internetnya dimana yang dial adalah mikrotik..
Selanjutnya silahkan buat account di website tadi, buat sebuah subdomain yang ditawarkan diwebsite tersebut dan aktifkan service dns-nya.
Untuk mengetesnya silahkan ping subdomain yang baru anda buat tadi...klo berhasil akan ada reply dari ip account speda anda
Setelah account dibuat (berarti anda telah memiliki username dan password untuk website tersebut) kita beralih ke mikrotik....

Mikrotik...
Login ke Mikrotik anda melalui winbox...
Masuk kemenu /System/Scripts...
Klik add....dan masukan script ini :
Untuk mikrotik v2.9.xx

:log info "DDNS: Begin"

:global ddns-user "YOURUSERID"
:global ddns-pass "YOURPASSWORD"
:global ddns-host "*1"
:global ddns-interface "EXACTINTERFACENAME"

:global ddns-ip [ /ip address get [/ip address find interface=$ddns-interface] address ]

:if ([ :typeof $ddns-lastip ] = nil ) do={ :global ddns-lastip 0.0.0.0/0 }

:if ([ :typeof $ddns-ip ] = nil ) do={

:log info ("DDNS: No ip address present on " . $ddns-interface . ", please check.")

} else={

:if ($ddns-ip != $ddns-lastip) do={

:log info "DDNS: Sending UPDATE!"
:log info [ /tool dns-update name=$ddns-host address=[:pick $ddns-ip 0 [:find $ddns-ip "/"] ] key-name=$ddns-user key=$ddns-pass ]
:global ddns-lastip $ddns-ip

} else={

:log info "DDNS: No change"

}

}

:log info "DDNS: End"

Untuk Mikrotik v3.x.x

# Define User Variables
:global ddnsuser "CHANGEIPUSERID"
:global ddnspass "CHANGEIPPASSWORD"
:global ddnshost "FREEHOSTNAME.TOUPDATE.TLD"

# Define Global Variables
:global ddnsip
:global ddnslastip
:if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" }

:global ddnsinterface
:global ddnssystem ("mt-" . [/system package get system version] )

# Define Local Variables
:local int

# Loop thru interfaces and look for ones containing
# default gateways without routing-marks
:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={
:if ([:typeof [/ip route get $int routing-mark ]] != str ) do={
 :global ddnsinterface [/ip route get $int interface]
}
}

# Grab the current IP address on that interface.
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface ] address ]

# Did we get an IP address to compare?
:if ([ :typeof $ddnsip ] = nil ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")
} else={

:if ($ddnsip != $ddnslastip) do={

:log info "DDNS: Sending UPDATE!"
:log info [ :put [/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ] ]
:global ddnslastip $ddnsip

} else={
:log info "DDNS: No update required."
}

}

# End of script
Kemudian beri nama script sesuai dengan keinginan anda, lalu klik OK
Setelah script dibuat selanjutnya kita membuat scheduller, agar secara periodik mikrotik kita mengupdate subdomain yang dibuat di website "tersebut".
Masih di winbox, masuk ke menu /system/scheduler :
Klik add...
beri nama schedulernya....
atur tanggal dimulainya scheduler....
atur jamnya....
atur periodenya...mau setiap menit..setiap jam atau setiap hari....

Pada bagian On Event, tuliskan nama script yang anda buat tadi.

Selesai,
selamat mencoba.


Script didapet dari sini

Mengubah Tampilan index.cgi smoothwall

2009-01-08T16:11:00.008+07:00

Dalam kasus penggunaan smoothwall hanya untuk advproxy saja, dengan topologi smoothwall sejajar dengan mikrotik, apabila kita masih menggunakan index.cgi standar maka tampilan awal tidak akan ada tampilan statistiknya. Hal ini dikarenakan untuk index.cgi standar yang ditampilkan adalah statistik dari interface RED, sedangkan dalam kasus ini yang digunakan hanya interface GREEN saja.

Untuk itu perlu ada sedikit perubahan di dalam file
/httpd/cgi-bin/index.cgi

silahkan cari baris-baris ini (ada dibaris 353 s/d 370)

if ( open ( $iface_file, ";
chomp $iface;
close $iface_file;

# interogate the traffic stats
my %stats;
&readhash( "/var/log/trafficstats", \%stats );

$ratein = $stats{"cur_inc_rate_$iface"};
$rateout = $stats{"cur_out_rate_$iface"};

$daystatsin = $stats{"this_day_inc_total_$iface"};
$daystatsout = $stats{"this_day_out_total_$iface"};

$monthstatsin = $stats{"this_month_inc_total_$iface"};
$monthstatsout = $stats{"this_month_out_total_$iface"};

dan diubah menjadi :

if ( open ( $iface_file, ";
chomp $iface;
close $iface_file;
my $iface2 = 'eth0';

# interogate the traffic stats
my %stats;
&readhash( "/var/log/trafficstats", \%stats );

$ratein = $stats{"cur_inc_rate_$iface2"};
$rateout = $stats{"cur_out_rate_$iface2"};

$daystatsin = $stats{"this_day_inc_total_$iface2"};
$daystatsout = $stats{"this_day_out_total_$iface2"};

$monthstatsin = $stats{"this_month_inc_total_$iface2"};
$monthstatsout = $stats{"this_month_out_total_$iface2"};

kemudian pada baris 426 pada bagian yang mengandung "red-day_preview.png"
diubah menjadi "green-day_preview.png

kemudian simpan dan coba login ke smoothwall anda melalui browser...dan akan nampak perbedaannya.

Memanfaatkan ZPH di smoothwall dan Mikrotik..

2009-01-08T13:22:00.008+07:00

Jika sebelumnya saya menguraikan cara menggabungkan smoothwall dengan mikrotik saya, selanjutnya saya ingin menambahkan sedikit tambahan. Tambahan ini berguna untuk mempercepat donlot object-object yang telah dicache di advproxy smoothwall oleh client.
Tambahan yang saya maksud dengan memanfaatkan opsi ZPH di advproxy, kebetulan Adproxy versi yang saya gunakan sudah menggunakan squid 2.7 STABLE5 yang mana sudah tidak perlu dilakukan lagi patch ZPH baik di squidnya maupun di kernel linuxnya.
Kita mulai......

Smoothwall

silahkan tambahkan beberapaoption ini di file :
/var/smoothwall/proxy/advanced/acs/include.acl

#opsi zph
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

Kemudian melalui browser masuk ke-smoothwall anda, lalu ke tab webproxy dan klik save and restart

Mikrotik

dimikrotik anda tambahkan script ini :
(untuk mikrotik 3.xx)

/ip firewall mangle
add action=mark-packet chain=prerouting comment="zph squid" disabled=no dscp=\
12 new-packet-mark=proxy-hit passthrough=no
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-hit packet-marks=proxy-hit parent=none \
priority=4 queue=default/default total-queue=default-small

Selamat mencoba...

Menggabungkan Smoothwall dgn Mikrotik

2009-01-05T09:30:00.043+07:00

Pengantar

Tidak bisa dipungkiri jika keberadaan webproxy (jika diconfigure dengan baik, dan ini bagi beberapa orang merupakan keasikan tersendiri atau juga merupakan beban tersendiri dikarenakan banyaknya parameter yang terdapat didalam squid webproxy yang dapat diconfigure. Perbedaan configure ini akan memberikan efek yang berbeda pula.)
Untuk rekan-rekan yang tidak ingin ambil pusing dengan configure-configure tersebut, kecuali anda ingin "bermain-main" dengan parameter yang ada disquid, anda dapat menggunakan smoothwall atau ipcop. Memang Smoothwall atau IPCOP sesungguhnya merupakan operating sistem berbasis linux yang dikhususkan sebagai Gateway internet. Gateway ini menjembatani antara LAN dengan Internet. Namun kali ini saya akan menggabungkan kemampuan dari Mikrotik dengan kemampuan webproxy dari smoothwall. Smoothwall yang saya gunakan merupakan versi freeware atau versi community.
Satu hal kenapa saya lebih memilih Smoothwall dibandingkan IPCOP adalah Dikarenakan hardware ditempat saya rata-rata sudah pakai P4, maka kernel 2.6 menjadi pilihan saya. Hal ini hanya dipenuhi oleh smoothwall sedangkan IPCOP masih berkutat pada kernel 2.4.
Mikrotik digunakan sebagai gateway dan bandwidth management dikarenakan dihal tersebut mikrotik mempunyai nilai lebihnya.

Skema Jaringan

| Inet Cloud |-------| Modem |-----| Mikrotik |------| Switch |-------| LAN |
-----------------------------------------|
-----------------------------------------|
-----------------------------------------|
-----------------------------------| Smoothwall |

Asumsi

Mikrotik telah terinstall dan berjalan dengan baik.
Client LAN telah sukses berinternetan.
Mikrotik dan Smoothwall terletak di mesin yang berbeda.
Untuk kasus saya,menggunakan koneksi speda (koneksi yang lain juga gpp, sama saja pada intinya).
Smoothwall diletakan sejajar mikrotik dikarenakan dari uji coba saya dengan skema yang diatas lebih cocok buat saya, dibandingkan dengan skema dimana smoothwall berada sejajar client.
Ada baiknya untuk komputer yang akan digunakan sebagai webproxy memiliki spesifikasi, memory minimum 256 MB lebih dari itu lebih baik dianjurkan untuk memakai 1 GB. untuk Processor tidak terlalu signifikan. Untuk hardisk sebaiknya memakai SATA atau SCSI, dikarenakan untuk squid webproxy kekuatan dan kecepatan dari hardisk sangat menentukan "efek speed" dari browsing client. jikalau tidak ada SATA atau SCSI maka apa boleh buat memakai hardisk PATA.
Topologi pada smoothwall adalah green + red, jadi diperlukan 2 buah lancard di dalam mesin yang akan diinstall smoothwall

Peralatan Tempur

Smoothwall CD, dapat didonlot disini
putty, dapat didonlot disini
Winscp, dapat didonlot disini
advproxy, dapat didonlot disini
urlfilter, dapat didonlot disini
calamaris webproxy report, dapat didonlot disini
Kopi/teh dan cemilan, silahkan cari ditoko terdekat :D

Action

Setelah ISO smoothwall didonlot kemudian di burning ke cd dengan program burning kesayangan anda. Untuk putty, winscp, advproxy, urlfilter dan calamaris dapat disimpan dikomputer lain yang nantinya meremote smoothwall. Karena paket-paket ini akan diinstall melalui komputer remote.
Atur Bios Komputer yang akan diinstall Smoothwall agar dapat booting awal langsung dari CDROM, kemudian masukan cd Smoothwallnya.
Tampilan awal Installasi Smoothwall :

Setelah di ENTER maka akan muncul :

lalu

Tekan OK, lalu tekan enter dua kali sehingga akan muncul...

Jika anda sebelumnya pernah menginstall smoothwall dan menyimpan backup config-nya kedalam floopydisk, maka ketika tampilan dibawah ini muncul masukan floopy disk backup dan tekan yes.

Jika untuk pertama kali menginstall smoothwall maka cukup tekan tombol No.
kemudian pilih keyboard mapping dan isikan nama dari smoothwall anda (hostname). Tahap selanjutnya adalah memilih "security policy" dikarenakan smoothwall kita nantinya berada didalam "zona aman" mikrotik maka kita biarkan security policy berada di open

kemudian masuk ke pemilihan topologi smoothwall

pilih green + red

Kemudian muncul tampilan konfirmasi untuk mengubah config network

klik OK, lakukan probe untuk mendeteksi secara otomatis kartu jaringan anda

Setelah semua kartu jaringan terdeteksi, kemudian kita berikan IP-nya

Untuk kasus saya ini IP untuk GREEN dan RED diisikan IP dalam satu subnet, jadi misalkan untuk GREEN diberikan 192.168.10.2/255.255.255.0 (dengan asumsi untuk kartu jaringan dimikrotik yang mengarah ke smoothwall diberikan ip 192.168.10.1) maka untuk RED diberikan IP 192.168.10.3/255.255.255.0 dengan pilihan secara statik.

Kemudian ....

Isikan DNS dan default gatewaynya, untuk default gateway isikan ip mikrotik yang mengarah ke smoothwall (dalam kasus saya adalah 192.168.10.1). Untuk DNS bisa memakai IP mikrotik dengan catatan option "allow remote request"-nya di checklist/dipilih atau bisa memakai DNS yang diberikan oleh ISP.
Untuk selanjutnya akan muncul screen...

Dikarenakan akan menggunakan addons advproxy dkk, maka untuk section ini langsung saja klik finished.

Isikan password yang anda inginkan untuk mengakses smoothwall melalui web browser (user: admin)

Isikan password yang anda inginkan untuk mengakses smoothwall melalui terminal (user: root).

Installasi telah selesai, Klik OK untuk reboot.
silahkan antara mikrotik dan smoothwall saling dihubungkan dengan kabel jaringan secara cross, untuk mengetesnya silahkan saling ping dari kedua sisi, apakah sudah ada reply atau belum.
Setelah semua saling reply, saatnya.....

Configuring Smoothwall.....

Untuk selanjutnya kita dapat mengconfigure smoothwall melalui web browser, dengan mengetik
ip_smoothwall:81 di browser, sehingga akan muncul dibrowser anda seperti ini.

Setelah masuk ke configure smoothwall, langsung aja masuk ke tab service-->remote access..

ceklist bagian ssh, kemudian save...
Kemudian masuk ke tab maintenance --> updates
untuk mengupdates smoothwall agar segala bugs yang ada dapat ditambal melalui updates ini..

Jika koneksi keinternet anda tidak bermasalah maka akan terdapat updates-updates yang berasal dari websitenya smoothwall. Yang perlu diingat adalah setiap kali melakukan updates maka Mods-mods atau addons yang telah kita pasang wajib di uninstall dan install lagi, jika tidak dilakukan maka addons tidak dapat berjalan sebagaimana mestinya. Setelah semua updates didonlot kemudian diinstall dan kemudian smoothwall akan meminta reboot..
untuk mengetahui apakah updates-updates tadi telah terinstall dapat dilihat di tab yang sama, maka akan muncul selain updates terbaru dari website smootwall (jika ada yang baru dan kita belum menginstallnya..) juga updates-updates yang telah terinstall oleh kita.

Installing Addons...

untuk menginstall addons (setelah kita donlot semua addons yang diperlukan) kita memerlukan peralatan tempur putty untuk menjalankan terminal smoothwall secara remote dari komputer lainnya dan juga winscp untuk memindahkan file-file addons dari komputer remote ke komputer smoothwall.

Install advproxy
Gunakan winscp untuk memindahkan file advproxy ke smoothwall (biasanya ditaruh difolder /tmp).
login melalui ssh dengan user root, untuk windows bisa menggunakan putty dengan port ssh 222
uncompress advproxy

tar –xzf swe3-nn-advproxy-version.tar.gz

masuk ke direktory hasil uncompress tadi dan jalankan:

./install

setelah selesai install, melalui browser masuk ke smoothwall dan di tab service sudah web-proxy.

untuk option yang diceklist silahkan melihat gambar diatas, untuk proxyport bisa memakai 8080 atau 3128 (port standar untuk webproxy, walaupun memakai yang lainnya juga gpp. Akan tetapi demi kelancaran dan keamanan lebih baik memakai satu diantara dua port tadi)

memory cache size (MB) = 8
Minimal object size (KB) = 0
Hardisk cache size (MB) = 10000 ( hardisk yang saya pake 80 GB SATA)
Maximum object size (KB) = 128000
memory replacement policy = heap GDSF
cache replacement policy = heap LFUDA

untuk option yang lain dibiarkan standard bawaan smoothwall aja
buat file di /var/smoothwall/proxy/store_url_rewrite.pl
dan isikan dengan :

#!/usr/bin/perl

$|=1;
while (<>) {
@X = split;
$url = $X[0];
$url =~s@^http://(.*?)/get_video\?(.*)video_id=(.*?)&.*@squid://videos.youtube.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/get_video\?(.*)video_id=(.*?)$@squid://videos.youtube.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/videodownload\?(.*)docid=(.*?)$@squid://videos.google.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/videodownload\?(.*)docid=(.*?)&.*@squid://videos.google.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/albums\?&.*@squid://images.photobucket.INTERNAL/ID=$3@;
#print "$url\n"; }
$url =~s@^http://(.*?)/albums\?$@squid://images.photobucket.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/albums\?&.*@squid://videos.photobucket.INTERNAL/ID=$3@;
$url =~s@^http://(.*?)/albums\?$@squid://videos.photobucket.INTERNAL/ID=$3@;
print "$url\n"; }

ubah kepemilikan file ke 755

edit file /var/smoothwall/proxy/advanced/acls/include.acl

dan tambahkan ini
acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
acl store_rewrite_list url_regex ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\?
acl store_rewrite_list url_regex ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\?

# The keyword for all youtube video files are "get_video?", "videodownload?" and "videoplaybeck?id"
# The "\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\?" is only for pictures and other videos
#acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback\?id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\? \/ads\?
#acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
#acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)$
#acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net

#add this line before cache deny
#acl QUERY2 urlpath_regex get_video\? videoplayback\? \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)\?
#cache allow QUERY2
#cache allow store_rewrite_list_web_CDN
#cache deny url that has cgi-bin and ? this is the default for below squid 2.7 version
#acl QUERY urlpath_regex cgi-bin \?
#cache deny QUERY

#storeurl_access allow store_rewrite_list
#this is not related to youtube video its only for CDN pictures
#storeurl_access allow store_rewrite_list_web_CDN
#storeurl_access allow store_rewrite_list_web store_rewrite_list_path
#storeurl_access deny all
#rewrite_program path is base on windows so use use your own path
#storeurl_rewrite_program /var/smoothwall/proxy/google_cache.pl
#storeurl_rewrite_children 1
#storeurl_rewrite_concurrency 10

#http_access allow manager localhost
cache allow store_rewrite_list
cache allow all
storeurl_access allow store_rewrite_list
storeurl_access deny all
storeurl_rewrite_program /var/smoothwall/proxy/store_url_rewrite.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 10

acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
http_access deny file_terlarang

#youtube's videos
refresh_pattern -i (get_video\?|videodownload\?|videoplayback\?) 161280 50000% 525948 override-expire ignore-reload
#and for pictures
refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)(\?|$) 161280 3000% 525948 override-expire reload-into-ims
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\? 43200 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\? 43200 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(zip|rar|tgz|bin|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims override-lastmod
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(jpe|tif)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(mpe|wmv|wav|au|mid)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(arj|lha|lzh)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 90% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.friendster.com/.* 720 90% 10080 reload-into-ims override-lastmod
refresh_pattern ^http://*.facebook.com/.* 720 90% 10080 reload-into-ims override-lastmod
refresh_pattern ^http://*.blogspot.*/.* 720 90% 10080
refresh_pattern ^http://*.wikipedia.*/.* 720 90% 10080
refresh_pattern ^http://*.wordpress.*/.* 720 90% 10080
refresh_pattern ^http://*.bhinneka.*/.* 720 90% 10080
refresh_pattern ^http://*.okezone.*/.* 720 90% 10080
refresh_pattern ^http://*.multiplay.*/.* 720 90% 10080
refresh_pattern ^http://*.blogger.*/.* 720 90% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
refresh_pattern ^http://www.detiksport.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.kompas.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.detiknews.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.photobucket.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.detikhot.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.kapanlagi.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.okezone.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.indowebster.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.telkomspeedy.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.imagevenue.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.flickr.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.imageshack.us/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.usercash.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.googlesyndication.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.co.cc/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.21cineplex.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.saatchi-gallery.co.uk/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.onemanga.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.jobsdb.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.imeem.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.download.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.amazon.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.friendster-layouts.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.geocities.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.redtube.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.files.wordpress.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://indonetwork.co.id/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://gudanglagu.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://megaupload.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.karir.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.myspace.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.multiply.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.rapidshare.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.4shared.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.ziddu.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.kaskus.com/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.kaskus.us/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.friendster.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://mail.yahoo.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://login.yahoo.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://mail.yahoo.co.id/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://mail.google.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.yahoo.*/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.yahoo.com/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.yahoo.co.id/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.akamai.net/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.yimg.*/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.gmail.*/.* 180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://*.detik.*/.* 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern . 0 20% 4320

#opsi zph
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

#opsi yg lain
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
ie_refresh off
client_lifetime 2 hours
#ipcache_size 4096
#ipcache_low 90
#ipcache_high 95
maximum_object_size_in_memory 64 KB

dari browser masuk ke tab web proxy lalu klik save and restart

Install Urlfilter
Dengan cara yang sama, pindahkan file urlfilter hasil donlot ke folder /tmp dengan menggunakan winscp, lalu uncompress
login melalui ssh dengan user root, untuk windows bisa menggunakan putty dengan port ssh 222
uncompress urlfilter

tar -xzf sw3-nn-urlfilter-version.tar.gz

masuk kedirektory hasil uncompress dan jalankan

./install

setelah selesai install, melalui browser masuk ke smoothwall dan di tab service dibagian service sudah terdapat option url filter.

Untuk update blacklist-nya bisa disini
setelah semua option yang diinginkan untuk difilter kemudian di save.
untuk menggabungkan dengan advproxy (dibagian paling bawah tab web-proxy terdapat option url filter) silahkan diceklist dan klik save and restart web-proxy nya.

Install calamaris webproxy reporting
Dengan cara yang sama, pindahkan file urlfilter hasil donlot ke folder /tmp dengan menggunakan winscp, lalu uncompress
login melalui ssh dengan user root, untuk windows bisa menggunakan putty dengan port ssh 222
uncompress urlfilter

tar -xzf sw3-nn-calamaris-version.tar.gz

masuk kedirektory hasil uncompress dan jalankan

./install

Setelah berhasil install maka di tab logs (dilihat melalui browser) akan terdapat tab proxy report.

sedikit tuning......
edit file /etc/rc.d/rc.firewall.up dengan...

# set network tweaks
echo 49152 > /proc/sys/fs/file-max
echo 262144 > /proc/sys/net/core/rmem_default
echo 262144 > /proc/sys/net/core/rmem_max
echo 262144 > /proc/sys/net/core/wmem_default
echo 262144 > /proc/sys/net/core/wmem_max
echo 4096 87380 8388608 > /proc/sys/net/ipv4/tcp_rmem
echo 4096 65536 8388608 > /proc/sys/net/ipv4/tcp_wmem
echo 4096 4096 4096 > /proc/sys/net/ipv4/tcp_mem
echo 1 > /proc/sys/net/ipv4/tcp_low_latency
echo 4000 > /proc/sys/net/core/netdev_max_backlog
echo 1024 65000 > /proc/sys/net/ipv4/ip_local_port_range
echo 16384 > /proc/sys/net/ipv4/tcp_max_syn_backlog

lalu reboot smoothwall-nya..

Untuk mengetest silahkan di browser client di isikan proxy secara manual dan dicoba untuk browsing..

Transparent proxy....

Masukan rule ini melalui terminal mikrotik :

/ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080

ini untuk membuat agar client tidak perlu memasukan secara manual setting port proxy kedalam browsernya (transparent) dan memaksa semua trafik http (port 80) untuk di dst-nat ke ip smoothwall (192.168.10.2 itu ip smoothwall, silahkan sesuaikan dengan jaringan anda)

Settingan Mikrotik di kantor

2009-01-03T18:37:00.005+07:00

Setelah ngalor-ngidul mencari router+gateway internet buat ngatur akses internet dikantor akhirnya diputuskan untuk mencoba Mikrotik (akibat saran dari seorang teman sewaktu bantuin setting diwarnetnya......thanks brooo).
Sebelumnya sempat dicoba IPCOP juga ebox dan beberapa program sejenis. Namun menurut saya yang paling mengakomodir keinginan saya dalam mengelola akses internet di kantor adalah Mikrotik. Berkat bantuan toolnya yg bernama winbox maka segala konfigurasi dapat diatur dengan lebih mudah dikarenakan berupa GUI yang berjalan di platform Win**s, namun dengan bantuan program wine winbox pun dapat berjalan di platform linux.
Untuk teknis penginstallan dapat merujuk ke website dari mikrotik, yang mana dengan spek komputer sekarang (walaupun mikrotik sendiri dapat berjalan di p3) tidak dibutuhkan waktu lama untuk menginstallnya.
Sebagai tambahan informasi, Mikrotik bukan software yang freeware. Untuk menggunakannya kita diharuskan membeli lisensi yang harganya bergantung pada level-nya. untuk level 4 (level yang paling umum digunakan...harganya sewaktu tulisan ini dibuat sekitar 300 ribuan).
Bagi anda yang tidak ingin membeli lisensi namun ingin mengetahui kemampuan dari mikrotik, di internet tersedia banyak link yang mengarah ke mikrotik versi crack. Mikrotik versi crack yang beredar diinternet kebanyakan rilis 2.9.6 dan rilis 2.9.27
Cukup perkenalan dengan mikrotiknya, selanjutnya saya mau kasih config dari mikrotik yang saya gunakan dikantor. Config ini untuk mengakomodir beberapa rule yang saya ingin terapkan, seperti :

Dikarenakan di LAN saya ada sekitar 60 PC namun saya ingin tidak semua PC ini dapat mengakses internet.
Pembatasan jam koneksi untuk browsing (hanya saat jam kerja bisa browsing, selebihnya off), pembatasan jam koneksi untuk yahoo messenger (saya atur dari jam 10 pagi s/d jam 1 siang)
Disamping mikrotik, saya juga membangun sebuah webproxy dengan menggunakan smoothwall. Untuk itu saya harus memaksa agar client menggunakan proxy ini dibrowsernya.
Beberapa filter/firewall untuk mengamankan jaringan LAN saya dari serangan luar.

berikut ini adalah config mikrotiknya :

# jan/02/2009 15:57:10 by RouterOS 3.17
# software id = ANZ5-GFN
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:50:04:13:C9:6F mtu=1500 name=WAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:01:03:40:B2:11 mtu=1500 name=PROXY speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:50:04:99:AE:23 mtu=1500 name=LAN speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:11:2F:2C:AD:B6 mtu=1500 name=ether3 speed=100Mbps
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=phallelobhejat \
tls-certificate=none tls-mode=no-certificates unicast-ciphers="" \
wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name=default \
open-status-page=always shared-users=1 status-autorefresh=1m \
transparent-proxy=yes
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=pptp ranges=192.168.10.1-192.168.10.50
/port
set 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=\
none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=default comment="" dns-server=192.168.0.245 local-address=\
192.168.0.245 name=pptp-in only-one=default remote-address=pptp \
use-compression=default use-encryption=required use-vj-compression=\
default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
"" dial-on-demand=no disabled=no interface=WAN max-mru=1480 max-mtu=1480 \
mrru=disabled name=pppoe-out1 password=xxxxxxxxx profile=default \
service-name="" use-peer-dns=no user=xxxxxxxxxx@telkom.net
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-hit packet-marks=proxy-hit parent=none \
priority=4 queue=default/default total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-iix packet-marks=iix-pkt parent=none \
priority=6 queue=default/default target-addresses=192.168.10.2/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-intl packet-marks=intl-pkt parent=none \
priority=6 queue=default/default target-addresses=192.168.10.2/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.129-iix packet-marks=iix-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.129/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.129-intl packet-marks=intl-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.129/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.128-iix packet-marks=iix-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.128/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.128-intl packet-marks=intl-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.128/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.106-iix (Dr Yuli)" packet-marks=iix-pkt parent=\
none priority=8 queue=default/default target-addresses=192.168.0.106/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.106-intl (Dr yuli)" packet-marks=intl-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.106/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.138-iix (Direktur)" packet-marks=iix-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.138/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.138-intl (Direktur)" packet-marks=intl-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.138/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=urgent packet-marks=iix-pkt parent=none priority=8 \
queue=pcq-upload/pcq-download target-addresses=192.168.0.120/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=urgent2 packet-marks=intl-pkt parent=none \
priority=8 queue=pcq-upload/pcq-download target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=192000/384000 burst-threshold=80000/192000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=32000/128000 max-limit=128000/256000 name=intl-client-prnt \
packet-marks=intl-pkt parent=none priority=8 queue=\
pcq-upload/pcq-download target-addresses="192.168.1.104/32,192.168.1.118/3\
2,192.168.0.100/32,192.168.0.115/32,192.168.0.110/32,192.168.0.125/32,192.\
168.0.119/32,192.168.0.120/32,192.168.0.123/32,192.168.0.124/32,192.168.0.\
126/32,192.168.0.132/32,192.168.0.135/32,192.168.0.136/32,192.168.0.144/32\
" total-queue=default-small
add burst-limit=192000/384000 burst-threshold=80000/192000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=32000/128000 max-limit=128000/256000 name=iix-client-prnt \
packet-marks=iix-pkt parent=none priority=8 queue=pcq-upload/pcq-download \
target-addresses="192.168.1.104/32,192.168.1.118/32,192.168.0.100/32,192.1\
68.0.115/32,192.168.0.110/32,192.168.0.119/32,192.168.0.120/32,192.168.0.1\
23/32,192.168.0.124/32,192.168.0.125/32,192.168.0.126/32,192.168.0.132/32,\
192.168.0.135/32,192.168.0.136/32,192.168.0.144/32" total-queue=\
default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=1.104-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.104/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=1.104-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.104/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=1.118-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.118/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=1.118-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.118/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.115-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.115/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.115-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.115/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.110-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.110/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/32000 max-limit=24000/64000 name=0.110-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.110/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.100-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.100/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.100-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.100/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.119-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.119/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.119-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.119/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.123-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.123/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.123-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.123/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.124-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.124/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.124-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.124/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
8000/8000 max-limit=16000/16000 name=0.125-iix parent=iix-client-prnt \
priority=8 queue=default/default target-addresses=192.168.0.125/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
8000/8000 max-limit=16000/16000 name=0.125-intl parent=intl-client-prnt \
priority=8 queue=default/default target-addresses=192.168.0.125/32 \
total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.126-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.126/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.126-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.126/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.132-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.132/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.132-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.132/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.135-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.135/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.135-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.135/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.136-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.136/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.136-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.136/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.120-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.120-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=16000/64000 max-limit=32000/128000 name=0.144-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.144/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.144-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.144/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name="email mr" parent=none priority=8 queue=\
default/default target-addresses=192.168.3.114/32 total-queue=\
default-small
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=backbone type=\
default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-lines=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote name=remote remote=192.168.0.128:514 target=remote
/user group
add name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sn\
iff,!ftp,!write,!policy"
add name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,sniff,!ftp,!policy"
add name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff"
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/interface ethernet mirror
set
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:1E:F6:02:1D:83 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=pptp-in enabled=yes \
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.245/24 broadcast=192.168.0.255 comment="" disabled=no \
interface=LAN network=192.168.0.0
add address=192.168.5.1/30 broadcast=192.168.5.3 comment="" disabled=no \
interface=WAN network=192.168.5.0
add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no \
interface=PROXY network=192.168.10.0
/ip arp
add address=192.168.0.104 comment="" disabled=no mac-address=\
00:0C:6E:90:E3:A6
add address=192.168.0.117 comment="" disabled=no mac-address=\
00:04:23:B8:FD:D0
add address=192.168.0.126 comment="" disabled=no mac-address=\
00:0B:6A:48:B1:E0
add address=192.168.0.129 comment="" disabled=no mac-address=\
00:17:31:EF:23:DC
add address=192.168.0.132 comment="" disabled=no mac-address=\
00:0C:6E:90:E4:EA
add address=192.168.0.1 comment="" disabled=no mac-address=00:0F:3D:CE:90:1C
add address=192.168.0.112 comment="" disabled=no mac-address=\
00:17:31:EF:23:D0
add address=192.168.0.128 comment="" disabled=no mac-address=\
00:17:31:EF:23:F9
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=202.134.0.61 secondary-dns=\
202.134.1.5
/ip dns static
add address=192.168.0.117 disabled=no name=www.rskm2.net ttl=1d
add address=192.168.10.2 disabled=no name=rsproxy.com ttl=1d
/ip firewall address-list
add address=192.168.1.104 comment=Filter disabled=no list=LAN
add address=192.168.1.118 comment=Filter disabled=no list=LAN
add address=192.168.0.115 comment=Filter disabled=no list=LAN
add address=192.168.0.110 comment=Filter disabled=no list=LAN
add address=192.168.0.119 comment=Filter disabled=no list=LAN
add address=192.168.0.123 comment=Filter disabled=no list=LAN
add address=192.168.0.124 comment=Filter disabled=no list=LAN
add address=192.168.0.125 comment=Filter disabled=no list=LAN
add address=192.168.0.126 comment=Filter disabled=no list=LAN
add address=192.168.0.128 comment="" disabled=no list=LAN
add address=192.168.0.129 comment="" disabled=no list=LAN
add address=192.168.0.100 comment="" disabled=no list=LAN
add address=192.168.0.135 comment=Filter disabled=no list=LAN
add address=192.168.0.136 comment=Filter disabled=no list=LAN
add address=192.168.0.138 comment=Filter disabled=no list=LAN
add address=192.168.0.144 comment=Filter disabled=no list=LAN
add address=192.168.0.0/24 comment="" disabled=no list=DNS
add address=192.168.1.0/24 comment="" disabled=no list=DNS
add address=192.168.3.0/24 comment="" disabled=no list=DNS
add address=192.168.0.129 comment="" disabled=no list=otr
add address=192.168.0.128 comment="" disabled=no list=otr
add address=192.168.0.120 comment=Filter disabled=no list=LAN
add address=60.191.223.11 comment="" disabled=no list=TONGJI
add address=222.216.28.25 comment="" disabled=no list=TONGJI
add address=125.83.89.62 comment="" disabled=no list=TONGJI
add address=60.191.239.191 comment="" disabled=no list=TONGJI
add address=222.77.187.242 comment="" disabled=no list=TONGJI
add address=61.191.57.228 comment="" disabled=no list=TONGJI
add address=203.209.244.4 comment="" disabled=no list=TONGJI
add address=203.209.244.236 comment="" disabled=no list=TONGJI
add address=119.42.232.242 comment="" disabled=no list=TONGJI
add address=202.165.100.249 comment="" disabled=no list=TONGJI
add address=60.191.223.14 comment="" disabled=no list=TONGJI
add address=222.179.82.118 comment="" disabled=no list=TONGJI
add address=222.216.28.100 comment="" disabled=no list=TONGJI
add address=60.191.223.76 comment="" disabled=no list=TONGJI
add address=121.15.245.218 comment="" disabled=no list=TONGJI
add address=192.168.0.132 comment=Filter disabled=no list=LAN
add address=192.168.0.50 comment="" disabled=no list=LAN
add address=192.168.0.106 comment="" disabled=no list=LAN
add address=192.168.0.106 comment="" disabled=no list=otr
add address=192.168.0.100 comment="" disabled=no list=otr
add address=114.120.0.0/13 comment="" disabled=no list=nice
add address=114.56.0.0/14 comment="" disabled=no list=nice
add address=125.166.0.0/15 comment="" disabled=no list=nice
add address=125.162.0.0/16 comment="" disabled=no list=nice
add address=125.163.0.0/16 comment="" disabled=no list=nice
add address=125.160.0.0/16 comment="" disabled=no list=nice
add address=125.161.0.0/16 comment="" disabled=no list=nice
add address=125.164.0.0/16 comment="" disabled=no list=nice
add address=125.165.0.0/16 comment="" disabled=no list=nice
add address=124.81.0.0/16 comment="" disabled=no list=nice
add address=222.124.0.0/16 comment="" disabled=no list=nice
add address=61.94.0.0/16 comment="" disabled=no list=nice
add address=118.96.0.0/16 comment="" disabled=no list=nice
add address=118.97.0.0/16 comment="" disabled=no list=nice
add address=167.205.0.0/16 comment="" disabled=no list=nice
add address=119.11.128.0/17 comment="" disabled=no list=nice
add address=124.195.0.0/17 comment="" disabled=no list=nice
add address=219.83.0.0/17 comment="" disabled=no list=nice
add address=118.98.0.0/17 comment="" disabled=no list=nice
add address=61.5.0.0/17 comment="" disabled=no list=nice
add address=121.52.0.0/17 comment="" disabled=no list=nice
add address=202.158.0.0/17 comment="" disabled=no list=nice
add address=202.155.0.0/17 comment="" disabled=no list=nice
add address=117.102.64.0/18 comment="" disabled=no list=nice
add address=152.118.128.0/18 comment="" disabled=no list=nice
add address=152.118.192.0/18 comment="" disabled=no list=nice
add address=152.118.0.0/18 comment="" disabled=no list=nice
add address=152.118.64.0/18 comment="" disabled=no list=nice
add address=207.209.192.0/18 comment="" disabled=no list=nice
add address=221.132.192.0/18 comment="" disabled=no list=nice
add address=125.208.128.0/18 comment="" disabled=no list=nice
add address=124.153.0.0/18 comment="" disabled=no list=nice
add address=222.165.192.0/18 comment="" disabled=no list=nice
add address=61.14.0.0/18 comment="" disabled=no list=nice
add address=203.130.192.0/18 comment="" disabled=no list=nice
add address=210.210.128.0/18 comment="" disabled=no list=nice
add address=206.182.192.0/18 comment="" disabled=no list=nice
add address=202.152.0.0/18 comment="" disabled=no list=nice
add address=209.93.224.0/19 comment="" disabled=no list=nice
add address=202.173.64.0/19 comment="" disabled=no list=nice
add address=114.199.96.0/19 comment="" disabled=no list=nice
add address=202.171.0.0/19 comment="" disabled=no list=nice
add address=202.47.192.0/19 comment="" disabled=no list=nice
add address=202.169.32.0/19 comment="" disabled=no list=nice
add address=202.182.160.0/19 comment="" disabled=no list=nice
add address=117.102.224.0/19 comment="" disabled=no list=nice
add address=202.51.192.0/19 comment="" disabled=no list=nice
add address=202.149.128.0/19 comment="" disabled=no list=nice
add address=202.146.224.0/19 comment="" disabled=no list=nice
add address=202.159.64.0/19 comment="" disabled=no list=nice
add address=202.155.128.0/19 comment="" disabled=no list=nice
add address=202.95.128.0/19 comment="" disabled=no list=nice
add address=202.152.224.0/19 comment="" disabled=no list=nice
add address=113.11.128.0/19 comment="" disabled=no list=nice
add address=60.253.96.0/19 comment="" disabled=no list=nice
add address=61.247.0.0/19 comment="" disabled=no list=nice
add address=61.247.32.0/19 comment="" disabled=no list=nice
add address=117.104.192.0/19 comment="" disabled=no list=nice
add address=118.98.160.0/19 comment="" disabled=no list=nice
add address=118.98.192.0/19 comment="" disabled=no list=nice
add address=118.136.0.0/19 comment="" disabled=no list=nice
add address=118.136.32.0/19 comment="" disabled=no list=nice
add address=118.136.64.0/19 comment="" disabled=no list=nice
add address=118.136.96.0/19 comment="" disabled=no list=nice
add address=118.136.128.0/19 comment="" disabled=no list=nice
add address=118.136.160.0/19 comment="" disabled=no list=nice
add address=118.136.192.0/19 comment="" disabled=no list=nice
add address=118.136.224.0/19 comment="" disabled=no list=nice
add address=118.137.0.0/19 comment="" disabled=no list=nice
add address=118.137.32.0/19 comment="" disabled=no list=nice
add address=118.137.64.0/19 comment="" disabled=no list=nice
add address=118.137.96.0/19 comment="" disabled=no list=nice
add address=118.137.128.0/19 comment="" disabled=no list=nice
add address=118.137.160.0/19 comment="" disabled=no list=nice
add address=118.137.192.0/19 comment="" disabled=no list=nice
add address=118.137.224.0/19 comment="" disabled=no list=nice
add address=202.53.224.0/19 comment="" disabled=no list=nice
add address=202.73.96.0/19 comment="" disabled=no list=nice
add address=202.77.96.0/19 comment="" disabled=no list=nice
add address=202.81.32.0/19 comment="" disabled=no list=nice
add address=202.137.0.0/19 comment="" disabled=no list=nice
add address=202.148.0.0/19 comment="" disabled=no list=nice
add address=202.150.64.0/19 comment="" disabled=no list=nice
add address=202.153.128.0/19 comment="" disabled=no list=nice
add address=202.154.0.0/19 comment="" disabled=no list=nice
add address=202.154.32.0/19 comment="" disabled=no list=nice
add address=202.159.0.0/19 comment="" disabled=no list=nice
add address=202.159.32.0/19 comment="" disabled=no list=nice
add address=202.159.96.0/19 comment="" disabled=no list=nice
add address=202.162.192.0/19 comment="" disabled=no list=nice
add address=203.128.64.0/19 comment="" disabled=no list=nice
add address=61.8.64.0/20 comment="" disabled=no list=nice
add address=113.212.112.0/20 comment="" disabled=no list=nice
add address=114.199.80.0/20 comment="" disabled=no list=nice
add address=116.68.160.0/20 comment="" disabled=no list=nice
add address=117.20.48.0/20 comment="" disabled=no list=nice
add address=117.103.0.0/20 comment="" disabled=no list=nice
add address=119.2.64.0/20 comment="" disabled=no list=nice
add address=119.110.64.0/20 comment="" disabled=no list=nice
add address=119.235.208.0/20 comment="" disabled=no list=nice
add address=120.164.0.0/20 comment="" disabled=no list=nice
add address=121.50.128.0/20 comment="" disabled=no list=nice
add address=122.129.96.0/20 comment="" disabled=no list=nice
add address=122.129.192.0/20 comment="" disabled=no list=nice
add address=122.200.0.0/20 comment="" disabled=no list=nice
add address=123.231.224.0/20 comment="" disabled=no list=nice
add address=202.3.208.0/20 comment="" disabled=no list=nice
add address=202.6.208.0/20 comment="" disabled=no list=nice
add address=202.6.224.0/20 comment="" disabled=no list=nice
add address=202.46.64.0/20 comment="" disabled=no list=nice
add address=202.46.144.0/20 comment="" disabled=no list=nice
add address=202.47.64.0/20 comment="" disabled=no list=nice
add address=202.51.224.0/20 comment="" disabled=no list=nice
add address=202.57.0.0/20 comment="" disabled=no list=nice
add address=202.58.64.0/20 comment="" disabled=no list=nice
add address=202.58.160.0/20 comment="" disabled=no list=nice
add address=202.59.160.0/20 comment="" disabled=no list=nice
add address=202.65.112.0/20 comment="" disabled=no list=nice
add address=202.67.32.0/20 comment="" disabled=no list=nice
add address=202.69.96.0/20 comment="" disabled=no list=nice
add address=202.70.48.0/20 comment="" disabled=no list=nice
add address=202.72.208.0/20 comment="" disabled=no list=nice
add address=202.73.224.0/20 comment="" disabled=no list=nice
add address=202.77.64.0/20 comment="" disabled=no list=nice
add address=202.80.112.0/20 comment="" disabled=no list=nice
add address=202.80.208.0/20 comment="" disabled=no list=nice
add address=202.87.176.0/20 comment="" disabled=no list=nice
add address=202.93.16.0/20 comment="" disabled=no list=nice
add address=202.93.32.0/20 comment="" disabled=no list=nice
add address=202.93.128.0/20 comment="" disabled=no list=nice
add address=202.93.224.0/20 comment="" disabled=no list=nice
add address=202.123.224.0/20 comment="" disabled=no list=nice
add address=202.127.96.0/20 comment="" disabled=no list=nice
add address=202.133.80.0/20 comment="" disabled=no list=nice
add address=202.138.224.0/20 comment="" disabled=no list=nice
add address=202.143.32.0/20 comment="" disabled=no list=nice
add address=202.145.0.0/20 comment="" disabled=no list=nice
add address=202.147.192.0/20 comment="" disabled=no list=nice
add address=202.147.240.0/20 comment="" disabled=no list=nice
add address=202.152.160.0/20 comment="" disabled=no list=nice
add address=202.152.192.0/20 comment="" disabled=no list=nice
add address=202.153.240.0/20 comment="" disabled=no list=nice
add address=202.165.32.0/20 comment="" disabled=no list=nice
add address=202.182.48.0/20 comment="" disabled=no list=nice
add address=203.78.112.0/20 comment="" disabled=no list=nice
add address=203.83.32.0/20 comment="" disabled=no list=nice
add address=203.89.16.0/20 comment="" disabled=no list=nice
add address=203.123.224.0/20 comment="" disabled=no list=nice
add address=203.153.96.0/20 comment="" disabled=no list=nice
add address=203.161.16.0/20 comment="" disabled=no list=nice
add address=203.166.192.0/20 comment="" disabled=no list=nice
add address=203.201.160.0/20 comment="" disabled=no list=nice
add address=207.83.112.0/20 comment="" disabled=no list=nice
add address=210.57.208.0/20 comment="" disabled=no list=nice
add address=210.79.208.0/20 comment="" disabled=no list=nice
add address=220.157.96.0/20 comment="" disabled=no list=nice
add address=61.45.224.0/21 comment="" disabled=no list=nice
add address=114.134.72.0/21 comment="" disabled=no list=nice
add address=114.141.48.0/21 comment="" disabled=no list=nice
add address=114.141.88.0/21 comment="" disabled=no list=nice
add address=115.69.216.0/21 comment="" disabled=no list=nice
add address=115.166.96.0/21 comment="" disabled=no list=nice
add address=115.178.48.0/21 comment="" disabled=no list=nice
add address=116.0.0.0/21 comment="" disabled=no list=nice
add address=116.12.40.0/21 comment="" disabled=no list=nice
add address=116.50.24.0/21 comment="" disabled=no list=nice
add address=116.66.200.0/21 comment="" disabled=no list=nice
add address=116.68.248.0/21 comment="" disabled=no list=nice
add address=116.90.176.0/21 comment="" disabled=no list=nice
add address=116.197.128.0/21 comment="" disabled=no list=nice
add address=116.254.96.0/21 comment="" disabled=no list=nice
add address=117.74.120.0/21 comment="" disabled=no list=nice
add address=117.102.160.0/21 comment="" disabled=no list=nice
add address=117.103.32.0/21 comment="" disabled=no list=nice
add address=117.103.48.0/21 comment="" disabled=no list=nice
add address=117.103.168.0/21 comment="" disabled=no list=nice
add address=117.121.200.0/21 comment="" disabled=no list=nice
add address=119.2.40.0/21 comment="" disabled=no list=nice
add address=119.10.176.0/21 comment="" disabled=no list=nice
add address=119.47.88.0/21 comment="" disabled=no list=nice
add address=119.82.240.0/21 comment="" disabled=no list=nice
add address=119.110.80.0/21 comment="" disabled=no list=nice
add address=119.160.200.0/21 comment="" disabled=no list=nice
add address=119.235.248.0/21 comment="" disabled=no list=nice
add address=120.29.152.0/21 comment="" disabled=no list=nice
add address=121.58.184.0/21 comment="" disabled=no list=nice
add address=122.49.224.0/21 comment="" disabled=no list=nice
add address=122.128.16.0/21 comment="" disabled=no list=nice
add address=122.129.112.0/21 comment="" disabled=no list=nice
add address=122.144.0.0/21 comment="" disabled=no list=nice
add address=122.200.48.0/21 comment="" disabled=no list=nice
add address=122.200.144.0/21 comment="" disabled=no list=nice
add address=123.108.8.0/21 comment="" disabled=no list=nice
add address=123.255.200.0/21 comment="" disabled=no list=nice
add address=124.66.160.0/21 comment="" disabled=no list=nice
add address=124.158.128.0/21 comment="" disabled=no list=nice
add address=202.43.160.0/21 comment="" disabled=no list=nice
add address=202.43.176.0/21 comment="" disabled=no list=nice
add address=202.43.248.0/21 comment="" disabled=no list=nice
add address=202.46.24.0/21 comment="" disabled=no list=nice
add address=202.46.80.0/21 comment="" disabled=no list=nice
add address=202.51.16.0/21 comment="" disabled=no list=nice
add address=202.57.16.0/21 comment="" disabled=no list=nice
add address=202.58.176.0/21 comment="" disabled=no list=nice
add address=202.59.200.0/21 comment="" disabled=no list=nice
add address=202.62.16.0/21 comment="" disabled=no list=nice
add address=202.67.8.0/21 comment="" disabled=no list=nice
add address=202.72.192.0/21 comment="" disabled=no list=nice
add address=202.74.72.0/21 comment="" disabled=no list=nice
add address=202.75.16.0/21 comment="" disabled=no list=nice
add address=202.78.192.0/21 comment="" disabled=no list=nice
add address=202.89.208.0/21 comment="" disabled=no list=nice
add address=202.91.8.0/21 comment="" disabled=no list=nice
add address=202.91.24.0/21 comment="" disabled=no list=nice
add address=202.93.240.0/21 comment="" disabled=no list=nice
add address=202.129.184.0/21 comment="" disabled=no list=nice
add address=202.133.0.0/21 comment="" disabled=no list=nice
add address=202.134.0.0/21 comment="" disabled=no list=nice
add address=202.138.240.0/21 comment="" disabled=no list=nice
add address=202.146.56.0/21 comment="" disabled=no list=nice
add address=202.149.64.0/21 comment="" disabled=no list=nice
add address=202.149.80.0/21 comment="" disabled=no list=nice
add address=202.150.128.0/21 comment="" disabled=no list=nice
add address=202.153.24.0/21 comment="" disabled=no list=nice
add address=202.153.224.0/21 comment="" disabled=no list=nice
add address=202.162.32.0/21 comment="" disabled=no list=nice
add address=202.164.216.0/21 comment="" disabled=no list=nice
add address=202.169.224.0/21 comment="" disabled=no list=nice
add address=202.179.184.0/21 comment="" disabled=no list=nice
add address=202.180.0.0/21 comment="" disabled=no list=nice
add address=202.180.48.0/21 comment="" disabled=no list=nice
add address=203.77.224.0/21 comment="" disabled=no list=nice
add address=203.80.8.0/21 comment="" disabled=no list=nice
add address=203.84.136.0/21 comment="" disabled=no list=nice
add address=203.84.152.0/21 comment="" disabled=no list=nice
add address=203.123.240.0/21 comment="" disabled=no list=nice
add address=203.135.176.0/21 comment="" disabled=no list=nice
add address=203.142.80.0/21 comment="" disabled=no list=nice
add address=203.153.24.0/21 comment="" disabled=no list=nice
add address=203.153.112.0/21 comment="" disabled=no list=nice
add address=203.174.8.0/21 comment="" disabled=no list=nice
add address=203.176.176.0/21 comment="" disabled=no list=nice
add address=203.190.48.0/21 comment="" disabled=no list=nice
add address=203.190.112.0/21 comment="" disabled=no list=nice
add address=203.190.184.0/21 comment="" disabled=no list=nice
add address=203.190.240.0/21 comment="" disabled=no list=nice
add address=210.23.64.0/21 comment="" disabled=no list=nice
add address=220.247.168.0/21 comment="" disabled=no list=nice
add address=222.229.80.0/21 comment="" disabled=no list=nice
add address=58.65.244.0/22 comment="" disabled=no list=nice
add address=61.45.232.0/22 comment="" disabled=no list=nice
add address=113.208.64.0/22 comment="" disabled=no list=nice
add address=113.212.160.0/22 comment="" disabled=no list=nice
add address=114.30.80.0/22 comment="" disabled=no list=nice
add address=114.31.240.0/22 comment="" disabled=no list=nice
add address=116.199.204.0/22 comment="" disabled=no list=nice
add address=116.212.76.0/22 comment="" disabled=no list=nice
add address=117.103.56.0/22 comment="" disabled=no list=nice
add address=118.98.228.0/22 comment="" disabled=no list=nice
add address=118.98.232.0/22 comment="" disabled=no list=nice
add address=119.2.48.0/22 comment="" disabled=no list=nice
add address=119.18.156.0/22 comment="" disabled=no list=nice
add address=119.82.224.0/22 comment="" disabled=no list=nice
add address=119.82.232.0/22 comment="" disabled=no list=nice
add address=119.235.20.0/22 comment="" disabled=no list=nice
add address=119.252.128.0/22 comment="" disabled=no list=nice
add address=120.29.224.0/22 comment="" disabled=no list=nice
add address=121.100.20.0/22 comment="" disabled=no list=nice
add address=122.102.48.0/22 comment="" disabled=no list=nice
add address=124.6.32.0/22 comment="" disabled=no list=nice
add address=202.2.92.0/22 comment="" disabled=no list=nice
add address=202.10.32.0/22 comment="" disabled=no list=nice
add address=202.43.168.0/22 comment="" disabled=no list=nice
add address=202.46.0.0/22 comment="" disabled=no list=nice
add address=202.46.88.0/22 comment="" disabled=no list=nice
add address=202.51.28.0/22 comment="" disabled=no list=nice
add address=202.51.96.0/22 comment="" disabled=no list=nice
add address=202.51.104.0/22 comment="" disabled=no list=nice
add address=202.51.252.0/22 comment="" disabled=no list=nice
add address=202.55.164.0/22 comment="" disabled=no list=nice
add address=202.55.168.0/22 comment="" disabled=no list=nice
add address=202.57.28.0/22 comment="" disabled=no list=nice
add address=202.58.192.0/22 comment="" disabled=no list=nice
add address=202.62.8.0/22 comment="" disabled=no list=nice
add address=202.62.24.0/22 comment="" disabled=no list=nice
add address=202.72.200.0/22 comment="" disabled=no list=nice
add address=202.75.24.0/22 comment="" disabled=no list=nice
add address=202.81.4.0/22 comment="" disabled=no list=nice
add address=202.87.248.0/22 comment="" disabled=no list=nice
add address=202.122.12.0/22 comment="" disabled=no list=nice
add address=202.129.224.0/22 comment="" disabled=no list=nice
add address=202.138.248.0/22 comment="" disabled=no list=nice
add address=202.146.128.0/22 comment="" disabled=no list=nice
add address=202.146.176.0/22 comment="" disabled=no list=nice
add address=202.147.224.0/22 comment="" disabled=no list=nice
add address=202.149.72.0/22 comment="" disabled=no list=nice
add address=202.149.88.0/22 comment="" disabled=no list=nice
add address=202.153.16.0/22 comment="" disabled=no list=nice
add address=202.153.236.0/22 comment="" disabled=no list=nice
add address=202.158.132.0/22 comment="" disabled=no list=nice
add address=202.158.140.0/22 comment="" disabled=no list=nice
add address=202.162.40.0/22 comment="" disabled=no list=nice
add address=202.169.232.0/22 comment="" disabled=no list=nice
add address=202.173.16.0/22 comment="" disabled=no list=nice
add address=202.180.16.0/22 comment="" disabled=no list=nice
add address=203.77.208.0/22 comment="" disabled=no list=nice
add address=203.77.236.0/22 comment="" disabled=no list=nice
add address=203.77.248.0/22 comment="" disabled=no list=nice
add address=203.81.184.0/22 comment="" disabled=no list=nice
add address=203.99.96.0/22 comment="" disabled=no list=nice
add address=203.123.60.0/22 comment="" disabled=no list=nice
add address=203.123.248.0/22 comment="" disabled=no list=nice
add address=203.128.248.0/22 comment="" disabled=no list=nice
add address=203.142.68.0/22 comment="" disabled=no list=nice
add address=203.142.76.0/22 comment="" disabled=no list=nice
add address=203.153.60.0/22 comment="" disabled=no list=nice
add address=203.153.120.0/22 comment="" disabled=no list=nice
add address=203.160.56.0/22 comment="" disabled=no list=nice
add address=203.191.40.0/22 comment="" disabled=no list=nice
add address=32.234.170.0/23 comment="" disabled=no list=nice
add address=32.234.172.0/23 comment="" disabled=no list=nice
add address=58.65.240.0/23 comment="" disabled=no list=nice
add address=58.145.170.0/23 comment="" disabled=no list=nice
add address=58.145.172.0/23 comment="" disabled=no list=nice
add address=58.147.188.0/23 comment="" disabled=no list=nice
add address=61.45.236.0/23 comment="" disabled=no list=nice
add address=115.85.64.0/23 comment="" disabled=no list=nice
add address=116.68.226.0/23 comment="" disabled=no list=nice
add address=116.68.230.0/23 comment="" disabled=no list=nice
add address=116.90.168.0/23 comment="" disabled=no list=nice
add address=116.199.202.0/23 comment="" disabled=no list=nice
add address=116.212.100.0/23 comment="" disabled=no list=nice
add address=117.103.60.0/23 comment="" disabled=no list=nice
add address=118.82.0.0/23 comment="" disabled=no list=nice
add address=118.98.224.0/23 comment="" disabled=no list=nice
add address=119.82.238.0/23 comment="" disabled=no list=nice
add address=119.235.16.0/23 comment="" disabled=no list=nice
add address=119.252.134.0/23 comment="" disabled=no list=nice
add address=120.136.16.0/23 comment="" disabled=no list=nice
add address=121.52.130.0/23 comment="" disabled=no list=nice
add address=121.52.134.0/23 comment="" disabled=no list=nice
add address=121.100.18.0/23 comment="" disabled=no list=nice
add address=121.101.184.0/23 comment="" disabled=no list=nice
add address=123.176.120.0/23 comment="" disabled=no list=nice
add address=124.158.136.0/23 comment="" disabled=no list=nice
add address=146.23.252.0/23 comment="" disabled=no list=nice
add address=202.10.62.0/23 comment="" disabled=no list=nice
add address=202.20.106.0/23 comment="" disabled=no list=nice
add address=202.46.4.0/23 comment="" disabled=no list=nice
add address=202.46.14.0/23 comment="" disabled=no list=nice
add address=202.46.92.0/23 comment="" disabled=no list=nice
add address=202.46.130.0/23 comment="" disabled=no list=nice
add address=202.46.240.0/23 comment="" disabled=no list=nice
add address=202.46.252.0/23 comment="" disabled=no list=nice
add address=202.51.56.0/23 comment="" disabled=no list=nice
add address=202.51.102.0/23 comment="" disabled=no list=nice
add address=202.51.108.0/23 comment="" disabled=no list=nice
add address=202.51.124.0/23 comment="" disabled=no list=nice
add address=202.55.160.0/23 comment="" disabled=no list=nice
add address=202.55.172.0/23 comment="" disabled=no list=nice
add address=202.58.196.0/23 comment="" disabled=no list=nice
add address=202.59.194.0/23 comment="" disabled=no list=nice
add address=202.59.196.0/23 comment="" disabled=no list=nice
add address=202.62.28.0/23 comment="" disabled=no list=nice
add address=202.65.236.0/23 comment="" disabled=no list=nice
add address=202.75.28.0/23 comment="" disabled=no list=nice
add address=202.78.200.0/23 comment="" disabled=no list=nice
add address=202.78.204.0/23 comment="" disabled=no list=nice
add address=202.87.240.0/23 comment="" disabled=no list=nice
add address=202.87.254.0/23 comment="" disabled=no list=nice
add address=202.89.216.0/23 comment="" disabled=no list=nice
add address=202.89.222.0/23 comment="" disabled=no list=nice
add address=202.90.194.0/23 comment="" disabled=no list=nice
add address=202.90.198.0/23 comment="" disabled=no list=nice
add address=202.93.112.0/23 comment="" disabled=no list=nice
add address=202.93.120.0/23 comment="" disabled=no list=nice
add address=202.122.8.0/23 comment="" disabled=no list=nice
add address=202.129.216.0/23 comment="" disabled=no list=nice
add address=202.135.6.0/23 comment="" disabled=no list=nice
add address=202.135.134.0/23 comment="" disabled=no list=nice
add address=202.138.252.0/23 comment="" disabled=no list=nice
add address=202.146.2.0/23 comment="" disabled=no list=nice
add address=202.146.4.0/23 comment="" disabled=no list=nice
add address=202.146.46.0/23 comment="" disabled=no list=nice
add address=202.147.228.0/23 comment="" disabled=no list=nice
add address=202.147.232.0/23 comment="" disabled=no list=nice
add address=202.149.78.0/23 comment="" disabled=no list=nice
add address=202.149.92.0/23 comment="" disabled=no list=nice
add address=202.150.136.0/23 comment="" disabled=no list=nice
add address=202.153.20.0/23 comment="" disabled=no list=nice
add address=202.153.232.0/23 comment="" disabled=no list=nice
add address=202.154.176.0/23 comment="" disabled=no list=nice
add address=202.154.184.0/23 comment="" disabled=no list=nice
add address=202.158.130.0/23 comment="" disabled=no list=nice
add address=202.162.46.0/23 comment="" disabled=no list=nice
add address=202.169.236.0/23 comment="" disabled=no list=nice
add address=202.169.240.0/23 comment="" disabled=no list=nice
add address=202.173.20.0/23 comment="" disabled=no list=nice
add address=202.180.8.0/23 comment="" disabled=no list=nice
add address=202.191.2.0/23 comment="" disabled=no list=nice
add address=203.31.164.0/23 comment="" disabled=no list=nice
add address=203.34.118.0/23 comment="" disabled=no list=nice
add address=203.77.214.0/23 comment="" disabled=no list=nice
add address=203.77.216.0/23 comment="" disabled=no list=nice
add address=203.77.220.0/23 comment="" disabled=no list=nice
add address=203.77.232.0/23 comment="" disabled=no list=nice
add address=203.77.246.0/23 comment="" disabled=no list=nice
add address=203.81.190.0/23 comment="" disabled=no list=nice
add address=203.99.102.0/23 comment="" disabled=no list=nice
add address=203.99.130.0/23 comment="" disabled=no list=nice
add address=203.123.252.0/23 comment="" disabled=no list=nice
add address=203.134.232.0/23 comment="" disabled=no list=nice
add address=203.134.238.0/23 comment="" disabled=no list=nice
add address=203.142.64.0/23 comment="" disabled=no list=nice
add address=203.148.84.0/23 comment="" disabled=no list=nice
add address=203.160.60.0/23 comment="" disabled=no list=nice
add address=203.189.88.0/23 comment="" disabled=no list=nice
add address=203.190.36.0/23 comment="" disabled=no list=nice
add address=203.190.44.0/23 comment="" disabled=no list=nice
add address=203.194.70.0/23 comment="" disabled=no list=nice
add address=203.223.90.0/23 comment="" disabled=no list=nice
add address=206.73.208.0/23 comment="" disabled=no list=nice
add address=206.73.234.0/23 comment="" disabled=no list=nice
add address=206.73.238.0/23 comment="" disabled=no list=nice
add address=32.234.169.0/24 comment="" disabled=no list=nice
add address=32.234.175.0/24 comment="" disabled=no list=nice
add address=58.65.242.0/24 comment="" disabled=no list=nice
add address=58.145.175.0/24 comment="" disabled=no list=nice
add address=58.147.190.0/24 comment="" disabled=no list=nice
add address=61.45.238.0/24 comment="" disabled=no list=nice
add address=113.59.233.0/24 comment="" disabled=no list=nice
add address=114.30.84.0/24 comment="" disabled=no list=nice
add address=114.141.57.0/24 comment="" disabled=no list=nice
add address=114.141.59.0/24 comment="" disabled=no list=nice
add address=114.141.60.0/24 comment="" disabled=no list=nice
add address=115.124.64.0/24 comment="" disabled=no list=nice
add address=115.178.127.0/24 comment="" disabled=no list=nice
add address=116.58.197.0/24 comment="" disabled=no list=nice
add address=116.68.224.0/24 comment="" disabled=no list=nice
add address=116.68.229.0/24 comment="" disabled=no list=nice
add address=116.90.163.0/24 comment="" disabled=no list=nice
add address=116.90.164.0/24 comment="" disabled=no list=nice
add address=116.90.167.0/24 comment="" disabled=no list=nice
add address=116.90.170.0/24 comment="" disabled=no list=nice
add address=116.199.201.0/24 comment="" disabled=no list=nice
add address=116.212.74.0/24 comment="" disabled=no list=nice
add address=116.212.96.0/24 comment="" disabled=no list=nice
add address=117.18.19.0/24 comment="" disabled=no list=nice
add address=118.82.11.0/24 comment="" disabled=no list=nice
add address=118.82.12.0/24 comment="" disabled=no list=nice
add address=118.82.17.0/24 comment="" disabled=no list=nice
add address=119.2.55.0/24 comment="" disabled=no list=nice
add address=119.82.231.0/24 comment="" disabled=no list=nice
add address=119.82.237.0/24 comment="" disabled=no list=nice
add address=119.235.18.0/24 comment="" disabled=no list=nice
add address=119.235.27.0/24 comment="" disabled=no list=nice
add address=119.235.28.0/24 comment="" disabled=no list=nice
add address=119.252.160.0/24 comment="" disabled=no list=nice
add address=120.136.18.0/24 comment="" disabled=no list=nice
add address=120.136.23.0/24 comment="" disabled=no list=nice
add address=121.52.129.0/24 comment="" disabled=no list=nice
add address=121.52.133.0/24 comment="" disabled=no list=nice
add address=121.100.16.0/24 comment="" disabled=no list=nice
add address=122.102.52.0/24 comment="" disabled=no list=nice
add address=122.201.39.0/24 comment="" disabled=no list=nice
add address=123.176.122.0/24 comment="" disabled=no list=nice
add address=123.176.127.0/24 comment="" disabled=no list=nice
add address=124.158.138.0/24 comment="" disabled=no list=nice
add address=144.5.46.0/24 comment="" disabled=no list=nice
add address=146.23.254.0/24 comment="" disabled=no list=nice
add address=152.158.247.0/24 comment="" disabled=no list=nice
add address=192.5.5.0/24 comment="" disabled=no list=nice
add address=192.23.186.0/24 comment="" disabled=no list=nice
add address=192.92.81.0/24 comment="" disabled=no list=nice
add address=194.0.1.0/24 comment="" disabled=no list=nice
add address=194.0.2.0/24 comment="" disabled=no list=nice
add address=202.10.36.0/24 comment="" disabled=no list=nice
add address=202.10.39.0/24 comment="" disabled=no list=nice
add address=202.14.255.0/24 comment="" disabled=no list=nice
add address=202.20.109.0/24 comment="" disabled=no list=nice
add address=202.22.31.0/24 comment="" disabled=no list=nice
add address=202.43.173.0/24 comment="" disabled=no list=nice
add address=202.43.175.0/24 comment="" disabled=no list=nice
add address=202.43.184.0/24 comment="" disabled=no list=nice
add address=202.43.186.0/24 comment="" disabled=no list=nice
add address=202.43.190.0/24 comment="" disabled=no list=nice
add address=202.46.9.0/24 comment="" disabled=no list=nice
add address=202.46.11.0/24 comment="" disabled=no list=nice
add address=202.46.94.0/24 comment="" disabled=no list=nice
add address=202.46.129.0/24 comment="" disabled=no list=nice
add address=202.51.100.0/24 comment="" disabled=no list=nice
add address=202.51.110.0/24 comment="" disabled=no list=nice
add address=202.51.126.0/24 comment="" disabled=no list=nice
add address=202.58.203.0/24 comment="" disabled=no list=nice
add address=202.58.204.0/24 comment="" disabled=no list=nice
add address=202.59.192.0/24 comment="" disabled=no list=nice
add address=202.59.198.0/24 comment="" disabled=no list=nice
add address=202.65.228.0/24 comment="" disabled=no list=nice
add address=202.65.238.0/24 comment="" disabled=no list=nice
add address=202.72.206.0/24 comment="" disabled=no list=nice
add address=202.75.30.0/24 comment="" disabled=no list=nice
add address=202.78.203.0/24 comment="" disabled=no list=nice
add address=202.78.207.0/24 comment="" disabled=no list=nice
add address=202.87.242.0/24 comment="" disabled=no list=nice
add address=202.87.245.0/24 comment="" disabled=no list=nice
add address=202.87.247.0/24 comment="" disabled=no list=nice
add address=202.92.192.0/24 comment="" disabled=no list=nice
add address=202.92.207.0/24 comment="" disabled=no list=nice
add address=202.93.114.0/24 comment="" disabled=no list=nice
add address=202.93.119.0/24 comment="" disabled=no list=nice
add address=202.122.10.0/24 comment="" disabled=no list=nice
add address=202.122.162.0/24 comment="" disabled=no list=nice
add address=202.122.165.0/24 comment="" disabled=no list=nice
add address=202.122.166.0/24 comment="" disabled=no list=nice
add address=202.135.5.0/24 comment="" disabled=no list=nice
add address=202.135.16.0/24 comment="" disabled=no list=nice
add address=202.135.23.0/24 comment="" disabled=no list=nice
add address=202.135.28.0/24 comment="" disabled=no list=nice
add address=202.135.42.0/24 comment="" disabled=no list=nice
add address=202.135.54.0/24 comment="" disabled=no list=nice
add address=202.135.129.0/24 comment="" disabled=no list=nice
add address=202.135.133.0/24 comment="" disabled=no list=nice
add address=202.135.145.0/24 comment="" disabled=no list=nice
add address=202.135.155.0/24 comment="" disabled=no list=nice
add address=202.135.161.0/24 comment="" disabled=no list=nice
add address=202.135.248.0/24 comment="" disabled=no list=nice
add address=202.146.1.0/24 comment="" disabled=no list=nice
add address=202.146.32.0/24 comment="" disabled=no list=nice
add address=202.146.34.0/24 comment="" disabled=no list=nice
add address=202.146.45.0/24 comment="" disabled=no list=nice
add address=202.146.133.0/24 comment="" disabled=no list=nice
add address=202.146.135.0/24 comment="" disabled=no list=nice
add address=202.146.136.0/24 comment="" disabled=no list=nice
add address=202.146.180.0/24 comment="" disabled=no list=nice
add address=202.147.230.0/24 comment="" disabled=no list=nice
add address=202.147.234.0/24 comment="" disabled=no list=nice
add address=202.149.77.0/24 comment="" disabled=no list=nice
add address=202.151.9.0/24 comment="" disabled=no list=nice
add address=202.153.22.0/24 comment="" disabled=no list=nice
add address=202.154.183.0/24 comment="" disabled=no list=nice
add address=202.154.187.0/24 comment="" disabled=no list=nice
add address=202.154.190.0/24 comment="" disabled=no list=nice
add address=202.158.129.0/24 comment="" disabled=no list=nice
add address=202.158.137.0/24 comment="" disabled=no list=nice
add address=202.158.139.0/24 comment="" disabled=no list=nice
add address=202.158.252.0/24 comment="" disabled=no list=nice
add address=202.160.254.0/24 comment="" disabled=no list=nice
add address=202.162.44.0/24 comment="" disabled=no list=nice
add address=202.167.97.0/24 comment="" disabled=no list=nice
add address=202.169.242.0/24 comment="" disabled=no list=nice
add address=202.169.245.0/24 comment="" disabled=no list=nice
add address=202.169.247.0/24 comment="" disabled=no list=nice
add address=202.173.23.0/24 comment="" disabled=no list=nice
add address=202.180.10.0/24 comment="" disabled=no list=nice
add address=202.180.20.0/24 comment="" disabled=no list=nice
add address=203.14.176.0/24 comment="" disabled=no list=nice
add address=203.77.212.0/24 comment="" disabled=no list=nice
add address=203.77.223.0/24 comment="" disabled=no list=nice
add address=203.77.252.0/24 comment="" disabled=no list=nice
add address=203.77.255.0/24 comment="" disabled=no list=nice
add address=203.84.135.0/24 comment="" disabled=no list=nice
add address=203.99.119.0/24 comment="" disabled=no list=nice
add address=203.99.120.0/24 comment="" disabled=no list=nice
add address=203.99.127.0/24 comment="" disabled=no list=nice
add address=203.119.13.0/24 comment="" disabled=no list=nice
add address=203.119.17.0/24 comment="" disabled=no list=nice
add address=203.123.254.0/24 comment="" disabled=no list=nice
add address=203.134.235.0/24 comment="" disabled=no list=nice
add address=203.134.237.0/24 comment="" disabled=no list=nice
add address=203.142.66.0/24 comment="" disabled=no list=nice
add address=203.153.49.0/24 comment="" disabled=no list=nice
add address=203.153.124.0/24 comment="" disabled=no list=nice
add address=203.160.62.0/24 comment="" disabled=no list=nice
add address=203.160.128.0/24 comment="" disabled=no list=nice
add address=203.163.66.0/24 comment="" disabled=no list=nice
add address=203.163.76.0/24 comment="" disabled=no list=nice
add address=203.163.81.0/24 comment="" disabled=no list=nice
add address=203.163.88.0/24 comment="" disabled=no list=nice
add address=203.163.95.0/24 comment="" disabled=no list=nice
add address=203.163.113.0/24 comment="" disabled=no list=nice
add address=203.173.89.0/24 comment="" disabled=no list=nice
add address=203.173.90.0/24 comment="" disabled=no list=nice
add address=203.174.5.0/24 comment="" disabled=no list=nice
add address=203.190.47.0/24 comment="" disabled=no list=nice
add address=203.191.44.0/24 comment="" disabled=no list=nice
add address=203.191.46.0/24 comment="" disabled=no list=nice
add address=203.194.90.0/24 comment="" disabled=no list=nice
add address=203.196.90.0/24 comment="" disabled=no list=nice
add address=205.248.57.0/24 comment="" disabled=no list=nice
add address=205.248.151.0/24 comment="" disabled=no list=nice
add address=205.248.158.0/24 comment="" disabled=no list=nice
add address=206.73.79.0/24 comment="" disabled=no list=nice
add address=206.73.80.0/24 comment="" disabled=no list=nice
add address=206.73.194.0/24 comment="" disabled=no list=nice
add address=206.73.203.0/24 comment="" disabled=no list=nice
add address=206.73.205.0/24 comment="" disabled=no list=nice
add address=206.73.222.0/24 comment="" disabled=no list=nice
add address=206.73.227.0/24 comment="" disabled=no list=nice
add address=206.73.228.0/24 comment="" disabled=no list=nice
add address=206.73.240.0/24 comment="" disabled=no list=nice
add address=206.73.244.0/24 comment="" disabled=no list=nice
add address=206.73.248.0/24 comment="" disabled=no list=nice
add address=206.182.36.0/24 comment="" disabled=no list=nice
add address=207.117.234.0/24 comment="" disabled=no list=nice
add address=218.100.32.0/24 comment="" disabled=no list=nice
add address=192.168.0.245 comment="" disabled=no list=nice
/ip firewall connection tracking
set enabled=yes generic-timeout=3s icmp-timeout=1s tcp-close-timeout=0s \
tcp-close-wait-timeout=1s tcp-established-timeout=3h \
tcp-fin-wait-timeout=1s tcp-last-ack-timeout=1s tcp-syn-received-timeout=\
3s tcp-syn-sent-timeout=3s tcp-syncookie=yes tcp-time-wait-timeout=3s \
udp-stream-timeout=1s udp-timeout=1s
/ip firewall filter
add action=drop chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx src-address-list=LAN
add action=accept chain=forward comment="" disabled=no dst-port=123 protocol=\
udp
add action=accept chain=input comment="" disabled=no dst-port=123 protocol=\
udp
add action=add-src-to-address-list address-list=login1 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp
add action=add-src-to-address-list address-list=login2 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login1
add action=add-src-to-address-list address-list=login3 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login2
add action=add-src-to-address-list address-list=login-blacklist \
address-list-timeout=1d1m chain=input comment="" connection-state=new \
disabled=no dst-port=8291 in-interface=pppoe-out1 protocol=tcp \
src-address-list=login3
add action=drop chain=input comment="" disabled=yes dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login-blacklist
add action=accept chain=input comment="" disabled=no packet-mark=dns-pkt
add action=drop chain=forward comment=p2p disabled=no p2p=all-p2p \
src-address-list=LAN
add action=accept chain=forward comment=email disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=25 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=465 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=110 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=995 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=5050-5051 \
protocol=tcp src-address-list=!otr
add action=drop chain=forward comment="" disabled=no dst-port=5100 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment="" disabled=no dst-port=1677 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=5000-5010 \
protocol=tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=20-21 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=23 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=\
udp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=25 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=27 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=119 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=37 protocol=tcp \
src-address-list=!otr
add action=accept chain=forward comment=SKYPE disabled=no dst-port=59770 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=59770 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=3478-3479 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=5060 \
protocol=udp
add action=accept chain=input comment="" disabled=no dst-port=5060 protocol=\
udp
add action=accept chain=forward comment="" disabled=no dst-port=4569 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=8000-10000 \
protocol=udp
add action=accept chain=input comment=BCA disabled=no dst-port=10000 \
protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=10000 protocol=\
udp
add action=accept chain=input comment="" disabled=no dst-port=4500 protocol=\
tcp
add action=accept chain=input comment="" disabled=no dst-port=4500 protocol=\
udp
add action=accept chain=forward comment="" disabled=no dst-port=10000 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=10000 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=4500 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=4500 \
protocol=udp
add action=accept chain=input comment="" disabled=no protocol=ipsec-esp
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="port scanner" disabled=no \
protocol=tcp psd=21,3s,3,1
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,syn
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,rst
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="" disabled=no src-address-list=\
"port scanner"
add action=drop chain=input comment="" disabled=no dst-port=12667 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=31335 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=27444 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=34555 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=35555 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=27444 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=27665 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=31335 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=31846 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=34555 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=35555 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=224.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=224.0.0.0/8
add action=jump chain=forward comment="" disabled=no jump-target=tcp \
protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="" disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="" disabled=yes dst-port=137-139 protocol=\
tcp
add action=drop chain=tcp comment="" disabled=yes dst-port=445 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=12345-12346 \
protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=111 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=135 protocol=udp
add action=drop chain=udp comment="" disabled=yes dst-port=137-139 protocol=\
udp
add action=drop chain=udp comment="" disabled=yes dst-port=445 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=12345-12346 \
protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=20034 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=3133 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=67-68 protocol=udp
add action=accept chain=icmp comment="" disabled=no icmp-options=0:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=8:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:1 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=4:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=12:0 \
protocol=icmp
add action=drop chain=icmp comment="" disabled=no
add action=accept chain=input comment="" disabled=no protocol=gre
add action=accept chain=input comment="" disabled=no dst-port=1723 protocol=\
tcp
add action=accept chain=forward comment="" disabled=no dst-port=1723 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no protocol=ipip
add action=accept chain=forward comment="" connection-state=related disabled=\
no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=drop chain=forward comment="" connection-state=invalid disabled=no
add action=drop chain=forward comment="" content=.mp3 disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mpg disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.flv disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.avi disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.wmv disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.exe disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.avr disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.divx disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.ivr disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mov disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.3gp disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mp4 disabled=no \
dst-address-list=!otr protocol=tcp src-address-list=otr
add action=drop chain=forward comment="" content=.rm disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.xvid disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mpeg disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=8080 \
in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=3128 \
in-interface=pppoe-out1 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=5900 \
protocol=tcp
add action=accept chain=input comment="" connection-state=related disabled=no
add action=drop chain=forward comment="tongji virus" connection-mark=\
tongji-conn disabled=no
add action=drop chain=output comment="" connection-mark=tongji-conn disabled=\
no
add action=log chain=forward comment="" connection-mark=tongji-conn disabled=\
no log-prefix="Mac Spoofing"
add action=drop chain=forward comment="" disabled=no in-interface=LAN \
src-address-list=!LAN
add action=accept chain=input comment="" connection-state=established \
disabled=no
add action=drop chain=input comment="" connection-state=invalid disabled=no
add action=drop chain=forward comment="" disabled=no dst-port=8080 \
in-interface=LAN protocol=tcp src-address-list=!LAN
add action=drop chain=forward comment="" disabled=no dst-port=3128 \
in-interface=LAN protocol=tcp src-address-list=!LAN
add action=accept chain=input comment="" disabled=no in-interface=LAN \
src-address-list=LAN
add action=drop chain=input comment="" disabled=no in-interface=LAN \
src-address-list=!LAN
/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=25 new-packet-mark=email-mr passthrough=no \
protocol=tcp src-address=192.168.3.114
add action=mark-packet chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=110 new-packet-mark=email-mr passthrough=no \
protocol=tcp src-address=192.168.3.114
add action=mark-packet chain=prerouting comment="zph squid" disabled=no dscp=\
12 new-packet-mark=proxy-hit passthrough=no
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=53 \
new-packet-mark=dns-pkt passthrough=no protocol=udp src-address-list=DNS
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list=nice in-interface=LAN new-connection-mark=iix-conn \
passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=iix-conn \
disabled=no new-packet-mark=iix-pkt passthrough=no
add action=mark-packet chain=output comment="" connection-mark=iix-conn \
disabled=no new-packet-mark=iix-pkt out-interface=LAN passthrough=no
add action=mark-packet chain=prerouting comment="" disabled=no \
new-packet-mark=intl-pkt passthrough=no protocol=!icmp
add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
intl-pkt out-interface=LAN passthrough=no
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=tongji-conn passthrough=yes src-address-list=TONGJI
add action=mark-packet chain=prerouting comment="" connection-mark=\
tongji-conn disabled=no new-packet-mark=tongji-pkt passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=LAN disabled=no out-interface=\
pppoe-out1 src-address-list=LAN
add action=masquerade chain=srcnat comment=proxy disabled=no out-interface=\
pppoe-out1 src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment=mail disabled=no out-interface=\
pppoe-out1 packet-mark=email-mr
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.129 to-ports=\
5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
192.168.5.2 dst-port=80 protocol=tcp src-address-list=LAN to-addresses=\
192.168.5.2 to-ports=80
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=8080 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3128 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=808 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set WAN discover=yes
set pppoe-out1 discover=no
set PROXY discover=yes
set LAN discover=yes
set ether3 discover=yes
/ip proxy
set always-from-cache=yes cache-administrator=webmaster cache-hit-dscp=12 \
cache-on-disk=yes enabled=no max-cache-size=1024000KiB \
max-client-connections=600 max-fresh-time=6d max-server-connections=600 \
parent-proxy=192.168.0.117 parent-proxy-port=8080 port=8080 \
serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=allow comment="" disabled=no src-address=192.168.0.0/24
add action=allow comment="" disabled=no src-address=192.168.1.0/24
add action=allow comment="" disabled=no src-address=192.168.3.0/24
add action=deny comment="" disabled=no src-address=0.0.0.0
/ip proxy cache
add action=allow comment="" disabled=no src-address=192.168.0.0/24
add action=allow comment="" disabled=no src-address=192.168.1.0/24
add action=allow comment="" disabled=no src-address=192.168.3.0/24
add action=deny comment="" disabled=no src-address=0.0.0.0
/ip proxy direct
add action=allow comment="" disabled=no dst-address=192.168.5.2 dst-host=80 \
src-address=192.168.0.0/24
/ip route
add comment="" disabled=no distance=1 dst-address=192.168.1.0/24 gateway=\
192.168.0.1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=192.168.3.0/24 gateway=\
192.168.0.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=no port=201
set www address=0.0.0.0/0 disabled=no port=88
set ssh address=0.0.0.0/0 disabled=no port=2204
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
add advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
mtu=unspecified ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autoconfig=yes on-link=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls
set dynamic-label-range=16-1048575
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=xxxxx password=xxxxxx profile=pptp-in routes="" service=pptp
/queue interface
set WAN queue=ethernet-default
set pppoe-out1 queue=default
set PROXY queue=ethernet-default
set LAN queue=ethernet-default
set ether3 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=\
no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=primary-master name=user-manager1 type=\
user-manager
add comment="" disabled=no disk=primary-master name=web-proxy1 type=web-proxy
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
set [ find vcno=1 ] disabled=no term=linux
set [ find vcno=2 ] disabled=no term=linux
set [ find vcno=3 ] disabled=no term=linux
set [ find vcno=4 ] disabled=no term=linux
set [ find vcno=5 ] disabled=no term=linux
set [ find vcno=6 ] disabled=no term=linux
set [ find vcno=7 ] disabled=no term=linux
set [ find vcno=8 ] disabled=no term=linux
/system console screen
set line-count=25
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=phallelobhejat
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=script
add action=remote disabled=no prefix="" topics=info
add action=remote disabled=no prefix="" topics=error
add action=remote disabled=no prefix="" topics=warning
add action=remote disabled=no prefix="" topics=critical
add action=remote disabled=no prefix="" topics=script
/system note
set note="Using nice.rsc from www.mikrotik.co.id, 2 January 2009 05:17:29 WIB,\
605 lines." show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=202.155.39.179 secondary-ntp=\
219.117.196.238
/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no
/system scheduler
add comment="" disabled=no interval=1d name=sch-Client-On on-event=Client-On \
start-date=oct/29/2008 start-time=07:30:00
add comment="" disabled=no interval=1d name=sch-Client-Off on-event=\
Client-Off start-date=oct/22/2008 start-time=17:05:00
add comment="" disabled=no interval=1d name=sch-ym-on on-event=ym-on \
start-date=oct/22/2008 start-time=10:00:00
add comment="" disabled=no interval=1d name=sch-ym-off on-event=ym-off \
start-date=oct/22/2008 start-time=14:00:00
add comment="" disabled=no interval=2d name=sch-reboot on-event=reboot \
start-date=dec/18/2008 start-time=05:00:00
add comment="" disabled=no interval=1h name=sch-reset-counter on-event=\
reset-counter start-date=oct/22/2008 start-time=06:00:00
add comment="" disabled=no interval=1d name=sch-upip on-event=update-ip \
start-date=oct/22/2008 start-time=01:00:00
add comment="" disabled=no interval=1d name=sch-update-nice on-event=":if ([:l\
en [/file find name=nice.rsc]] > 0) do={ /file remove nice.rsc };/tool fet\
ch address=ixp.mikrotik.co.id src-path=/download/nice.rsc;/import nice.rsc\
;/ip firewall address-list add address=192.168.0.245 list nice" \
start-date=oct/22/2008 start-time=06:10:00
/system script
add name=ym-on policy=ftp,reboot,read,write,policy,test,winbox,password,sniff \
source="/ip firewall filter disable [find comment=ym]"
add name=ym-off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall filter enable [find comment=ym]"
add name=Client-Off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall address-list disable [find comment=Filter]"
add name=Client-On policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall address-list enable [find comment=Filter]"
add name=ym-off2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/ip firewa\
ll filter enable [find comment=ym]\r\
\n/system scheduler enable [find comment=tts]"
add name=ym-on2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/ip firewa\
ll filter disable [find comment=ym]\r\
\n/system scheduler disable [find comment=tts]"
add name=reboot policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/system reboot"
add name=reset-counter policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/queue sim\
ple reset-counters-all\r\
\n/ip firewall filter reset-counters-all\r\
\n/ip firewall nat reset-counters-all\r\
\n/ip firewall mangle reset-counters-all\r\
\n\r\
\n\r\
\n"
add name=proxy-off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall nat disable [find comment=natsi]"
add name=proxy-on policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall nat enable [find comment=natsi]"
add name=update-ip policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="# Define U\
ser Variables\r\
\n:global ddnsuser \"sum14rdi\"\r\
\n:global ddnspass \"pogung152\"\r\
\n:global ddnshost \"sum14rdi.dns1.us\"\r\
\n\r\
\n# Define Global Variables\r\
\n:global ddnsip\r\
\n:global ddnslastip\r\
\n:if ([ :typeof \$ddnslastip ] = nil ) do={ :global ddnslastip \"0\" }\r\
\n\r\
\n:global ddnsinterface\r\
\n:global ddnssystem (\"mt-\" . [/system package get system version] )\r\
\n\r\
\n# Define Local Variables\r\
\n:local int\r\
\n\r\
\n# Loop thru interfaces and look for ones containing\r\
\n# default gateways without routing-marks\r\
\n:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={ \
\r\
\n :if ([:typeof [/ip route get \$int routing-mark ]] != str ) do={\r\
\n :global ddnsinterface [/ip route get \$int interface]\r\
\n } \r\
\n}\r\
\n\r\
\n# Grab the current IP address on that interface.\r\
\n:global ddnsip [ /ip address get [/ip address find interface=\$ddnsinter\
face ] address ]\r\
\n\r\
\n# Did we get an IP address to compare\?\r\
\n:if ([ :typeof \$ddnsip ] = nil ) do={\r\
\n :log info (\"DDNS: No ip address present on \" . \$ddnsinterface . \"\
, please check.\")\r\
\n} else={\r\
\n\r\
\n :if (\$ddnsip != \$ddnslastip) do={\r\
\n\r\
\n :log info \"DDNS: Sending UPDATE!\"\r\
\n :log info [ :put [/tool dns-update name=\$ddnshost address=[:pick \$\
ddnsip 0 [:find \$ddnsip \"/\"] ] key-name=\$ddnsuser key=\$ddnspass ] ]\r\
\n :global ddnslastip \$ddnsip\r\
\n\r\
\n } else={ \r\
\n :log info \"DDNS: No update required.\"\r\
\n }\r\
\n\r\
\n}\r\
\n\r\
\n# End of script"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=<> server=0.0.0.0
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool graphing queue
add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all \
store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool netwatch
add comment="" disabled=no down-script=proxy-off host=192.168.0.117 interval=\
30s timeout=1s up-script=proxy-on
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \
streaming-server=0.0.0.0
/tool user-manager customer
add comment="" disabled=no login=admin parent=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

Silahkan bagi yang berminat untuk mencobanya......

Baru bikin nih.....

2009-01-03T18:27:00.000+07:00

Lagi nyoba-nyoba gimana sih ngeblog itu, akhirnya dipaksain bikin dech. Ini tulisan pertama saya, masih ngalor ngidul gak tahu mau nulis apa....maklum oot... :D
Pengennya nanti saya mau postingin pengalaman saya selama mengelola jaringan LAN di sebua rumah sakit tempat saya bekerja, baik itu untuk akses lokalan maupun untuk akses internetnya.
Mulai dari install W****ws Server2000 advanced server, install mikrotik, maupun install smoothwall buat webproxy koneksi internet dirumah sakit tersebut...

Kayaknya segini dulu perkenalannya....
mau ngumpulin bahan buat postingan selanjutnya :D