Category: Mikrotik

Install CHR Mikrotik di Debian

~ suji2019 ~ Leave a comment

Daripada lupa scriptnya mending simpan di blog, biar orang lain bisa ambil manfaatnya hehehehe

wget http://download2.mikrotik.com/routeros/6.36.4/chr-6.36.4.img.zip -O chr.img.zip && \
gunzip -c chr.img.zip > chr.img && \
mount -o loop,offset=33554944 chr.img /mnt && \
ADDRESS=ip addr show eth0 | grep global | cut -d' ' -f 6 | head -n 1 && \
GATEWAY=ip route list | grep default | cut -d' ' -f 3 && \
echo "/ip address add address=$ADDRESS interface=[/interface ethernet find where name=ether1]
/ip route add gateway=$GATEWAY
" > /mnt/rw/autorun.scr && \
umount /mnt && \
echo u > /proc/sysrq-trigger && \
dd if=chr.img bs=1024 of=/dev/vda

Allow WhatsApp Chat & WhatsApp Voice Call Only di MikroTik

~ suji2019 ~ Leave a comment

Ada kebutuhan untuk beberapa user tertentu yang terhubung ke network cuman bisa akses WA aja , baik itu chat & voice call WA maupun WA web.. Lebih dari itu ( kayak akses internet , akses ke jaringan lokal ) diblok..

Berarti kan yang dibutuhkan ada tiga , yaitu yang pertama IP address server WhatsApp , yang kedua IP address user yang terhubung , kemudian yang ketiga rule firewall MikroTik

Nah untuk yang pertama bisa diambil CIDR WhatsApp disini yang berisi IPv4 + IPv6 yang dibutuhkan client akses ke server WhatsApp

  1. Import CIDR nya ke mikrotik , scriptnya udah ane buatin , bisa ditengok di link berikut , jadi tinggal import aja
  2. Nah yg kedua , definisikan juga ip mana aja di address list yang mau diallow untuk akses WA tsb. ( in this case , ane namain mereka User_Internet_WA )screen-shot-2017-01-04-at-1-42-43-pm
  3. Langkah selanjutnya yg ketiga yaitu buat rule firewall Allow TCP , chain forward , source User_Internet_WA yang udah didefinisikan sebelumnya dan destination ip_whatsapp seperti script yang udah dibuat , action accept , protocal & port yang diallow tcp 80,443,4244,5222,5223,5228,5242,8443 screen-shot-2017-01-04-at-1-29-09-pmscreen-shot-2017-01-04-at-1-29-57-pmscreen-shot-2017-01-04-at-1-30-08-pm
  4. Lanjut buat rule untuk UDP nya , tinggal port & protocol nya aja yang beda yaitu udp 3478,45395 screen-shot-2017-01-04-at-1-29-26-pm
  5. Di rule paling akhir tinggal bikin blok all LAN to WAN , action nya di drop ( bisa disesuaikan dengan konfigurasi firewall yang ada , inti skenario nya adalah kita mau blok semua ip ataauuuuuuu ip selain yang didefinisikan di address list User_Internet_WA supaya ga bisa keluar kemana” lewat WAN & LAN , which is akses internet dan akses to local , logikanya dengan cara drop to any )

block ads

~ suji2019 ~ Leave a comment 
/ip dns static 
add address=127.0.0.1 name=ad-g.doubleclick.net 
add address=127.0.0.1 name=ad.doubleclick.net 
add address=127.0.0.1 name=ad.mo.doubleclick.net 
add address=127.0.0.1 name=ad.youtube.com 
add address=127.0.0.1 name=ads.doubleclick.net 
add address=127.0.0.1 name=ads.youtube.com 
add address=127.0.0.1 name=akamaiedge.net 
add address=127.0.0.1 name=akamaitechnologies.com 
add address=127.0.0.1 name=analytic-google.com 
add address=127.0.0.1 name=apis.google.com 
add address=127.0.0.1 name=clients1.google.com 
add address=127.0.0.1 name=doubleclick.net 
add address=127.0.0.1 name=googleadapis.l.google.com 
add address=127.0.0.1 name=googleads.g.doubleclick.net 
add address=127.0.0.1 name=googleads4.g.doubleclick.net 
add address=127.0.0.1 name=googleadservices.com 
add address=127.0.0.1 name=i1.ytimg.com 
add address=127.0.0.1 name=pagead.googlesyndication.com 
add address=127.0.0.1 name=pagead.l.doubleclick.net 
add address=127.0.0.1 name=pagead1.googlesyndication.com 
add address=127.0.0.1 name=pagead2.googlesyndication.com 
add address=127.0.0.1 name=pixel.moatads.com 
add address=127.0.0.1 name=pubads.g.doubleclick.net 
add address=127.0.0.1 name=r1—sn-vgqsen7z.googlevideo.com 
add address=127.0.0.1 name=r1.sn-vgqsen7z.googlevideo.com 
add address=127.0.0.1 name=r17—sn-vgqsenes.googlevideo.com 
add address=127.0.0.1 name=r2—sn-hp57yne7.googlevideo.com 
add address=127.0.0.1 name=r2—sn-vgqs7n7k.googlevideo.com 
add address=127.0.0.1 name=r20—sn-vgqs7ne7.googlevideo.com 
add address=127.0.0.1 name=r20.sn-vgqs7ne7.googlevideo.com 
add address=127.0.0.1 name=r3—sn-hp57knsl.googlevideo.com 
add address=127.0.0.1 name=r4—sn-vgqs7nez.googlevideo.com 
add address=127.0.0.1 name=r4.sn-vgqs7nez.googlevideo.com 
add address=127.0.0.1 name=r5—sn-hp57kn6e.googlevideo.com 
add address=127.0.0.1 name=r5.sn-32o-guhl.googlevideo.com 
add address=127.0.0.1 name=r6—sn-vgqseney.googlevideo.com 
add address=127.0.0.1 name=r7—sn-8p8v-bg0d.googlevideo.com 
add address=127.0.0.1 name=r8—sn-8p8v-bg0d.googlevideo.com 
add address=127.0.0.1 name=redirector.googlevideo.com 
add address=127.0.0.1 name=rtd.tubemogul.com 
add address=127.0.0.1 name=s.innovid.com 
add address=127.0.0.1 name=s0.2mdn.net 
add address=127.0.0.1 name=secure-ds.serving-sys.com 
add address=127.0.0.1 name=securepubads.g.doubleclick.net 
add address=127.0.0.1 name=ssl.google-analytics.com 
add address=127.0.0.1 name=static.doubleclick.net 
add address=127.0.0.1 name=stats.g.doubleclick.net 
add address=127.0.0.1 name=www-google-analytics.l.google.com 
add address=127.0.0.1 name=www-googletagmanager.l.google.com 
add address=127.0.0.1 name=www.analytic-google.com 
add address=127.0.0.1 name=www.googleadservices.com 
add address=127.0.0.1 name=www.googletagservices.com 
add address=127.0.0.1 name=www.youtube-nocookie.com 
add address=127.0.0.1 name=youtube-nocookie.com 
add address=127.0.0.1 name=ads1.msads.net 
add address=127.0.0.1 name=ads2.msads.net 
add address=127.0.0.1 name=a.ads2.msads.net 
add address=127.0.0.1 name=b.ads2.msads.net

Buat Scripts Auto Connect WMS di Mikrotik dengan NetWatch

~ suji2019 ~ Leave a comment

/tool netwatch
add down-script=”{\r\
\nlog error (\”WMS is down — trying to reconnect ……\”)\r\
\n:local ip [/ip address get [/ip address find interface=\”namaINTERFACE\”] address];\r\
\n:local ip [put [:pick \$ip 0 [:find \$ip \”/\”]]]\r\
\n/tool fetch http-method=post http-data=\”username=USERNAMEWMS@freeMS&password=PASSWORDWMS\” url=(\”https://welcome2.wifi.id/wms/auth/authnew/autologin/quarantine.php\\?ipc=\$ip&gw_id=GWIDurl&client_mac=MACADDRESSinterface&wlan=WLANurl:UN%20CHECK\”) keep-result=no\r\
\nlog warning (\”WMS is UP\”)\r\
\n}” host=8.8.8.8 interval=10s

Penggunaan DNS dari VPN

~ suji2019 ~ Leave a comment

/ip fi add add list=LOCAL address=127.0.0.0/8 comment=DNS-IcGorontalo
/ip fi add add list=LOCAL address=192.168.0.0/16 comment=DNS-IcGorontalo
/ip fi add add list=LOCAL address=172.16.0.0/12 comment=DNS-IcGorontalo
/ip fi add add list=LOCAL address=10.0.0.0/8 comment=DNS-IcGorontalo

/int pptp-client add name=DNS-IcGorontalo connect-to=103.80.80.112 user=DNS-IcGorontalo password=** max-mtu=1492 max-mru=1492 add-default-route=no disabled=no comment=DNS-IcGorontalo
/ip fi fi add chain=input src-address-list=!LOCAL protocol=udp dst-port=53 action=drop comment=DNS-IcGorontalo
/ip fi fi move [find comment=DNS-IcGorontalo] 0
/ip fi na add chain=dstnat src-address-list=LOCAL protocol=udp dst-port=53 action=redirect to-ports=53 comment=DNS-IcGorontalo
/ip fi na add chain=srcnat action=masquerade out-interface=DNS-IcGorontalo comment=DNS-IcGorontalo
/ip fi na move [find comment=DNS-IcGorontalo] 0
/ip ro add gateway=172.31.255.254 routing-mark=DNS-IcGorontalo comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=103.80.80.243 comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=103.80.80.244 comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=103.80.80.248 comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=103.80.80.249 comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=208.67.220.220 comment=DNS-IcGorontalo
/ip rou rule add action=lookup table=DNS-IcGorontalo dst-address=208.67.222.222 comment=DNS-IcGorontalo
/ip dns set servers=103.80.80.248,103.80.80.249 allow-remote-requests=yes

Memisahkan Trafik Sosial Media dan Streaming

~ suji2019 ~ Leave a comment

Contoh ada 3 koneksi:

  1. Indihome 30Mb
  2. Indihome 10Mb
  3. Astinet/Telkomsell 2Mb.

Langkah setingnya, yang pasti mikrotik sudah di seting sampai konek internet dengan setingan natnya

/ip firewall nat

add action=masquerade chain=srcnat out-interface=ether1-indihome

add action=masquerade chain=srcnat out-interface=ether2-indihom

add action=masquerade chain=srcnat out-interface=ether3-astinet

Kemudian buat Address Listnya untuk membedakan Target hostnya

/ip firewall address-list
add address=0.0.0.0/8 list=private-lokal
add address=10.0.0.0/8 list=private-lokal
add address=100.64.0.0/10 list=private-lokal
add address=127.0.0.0/8 list=private-lokal
add address=169.254.0.0/16 list=private-lokal
add address=172.16.0.0/12 list=private-lokal
add address=192.0.0.0/24 list=private-lokal
add address=192.0.2.0/24 list=private-lokal
add address=192.168.0.0/16 list=private-lokal
add address=198.18.0.0/15 list=private-lokal
add address=198.51.100.0/24 list=private-lokal
add address=203.0.113.0/24 list=private-lokal
add address=224.0.0.0/3 list=private-lokal
add address=36.64.0.0/16 list=ggc-telkom
add address=36.65.0.0/16 list=ggc-telkom
add address=36.66.0.0/16 list=ggc-telkom
add address=36.67.0.0/16 list=ggc-telkom
add address=36.68.0.0/16 list=ggc-telkom
add address=36.69.0.0/16 list=ggc-telkom
add address=36.70.0.0/16 list=ggc-telkom
add address=36.71.0.0/16 list=ggc-telkom
add address=36.72.0.0/16 list=ggc-telkom
add address=36.73.0.0/16 list=ggc-telkom
add address=36.74.0.0/16 list=ggc-telkom
add address=36.75.0.0/16 list=ggc-telkom
add address=36.76.0.0/16 list=ggc-telkom
add address=36.77.0.0/16 list=ggc-telkom
add address=36.78.0.0/16 list=ggc-telkom
add address=36.79.0.0/16 list=ggc-telkom
add address=36.80.0.0/16 list=ggc-telkom
add address=36.81.0.0/16 list=ggc-telkom
add address=36.82.0.0/16 list=ggc-telkom
add address=36.83.0.0/16 list=ggc-telkom
add address=36.84.0.0/16 list=ggc-telkom
add address=36.85.0.0/16 list=ggc-telkom
add address=36.86.0.0/16 list=ggc-telkom
add address=36.87.0.0/16 list=ggc-telkom
add address=36.88.0.0/16 list=ggc-telkom
add address=36.89.0.0/16 list=ggc-telkom
add address=36.90.0.0/16 list=ggc-telkom
add address=61.5.0.0/17 list=ggc-telkom
add address=61.94.0.0/16 list=ggc-telkom
add address=110.136.0.0/16 list=ggc-telkom
add address=110.137.0.0/16 list=ggc-telkom
add address=110.138.0.0/16 list=ggc-telkom
add address=110.139.0.0/16 list=ggc-telkom
add address=118.96.0.0/16 list=ggc-telkom
add address=118.97.0.0/16 list=ggc-telkom
add address=118.98.0.0/17 list=ggc-telkom
add address=125.160.0.0/16 list=ggc-telkom
add address=125.162.0.0/16 list=ggc-telkom
add address=125.164.0.0/16 list=ggc-telkom
add address=125.165.0.0/16 list=ggc-telkom
add address=125.167.0.0/16 list=ggc-telkom
add address=180.241.0.0/16 list=ggc-telkom
add address=180.242.0.0/16 list=ggc-telkom
add address=180.243.0.0/16 list=ggc-telkom
add address=180.244.0.0/16 list=ggc-telkom
add address=180.245.0.0/16 list=ggc-telkom
add address=180.246.0.0/16 list=ggc-telkom
add address=180.247.0.0/16 list=ggc-telkom
add address=180.248.0.0/16 list=ggc-telkom
add address=180.249.0.0/16 list=ggc-telkom
add address=180.250.0.0/16 list=ggc-telkom
add address=180.251.0.0/16 list=ggc-telkom
add address=180.252.0.0/16 list=ggc-telkom
add address=180.253.0.0/16 list=ggc-telkom
add address=180.254.0.0/16 list=ggc-telkom
add address=222.124.0.0/16 list=ggc-telkom
add address=216.239.32.0/19 list=ggc-telkom
add address=216.58.192.0/19 list=ggc-telkom
add address=172.217.0.0/16 list=ggc-telkom
add address=74.125.0.0/16 list=ggc-telkom
add address=31.13.24.0/21 comment=”Facebook Ireland” list=sosmed
add address=31.13.64.0/18 comment=”Facebook Ireland” list=sosmed
add address=31.13.64.0/19 comment=”Facebook Ireland” list=sosmed
add address=31.13.64.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.65.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.66.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.67.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.68.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.69.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.70.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.71.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.72.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.73.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.74.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.75.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.76.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.78.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.80.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.81.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.82.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.83.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.84.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.85.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.86.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.87.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.90.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.91.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.92.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.94.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.95.0/24 comment=”Facebook Ireland” list=sosmed
add address=31.13.96.0/19 comment=”Facebook Ireland” list=sosmed
add address=45.64.40.0/22 comment=”Facebook Singapore Pte Ltd. Singapore” list=\
sosmed
add address=66.220.144.0/20 comment=”Facebook, Inc. United States” list=sosmed
add address=66.220.144.0/21 comment=”Facebook, Inc. United States” list=sosmed
add address=66.220.152.0/21 comment=”Facebook, Inc. United States” list=sosmed
add address=69.63.176.0/20 comment=”Facebook, Inc. United States” list=sosmed
add address=69.63.176.0/21 comment=”Facebook, Inc. United States” list=sosmed
add address=69.63.184.0/21 comment=”Facebook, Inc. United States” list=sosmed
add address=69.171.224.0/19 comment=”Facebook, Inc. United States” list=sosmed
add address=69.171.224.0/20 comment=”Facebook, Inc. United States” list=sosmed
add address=69.171.239.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=69.171.240.0/20 comment=”Facebook, Inc. United States” list=sosmed
add address=69.171.255.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=74.119.76.0/22 comment=”Facebook, Inc. United States” list=sosmed
add address=103.4.96.0/22 comment=” Temasek Avenue Singapore” list=sosmed
add address=157.240.0.0/17 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.1.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.2.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.3.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.6.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.7.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.8.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.9.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.10.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.11.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.12.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.13.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.14.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.15.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.16.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.18.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.20.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.21.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=157.240.22.0/24 comment=”Facebook, Inc. United States” list=sosmed
add address=173.252.64.0/19 comment=”Facebook, Inc. United States” list=sosmed
add address=173.252.88.0/21 comment=”Facebook, Inc. United States” list=sosmed
add address=173.252.96.0/19 comment=”Facebook, Inc. United States” list=sosmed
add address=179.60.192.0/22 comment=”Edge Network Services Ltd United States” \
list=sosmed
add address=179.60.192.0/24 comment=”Edge Network Services Ltd United States” \
list=sosmed
add address=179.60.193.0/24 comment=”Edge Network Services Ltd United States” \
list=sosmed
add address=179.60.195.0/24 comment=”Edge Network Services Ltd United States” \
list=sosmed
add address=185.60.216.0/22 comment=”Facebook Ireland” list=sosmed
add address=185.60.216.0/24 comment=”Facebook Ireland” list=sosmed
add address=185.60.218.0/24 comment=”Facebook Ireland” list=sosmed
add address=185.60.219.0/24 comment=”Facebook Ireland” list=sosmed
add address=204.15.20.0/22 comment=”Facebook, Inc. United States” list=sosmed
add address=64.63.0.0/18 comment=”MoPub, Inc. United States” list=sosmed
add address=69.195.160.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.162.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.163.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.164.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.165.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.166.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.168.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.169.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.171.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.172.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.173.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.175.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.176.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.177.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.178.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.179.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.180.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.181.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.182.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.184.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.185.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.186.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.187.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.188.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.189.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.190.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=69.195.191.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=103.252.112.0/23 comment=\
“60 Robinson Road, #11-02 BEA Building, Singapore 068892. Singapore” list=\
sosmed
add address=103.252.114.0/23 comment=\
“60 Robinson Road, #11-02 BEA Building, Singapore 068892. Singapore” list=\
sosmed
add address=104.244.40.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.41.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.42.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.43.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.44.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.45.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.46.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=104.244.47.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=185.45.5.0/24 comment=”Twitter International Company Ireland” list=\
sosmed
add address=185.45.6.0/23 comment=”Twitter International Company Ireland” list=\
sosmed
add address=188.64.224.0/24 comment=”Heron SAS France” list=sosmed
add address=188.64.225.0/24 comment=”Heron SAS France” list=sosmed
add address=188.64.226.0/23 comment=”Heron SAS France” list=sosmed
add address=188.64.226.0/24 comment=”Heron SAS France” list=sosmed
add address=188.64.227.0/24 comment=”Heron SAS France” list=sosmed
add address=188.64.228.0/24 comment=”Heron SAS France” list=sosmed
add address=188.64.229.0/24 comment=”Heron SAS France” list=sosmed
add address=192.44.69.0/24 comment=”Crashlytics, Inc United States” list=sosmed
add address=192.133.76.0/22 comment=”Twitter Inc. United States” list=sosmed
add address=192.133.76.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=199.16.156.0/22 comment=”Twitter Inc. United States” list=sosmed
add address=199.16.156.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=199.59.148.0/22 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.56.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.56.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.57.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.58.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.60.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.60.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.61.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=199.96.62.0/23 comment=”Twitter Inc. United States” list=sosmed
add address=202.160.128.0/24 comment=”Twitter Asia Pacific Pte. Ltd. Singapore” \
list=sosmed
add address=202.160.129.0/24 comment=”Twitter Asia Pacific Pte. Ltd. Singapore” \
list=sosmed
add address=202.160.130.0/24 comment=”Twitter Asia Pacific Pte. Ltd. Singapore” \
list=sosmed
add address=202.160.131.0/24 comment=”Twitter Asia Pacific Pte. Ltd. Singapore” \
list=sosmed
add address=209.237.192.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.193.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.194.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.195.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.196.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.197.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.198.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.199.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.200.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.201.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.204.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.205.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.206.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.207.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.208.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.209.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.210.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.211.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.212.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.213.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.214.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.215.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.216.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.217.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.218.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.219.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.220.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.221.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.222.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=209.237.223.0/24 comment=”Twitter Inc. United States” list=sosmed
add address=whatsapp.com comment=whatsapp list=sosmed
add address=whatsapp.net comment=whatsapp list=sosmed

Kemudian tandai trafiknya agar bisa di bedakan.

/ip firewall mangle

add action=mark-routing chain=prerouting dst-address-list=sosmed \ new-routing-mark=SOSMED passthrough=yes

add action=mark-routing chain=prerouting dst-address-list=ggc-telkom \ new-routing-mark=Youtube passthrough=yes

Setelah itu buat routingnya.

/ip route add check-gateway=ping distance=2 gateway=192.168.2.1 routing-mark=SOSMED

add check-gateway=ping distance=3 gateway=192.168.3.1 routing-mark=Youtube

add check-gateway=ping distance=1 gateway=192.168.1.1

sesuaikan dengan setingan ip dan eth di masing2 mikrotik anda

By soeji

PING Stabil Ala GW

~ suji2019 ~ Leave a comment

/ ip firewall mangle
add chain=prerouting protocol=icmp src-address=192.168.10.0/24 action=mark-connection new-connection-mark=icmp-c comment=”–> ping” disabled=no

add chain=prerouting connection-mark=icmp-c action=mark-packet new-packet-mark=icmp-p comment=”” disabled=no

add chain=prerouting packet-mark=icmp-p action=change-tos new-tos=min-delay comment=”” disabled=no

add chain=prerouting src-address=192.168.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-c comment=”–> dns” disabled=no

add chain=prerouting src-address=192.168.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-c comment=”” disabled=no

add chain=prerouting connection-mark=dns-c action=mark-packet new-packet-mark=dns-p comment=”” disabled=no

add chain=prerouting packet-mark=dns-p action=change-tos new-tos=min-delay comment=”” disabled=no

Jika pada mangle terdapat mark packet nya koneksi (IIX / INT) letakkan di bagian bawah mangle tersebut, dan jangan diletakkan di bagian atas. Selanjutnya pada queue type:

/ queue type
add name=”64″ kind=pfifo pfifo-limit=64

Pada queue tree:

/ queue tree
add name=”64″ parent=global-in packet-mark=”” limit-at=0 queue=64 priority=5 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

add name=”ping” parent=64 packet-mark=icmp-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

add name=”dns” parent=64 packet-mark=dns-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Load balancing 3 isp dengan routing berbeda

~ suji2019 ~ Leave a comment

Pada kasus ini kita akan membahas tentang cara menggunakan routing mark pada mikrotik untuk memisahkan bandwith dengan 3 isp yang berbeda, contoh kasus kita memiliki 3 isp dari ISP INDIHOME, ISP ASTINET dan ISP MYREPUBLIC . Jika Anda memiliki beberapa koneksi internet ke router Mikrotik dari satu atau lebih ISP, dan Anda tidak suka dengan metode load-balancing, maka pilihan yang dapat anda gunakan yaitu menggunakan metode routing mark Mikrotik untuk memisahkan paket di semua Link ISP yang akan kita bahas. Routing Mark Mikrotik memungkinkan administrator jaringan untuk menandai paket berdasarkan atribut atau ip address yang telah ditentukan dan mengatur gateway. Dengan routing mark Mikrotik,
administrator jaringan dapat mengklasifikasikan paket ke dalam grup berdasarkan alamat IP address/ tujuan atau atribut lainnya dan mengatur gateway yang berbeda untuk setiap grup.

Dengan ini, pengguna yang cocok dengan kriteria yang ditetapkan untuk kelompok tertentu akan memiliki lalu lintas internet yang diarahkan keluar sambungan ISP melalui gateway yang ditetapkan untuk grup itu.

Tanda routing Mikrotik dapat diimplementasikan menggunakan fitur aturan mangle di sub-menu firewall di routerOS. Untuk menandai rute, Anda harus menandai User Connection, Packet dan routing. Routing Mark kemudian dipilih dan diberikan gateway di sub-menu rute.

IP address configuration

1234567/ip addressadd address=197.26.1.2/30 interface=ether1 comment=ISP1_INDIHOMEadd address=41.12.8.2/30 interface=ether2 comment=ISP2_ASTINETadd address=62.6.14.2/30 interface=ether3 comment=ISP2_ASTINETadd address=192.168.10.1/24 interface=ether4 comment=LAN_LABKOMadd address=192.168.20.1/24 interface=ether5 comment=LAN_SIadd address=192.168.30.1/24 interface=ether6 comment=LAN_AKADEMIK

NAT Configuration

1234/IP firewall natadd chain=srcnat out-interface=ether1 action=masqueradeadd chain=srcnat out-interface=ether2 action=masqueradeadd chain=srcnat out-interface=ether3 action=masquerade

Untuk menandai koneksi, paket dan routing untuk LAN_LABKOM masukkan perintah di bawah ini kedalam new terminal mikrotik. Perhatikan bahwa Routing Mark digunakan untuk menandai paket dan pada packet mark yang digunakan untuk menandai rute.

Mikrotik routing mark configuration

Karena saya memiliki tiga LAN yang dikonfigurasi pada kasus ini, saya akan menggunakan mangle rule untuk menandai koneksi, paket, dan routing untuk masing-masing LAN; LABKOM, SI, dan AKADEMIK , dimulai dengan LABKOM yaitu sebagai berikut:

Routing mark untuk LABKOM

1234/ip firewall mangleadd chain=prerouting src-address=192.168.10.0/24 action=mark-connection new-connection-mark=labkom_connadd chain=prerouting connection-mark=labkom_conn action=mark-packet new-packet-mark=labkom_packetsadd chain=prerouting packet-mark=labkom_packets action=mark-routing new-routing-mark=labkom_route

Routing mark Untuk SI

1234/ip firewall mangleadd chain=prerouting src-address=192.168.20.0/24 action=mark-connection new-connection-mark=si_connadd chain=prerouting connection-mark=si_conn action=mark-packet new-packet-mark=si_packetsadd chain=prerouting packet-mark=HR_packets action=mark-routing new-routing-mark=si_route

Routing mark Untuk Akademik

1234/ip firewall mangleadd chain=prerouting src-address=192.168.30.0/24 action=mark-connection new-connection-mark=akademik_connadd chain=prerouting connection-mark=finance_conn action=mark-packet new-packet-mark=akademik_packetsadd chain=prerouting packet-mark=akademik_packets action=mark-routing new-routing-mark=akademik_route


Setelah menandai rute, kami akan menggunakan sub-menu rute untuk mengatur gateway yang berbeda untuk semua LAN kami. Lihat perintah di bawah ini.

Mengatur gateway untuk setiap LAN

1234/ip routeadd dst-address=0.0.0.0/0 routing-mark=labkom_route gateway=197.26.1.1add dst-address=0.0.0.0/0 routing-mark=si_route gateway=41.12.8.1add dst-address=0.0.0.0/0 routing-mark=akademik_route gateway=62.6.14.1

Tambahkan sebuah Gateway Rules

1234/ip route rule add src-address=192.168.10.0/24 action=lookup table=labkom_routeadd src-address=192.168.20.1/24 action=lookup table=si_routeadd src-address=192.168.30.1/24 action=lookup table=akademik_route

Untuk membaca lebih lanjut tentang aturan mangle, silakan klik di sini untuk membaca dokumentasi resmi mikrotik.