Tuesday, March 27, 2012

Atasi Idm Dengan Mikrotik


Kita asumsikan mikrotik sudah diset dengan benar (Internet Sharing) dan berfungsi dengan baik, dengan blok IP Client yang digunakan adalah 192.168.10.0/24.
Tutorial ini sangat bermanfaat bagi RT/RW net ataupun warnet yang ingin melakukan limitasi untuk akses ke ekstensi file2 tertentu, yang biasanya identik dengan hal download mendownload. Biasanya, si client menggunakan salah satu program yang sudah tidak asing lagi, yaitu IDM.
Dengan menambahkan setingan berikut, hanya aktifitas download saja yang akan kita limit, sehingga aktifitas browsing client tetap lancar.
Langkah-langkahnya adalah sebagai berikut :
1. Masukkan rule di firewall untuk mendapatkan IP server tempat file yang didownload dan memasukan IP itu ke dalam address list.
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.mp3 \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.exe \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.rar \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.zip \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00

/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.mpg \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.mpeg \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.mkv \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.avi \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.flv \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.pdf \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.mp4 \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.rmvb \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.dat \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.iso \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.nrg \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.3gp \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
/ip firewall filter add chain=forward \
src-address=192.168.10.0/24 protocol=tcp content=.doc \
action=add-dst-to-address-list address-list=downloads \
address-list-timeout=00:05:00
Rule diatas akan menangkap semua traffic dengan ekstensi tertentu dan memasukkannya ke address list downloads selamat 5 menit. Jika ingin menambahkan ekstensi lainnya tinggal dikopas saja.
2. Setting mangle untuk paket yang berasal dari IP yang didapat dari langkah 1.
/ip firewall mangle add chain=forward \
protocol=tcp src-address-list=downloads \
action=mark-packet new-packet-mark=downloads-paket
3. Langkah terakhir kita masukkan simple queue dari paket mark yang dibuat dari langkah 2.
/queue simple add name=downloads-files \
max-limit=128000/128000 packet-marks=downloads-paket
Letakkan queue ini di urutan paling atas, supaya dibaca pertama kali oleh mikrotik sebelum queue lainnya.

No comments:

Post a Comment

Iklan