Menandai Paket-paket Download di Mikrotik dengan Layer7
Biasa
nya sering dilakukan membagi bandwidth internet hanya per IP saja,
hasilnya kurang bagus untuk kebutuhan anda. Ada baik nya coba ditambah
kan rule berikut ini yang berguna untuk menandai paket-paket download. Ini ada beberapa contoh yang bisa di coba:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
/ip firewall layer7-protocol add name="http-video" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="file-msi" regexp="\\.(msi)"
/ip firewall layer7-protocol add name="file-exe" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="file-rar" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="file-zip" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="file-7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="file-cab" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="file-asf" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="file-mov" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="file-wmv" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="file-mpg" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="file-mpeg" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="file-mkv" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="file-avi" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="file-flv" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="file-pdf" regexp="\\.(pdf)"
/ip firewall layer7-protocol add name="file-wav" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="file-rm" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="file-mp3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="file-mp4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="file-ram" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="file-rmvb" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="file-dat" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="file-daa" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="file-iso" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="file-nrg" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="file-bin" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="file-vcd" regexp="\\.(vcd)"
/ip firewall layer7-protocol add name="file-mp2" regexp="\\.(mp2)"
/ip firewall layer7-protocol add name="file-3gp" regexp="\\.(3gp)"
/ip firewall layer7-protocol add name="file-mpe" regexp="\\.(mpe)"
/ip firewall layer7-protocol add name="file-qt" regexp="\\.(qt)"
/ip firewall layer7-protocol add name="file-raw" regexp="\\.(raw)"
/ip firewall layer7-protocol add name="file-wma" regexp="\\.(wma)"
/ip firewall layer7-protocol add name="file-ogg" regexp="\\.(ogg)"
/ip firewall layer7-protocol add name="file-webm" regexp="\\.(webm)"
/ip firewall layer7-protocol add name="file-gz" regexp="\\.(gz)"
/ip firewall layer7-protocol add name="file-tar" regexp="\\.(tar)"
/ip firewall layer7-protocol add name="file-rpm" regexp="\\.(rpm)"
/ip firewall layer7-protocol add name="file-dmg" regexp="\\.(dmg)"
|
Pada mikrotik yang sudah bisa bekerja
berdasarkan address-list ada baik nya di list kan ip yang anda gunakan
di jaringan lokal ( hanya untuk memudahkan ), misal:
1
2
3
|
/ip firewall address-list add address=192.168.0.2 list=client disabled=no
/ip firewall address-list add address=192.168.0.3 list=client disabled=no
/ip firewall address-list add address=192.168.0.4 list=client disabled=no
|
dan seterusnya. Isikan lah sesuai jumlah ip yang anda gunakan bisa juga menggunakan subnet. Kemudian lanjut pada mangle.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=http-video dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-msi dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-exe dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-rar dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-zip dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-7z dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-cab dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-asf dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mov dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-wmv dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mpg dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mpeg dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mkv dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-avi dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-flv dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-pdf dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-wav dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-rm dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mp3 dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mp4 dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-ram dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-rmvb dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-dat dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-daa dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-iso dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-nrg dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-bin dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-vcd dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mp2 dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-3gp dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-mpe dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-qt dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-raw dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-wma dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-ogg dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-webm dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-gz dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-tar dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
/ip firewall mangle add chain=forward protocol=tcp layer7-protocol=file-rpm dst-address-list=client action=mark-packet new-packet-mark=download passthrough=no
|
Untuk pembagian bandwidth pada queue tree tambahkan seperti ini, misal anda mengalokasi kan bandwidth 384k.
1
|
/queue tree add name="total-download" parent=to-client packet-mark=download limit-at=128k queue=default priority=8 max-limit=384k burst-limit=0 burst-threshold=0 burst-time=0s
|
1
2
|
/queue type add kind=pcq name=pcq-download pcq-classifier=dst-address
/queue tree add name="total-download" parent=to-client packet-mark=download limit-at=128k queue=pcq-download priority=8 max-limit=384k burst-limit=0 burst-threshold=0 burst-time=0s
|
Tidak ada komentar:
Posting Komentar