TransparentTrafficShaper - Mikrotik v.3

Sumber: wiki.mikrotik.com

 

Introduction 

This example shows how to configure a transparent traffic shaper. The transparent traffic shaper is essentially a bridge that is able to differentiate and prioritize traffic that passes through it.Consider the following network layout :

We will configure one queue limiting the total throughput to the client and three sub-queues that limit HTTP, P2P and all other traffic separately.

Quick Start for Impatient

Configuration snippet from the MikroTik router: 

/ interface bridge add name="bridge1"

/ interface bridge port add interface=ether2 bridge=bridge1 add interface=ether3 bridge=bridge1

/ interface bridge settings set use-ip-firewall=yes

/ ip firewall mangle

add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \ new-connection-mark=http_conn passthrough=yes

add chain=prerouting connection-mark=http_conn action=mark-packet \ new-packet-mark=http passthrough=no

add chain=prerouting p2p=all-p2p action=mark-connection \ new-connection-mark=p2p_conn passthrough=yes

add chain=prerouting connection-mark=p2p_conn action=mark-packet \ new-packet-mark=p2p passthrough=no

add chain=prerouting action=mark-connection new-connection-mark=other_conn \ passthrough=yes add chain=prerouting connection-mark=other_conn action=mark-packet \ new-packet-mark=other passthrough=no

/ queue simple

add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000

add name="http" parent=main packet-marks=http max-limit=240000/500000 priority=1

add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000 priority=8

add name="other" parent=main packet-marks=other max-limit=128000/128000 priority=4

Dynamic DNS Update Script for ChangeIP.com

Sumber : wiki.mikrotik.com

The following script should be created when you wish to update your ChangeIP.com Dynamic DNS account. Once created you should schedule this to run once in a while. The :global variables should be edited to include your unique username and password, interface name, etc.

The script below is RouterOS 4.2 Tested! It should also continue to work under 3.x series RouterOS.

Below the plain text script is an export that can be used to paste directly into terminal window. That method is recommended as word wrapping is common. The second code window is also recommended because it includes a scheduler entry.

Note: A copy of the latest Dynamic DNS update script should be at ChangeIP.com. 

http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_ChangeIP.com&

Downgrade USB 2.0 ke 1.0 (buat usb wifi - homemade)

Cara ke 1
Rubah Setting BIOS Komputer dari USB version 2.0 ke 1.1 atau ke 1.0
Jika di BIOS Komputer tidak ada fasilitas tersebut,

Gunakan cara ke 2:
Di Windows XP/2000/ME
Klik START - SETTINGS - CONTROL PANEL
Lalu pilih SYSTEM - HARDWARE - DEVICE MANAGER
Terus DISABLE "USB enhanced host controller"

Operating System for Router/Firewall

This list contains Linux distributions or Unix distributions specifically designed to be used as the operating system of a machine acting as a router and/or a firewall.

BrazilFW

BrazilFW is a Router/firewall distribution based on Coyote Linux

Cflinux

Cflinux is intended to be a small, embedded linux based system, mostly usable for firewall (Linux kernel 2.4 with iptables), router (ripd, ospfd, even bgpd from quagga), 802.11a/b/g access point (hostap and madwifi drivers), IPSEC gateway (openswan), PPPoE server (with radius authentication, kernel PPPoE), PPTP access servers

CiscoASA

Cisco ASA 8.x.x is Linux distribution used in Cisco ASA Security Appliances. An article in German, describing the contents of the package

ClarkConnect

Router/firewall distribution

Collax Business Server

A Router/firewall & web-, email- and database server distribution

Collax Security Gateway

A specialized Router/firewall/IDS/IPS server distribution

Coyote Linux

Router/firewall distribution

Devil-Linux

firewall/router/server distribution running from CD

DD-WRT

Embedded firewall distribution

eBox

Router/Firewall and NAS/PDC

Eisfair

small easy to install server

Endian Firewall

Unified Threat Management distribution (Router/Firewall, Gateway Anti-Spam & Anti-Virus for Web, FTP and Email, Hotspot functionality)

EnGarde Secure Linux

A Router/firewall & web-, email- and database server distribution

Fli4l

a single floppy ISDN, DSL and Ethernet-Router

floppyfw

floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disc.

FREESCO

a free replacement for proprietary routers supporting up to 10 network cards and up to 10 modems.

Gibraltar

Router/firewall distribution.

IPCop

Router/firewall distribution

IPFire

Router/firewall/homeserver distribution with webbased paketmanager

LEAF Project

a customizable embedded Linux network appliance used as an Internet gateway, router, firewall, and wireless access point.

Ideco Gateway

Advanced Router/Firewall distro

OpenWrt

Modular embedded distribution for ARM, MIPS, PPC and x86 devices.

M0n0wall

A Router/firewall distribution based on FreeBSD.

PfSense

A free, open source customized distribution of FreeBSD tailored for use as a firewall and router.

PyramidLinux

A wireless router distribution for x86 embedded systems.

redWall

Router/firewall distribution

Sentry Firewall

A firewall, server or intrusion detection system distribution

SME Server

A Router/firewall^{[citation needed]} & web-, file-, email- and database server distribution based on CentOS

SmoothWall

Router/firewall distribution

The Linux Router Project

Router distribution (Defunct as of 2003)

Trustix

Router/firewall distribution with SSH and GCC included if desired.(Defunct as of jan 2009)

Untangle

GPLv2 Firewall & Router that runs 12 open source applications including Spam Blocker, Virus Blocker, Web Filter, OpenVPN & More.

Vyatta

Enterprise-class routing, security and traffic management with simple-to-use interfaces designed as a network operating system that runs on Intel/AMD as well in virtual environments.

Zeroshell

Web administrable router/firewall live CD with QoS features. It is also able to act as a Wi-Fi Access Point with advanced features such as the Multiple SSID and 802.1x RADIUS Authentication. Zeroshell supports VLAN trunking (802.1q), bridging and WAN load balancing and failover features.

surat terbuka buat komunitas "hacker" Indonesia

Kepada Seluruh Rekan-Rekan Komunitas Teknologi Informasi di Tanah Air,

Pemilu merupakan kegiatan akbar penyaluran aspirasi politik yang menentukan kemajuan bangsa Indonesia sehingga seluruh rakyat berkepentingan mendukung suksesnya pelaksanaan Pemilu 2009.

Dengan berbagai keterbatasan yang ada, rekan-rekan BPPT (sebagai Tim TI KPU) dan ID-SIRTII, bersama-sama dengan berbagai komunitas yang berhubungan dengan keamanan informasi, antara lain: Coder, Echo, Jasakom, Komunitas Keamanan Informasi (KKI), Virologi, dan komunitas lainnya berusaha meningkatkan keamanan TI Pemilu 2009 sesuai dengan kapasitas masing-masing.

Kami menghimbau kepada siapapun yang merasa sebagai bagian dari bangsa Indonesia dan merasa memiliki negara ini, terutama rekan-rekan yang bergabung dalam berbagai komunitas teknologi informasi untuk bersama-sama menyukseskan Pemilu 2009 dengan cara:

1. Tidak melakukan hal-hal yang berpotensi melanggar hukum, terutama UU ITE, terhadap sistem Pemilu dan infrastruktur yang digunakan.

2. Memberikan berbagai masukan atau informasi yang diterima dari sumber manapun yang berkaitan dengan keamanan TI Pemilu 2009 ke nomer Hotline 087883728787, Fax : 021-56957634 atau email ke

pemilu2009@echo.or.id
pemilu2009@coder.web.id
pemilu2009@jasakom.com
pemilu2009@securityfirst.or.id
pemilu2009@virologi.info

Terimakasih atas kesediaan rekan-rekan meneruskan himbauan ini kepada rekan-rekan lainnya.


Salam,

Coder, Echo, Jasakom, KKI, Virologi dan Komunitas-Komunitas TI Lainnya

madam

Selamat datang di Portal Insan Mikrotik Banjarmasin, Kalimantan Selatan (ITIK Banjar). Media ini kami buat untuk menyatukan komunitas pengguna Mikrotik Router OS di Kalimantan Selatan agar dapat saling berbagi dan share knowledge seputar system ini. Kami harapkan kawan-kawan yang mengunjungi portal ini dapat mendaftarkan dirinya disini guna melakukan pendataan anggota untuk selanjutnya akan kita adakah kopi darat sebagai langkah berikutnya untuk membuat struktur organisasi yang harapan kami, dengan adanya struktur organisasi ini nantinya ITIK Banjar akan lebih solid dan tetap terjaga kesinambungannya.

Demikian, Semoga dapat diterima oleh kawan-kawan dengan baik, khususnya insan pengguna Mikrotik Router OS di Banjarmasin.

semoga dapat bermanfaat untuk kemajuan TI di Kalimantan Selatan

Why I think PayDotCom is the Best Affiliate Marketplace on the Net!

Hi

rahmad rizani here...

If you are familiar with Clickbank.com (R), or even if you are not but you want to make profits online, then you will want to check this out ASAP ...

While I like Clickbank, and they are a great marketplace... they are limited to many restrictions to sell products or earn affiliate commissions...

Well, there is a GREAT NEW SERVICE now...

It is a new FREE marketplace where you can sell any product you want.

Yours OWN product...

- OR - (the best part)
You can become an INSTANT Affiliate for ANY item in their HUGE marketplace.

It is called PayDotCom.com!

Did I mention it is 100% FREE to Join!

This site is going to KILL all other marketplaces and I by now, almost EVERY SINGLE SERIOUS online marketer has an account with PayDotCom.com

So get yours now and see how much they offer...


OH! - Also, they have their won affiliate program now that pays you COLD HARD cash just for sharing the site with people like I am doing with you...

They give you cool tools like BLOG WIDGETS, and they even have an advertising program to help you get traffic to your site.

If you want an ARMY of affiliates to sell your products for you, they also allow you to have Free placement in their marketplace!

Even better... If your product becomes one of the Top 25 products in its category in the marketplace (not that hard to do)...

...then you will get Free advertising on the Blog Widget which is syndicated on THOUSANDS of sites World Wide and get Millions of impressions per month.

So, what are you waiting for...

PayDotCom.com ROCKS!

Get your FREE account now...

http://paydotcom.net/?affiliate=539050

Thanks,

rahmad rizani

P.S. - Make sure to get your Account NOW while it is Free to join.

Installing OpenWrt with RedBoot

Once you have gained access to !RedBoot either by telnet or the serial console you can install !OpenWrt with the following method.

NOTE: If you changed RedBoot’s baud rate to something different than 9600bps, revert that change unless your terminal program does auto baud detection — OpenWrt logs to its serial console with 9600bps, so having the same baud rate in RedBoot is a good idea.

Note: instructions below also worked on FON2200

You have to download two files (right click and save as).

openwrt-atheros-vmlinux.lzma

openwrt-atheros-root.squashfs

Copy openwrt-atheros-vmlinux.lzma and openwrt-atheros-root.squashfs to /tftpboot/ and flash them like this:

^C
RedBoot> ip_address -h 192.168.5.2 -l 192.168.5.75/24
IP: 192.168.5.75/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.5.2

RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
Using default protocol (TFTP)
Raw file loaded 0×80041000-0×800f0fff, assumed entry at 0×80041000
RedBoot> fis init

The values for the -e and -r switches in the ‘fis create’ RedBoot command below is the Kernel entry point. Do not change this value.

RedBoot> fis create -e 0×80041000 -r 0×80041000 vmlinux.bin.l7
An image named ‘vmlinux.bin.l7′ exists - continue (y/n)? y
… Erase from 0xa8730000-0xa87e0000: ………..
… Program from 0×80041000-0×800f1000 at 0xa8730000: ………..
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0×80ff0000-0×81000000 at 0xa87e0000: .

“fis free” will print the first and last free block

RedBoot> fis free
0xA80F0000 .. 0xA87E0000

Now do the math (last - first, cause you need the difference)

server:~# bc
obase=16
ibase=16
A87E0000 - A80F0000
6F0000

Replace 0xLENGTH with the value above (0×006F0000 in my case) and flash the the rootfs:

RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
Using default protocol (TFTP)
|
Raw file loaded 0×80041000-0×80200fff, assumed entry at 0×80041000
RedBoot> fis create -l 0xLENGTH rootfs
An image named ‘rootfs’ exists - continue (y/n)? y
… Erase from 0xa8030000-0xa8730000: ………………………………………………………………………………………………….
… Program from 0×80041000-0×80741000 at 0xa8030000: ………………………………………………………………………………………………..
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0×80ff0000-0×81000000 at 0xa87e0000: .
RedBoot> reset

If everything is okay, then it will now look like this:

+PHY ID is 0022:5521
…
== Executing boot script in 1.000 seconds - enter ^C to abort
RedBoot> fis load -l vmlinux.bin.l7
Image loaded from 0×80041000-0×80290085
RedBoot> exec
Now booting linux kernel:
Base address 0×80030000 Entry 0×80041000
Cmdline :
Linux version 2.6.21.5 (ubuntu@ubuntu-laptop) (gcc version 4.1.2) #1 Sat Sep 29 11:04:17 CEST 2007
CPU revision is: 00019064
Determined physical RAM map:
memory: 01000000 @ 00000000 (usable)
Initrd not found or empty - disabling initrd
Built 1 zonelists. Total pages: 4064
Kernel command line: console=ttyS0,9600 rootfstype=squashfs,jffs2 init=/etc/preinit
Primary instruction cache 16kB, physically tagged, 4-way, linesize 16 bytes.
Primary data cache 16kB, 4-way, linesize 16 bytes.
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
PID hash table entries: 64 (order: 6, 256 bytes)
Using 92.000 MHz high precision timer.
Dentry cache hash table entries: 2048 (order: 1, 8192 bytes)
Inode-cache hash table entries: 1024 (order: 0, 4096 bytes)
Memory: 13504k/16384k available (1955k kernel code, 2880k reserved, 292k data, 116k init, 0k highmem)
Mount-cache hash table entries: 512
NET: Registered protocol family 16
Radio config found at offset 0xf8(0×1f
Time: MIPS clocksource has been installed.
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 512 (order: 0, 4096 bytes)
TCP bind hash table entries: 512 (order: -1, 2048 bytes)
TCP: Hash tables configured (established 512 bind 512)
TCP reno registered
squashfs: version 3.0 (2006/03/15) Phillip Lougher
Registering mini_fo version $Id$
JFFS2 version 2.2. (NAND) (C) 2001-2006 Red Hat, Inc.
io scheduler noop registered
io scheduler deadline registered (default)
Serial: 8250/16550 driver $Revision: 1.90 $ 1 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0xb1100003 (irq = 37) is a 16550A
eth0: Dropping NETIF_F_SG since no checksum feature.
eth0: Atheros AR231x: 00:18:84:14:39:94, irq 4
cmdlinepart partition parsing not available
Searching for RedBoot partition table in spiflash at offset 0×7d0000
Searching for RedBoot partition table in spiflash at offset 0×7e0000
5 RedBoot partitions found on MTD device spiflash
Creating 5 MTD partitions on “spiflash”:
0×00000000-0×00030000 : “RedBoot”
0×00030000-0×000f0000 : “vmlinux.bin.l7″
0×000f0000-0×007e0000 : “rootfs”
0×00200000-0×007e0000 : “rootfs_data”
0×007e0000-0×007ef000 : “FIS directory”
0×007ef000-0×007f0000 : “RedBoot config”
nf_conntrack version 0.5.0 (128 buckets, 1024 max)
ip_tables: (C) 2000-2006 Netfilter Core Team
TCP vegas registered
NET: Registered protocol family 1
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear
All bugs added by David S. Miller
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 116k freed
Warning: unable to open an initial console.
eth0: Configuring MAC for full duplex
Algorithmics/MIPS FPU Emulator v1.5
- preinit -
jffs2 not ready yet; using ramdisk
mini_fo: using base directory: /
mini_fo: using storage directory: /tmp/root
- init -
init started: BusyBox v1.4.2 (2007-09-26 19:44:01 CEST) multi-call binary
Please press Enter to activate this console. device eth0 entered promiscuous mode
br-lan: port 1(eth0) entering learning state
br-lan: topology change detected, propagating
br-lan: port 1(eth0) entering forwarding state
PPP generic driver version 2.4.2
wlan: 0.8.4.2 (svn r256
ath_hal: module license ‘Proprietary’ taints kernel.
ath_hal: 0.9.30.13 (AR5212, AR5312, RF2316, TX_DESC_SWAP)
ath_rate_minstrel: Minstrel automatic rate control algorithm 1.2 (svn r256
ath_rate_minstrel: look around rate set to 10%
ath_rate_minstrel: EWMA rolloff level set to 75%
ath_rate_minstrel: max segment size in the mrr set to 6000 us
wlan: mac acl policy registered
ath_ahb: 0.9.4.5 (svn r256
ath_pci: switching rfkill capability off
ath_pci: switching per-packet transmit power control off
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 11.0 phy 4.8 radio 7.0
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 2315 WiSoC: mem=0xb0000000, irq=3
jffs2_scan_eraseblock(): End of filesystem marker found at 0×0
jffs2_build_filesystem(): unlocking the mtd device… done.
jffs2_build_filesystem(): erasing all blocks after the end marker… done.
mini_fo: using base directory: /
mini_fo: using storage directory: /jffs
BusyBox v1.4.2 (2007-09-26 19:44:01 CEST) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.
_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (7.09) ———————————–
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
—————————————————
root@OpenWrt:/#