because many of his questions to me about the separate international bw and IIX in Mikrotik then I created this tutorial:
first:
Mikrotik nat for the user:
/ Ip firewall nat add action = masquerade chain = srcnat src-address = 192.168.1.0/24
second:
download from Mikrotik nice.rsc file OpenIXP
http://ixp.mikrotik.co.id/download/nice.rsc
three:
then we enter it into Mikrotik nice.rsc file
in Mikrotik Winbox click file then drag it to the winbox nice.src file file
so go into Mikrotik Winbox terminal and after completion click
type
import nice.rsc
check if ip address is entered in mikrotik nice, please check the Mikrotik firewall ip - address list
to four:
Mikrotik Mangle
because it is NATed network (eg 192.168.1.0/24) then its chain mangle prerouting
if routed end2end (eg 192.168.1.1/24) then its forward pake
thx that's easy to just copy and paste:
Note: iix = connection to Indonesia alone and ix = connection to international
Mikrotik
chain = forward src-address-list = nice action = mark-connection new-connection-mark = mark-con-iix passthrough = yes
chain = forward dst-address-list = nice action = mark-connection new-connection-mark = mark-con-iix passthrough = yes
chain = forward src-address-list =! nice action = mark-connection new-connection-mark = mark-con-ix passthrough = yes
chain = forward dst-address-list =! nice action = mark-connection new-connection-mark = mark-con-ix passthrough = yes
chain = prerouting connection-mark = mark-con-Indonesia action = mark-packet new-packet-mark = Indonesia passthrough = yes
chain = prerouting connection-mark = mark-con-overseas action = mark-packet new-packet-mark = international passthrough = yes
perhatiin PASTROUGH until one of them do not, adjust with each topology. use the PREROUTING or FORWARD
look at Mikrotik Winbox. To ascertain whether the path is separated by either all traffic must ketangkep (trying to do some connection iix and ix to be sure, for example: go to speedtest.net, to test for test iix select international jakarta singapore or select the all american)
go to ip -> firewall -> mangle
if all connections are read in mikrotik mangle ... then stay in the setting mikrotik queue
for example:
client 1
by ip:
192.168.1.2
we want to give international bandwidth 64 kbps 512kbps iix
then:
Mikrotik
/ Queue simple
add
name = "client1-iix" target-addresses = 192.168.100.2/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = direction = both Indonesia priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 512000/512000 total-queue = default-small
name = "client1-int" target-addresses = 192.168.100.2/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = international direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
client2
with ip: 192.168.1.3
IIX only be given at 64 kbps and is not given at all .. international
then:
we make Mikrotik Mikrotik client firewall to block 2 international channels
[Admin @ Mikrotik]> ip firewall filter add
chain = forward src-address = 192.168.1.3 connection-mark = mark-con-ix action = drop
then try the test from client2 open www.yahoo.com
if not successful we are blocking the path is open internationally to client 2
if still another configuration kebuka checks that we make.
setting is usually used to center the only game in IIX only give access
then we just limit to IIX only or even make it simple que mediocre because we know that
client 2 is impossible to access international
The following example along with its rule iix:
Mikrotik
/ Queue simple
add
name = "client2-iix" target-addresses = 192.168.1.3/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = direction = both Indonesia priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
if we are still paranoid if the client is still able to access international fear of leaked alias (though already longer ga)
then add the international wrote a large queue for 8 kbps
Mikrotik
/ Queue simple
add
name = "client2-int" target-addresses = 192.168.1.3/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = international direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 8/8 total-queue = default-small
his next example for client 3
with ip 192.168.1.4
with a bandwidth of 64 kbps.
then we create a common queue wrote:
Mikrotik
/ Queue simple
add
name = "client3" target-addresses = 192.168.1.4/32 dst-address = 0.0.0.0 / 0 interface = all parent = none direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
completed
is important to understand the principle.
his next develop their own imagination
first:
Mikrotik nat for the user:
/ Ip firewall nat add action = masquerade chain = srcnat src-address = 192.168.1.0/24
second:
download from Mikrotik nice.rsc file OpenIXP
http://ixp.mikrotik.co.id/download/nice.rsc
three:
then we enter it into Mikrotik nice.rsc file
in Mikrotik Winbox click file then drag it to the winbox nice.src file file
so go into Mikrotik Winbox terminal and after completion click
type
import nice.rsc
check if ip address is entered in mikrotik nice, please check the Mikrotik firewall ip - address list
to four:
Mikrotik Mangle
because it is NATed network (eg 192.168.1.0/24) then its chain mangle prerouting
if routed end2end (eg 192.168.1.1/24) then its forward pake
thx that's easy to just copy and paste:
Note: iix = connection to Indonesia alone and ix = connection to international
Mikrotik
chain = forward src-address-list = nice action = mark-connection new-connection-mark = mark-con-iix passthrough = yes
chain = forward dst-address-list = nice action = mark-connection new-connection-mark = mark-con-iix passthrough = yes
chain = forward src-address-list =! nice action = mark-connection new-connection-mark = mark-con-ix passthrough = yes
chain = forward dst-address-list =! nice action = mark-connection new-connection-mark = mark-con-ix passthrough = yes
chain = prerouting connection-mark = mark-con-Indonesia action = mark-packet new-packet-mark = Indonesia passthrough = yes
chain = prerouting connection-mark = mark-con-overseas action = mark-packet new-packet-mark = international passthrough = yes
perhatiin PASTROUGH until one of them do not, adjust with each topology. use the PREROUTING or FORWARD
look at Mikrotik Winbox. To ascertain whether the path is separated by either all traffic must ketangkep (trying to do some connection iix and ix to be sure, for example: go to speedtest.net, to test for test iix select international jakarta singapore or select the all american)
go to ip -> firewall -> mangle
if all connections are read in mikrotik mangle ... then stay in the setting mikrotik queue
for example:
client 1
by ip:
192.168.1.2
we want to give international bandwidth 64 kbps 512kbps iix
then:
Mikrotik
/ Queue simple
add
name = "client1-iix" target-addresses = 192.168.100.2/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = direction = both Indonesia priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 512000/512000 total-queue = default-small
name = "client1-int" target-addresses = 192.168.100.2/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = international direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
client2
with ip: 192.168.1.3
IIX only be given at 64 kbps and is not given at all .. international
then:
we make Mikrotik Mikrotik client firewall to block 2 international channels
[Admin @ Mikrotik]> ip firewall filter add
chain = forward src-address = 192.168.1.3 connection-mark = mark-con-ix action = drop
then try the test from client2 open www.yahoo.com
if not successful we are blocking the path is open internationally to client 2
if still another configuration kebuka checks that we make.
setting is usually used to center the only game in IIX only give access
then we just limit to IIX only or even make it simple que mediocre because we know that
client 2 is impossible to access international
The following example along with its rule iix:
Mikrotik
/ Queue simple
add
name = "client2-iix" target-addresses = 192.168.1.3/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = direction = both Indonesia priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
if we are still paranoid if the client is still able to access international fear of leaked alias (though already longer ga)
then add the international wrote a large queue for 8 kbps
Mikrotik
/ Queue simple
add
name = "client2-int" target-addresses = 192.168.1.3/32 dst-address = 0.0.0.0 / 0 interface = all parent = none packet-marks = international direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 8/8 total-queue = default-small
his next example for client 3
with ip 192.168.1.4
with a bandwidth of 64 kbps.
then we create a common queue wrote:
Mikrotik
/ Queue simple
add
name = "client3" target-addresses = 192.168.1.4/32 dst-address = 0.0.0.0 / 0 interface = all parent = none direction = both priority = 8
queue = default-small/default-small limit-at = 0/0 max-limit = 64000/64000 total-queue = default-small
completed
is important to understand the principle.
his next develop their own imagination
Posted by Unknown on Kamis, 09 Februari 2012 - Rating: 4.5
Title : Splitting Bandwidth via mikrotik
Description : because many of his questions to me about the separate international bw and IIX in Mikrotik then I created this tutorial: first: Mik...
Description : because many of his questions to me about the separate international bw and IIX in Mikrotik then I created this tutorial: first: Mik...
0 Response to "Splitting Bandwidth via mikrotik"
Posting Komentar