Mikrotik RB 750 + PFsense as Squid Box
-
Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :
Topologi :
ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
| |
PFSense (Squid + Lusca)Saya harap pembaca sudah paham dengan cara kerja Mikocok
Mikocok Conf :
Ether 0 = PPoE Client ke Spedol
Ether 1 = Ke Client IP 192.168.88.2-254
Ether 2 = default
Ether 3 = ke LAN PF Box IP 192.168.200.1
Ether 4 = ke WAN PF Box IP 172.3.3.2Alat yang di butuhkan :
1 unit Mikocok RB 750 / 750G
1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
4 unit kabel LAN
1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke SpeedolLangkah selanjutnya :
Set pada sisi PF-nya
1. Install pfbox (sesuai Manual).
2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
5. Buka menu system --> packeges --> Cari Lusca
6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
*. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
*. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
*. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
*. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
10. Restart PF Box --> setelah restart, PFBox udah Ready to work.Set pada sisi Mik*otik-nya
1. IP --> address
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 10.10.30.6/28 10.10.30.0 10.10.30.15 ether1-gateway
2 192.168.200.100/24 192.168.200.0 192.168.200.255 ether4-local-slave
3 172.3.1.1/24 172.3.1.1 172.3.1.255 ether5-local-slave2. IP --> firewall --> Nat
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Client
chain=srcnat action=masquerade out-interface=ether1-gateway1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
dst-port=802 ;;; Proxy
chain=srcnat action=masquerade out-interface=ether5-local-slave3 ;;; NAT Proxy
chain=srcnat action=masquerade src-address=192.168.200.1
out-interface=ether1-gateway4 ;;; Belok ke-Proxy
chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp in-interface=ether2-local-master dst-port=803. IP --> firewall --> Nat
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.10.30.6 10.10.30.1 1
1 X S 0.0.0.0/0 192.168.200.100 192.168.200.1 1
2 X S 0.0.0.0/0 10.10.30.6 192.168.200.1 2
10.10.30.1
3 ADC 10.10.30.0/28 10.10.30.6 ether1-gateway 0
4 ADC 172.3.1.0/24 172.3.1.1 ether5-local-slave 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-local-ma... 0
6 ADC 192.168.200.0/24 192.168.200.100 ether4-local-slave 0
Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)ditunggu yee Commentnya
Maju terus networking indonesia
-
Kalo begini gimana bos…?
Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.
-
Kalo begini gimana bos…?
Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.
Kalo gw ma.. lebih yakin kalo RB yang tampil di depan dari pada PF yang tampil di depan coz serangan dari luar banyak yang bahaya boss.. ??? ??? ???. enaknya mikocok punya Winbox yang buat qite nudah monitor traffic masuk & keluar.. jd saya lbh prefer klo mikocok yg di depan.. coba PF punya tools sprti winbox pasti ane dah tempatin dia di depan… ;D dan model kaya di atas prosesnya bisa 2x routing..
-
:)
-
wah kata siapa pfsense nggak secure .. malah pf lebih secure di banding MK :D coba aja buktikan
-
wah kata siapa pfsense nggak secure .. malah pf lebih secure di banding MK :D coba aja buktikan
nah jawaban ini yg sy tunggu2 BOS :) :) :) OK buangetttt Komandan
-
pada batasan tertentu om @chino benar adanya …
yang patut di diperhatikan adalah sisi banyaknya klien dari router itu sendirikalo klien RB750, katakanlah, 20 atau 30, dengan full setup, sepertinya
akan kolap itu RB, bukan karena os nya, tapi hardware yang sudah ngos2an
pastinya harus upgrade ke yg lebih tinggi, dan itu adalah cost yang tinggi pula.
terutama licensenya ...untuk secure, setiap distro firewall, salah satu yang diutamakan adalah secure nya
so, nonsense kalau pf tidak secure, begitu juga sebaliknya ... it's fair enoughyang om @chino lakukan adalah kolaborasi
saling melengkapi antara 2 produk yang berbeda
sudah mahfum kalau mikrotik sangat terbatas dalam custom squidnya
pfsense sangat mudah untuk mendapatkan proxy performance
indah bukan konsep saling melengkapi ...btw ... share nya om acungi jempol :)
untuk single ethernet sangat bisa
om sendiri sudah mengaplikasikan single ethernet multiple interface
mangga dioprek lebih lanjut ... -
kalau saya nggak bisa acungin jempol buat artikel seperti ini nggak ada gunanya .. langsung aja di stick hahahahah
-
Klo sy setubuh, e' salah maksud sy se7 dengan TS. Msh Mikrotik RB 750G + PFsense as Squid Box.
emang setiap topology terkadang tidak pas/cocok dipake di setiap jaringan. klo saya :client –------mikrotik ----------
| |
| | ------ internet
| |
PF (box) ----------Mikrotik = port 1 mengarah clients
port 2 mengarah Wan/Internet
port 3 mengarah ke PF (box)
PF(Box) = Lan ----> port 3 mikrotik
WAN ---> modemintinya :
- Request destination port 80 dibelokan ke mesin PF. ( chain=dstnat action=dst-nat to-addresses=(ip address pfsense) to-ports=(port pfsense) protocol=tcp in-interface=(port 3 mengarah ke pfsense) dst-port=80 )
- Selain port 80 masuk ke mikrotik dengan management bandwidht menggunakan L7 protocol. ( idm & sodara sodaranya nggak berkutik )
Tipology ini belum tentu cocok dengan jaringan yg lain, so yg pasti buffer youtube lari kencang seperti dikejar anjing, ini yg sy suka. speedtest kecepatan LAN full speed semua ini hanya akal akalan mesin PF + LUSCA oprekan Mang Chuddy,Yg emang betul betul cocok buat kita kita yg fakir bandwidht wk... wk.. wk....
-
Klo sy setubuh, e' salah maksud sy se7 dengan TS. Msh Mikrotik RB 750G + PFsense as Squid Box.
emang setiap topology terkadang tidak pas/cocok dipake di setiap jaringan. klo saya :client –------mikrotik ----------
| |
| | ------ internet
| |
PF (box) ----------Mikrotik = port 1 mengarah clients
port 2 mengarah Wan/Internet
port 3 mengarah ke PF (box)
PF(Box) = Lan ----> port 3 mikrotik
WAN ---> modemintinya :
- Request destination port 80 dibelokan ke mesin PF. ( chain=dstnat action=dst-nat to-addresses=(ip address pfsense) to-ports=(port pfsense) protocol=tcp in-interface=(port 3 mengarah ke pfsense) dst-port=80 )
- Selain port 80 masuk ke mikrotik dengan management bandwidht menggunakan L7 protocol. ( idm & sodara sodaranya nggak berkutik )
Tipology ini belum tentu cocok dengan jaringan yg lain, so yg pasti buffer youtube lari kencang seperti dikejar anjing, ini yg sy suka. speedtest kecepatan LAN full speed semua ini hanya akal akalan mesin PF + LUSCA oprekan Mang Chuddy,Yg emang betul betul cocok buat kita kita yg fakir bandwidht wk... wk.. wk....
Mas kasih yang gamblang yaaa sedetailnya :D
tks
PFSI -
siap komandan. :)
mending ku buat tutorial dulu aja settingan aku.
ntar ku share disini. sapa tahu dengan dishare ada masuan sana sini & bisa makin garang konesinya.
Loading …............................... -
pada batasan tertentu om @chino benar adanya …
yang patut di diperhatikan adalah sisi banyaknya klien dari router itu sendirikalo klien RB750, katakanlah, 20 atau 30, dengan full setup, sepertinya
akan kolap itu RB, bukan karena os nya, tapi hardware yang sudah ngos2an
pastinya harus upgrade ke yg lebih tinggi, dan itu adalah cost yang tinggi pula.
terutama licensenya ...untuk secure, setiap distro firewall, salah satu yang diutamakan adalah secure nya
so, nonsense kalau pf tidak secure, begitu juga sebaliknya ... it's fair enoughyang om @chino lakukan adalah kolaborasi
saling melengkapi antara 2 produk yang berbeda
sudah mahfum kalau mikrotik sangat terbatas dalam custom squidnya
pfsense sangat mudah untuk mendapatkan proxy performance
indah bukan konsep saling melengkapi ...btw ... share nya om acungi jempol :)
untuk single ethernet sangat bisa
om sendiri sudah mengaplikasikan single ethernet multiple interface
mangga dioprek lebih lanjut ...Sepakat om, masalah security lebih kepada brainware dibelakang firewall,apalagi jika enginennya masih dalam keluarga *nix ,firewallnya tidak jauh berbedalah. @chino benar bhw di mikrotik traffik monitoring lebih mudah, tapi di pfsense seharusnya juga bisa dilakukan dengan menambahkan package, baik dari pfsense sendiri maupun dari pihak ketiga.
Ada satu hal lagi mungkin yang patut dipertimbangkan o/ developer pfsense ,yakni ketersediaan hardware embed semacam routerboard mikrotik yang sangat ekonomis u/ pengguna soho. Atau jika memungkinkan pfsense bisa didevelop untuk arsitektur mips, ppc yang kompatible u/ routerboard mikrotik sehingga pfsense bisa di injek ke routerboard.
go..opensource -
maap, buat master yg udah pernah coba topologi seperti ini, apakah proxy hit di pfsense bisa naik ngak?? ???
sejak kenal pfsense si RB udah nganggur :D :D
Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.di pfsense===> 1\. squid 2\. lusca 3\. unbound RB750G ==> management bandwidth doangkayaknya cuman ini satu-satunya jalan ke Roma buat aq :'( :'(
-
maap, buat master yg udah pernah coba topologi seperti ini, apakah proxy hit di pfsense bisa naik ngak?? ???
sejak kenal pfsense si RB udah nganggur :D :D
Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.di pfsense===> 1\. squid 2\. lusca 3\. unbound RB750G ==> management bandwidth doangkayaknya cuman ini satu-satunya jalan ke Roma buat aq :'( :'(
sayang kalo rb nya nganggur om :
Percaya aja bahwa masih banyak jalan keroma kok :-)PFsense+LUSCA
|
1. pfsense ===> Internet<–->ModemADSL(bridge)<--->(ppoe)RB750G(bandwidth Manage)<---> Switch/HUB<--->client...dst2. pfsense ===> Internet<--->ModemADSL(bridge)<--->(ppoe)RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst
|
PFsense+LUSCA
3.pfsense ===> Internet<--->(ppoe)ModemADSL(bridge)<---> Switch/HUB<------->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst
| <-- port80 |
PFsense+LUSCA------------------------------------ayo....dipilih ....dipilih......dipilih
-
kalau saya pakai topology seperti ini
adsl –--pcmikrotik----switch--client
|
|
pfsenseenggak tau setting pfsense udah tepat atau belum yg penting jalan
-
ya coba di check dilognya bro… jalan atau belon
salam
PFSI -
siap Ndan
kalau di proxy report rata2 hit 40%,dengan konfigurasi standar Lusca/LUSCA r14850 patched: chudy r14,dengan client 15unit
salam
PFSI -
adsl ----pcmikrotik----switch--client | | pfsenseom kalau boleh tau proxy hitnya nembus sampai berapa Mega ???
-
siang om
rata2 0,5-1gb,mungkin gara2 kebiasan user kalau nonton dari youtube cepet ,jd kagak disimpan dulu.
-
Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :
Topologi :
ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
| |
PFSense (Squid + Lusca)Saya harap pembaca sudah paham dengan cara kerja Mikocok
Mikocok Conf :
Ether 0 = PPoE Client ke Spedol
Ether 1 = Ke Client IP 192.168.88.2-254
Ether 2 = default
Ether 3 = ke LAN PF Box IP 192.168.200.1
Ether 4 = ke WAN PF Box IP 172.3.3.2Alat yang di butuhkan :
1 unit Mikocok RB 750 / 750G
1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
4 unit kabel LAN
1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke SpeedolLangkah selanjutnya :
Set pada sisi PF-nya
1. Install pfbox (sesuai Manual).
2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
5. Buka menu system --> packeges --> Cari Lusca
6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
*. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
*. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
*. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
*. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
10. Restart PF Box --> setelah restart, PFBox udah Ready to work.Set pada sisi Mik*otik-nya
1. IP --> address
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 10.10.30.6/28 10.10.30.0 10.10.30.15 ether1-gateway
2 192.168.200.100/24 192.168.200.0 192.168.200.255 ether4-local-slave
3 172.3.1.1/24 172.3.1.1 172.3.1.255 ether5-local-slave2. IP --> firewall --> Nat
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Client
chain=srcnat action=masquerade out-interface=ether1-gateway1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
dst-port=802 ;;; Proxy
chain=srcnat action=masquerade out-interface=ether5-local-slave3 ;;; NAT Proxy
chain=srcnat action=masquerade src-address=192.168.200.1
out-interface=ether1-gateway4 ;;; Belok ke-Proxy
chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp in-interface=ether2-local-master dst-port=803. IP --> firewall --> Nat
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.10.30.6 10.10.30.1 1
1 X S 0.0.0.0/0 192.168.200.100 192.168.200.1 1
2 X S 0.0.0.0/0 10.10.30.6 192.168.200.1 2
10.10.30.1
3 ADC 10.10.30.0/28 10.10.30.6 ether1-gateway 0
4 ADC 172.3.1.0/24 172.3.1.1 ether5-local-slave 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-local-ma... 0
6 ADC 192.168.200.0/24 192.168.200.100 ether4-local-slave 0
Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)ditunggu yee Commentnya
Maju terus networking indonesia
kalo adsl nya ga mode bridge kk… tapi dengan topologi yang sama... ada panduan ga kk...
thx for share
-
sah-sah saja tidak pake bridge …
bisa saja pake mode dhcp atau static
si modem sebagai dialer pppoe nya dan pfsense sebgai klien dr modem tsbalasan kenapa modem dibridge kan sehingga pfsense yg dial pppoe
karena modem [sebagai dialer pppoe] akan menjadi masalah ketika load tinggi
itu wajar karena modem umumnya terbatas kemampuan HW nyasemoga bisa membantu
-
sah-sah saja tidak pake bridge …
bisa saja pake mode dhcp atau static
si modem sebagai dialer pppoe nya dan pfsense sebgai klien dr modem tsbalasan kenapa modem dibridge kan sehingga pfsense yg dial pppoe
karena modem [sebagai dialer pppoe] akan menjadi masalah ketika load tinggi
itu wajar karena modem umumnya terbatas kemampuan HW nyasemoga bisa membantu
thx atas responnya kk..
ane cuma punya warnet kecil… jadi saya pikir g terlalu...
nah.. ada panduan kah kk.. untuk permasalahan saya...??
mohon pencerahan...
-
pencerahannya hanya satu aja …
langsung praktek lapangan
insya allah tidak akan kesasarkalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
btw ... om mau tanya
pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?tentunya semua tidak ada yg instan
cukup bermodal membaca dari how to yang sudah digelar teman2
pokoknya jangan cepat give up ... -
pencerahannya hanya satu aja …
langsung praktek lapangan
insya allah tidak akan kesasarkalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
btw ... om mau tanya
pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?tentunya semua tidak ada yg instan
cukup bermodal membaca dari how to yang sudah digelar teman2
pokoknya jangan cepat give up ...karena semangatnya untuk mencoba…
maaf jika merepotkan...
ada kendala yang saya hadapi...saya donlot yang ini...http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110613-0929.iso.gz
pada saat saya mulai menginstall (saat cd booting)
muncul pesan error :
mpoptions not found
panic: free: guard1 fail @ 0x1ed8c784 from /usr/pfsensesrc/src/sys/boot.i386/loader/../../common/interp. c:320--> Press a key on the console to reboot <--
ane tekan enter...
reboot lagi.. dan tetep kembali ke error yang samacpu saya
ram 512 GB
hdd 20 GB
p4 (p4vp-mx)salahnya dimana ya...
dan maaf jika.. membahas diluar pokok bahasan thread..
makasih buat semua senior2.......
-
Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :
Topologi :
ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
| |
PFSense (Squid + Lusca)Saya harap pembaca sudah paham dengan cara kerja Mikocok
Mikocok Conf :
Ether 0 = PPoE Client ke Spedol
Ether 1 = Ke Client IP 192.168.88.2-254
Ether 2 = default
Ether 3 = ke LAN PF Box IP 192.168.200.1
Ether 4 = ke WAN PF Box IP 172.3.3.2Alat yang di butuhkan :
1 unit Mikocok RB 750 / 750G
1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
4 unit kabel LAN
1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke SpeedolLangkah selanjutnya :
Set pada sisi PF-nya
1. Install pfbox (sesuai Manual).
2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
5. Buka menu system --> packeges --> Cari Lusca
6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
*. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
*. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
*. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
*. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
10. Restart PF Box --> setelah restart, PFBox udah Ready to work.Set pada sisi Mik*otik-nya
1. IP --> address
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 10.10.30.6/28 10.10.30.0 10.10.30.15 ether1-gateway
2 192.168.200.100/24 192.168.200.0 192.168.200.255 ether4-local-slave
3 172.3.1.1/24 172.3.1.1 172.3.1.255 ether5-local-slave2. IP --> firewall --> Nat
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Client
chain=srcnat action=masquerade out-interface=ether1-gateway1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
dst-port=802 ;;; Proxy
chain=srcnat action=masquerade out-interface=ether5-local-slave3 ;;; NAT Proxy
chain=srcnat action=masquerade src-address=192.168.200.1
out-interface=ether1-gateway4 ;;; Belok ke-Proxy
chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
protocol=tcp in-interface=ether2-local-master dst-port=803. IP --> firewall --> Nat
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.10.30.6 10.10.30.1 1
1 X S 0.0.0.0/0 192.168.200.100 192.168.200.1 1
2 X S 0.0.0.0/0 10.10.30.6 192.168.200.1 2
10.10.30.1
3 ADC 10.10.30.0/28 10.10.30.6 ether1-gateway 0
4 ADC 172.3.1.0/24 172.3.1.1 ether5-local-slave 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-local-ma... 0
6 ADC 192.168.200.0/24 192.168.200.100 ether4-local-slave 0
Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)ditunggu yee Commentnya
Maju terus networking indonesia
kalo setingan winboxnya digelar sekalian sangat membantu yang mo icip-icip ;D
-
Kalo gw ma.. lebih yakin kalo RB yang tampil di depan dari pada PF yang tampil di depan coz serangan dari luar banyak yang bahaya boss.. ??? ??? ???. enaknya mikocok punya Winbox yang buat qite nudah monitor traffic masuk & keluar.. jd saya lbh prefer klo mikocok yg di depan.. coba PF punya tools sprti winbox pasti ane dah tempatin dia di depan… ;D dan model kaya di atas prosesnya bisa 2x routing..
apa gak ribet om pake 2 alat utk firewall + proxy? soalnya kalau usernya <25, menurut saya lebih ribet troubleshoot-nya jika ada masalah diantara kedua alat itu.
-
gk sabar nggu tutorial dari mas ardy nich
tlg step by step iah mas….. yang segamblang gamblangnya
maklum nol puthul iki T.T -
wa,,rb750 skrg brp om??pgn nyobain.. ;D
-
wa,,rb750 skrg brp om??pgn nyobain.. ;D
dah murah sekarang yg jual antara 290.000 - 350.000
-
:( :( :( ane koq masih ga bisa terus ya… :( :( setelah install... masuk ke web config nya ga bisa2...
-
pencerahannya hanya satu aja …
langsung praktek lapangan
insya allah tidak akan kesasarkalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
btw ... om mau tanya
pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?tentunya semua tidak ada yg instan
cukup bermodal membaca dari how to yang sudah digelar teman2
pokoknya jangan cepat give up ...karena semangatnya untuk mencoba…
maaf jika merepotkan...
ada kendala yang saya hadapi...saya donlot yang ini...http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110613-0929.iso.gz
pada saat saya mulai menginstall (saat cd booting)
muncul pesan error :
mpoptions not found
panic: free: guard1 fail @ 0x1ed8c784 from /usr/pfsensesrc/src/sys/boot.i386/loader/../../common/interp. c:320--> Press a key on the console to reboot <--
ane tekan enter...
reboot lagi.. dan tetep kembali ke error yang samacpu saya
ram 512 GB
hdd 20 GB
p4 (p4vp-mx)
se
salahnya dimana ya...dan maaf jika.. membahas diluar pokok bahasan thread..
makasih buat semua senior2.......
sepertinya kernel panic.. coba di cek .. waktu install pake singkle apa dual, sesuaikan dengan processornya.. kalauu masih seperti itu coba intasll pake 1.2.3 aja
-
Terimakasih atas respond teman PFSI dan udah mau bergabung pada postingan saya ini.
saya gak menyangka akan di respon sekian banyak user PFSI. ;Dyang saya mau disini kita dapat belajar mengenai network yang lebih advance dengan berbagai macam model pola Networking. buat Om_Kembeng yang elmunya udah nyampe di langit (Semoga masih diberi elmu lg yg maha kuasa)AMIN, sebaiknya share or (give feedback) dunk's atas ide-idenya disini bukannya malah buat postingan orang jadi sampah/menganggap postingan orang itu remeh ??? ??? ???. yakin qite gak bakalan maju dengan menganggap sesuatu yang kecil itu lemah, dari yang kecil kita dapat menjadi besar.
Saya rasa kita harusnya realistis aja MT udah cukup mantap pada posisinya untuk BW management, Traffic monitoring dgn toolsnya (Winboxnya), dan kelebihan lainnya. tetapi disisi yang lain punya kekurangan pada system Proxy management. makanya dgn dikawinkannya kedua alat ini maka saya anggap suatu perpaduan yang sangat baik untuk masa sekarang ini.
Metode ini saya udah coba pada jaringan dgn WAN Bandwidth 3Mb dan Client 27 unit. Pada saad Pick Load local dapat mencapai 4Mb dengan dukungan HDD 500GB Mem 2GB Proc Dual Core 2.0Ghz dan cukup stabil. Cuma perlu restart 2 ato 3 hari dgn work time 24 Hour Full.
-
always utk diingat …
konsep saling melengkapi itu indah
tidak ada yg sempurna plek ...
setuju ... ?yg penting ... minumnya tetep pf ;D [gak nyambung dah …]
-
kenapa pfsense ku tidak bisa di transparent proxy dari mikrotik ?
tapi jika browser di arahkan secara manual ke proxy pfsense, bis berfungsi dengan normal.ini settingan nat di mikrotik
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough1 X ;;; NAT-Modem
chain=srcnat action=masquerade out-interface=ether1-Modem2 ;;; NAT Public
chain=srcnat action=masquerade out-interface=speedy6 X ;;; TRANSPARENT PROX + BYPASS CACHE SERVER LOKAL
chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp dst-address-list=!Proxy in-interface=WiFi_All dst-port=80,8080,31287 X ;;; TRANSPARENT PROXY
chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp src-address-list=Local+Server dst-address-list=!Proxy
dst-port=80,8080,3128 -
ini log firewall dari pfsense
saya pake ip 192.168.99.166Act Time If Source Destination Proto
block Jul 18 14:50:29 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:49:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:48:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:47:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:46:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:45:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:44:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:43:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:42:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:41:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:40:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:40:00 LAN 0.0.0.0:68 255.255.255.255:67 UDP
block Jul 18 14:39:48 LAN 0.0.0.0:68 255.255.255.255:67 UDP
block Jul 18 14:39:48 LAN 0.0.0.0:68 255.255.255.255:67 UDP
block Jul 18 14:39:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:38:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:37:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:36:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:35:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:34:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:33:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:32:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:32:05 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:32:05 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:37 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:37 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:31:22 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:22 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:16 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:16 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:13 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:13 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:11 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:11 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
block Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
block Jul 18 14:30:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:29:51 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
block Jul 18 14:29:30 LAN 192.168.99.166:47107 192.168.99.2:3128 TCP:FA
block Jul 18 14:29:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
block Jul 18 14:29:21 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
block Jul 18 14:29:06 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
block Jul 18 14:28:59 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
block Jul 18 14:28:56 LAN 192.168.99.166:47107 192.168.99.2:3128 TCP:FA
block Jul 18 14:28:55 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA -
mohon bantuannya untuk
http://forum.pfsense.org/index.php/topic,38930.msg200664.html#msg200664belum dapat penyelesaian nya
-
Sesuai dengan janji ( janji adalah hutang :) , insya allah hutang segera terlunasi ) amiiin…. !!
Just share settingan saya Mikocok bersanding dengan PFSense.
Clients ------- Mikrotik 3 port -------- Inet
port 3 mikrotik ----- pfsense ------ inernet
modem : 192.168.2.1
topology mikrotik menggunakan 3 ethernet :
port 1 = WAN ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.htmlsebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )setting L7 :
/ip firewall layer7-protocol
add name="Extension " .exe "" regexp="^.get.+\.exe.$"
add name="Extension " .mp4 "" regexp="^.get.+\.mp4.$"
add name="Extension " .rar"" regexp="^.get.+\.rar.$"
add name="Extension " .zip"" regexp="^.get.+\.zip.$"
add name="Extension " .mp3 "" regexp="^.get.+\.mp3.$"
add name="Extension " .7z "" regexp="^.get.+\.7z.$"
add name="Extension " .cab "" regexp="^.get.+\.cab.$"
add name="Extension " .asf "" regexp="^.get.+\.asf.$"
add name="Extension " .mov "" regexp="^.get.+\.mov.$"
add name="Extension " .wmv "" regexp="^.get.+\.wmv.$"
add name="Extension " .mpg "" regexp="^.get.+\.mpg.$"
add name="Extension " .mpeg "" regexp="^.get.+\.mpeg.$"
add name="Extension " .mkv "" regexp="^.get.+\.mkv.$"
add name="Extension " .avi "" regexp="^.get.+\.avi.$"
add name="Extension " .flv "" regexp="^.get.+\.flv.$"
add name="Extension " .pdf "" regexp="^.get.+\.pdf.$"
add name="Extension " .wav "" regexp="^.get.+\.wav.$"
add name="Extension " .rm "" regexp="^.get.+\.rm.$"
add name="Extension " .rmvb "" regexp="^.get.+\.rmvb.$"
add name="Extension " .dat "" regexp="^.get.+\.dat.$"
add name="Extension " .daa "" regexp="^.get.+\.daa.$"
add name="Extension " .iso "" regexp="^.get.+\.iso.$"
add name="Extension " .nrg "" regexp="^.get.+\.nrg.$"
add name="Extension " .bin "" regexp="^.get.+\.bin.$"
add name="Extension " .vcd "" regexp="^.get.+\.vcd.$"
add name="Extension " .mp2 "" regexp="^.get.+\.mp2.$"
add name="Extension " .3gp "" regexp="^.get.+\.3gp.$"
add name="Extension " .mpe "" regexp="^.get.+\.mpe.$"
add name="Extension " .qt "" regexp="^.get.+\.qt.$"
add name="Extension " .raw "" regexp="^.get.+\.raw.$"
add name="Extension " .wma "" regexp="^.get.+\.wma.$"
add name="Extension " .ogg "" regexp="^.get.+\.ogg.$"
add name="Extension " .doc "" regexp="^.get.+\.doc.$"
add name="Extension " .ram "" regexp="^.get.+\.ram.$"
add name=edonkey regexp="^[\C5\D4\E3-\E5].?.?.?.?([\01\02\05\14\15\16\18
\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99
\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y….............?[ -~]|\96….$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\.cgi\?|^get /queue_
register\.cgi\?|^get /getupdowninfo\.cgi\?"
add name=soribada regexp="^GETMP3\r
\nFilename|^\01.?.?.?(Q:\+|Q2:)|^\10[\14-\16]\10[\15-\17].?.?.?.?
$"
add name=rdp regexp=rdpdr.cliprdr.rdpsnd
add name=gnutella regexp="^(gnd[\01\02]?.?.?\01|gnutella connect/[012]\.[0
-9]\r
\n|get /uri-res/n2r\?urn:sha1:|get /.user-agent: (gtk-gnutella|bearshar
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.content-type: applicat
ion/x-gnutella-packets|giv [0-9]:[0-9a-f]/|queue [0-9a-f] [1-9][0-9]?[
0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[
1-9][0-9]?[0-9]?[0-9]?|gnutella.content-type: application/x-gnutella|.
…...............?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST
\n"
add name=nbns regexp="\01\10\01|\)\10\01\01|0\10\01"
add name=shoutcast regexp=
"icy [1-5][0-9][0-9] [\t-\r -~](content-type:audio|icy-)"
add name=dns regexp="^.?.?.?.?[\01\02].?.?.?.?.?.?[\01-?][a-z0-9][
\01-?a-z][\02-\06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\01-\10\1C][
\01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94
\n\01….\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].?\0B"
add name=xboxlive regexp="^X\80….....\F3|^\06XN"
add name=applejuice regexp="^ajprot\r
\n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01?\01"
add name=live365 regexp=membername.session.player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00"
add name=http regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~](con
nection:|content-type:|content-length:|date:)|post [\t-\r -~] http/[01]\
.[019]"
add name=sip regexp=
"^(invite|register|cancel) sip[\t-\r -~]sip/[0-2]\.[0-9]"
add name=pop3 regexp="^(\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+
\n.[\01\02\03][\01-
\n -~]|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]|\05[!-~]+[\t-\r]+([a-z][!-~
][\t-\r]+[1-9][0-9]?[0-9]?|root[\t-\r]+[!-~]+).)
\n$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]
\nEnd(Public|AES)Key
\n$"
add name=ssh regexp="^ssh-[12]\.[0-9]"
add name=jabber regexp=
"<stream:stream[\t-\r ][="" -~][\t-\r="" ]xmlns="['"]jabber"<br">add name=ncp regexp="^(dmdt.\01.(""|\11\11|uu)|tncp.33)"
add name=tls regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B)"
add name=directconnect regexp="^(\$mynick |\$lock |\$key )"
add name=netbios regexp="\81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-
P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A
-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][
A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~](netascii|octet|mail)"
add name=subspace regexp="^\01….\11\10........\01$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-$]\01.?.?.?.?.?.?.?.?.?.?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\[\t-\r ]http/1\.1[\t-\r -~]ssdp:(ali
ve|byebye)|^m-search[\t-\r ]\[\t-\r ]http/1\.1[\t-\r -~]ssdp:discover"
add name=imap regexp="^(\ ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].?.?\05$"
add name=fasttrack regexp="^get (/.download/[ -~]|/.supernode[ -~]|/.status[
-~]|/.network[ -~]|/.files|/.hash=[0-9a-f]/[ -~]) http/1.1|user-agent:
kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g
ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?"
add name=qq regexp="^.?\02.+\03$"
add name=100bao regexp="^\01\01\05
\n"
add name=aim regexp=
"^(\[\01\02].\03\0B|\\01.?.?.?.?\01)|flapon|toc_signon.0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=
"^(ver [ -~]msnftp\r
\nver msnftp\r
\nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].\C0\80"
add name=validcertssl regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B).
(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust
_root|entrust\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C$]…....?.?.?.?.?.?.
?.?.?[\C6-\FF])"
add name=gnucleuslan regexp=
"gnuclear connect/[\t-\r -~]user-agent: gnucleus [\t-\r -~]lan:"
add name=vnc regexp="^rfb 00[1-9]\.00[0-9]
\n$"
add name=bgp regexp=
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..?\01[\03\04]"
add name=tesla regexp="\03\9A\89"111\.00 Beta |\E2<i\1e\1c\e9"<br>add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=
"^\03..?\08…?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\05"
add name=finger regexp=
"^[a-z][a-z0-9\-_]+|login: [\t-\r -~] name: [\t-\r -~] Directory:"
add name=ident regexp="^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\t-\r],[\t-\r][1-9
][0-9]?[0-9]?[0-9]?[0-9]?(\r
\n|[\r
\n])?$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]
\n$"
add name=hddtemp regexp=
"^\|/dev/[a-z][a-z][a-z]\|[0-9a-z]\|[0-9][0-9]\|[cfk]\|"
add name=socks regexp="\05[\01-\08]\05[\01-\08]?.\05[\01-\03][\01\03].\05[
\01-\08]?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+$"
add name=dhcp regexp="^[\01\02][\01- ]\06.c\82sc"
add name=smtp regexp="^220[\t-\r -~] (e?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]? [\t-\r -~]cvr0\r
\n$|usr 1 [!-~]+ [0-9. ]+\r
\n$|ans 1 [!-~]+ [0-9. ]+\r
\n$"
add name=irc regexp="^(nick[\t-\r -~]user[\t-\r -~]:|user[\t-\r -~]:[\02-\r
_-~]nick[\t-\r -~]\r
\n)"
add name=gopher regexp="^[\t-\r][1-9,+tgi][\t-\r -~]\t[\t-\r -~]\t[a-z0-9.]
\.[a-z][a-z].?.?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].?.?.?.?\02\01.?
\02\01.?0|\A4\06.+@\04.?.?.?.?\02\01.?\02\01.?C)"
add name=nntp regexp=
"^(20[01][\t-\r -~]AUTHINFO USER|20[01][\t-\r -~]news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skypeout regexp="^(\01.?.?.?.?.?.?.?.?\01|\02.?.?.?.?.?.
?.?.?\02|\03.?.?.?.?.?.?.?.?\03|\04.?.?.?.?.?.?.?.?\04|
\05.?.?.?.?.?.?.?.?\05|\06.?.?.?.?.?.?.?.?\06|\07.?.?.?
.?.?.?.?.?\07|\08.?.?.?.?.?.?.?.?\08|\t.?.?.?.?.?.?.?.
?\t|
\n.?.?.?.?.?.?.?.?
\n|\0B.?.?.?.?.?.?.?.?\0B|\0C.?.?.?.?.?.?.?.?\0C|\r.?.?.
?.?.?.?.?.?\r|\0E.?.?.?.?.?.?.?.?\0E|\0F.?.?.?.?.?.?.
?.?\0F|\10.?.?.?.?.?.?.?.?\10|\11.?.?.?.?.?.?.?.?\11|\12
.?.?.?.?.?.?.?.?\12|\13.?.?.?.?.?.?.?.?\13|\14.?.?.?.?
.?.?.?.?\14|\15.?.?.?.?.?.?.?.?\15|\16.?.?.?.?.?.?.?.?
\16|\17.?.?.?.?.?.?.?.?\17|\18.?.?.?.?.?.?.?.?\18|\19.?.
?.?.?.?.?.?.?\19|\1A.?.?.?.?.?.?.?.?\1A|\1B.?.?.?.?.?.
?.?.?\1B|\1C.?.?.?.?.?.?.?.?\1C|\1D.?.?.?.?.?.?.?.?\1D|
\1E.?.?.?.?.?.?.?.?\1E|\1F.?.?.?.?.?.?.?.?\1F| .?.?.?.
?.?.?.?.? |!.?.?.?.?.?.?.?.?!|".?.?.?.?.?.?.?.?"|#.
?.?.?.?.?.?.?.?#|\$.?.?.?.?.?.?.?.?\$|%.?.?.?.?.?
.?.?.?%|&.?.?.?.?.?.?.?.?&|'.?.?.?.?.?.?.?.?'|\(.?.?
.?.?.?.?.?.?\(|\).?.?.?.?.?.?.?.?\)|\.?.?.?.?.?.?
.?.?\|\+.?.?.?.?.?.?.?.?\+|,.?.?.?.?.?.?.?.?,|-.?.
?.?.?.?.?.?.?-|\..?.?.?.?.?.?.?.?\.|/.?.?.?.?.?.?.
?.?/|0.?.?.?.?.?.?.?.?0|1.?.?.?.?.?.?.?.?1|2.?.?.?.?
.?.?.?.?2|3.?.?.?.?.?.?.?.?3|4.?.?.?.?.?.?.?.?4|5.?.
?.?.?.?.?.?.?5|6.?.?.?.?.?.?.?.?6|7.?.?.?.?.?.?.?.?
7|8.?.?.?.?.?.?.?.?8|9.?.?.?.?.?.?.?.?9|:.?.?.?.?.?.
?.?.?:|;.?.?.?.?.?.?.?.?;|<.?.?.?.?.?.?.?.?<|=.?.?.?
.?.?.?.?.?=|>.?.?.?.?.?.?.?.?>|\?.?.?.?.?.?.?.?.?\
?|@.?.?.?.?.?.?.?.?@|A.?.?.?.?.?.?.?.?A|B.?.?.?.?.?.
?.?.?B|C.?.?.?.?.?.?.?.?C|D.?.?.?.?.?.?.?.?D|E.?.?.?
.?.?.?.?.?E|F.?.?.?.?.?.?.?.?F|G.?.?.?.?.?.?.?.?G|H.
?.?.?.?.?.?.?.?H|I.?.?.?.?.?.?.?.?I|J.?.?.?.?.?.?.?
.?J|K.?.?.?.?.?.?.?.?K|L.?.?.?.?.?.?.?.?L|M.?.?.?.?.
?.?.?.?M|N.?.?.?.?.?.?.?.?N|O.?.?.?.?.?.?.?.?O|P.?.?
.?.?.?.?.?.?P|Q.?.?.?.?.?.?.?.?Q|R.?.?.?.?.?.?.?.?R|
S.?.?.?.?.?.?.?.?S|T.?.?.?.?.?.?.?.?T|U.?.?.?.?.?.?.
?.?U|V.?.?.?.?.?.?.?.?V|W.?.?.?.?.?.?.?.?W|X.?.?.?.?
.?.?.?.?X|Y.?.?.?.?.?.?.?.?Y|Z.?.?.?.?.?.?.?.?Z|[.?
.?.?.?.?.?.?.?[|].?.?.?.?.?.?.?.?]|].?.?.?.?.?
.?.?.?]|\^.?.?.?.?.?.?.?.?\^|.?.?.?.?.?.?.?.?|`.
?.?.?.?.?.?.?.?`|a.?.?.?.?.?.?.?.?a|b.?.?.?.?.?.?.?
.?b|c.?.?.?.?.?.?.?.?c|d.?.?.?.?.?.?.?.?d|e.?.?.?.?.
?.?.?.?e|f.?.?.?.?.?.?.?.?f|g.?.?.?.?.?.?.?.?g|h.?.?
.?.?.?.?.?.?h|i.?.?.?.?.?.?.?.?i|j.?.?.?.?.?.?.?.?j|
k.?.?.?.?.?.?.?.?k|l.?.?.?.?.?.?.?.?l|m.?.?.?.?.?.?.
?.?m|n.?.?.?.?.?.?.?.?n|o.?.?.?.?.?.?.?.?o|p.?.?.?.?
.?.?.?.?p|q.?.?.?.?.?.?.?.?q|r.?.?.?.?.?.?.?.?r|s.?.
?.?.?.?.?.?.?s|t.?.?.?.?.?.?.?.?t|u.?.?.?.?.?.?.?.?
u|v.?.?.?.?.?.?.?.?v|w.?.?.?.?.?.?.?.?w|x.?.?.?.?.?.
?.?.?x|y.?.?.?.?.?.?.?.?y|z.?.?.?.?.?.?.?.?z|\{.?.?.
?.?.?.?.?.?\{|\|.?.?.?.?.?.?.?.?\||\}.?.?.?.?.?.?.
?.?\}|~.?.?.?.?.?.?.?.?~|\7F.?.?.?.?.?.?.?.?\7F|\80.?.
?.?.?.?.?.?.?\80|\81.?.?.?.?.?.?.?.?\81|\82.?.?.?.?.?.
?.?.?\82|\83.?.?.?.?.?.?.?.?\83|\84.?.?.?.?.?.?.?.?\84|
\85.?.?.?.?.?.?.?.?\85|\86.?.?.?.?.?.?.?.?\86|\87.?.?.?
.?.?.?.?.?\87|\88.?.?.?.?.?.?.?.?\88|\89.?.?.?.?.?.?.?
.?\89|\8A.?.?.?.?.?.?.?.?\8A|\8B.?.?.?.?.?.?.?.?\8B|\8C.
?.?.?.?.?.?.?.?\8C|\8D.?.?.?.?.?.?.?.?\8D|\8E.?.?.?.?.
?.?.?.?\8E|\8F.?.?.?.?.?.?.?.?\8F|\90.?.?.?.?.?.?.?.?
\90|\91.?.?.?.?.?.?.?.?\91|\92.?.?.?.?.?.?.?.?\92|\93.?.
?.?.?.?.?.?.?\93|\94.?.?.?.?.?.?.?.?\94|\95.?.?.?.?.?.
?.?.?\95|\96.?.?.?.?.?.?.?.?\96|\97.?.?.?.?.?.?.?.?\97|
\98.?.?.?.?.?.?.?.?\98|\99.?.?.?.?.?.?.?.?\99|\9A.?.?.?
.?.?.?.?.?\9A|\9B.?.?.?.?.?.?.?.?\9B|\9C.?.?.?.?.?.?.?
.?\9C|\9D.?.?.?.?.?.?.?.?\9D|\9E.?.?.?.?.?.?.?.?\9E|\9F.
?.?.?.?.?.?.?.?\9F|\A0.?.?.?.?.?.?.?.?\A0|\A1.?.?.?.?.
?.?.?.?\A1|\A2.?.?.?.?.?.?.?.?\A2|\A3.?.?.?.?.?.?.?.?
\A3|\A4.?.?.?.?.?.?.?.?\A4|\A5.?.?.?.?.?.?.?.?\A5|\A6.?.
?.?.?.?.?.?.?\A6|\A7.?.?.?.?.?.?.?.?\A7|\A8.?.?.?.?.?.
?.?.?\A8|\A9.?.?.?.?.?.?.?.?\A9|\AA.?.?.?.?.?.?.?.?\AA|
\AB.?.?.?.?.?.?.?.?\AB|\AC.?.?.?.?.?.?.?.?\AC|\AD.?.?.?
.?.?.?.?.?\AD|\AE.?.?.?.?.?.?.?.?\AE|\AF.?.?.?.?.?.?.?
.?\AF|\B0.?.?.?.?.?.?.?.?\B0|\B1.?.?.?.?.?.?.?.?\B1|\B2.
?.?.?.?.?.?.?.?\B2|\B3.?.?.?.?.?.?.?.?\B3|\B4.?.?.?.?.
?.?.?.?\B4|\B5.?.?.?.?.?.?.?.?\B5|\B6.?.?.?.?.?.?.?.?
\B6|\B7.?.?.?.?.?.?.?.?\B7|\B8.?.?.?.?.?.?.?.?\B8|\B9.?.
?.?.?.?.?.?.?\B9|\BA.?.?.?.?.?.?.?.?\BA|\BB.?.?.?.?.?.
?.?.?\BB|\BC.?.?.?.?.?.?.?.?\BC|\BD.?.?.?.?.?.?.?.?\BD|
\BE.?.?.?.?.?.?.?.?\BE|\BF.?.?.?.?.?.?.?.?\BF|\C0.?.?.?
.?.?.?.?.?\C0|\C1.?.?.?.?.?.?.?.?\C1|\C2.?.?.?.?.?.?.?
.?\C2|\C3.?.?.?.?.?.?.?.?\C3|\C4.?.?.?.?.?.?.?.?\C4|\C5.
?.?.?.?.?.?.?.?\C5|\C6.?.?.?.?.?.?.?.?\C6|\C7.?.?.?.?.
?.?.?.?\C7|\C8.?.?.?.?.?.?.?.?\C8|\C9.?.?.?.?.?.?.?.?
\C9|\CA.?.?.?.?.?.?.?.?\CA|\CB.?.?.?.?.?.?.?.?\CB|\CC.?.
?.?.?.?.?.?.?\CC|\CD.?.?.?.?.?.?.?.?\CD|\CE.?.?.?.?.?.
?.?.?\CE|\CF.?.?.?.?.?.?.?.?\CF|\D0.?.?.?.?.?.?.?.?\D0|
\D1.?.?.?.?.?.?.?.?\D1|\D2.?.?.?.?.?.?.?.?\D2|\D3.?.?.?
.?.?.?.?.?\D3|\D4.?.?.?.?.?.?.?.?\D4|\D5.?.?.?.?.?.?.?
.?\D5|\D6.?.?.?.?.?.?.?.?\D6|\D7.?.?.?.?.?.?.?.?\D7|\D8.
?.?.?.?.?.?.?.?\D8|\D9.?.?.?.?.?.?.?.?\D9|\DA.?.?.?.?.
?.?.?.?\DA|\DB.?.?.?.?.?.?.?.?\DB|\DC.?.?.?.?.?.?.?.?
\DC|\DD.?.?.?.?.?.?.?.?\DD|\DE.?.?.?.?.?.?.?.?\DE|\DF.?.
?.?.?.?.?.?.?\DF|\E0.?.?.?.?.?.?.?.?\E0|\E1.?.?.?.?.?.
?.?.?\E1|\E2.?.?.?.?.?.?.?.?\E2|\E3.?.?.?.?.?.?.?.?\E3|
\E4.?.?.?.?.?.?.?.?\E4|\E5.?.?.?.?.?.?.?.?\E5|\E6.?.?.?
.?.?.?.?.?\E6|\E7.?.?.?.?.?.?.?.?\E7|\E8.?.?.?.?.?.?.?
.?\E8|\E9.?.?.?.?.?.?.?.?\E9|\EA.?.?.?.?.?.?.?.?\EA|\EB.
?.?.?.?.?.?.?.?\EB|\EC.?.?.?.?.?.?.?.?\EC|\ED.?.?.?.?.
?.?.?.?\ED|\EE.?.?.?.?.?.?.?.?\EE|\EF.?.?.?.?.?.?.?.?
\EF|\F0.?.?.?.?.?.?.?.?\F0|\F1.?.?.?.?.?.?.?.?\F1|\F2.?.
?.?.?.?.?.?.?\F2|\F3.?.?.?.?.?.?.?.?\F3|\F4.?.?.?.?.?.
?.?.?\F4|\F5.?.?.?.?.?.?.?.?\F5|\F6.?.?.?.?.?.?.?.?\F6|
\F7.?.?.?.?.?.?.?.?\F7|\F8.?.?.?.?.?.?.?.?\F8|\F9.?.?.?
.?.?.?.?.?\F9|\FA.?.?.?.?.?.?.?.?\FA|\FB.?.?.?.?.?.?.?
.?\FB|\FC.?.?.?.?.?.?.?.?\FC|\FD.?.?.?.?.?.?.?.?\FD|\FE.
?.?.?.?.?.?.?.?\FE|\FF.?.?.?.?.?.?.?.?\FF)"
add name=skypetoskype regexp="^..\02….........."
add name=counterstrike-source regexp="^\FF\FF\FF\FF.cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01…?\11|\FE\FD.?.?.?.?.?.?(\14
\01\06|\FF\FF\FF))|[]\01].?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0
-9]? "[\t-\r -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\t-\r -~]+")"
add name=soulseek regexp="^(\05..?|.\01.[ -~]+\01F..?.?.?.?.?.?.?)$"
add name=xunlei regexp="^[()]…?.?.?(reg|get|query)"
add name=ssl regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r
\n$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..?v\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~] Accept: application/x-rtsp-tunnell
ed|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]a=control:rtsp://)"
add name=thecircle regexp=
"^t\03ni.?[\01-\06]?t[\01-\05]s[
\n\0B](glob|who are you$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)$"
add name=subversion regexp="^\( success \( 1 2 \("
add name=imesh regexp="^(post[\t-\r -~]<passwordhash>….....................
........</passwordhash><clientver>|4\80?\r?\FC\FF\04|get[\t-\r -~]Host:
_imsh\.download-prod\.musicnet\.com|\02(\01|\02)\83.?.?.?.?.?.?.
?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\02(\01|
\02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.\03$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus
\n"
add name=stun regexp="^[\01\02]….............?$"
add name=tor regexp=TOR1. <identity>add name=radmin regexp="^\01\01(\08\08|\1B\1B)$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.\r
\n$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\.9|1\.0|1\
.1) [1-5][0-9][0-9] [\t-\r -~]#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=bittorrent regexp="^(\x13bittorrent protocol|azver\x01$|get /scrap
e\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data
\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]"Setting Manglenya :
/ip firewall mangle
add action=mark-connection chain=prerouting comment=exe disabled=no
layer7-protocol="Extension " .exe "" new-connection-mark=exe_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no
new-packet-mark=exe passthrough=no
add action=mark-connection chain=prerouting comment=zip disabled=no
layer7-protocol="Extension " .zip"" new-connection-mark=zip_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no
new-packet-mark=zip passthrough=no
add action=mark-connection chain=prerouting comment=rar disabled=no
layer7-protocol="Extension " .rar"" new-connection-mark=rar_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no
new-packet-mark=rar passthrough=no
add action=mark-connection chain=prerouting comment=cab disabled=no
layer7-protocol="Extension " .cab "" new-connection-mark=cab_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no
new-packet-mark=cab passthrough=no
add action=mark-connection chain=prerouting comment=asf disabled=no
layer7-protocol="Extension " .asf "" new-connection-mark=asf_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no
new-packet-mark=asf passthrough=no
add action=mark-connection chain=prerouting comment=mov disabled=no
layer7-protocol="Extension " .mov "" new-connection-mark=mov_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no
new-packet-mark=mov passthrough=no
add action=mark-connection chain=prerouting comment=wmv disabled=no
layer7-protocol="Extension " .wmv "" new-connection-mark=wmv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no
new-packet-mark=wmv passthrough=no
add action=mark-connection chain=prerouting comment=mpg disabled=no
layer7-protocol="Extension " .mpg "" new-connection-mark=mpg_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no
new-packet-mark=mpg passthrough=no
add action=mark-connection chain=prerouting comment=mkv disabled=no
layer7-protocol="Extension " .mkv "" new-connection-mark=mkv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no
new-packet-mark=mkv passthrough=no
add action=mark-connection chain=prerouting comment=avi disabled=no
layer7-protocol="Extension " .avi "" new-connection-mark=avi_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no
new-packet-mark=avi passthrough=no
add action=mark-connection chain=prerouting comment=flv disabled=no
layer7-protocol="Extension " .flv "" new-connection-mark=flv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no
new-packet-mark=flv passthrough=no
add action=mark-connection chain=prerouting comment=pdf disabled=no
layer7-protocol="Extension " .pdf "" new-connection-mark=pdf_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no
new-packet-mark=pdf passthrough=no
add action=mark-connection chain=prerouting comment=wav disabled=no
layer7-protocol="Extension " .wav "" new-connection-mark=wav_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no
new-packet-mark=wav passthrough=no
add action=mark-connection chain=prerouting comment=rm disabled=no
layer7-protocol="Extension " .rm "" new-connection-mark=rm_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no
new-packet-mark=rm passthrough=no
add action=mark-connection chain=prerouting comment=mp3 disabled=no
layer7-protocol="Extension " .mp3 "" new-connection-mark=mp3_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no
new-packet-mark=mp3 passthrough=no
add action=mark-connection chain=prerouting comment=mp4 disabled=no
layer7-protocol="Extension " .mp4 "" new-connection-mark=mp4_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no
new-packet-mark=mp4 passthrough=no
add action=mark-connection chain=prerouting comment=ram disabled=no
layer7-protocol="Extension " .ram "" new-connection-mark=ram_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no
new-packet-mark=ram passthrough=no
add action=mark-connection chain=prerouting comment=rmvb disabled=no
layer7-protocol="Extension " .rmvb "" new-connection-mark=rmvb_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no
new-packet-mark=rmvb passthrough=no
add action=mark-connection chain=prerouting comment=dat disabled=no
layer7-protocol="Extension " .dat "" new-connection-mark=dat_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no
new-packet-mark=dat passthrough=no
add action=mark-connection chain=prerouting comment=daa disabled=no
layer7-protocol="Extension " .daa "" new-connection-mark=daa_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no
new-packet-mark=daa passthrough=no
add action=mark-connection chain=prerouting comment=iso disabled=no
layer7-protocol="Extension " .iso "" new-connection-mark=iso_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no
new-packet-mark=iso passthrough=no
add action=mark-connection chain=prerouting comment=bin disabled=no
layer7-protocol="Extension " .bin "" new-connection-mark=bin_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no
new-packet-mark=bin passthrough=no
add action=mark-connection chain=prerouting comment=vcd disabled=no
layer7-protocol="Extension " .vcd "" new-connection-mark=vcd_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no
new-packet-mark=vcd passthrough=no
add action=mark-connection chain=prerouting comment=mp2 disabled=no
layer7-protocol="Extension " .mp2 "" new-connection-mark=mp2_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no
new-packet-mark=mp2 passthrough=no
add action=mark-connection chain=prerouting comment=3gp disabled=no
layer7-protocol="Extension " .3gp "" new-connection-mark=3gp_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no
new-packet-mark=3gp passthrough=no
add action=mark-connection chain=prerouting comment=mpe disabled=no
layer7-protocol="Extension " .mpe "" new-connection-mark=mpe_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no
new-packet-mark=mpe passthrough=no
add action=mark-connection chain=prerouting comment=qt disabled=no
layer7-protocol="Extension " .qt "" new-connection-mark=qt_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no
new-packet-mark=qt passthrough=no
add action=mark-connection chain=prerouting comment=raw disabled=no
layer7-protocol="Extension " .raw "" new-connection-mark=raw_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no
new-packet-mark=raw passthrough=no
add action=mark-connection chain=prerouting comment=wma disabled=no
layer7-protocol="Extension " .wma "" new-connection-mark=wma_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no
new-packet-mark=wma passthrough=no
add action=mark-connection chain=prerouting comment=ogg disabled=no
layer7-protocol="Extension " .ogg "" new-connection-mark=ogg_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no
new-packet-mark=ogg passthrough=no
add action=mark-connection chain=prerouting comment=doc disabled=no
layer7-protocol="Extension " .doc "" new-connection-mark=doc_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no
new-packet-mark=doc passthrough=no
add action=mark-connection chain=prerouting comment=applejuice disabled=no
layer7-protocol=applejuice new-connection-mark=applejuice_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=applejuice_conn
disabled=no new-packet-mark=applejuice passthrough=no
add action=mark-connection chain=prerouting comment=ares disabled=no
layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no
new-packet-mark=ares passthrough=no
add action=mark-connection chain=prerouting comment=bittorent disabled=no
layer7-protocol=bittorrent new-connection-mark=bittorent_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bittorent_conn
disabled=no new-packet-mark=bittorent passthrough=no
add action=mark-connection chain=prerouting comment=chikka disabled=no
layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=
no new-packet-mark=chika passthrough=no
add action=mark-connection chain=prerouting comment=directconnect disabled=no
layer7-protocol=directconnect new-connection-mark=directconnect_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=directconnect_conn
disabled=no new-packet-mark=directconnect passthrough=no
add action=mark-connection chain=prerouting comment=ftp disabled=no
layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp disabled=no
new-packet-mark=ftp passthrough=no
add action=mark-connection chain=prerouting comment=doom3 disabled=no
layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=
no new-packet-mark=doom3 passthrough=no
add action=mark-connection chain=prerouting comment=edonkey disabled=no
layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=edonkey_conn
disabled=no new-packet-mark=edonkey passthrough=no
add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no
layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no
new-packet-mark=fastrack passthrough=no
add action=mark-connection chain=prerouting comment=gnutella disabled=no
layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=
yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=gnutella_conn
disabled=no new-packet-mark=gnutella passthrough=no
add action=mark-connection chain=prerouting comment=skype disabled=no
layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=
no new-packet-mark=skype passthrough=no
add action=mark-connection chain=prerouting comment=7z disabled=no
layer7-protocol="Extension " .7z "" new-connection-mark=7z_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no
new-packet-mark=7z passthrough=noYang terakhir kita buat management bandwidht menggunakan queue tree.
( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )Buat parent dulu seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=128k name="traffic shapping" parent=global-out priority=8
( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )setelah itu setting childnya seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=applejuice packet-mark=applejuice parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ares packet-mark=ares parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=8 name=bittorent packet-mark=bittorent parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=chika packet-mark=chika parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dconnect packet-mark=directconnect parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=64k name=skype packet-mark=skype parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8
queue=default( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss…. wusss..... wkwk... wk....wk....)
semoga bermanfaat.
salam</identity></clientver></i\1e\1c\e9"<br></stream:stream[\t-\r></peerplat> -
Thx share setingan mikrotiknya
dicoba dulu kl mogok bantuin dorongnya :D -
Sesuai dengan janji ( janji adalah hutang :) , insya allah hutang segera terlunasi ) amiiin…. !!
Just share settingan saya Mikocok bersanding dengan PFSense.
Clients ------- Mikrotik 3 port -------- Inet
port 3 mikrotik ----- pfsense ------ inernet
modem : 192.168.2.1
topology mikrotik menggunakan 3 ethernet :
port 1 = WAN ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.htmlsebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )setting L7 :
/ip firewall layer7-protocol
add name="Extension " .exe "" regexp="^.get.+\.exe.$"
add name="Extension " .mp4 "" regexp="^.get.+\.mp4.$"
add name="Extension " .rar"" regexp="^.get.+\.rar.$"
add name="Extension " .zip"" regexp="^.get.+\.zip.$"
add name="Extension " .mp3 "" regexp="^.get.+\.mp3.$"
add name="Extension " .7z "" regexp="^.get.+\.7z.$"
add name="Extension " .cab "" regexp="^.get.+\.cab.$"
add name="Extension " .asf "" regexp="^.get.+\.asf.$"
add name="Extension " .mov "" regexp="^.get.+\.mov.$"
add name="Extension " .wmv "" regexp="^.get.+\.wmv.$"
add name="Extension " .mpg "" regexp="^.get.+\.mpg.$"
add name="Extension " .mpeg "" regexp="^.get.+\.mpeg.$"
add name="Extension " .mkv "" regexp="^.get.+\.mkv.$"
add name="Extension " .avi "" regexp="^.get.+\.avi.$"
add name="Extension " .flv "" regexp="^.get.+\.flv.$"
add name="Extension " .pdf "" regexp="^.get.+\.pdf.$"
add name="Extension " .wav "" regexp="^.get.+\.wav.$"
add name="Extension " .rm "" regexp="^.get.+\.rm.$"
add name="Extension " .rmvb "" regexp="^.get.+\.rmvb.$"
add name="Extension " .dat "" regexp="^.get.+\.dat.$"
add name="Extension " .daa "" regexp="^.get.+\.daa.$"
add name="Extension " .iso "" regexp="^.get.+\.iso.$"
add name="Extension " .nrg "" regexp="^.get.+\.nrg.$"
add name="Extension " .bin "" regexp="^.get.+\.bin.$"
add name="Extension " .vcd "" regexp="^.get.+\.vcd.$"
add name="Extension " .mp2 "" regexp="^.get.+\.mp2.$"
add name="Extension " .3gp "" regexp="^.get.+\.3gp.$"
add name="Extension " .mpe "" regexp="^.get.+\.mpe.$"
add name="Extension " .qt "" regexp="^.get.+\.qt.$"
add name="Extension " .raw "" regexp="^.get.+\.raw.$"
add name="Extension " .wma "" regexp="^.get.+\.wma.$"
add name="Extension " .ogg "" regexp="^.get.+\.ogg.$"
add name="Extension " .doc "" regexp="^.get.+\.doc.$"
add name="Extension " .ram "" regexp="^.get.+\.ram.$"
add name=edonkey regexp="^[\C5\D4\E3-\E5].?.?.?.?([\01\02\05\14\15\16\18
\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99
\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y….............?[ -~]|\96….$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\.cgi\?|^get /queue_
register\.cgi\?|^get /getupdowninfo\.cgi\?"
add name=soribada regexp="^GETMP3\r
\nFilename|^\01.?.?.?(Q:\+|Q2:)|^\10[\14-\16]\10[\15-\17].?.?.?.?
$"
add name=rdp regexp=rdpdr.cliprdr.rdpsnd
add name=gnutella regexp="^(gnd[\01\02]?.?.?\01|gnutella connect/[012]\.[0
-9]\r
\n|get /uri-res/n2r\?urn:sha1:|get /.user-agent: (gtk-gnutella|bearshar
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.content-type: applicat
ion/x-gnutella-packets|giv [0-9]:[0-9a-f]/|queue [0-9a-f] [1-9][0-9]?[
0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[
1-9][0-9]?[0-9]?[0-9]?|gnutella.content-type: application/x-gnutella|.
…...............?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST
\n"
add name=nbns regexp="\01\10\01|\)\10\01\01|0\10\01"
add name=shoutcast regexp=
"icy [1-5][0-9][0-9] [\t-\r -~](content-type:audio|icy-)"
add name=dns regexp="^.?.?.?.?[\01\02].?.?.?.?.?.?[\01-?][a-z0-9][
\01-?a-z][\02-\06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\01-\10\1C][
\01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94
\n\01….\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].?\0B"
add name=xboxlive regexp="^X\80….....\F3|^\06XN"
add name=applejuice regexp="^ajprot\r
\n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01?\01"
add name=live365 regexp=membername.session.player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00"
add name=http regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~](con
nection:|content-type:|content-length:|date:)|post [\t-\r -~] http/[01]\
.[019]"
add name=sip regexp=
"^(invite|register|cancel) sip[\t-\r -~]sip/[0-2]\.[0-9]"
add name=pop3 regexp="^(\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+
\n.[\01\02\03][\01-
\n -~]|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]|\05[!-~]+[\t-\r]+([a-z][!-~
][\t-\r]+[1-9][0-9]?[0-9]?|root[\t-\r]+[!-~]+).)
\n$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]
\nEnd(Public|AES)Key
\n$"
add name=ssh regexp="^ssh-[12]\.[0-9]"
add name=jabber regexp=
"<stream:stream[\t-\r ][="" -~][\t-\r="" ]xmlns="['"]jabber"<br">add name=ncp regexp="^(dmdt.\01.(""|\11\11|uu)|tncp.33)"
add name=tls regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B)"
add name=directconnect regexp="^(\$mynick |\$lock |\$key )"
add name=netbios regexp="\81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-
P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A
-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][
A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~](netascii|octet|mail)"
add name=subspace regexp="^\01….\11\10........\01$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-$]\01.?.?.?.?.?.?.?.?.?.?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\[\t-\r ]http/1\.1[\t-\r -~]ssdp:(ali
ve|byebye)|^m-search[\t-\r ]\[\t-\r ]http/1\.1[\t-\r -~]ssdp:discover"
add name=imap regexp="^(\ ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].?.?\05$"
add name=fasttrack regexp="^get (/.download/[ -~]|/.supernode[ -~]|/.status[
-~]|/.network[ -~]|/.files|/.hash=[0-9a-f]/[ -~]) http/1.1|user-agent:
kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g
ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?"
add name=qq regexp="^.?\02.+\03$"
add name=100bao regexp="^\01\01\05
\n"
add name=aim regexp=
"^(\[\01\02].\03\0B|\\01.?.?.?.?\01)|flapon|toc_signon.0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=
"^(ver [ -~]msnftp\r
\nver msnftp\r
\nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].\C0\80"
add name=validcertssl regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B).
(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust
_root|entrust\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C$]…....?.?.?.?.?.?.
?.?.?[\C6-\FF])"
add name=gnucleuslan regexp=
"gnuclear connect/[\t-\r -~]user-agent: gnucleus [\t-\r -~]lan:"
add name=vnc regexp="^rfb 00[1-9]\.00[0-9]
\n$"
add name=bgp regexp=
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..?\01[\03\04]"
add name=tesla regexp="\03\9A\89"111\.00 Beta |\E2<i\1e\1c\e9"<br>add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=
"^\03..?\08…?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\05"
add name=finger regexp=
"^[a-z][a-z0-9\-_]+|login: [\t-\r -~] name: [\t-\r -~] Directory:"
add name=ident regexp="^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\t-\r],[\t-\r][1-9
][0-9]?[0-9]?[0-9]?[0-9]?(\r
\n|[\r
\n])?$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]
\n$"
add name=hddtemp regexp=
"^\|/dev/[a-z][a-z][a-z]\|[0-9a-z]\|[0-9][0-9]\|[cfk]\|"
add name=socks regexp="\05[\01-\08]\05[\01-\08]?.\05[\01-\03][\01\03].\05[
\01-\08]?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+$"
add name=dhcp regexp="^[\01\02][\01- ]\06.c\82sc"
add name=smtp regexp="^220[\t-\r -~] (e?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]? [\t-\r -~]cvr0\r
\n$|usr 1 [!-~]+ [0-9. ]+\r
\n$|ans 1 [!-~]+ [0-9. ]+\r
\n$"
add name=irc regexp="^(nick[\t-\r -~]user[\t-\r -~]:|user[\t-\r -~]:[\02-\r
_-~]nick[\t-\r -~]\r
\n)"
add name=gopher regexp="^[\t-\r][1-9,+tgi][\t-\r -~]\t[\t-\r -~]\t[a-z0-9.]
\.[a-z][a-z].?.?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].?.?.?.?\02\01.?
\02\01.?0|\A4\06.+@\04.?.?.?.?\02\01.?\02\01.?C)"
add name=nntp regexp=
"^(20[01][\t-\r -~]AUTHINFO USER|20[01][\t-\r -~]news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skypeout regexp="^(\01.?.?.?.?.?.?.?.?\01|\02.?.?.?.?.?.
?.?.?\02|\03.?.?.?.?.?.?.?.?\03|\04.?.?.?.?.?.?.?.?\04|
\05.?.?.?.?.?.?.?.?\05|\06.?.?.?.?.?.?.?.?\06|\07.?.?.?
.?.?.?.?.?\07|\08.?.?.?.?.?.?.?.?\08|\t.?.?.?.?.?.?.?.
?\t|
\n.?.?.?.?.?.?.?.?
\n|\0B.?.?.?.?.?.?.?.?\0B|\0C.?.?.?.?.?.?.?.?\0C|\r.?.?.
?.?.?.?.?.?\r|\0E.?.?.?.?.?.?.?.?\0E|\0F.?.?.?.?.?.?.
?.?\0F|\10.?.?.?.?.?.?.?.?\10|\11.?.?.?.?.?.?.?.?\11|\12
.?.?.?.?.?.?.?.?\12|\13.?.?.?.?.?.?.?.?\13|\14.?.?.?.?
.?.?.?.?\14|\15.?.?.?.?.?.?.?.?\15|\16.?.?.?.?.?.?.?.?
\16|\17.?.?.?.?.?.?.?.?\17|\18.?.?.?.?.?.?.?.?\18|\19.?.
?.?.?.?.?.?.?\19|\1A.?.?.?.?.?.?.?.?\1A|\1B.?.?.?.?.?.
?.?.?\1B|\1C.?.?.?.?.?.?.?.?\1C|\1D.?.?.?.?.?.?.?.?\1D|
\1E.?.?.?.?.?.?.?.?\1E|\1F.?.?.?.?.?.?.?.?\1F| .?.?.?.
?.?.?.?.? |!.?.?.?.?.?.?.?.?!|".?.?.?.?.?.?.?.?"|#.
?.?.?.?.?.?.?.?#|\$.?.?.?.?.?.?.?.?\$|%.?.?.?.?.?
.?.?.?%|&.?.?.?.?.?.?.?.?&|'.?.?.?.?.?.?.?.?'|\(.?.?
.?.?.?.?.?.?\(|\).?.?.?.?.?.?.?.?\)|\.?.?.?.?.?.?
.?.?\|\+.?.?.?.?.?.?.?.?\+|,.?.?.?.?.?.?.?.?,|-.?.
?.?.?.?.?.?.?-|\..?.?.?.?.?.?.?.?\.|/.?.?.?.?.?.?.
?.?/|0.?.?.?.?.?.?.?.?0|1.?.?.?.?.?.?.?.?1|2.?.?.?.?
.?.?.?.?2|3.?.?.?.?.?.?.?.?3|4.?.?.?.?.?.?.?.?4|5.?.
?.?.?.?.?.?.?5|6.?.?.?.?.?.?.?.?6|7.?.?.?.?.?.?.?.?
7|8.?.?.?.?.?.?.?.?8|9.?.?.?.?.?.?.?.?9|:.?.?.?.?.?.
?.?.?:|;.?.?.?.?.?.?.?.?;|<.?.?.?.?.?.?.?.?<|=.?.?.?
.?.?.?.?.?=|>.?.?.?.?.?.?.?.?>|\?.?.?.?.?.?.?.?.?\
?|@.?.?.?.?.?.?.?.?@|A.?.?.?.?.?.?.?.?A|B.?.?.?.?.?.
?.?.?B|C.?.?.?.?.?.?.?.?C|D.?.?.?.?.?.?.?.?D|E.?.?.?
.?.?.?.?.?E|F.?.?.?.?.?.?.?.?F|G.?.?.?.?.?.?.?.?G|H.
?.?.?.?.?.?.?.?H|I.?.?.?.?.?.?.?.?I|J.?.?.?.?.?.?.?
.?J|K.?.?.?.?.?.?.?.?K|L.?.?.?.?.?.?.?.?L|M.?.?.?.?.
?.?.?.?M|N.?.?.?.?.?.?.?.?N|O.?.?.?.?.?.?.?.?O|P.?.?
.?.?.?.?.?.?P|Q.?.?.?.?.?.?.?.?Q|R.?.?.?.?.?.?.?.?R|
S.?.?.?.?.?.?.?.?S|T.?.?.?.?.?.?.?.?T|U.?.?.?.?.?.?.
?.?U|V.?.?.?.?.?.?.?.?V|W.?.?.?.?.?.?.?.?W|X.?.?.?.?
.?.?.?.?X|Y.?.?.?.?.?.?.?.?Y|Z.?.?.?.?.?.?.?.?Z|[.?
.?.?.?.?.?.?.?[|].?.?.?.?.?.?.?.?]|].?.?.?.?.?
.?.?.?]|\^.?.?.?.?.?.?.?.?\^|.?.?.?.?.?.?.?.?|`.
?.?.?.?.?.?.?.?`|a.?.?.?.?.?.?.?.?a|b.?.?.?.?.?.?.?
.?b|c.?.?.?.?.?.?.?.?c|d.?.?.?.?.?.?.?.?d|e.?.?.?.?.
?.?.?.?e|f.?.?.?.?.?.?.?.?f|g.?.?.?.?.?.?.?.?g|h.?.?
.?.?.?.?.?.?h|i.?.?.?.?.?.?.?.?i|j.?.?.?.?.?.?.?.?j|
k.?.?.?.?.?.?.?.?k|l.?.?.?.?.?.?.?.?l|m.?.?.?.?.?.?.
?.?m|n.?.?.?.?.?.?.?.?n|o.?.?.?.?.?.?.?.?o|p.?.?.?.?
.?.?.?.?p|q.?.?.?.?.?.?.?.?q|r.?.?.?.?.?.?.?.?r|s.?.
?.?.?.?.?.?.?s|t.?.?.?.?.?.?.?.?t|u.?.?.?.?.?.?.?.?
u|v.?.?.?.?.?.?.?.?v|w.?.?.?.?.?.?.?.?w|x.?.?.?.?.?.
?.?.?x|y.?.?.?.?.?.?.?.?y|z.?.?.?.?.?.?.?.?z|\{.?.?.
?.?.?.?.?.?\{|\|.?.?.?.?.?.?.?.?\||\}.?.?.?.?.?.?.
?.?\}|~.?.?.?.?.?.?.?.?~|\7F.?.?.?.?.?.?.?.?\7F|\80.?.
?.?.?.?.?.?.?\80|\81.?.?.?.?.?.?.?.?\81|\82.?.?.?.?.?.
?.?.?\82|\83.?.?.?.?.?.?.?.?\83|\84.?.?.?.?.?.?.?.?\84|
\85.?.?.?.?.?.?.?.?\85|\86.?.?.?.?.?.?.?.?\86|\87.?.?.?
.?.?.?.?.?\87|\88.?.?.?.?.?.?.?.?\88|\89.?.?.?.?.?.?.?
.?\89|\8A.?.?.?.?.?.?.?.?\8A|\8B.?.?.?.?.?.?.?.?\8B|\8C.
?.?.?.?.?.?.?.?\8C|\8D.?.?.?.?.?.?.?.?\8D|\8E.?.?.?.?.
?.?.?.?\8E|\8F.?.?.?.?.?.?.?.?\8F|\90.?.?.?.?.?.?.?.?
\90|\91.?.?.?.?.?.?.?.?\91|\92.?.?.?.?.?.?.?.?\92|\93.?.
?.?.?.?.?.?.?\93|\94.?.?.?.?.?.?.?.?\94|\95.?.?.?.?.?.
?.?.?\95|\96.?.?.?.?.?.?.?.?\96|\97.?.?.?.?.?.?.?.?\97|
\98.?.?.?.?.?.?.?.?\98|\99.?.?.?.?.?.?.?.?\99|\9A.?.?.?
.?.?.?.?.?\9A|\9B.?.?.?.?.?.?.?.?\9B|\9C.?.?.?.?.?.?.?
.?\9C|\9D.?.?.?.?.?.?.?.?\9D|\9E.?.?.?.?.?.?.?.?\9E|\9F.
?.?.?.?.?.?.?.?\9F|\A0.?.?.?.?.?.?.?.?\A0|\A1.?.?.?.?.
?.?.?.?\A1|\A2.?.?.?.?.?.?.?.?\A2|\A3.?.?.?.?.?.?.?.?
\A3|\A4.?.?.?.?.?.?.?.?\A4|\A5.?.?.?.?.?.?.?.?\A5|\A6.?.
?.?.?.?.?.?.?\A6|\A7.?.?.?.?.?.?.?.?\A7|\A8.?.?.?.?.?.
?.?.?\A8|\A9.?.?.?.?.?.?.?.?\A9|\AA.?.?.?.?.?.?.?.?\AA|
\AB.?.?.?.?.?.?.?.?\AB|\AC.?.?.?.?.?.?.?.?\AC|\AD.?.?.?
.?.?.?.?.?\AD|\AE.?.?.?.?.?.?.?.?\AE|\AF.?.?.?.?.?.?.?
.?\AF|\B0.?.?.?.?.?.?.?.?\B0|\B1.?.?.?.?.?.?.?.?\B1|\B2.
?.?.?.?.?.?.?.?\B2|\B3.?.?.?.?.?.?.?.?\B3|\B4.?.?.?.?.
?.?.?.?\B4|\B5.?.?.?.?.?.?.?.?\B5|\B6.?.?.?.?.?.?.?.?
\B6|\B7.?.?.?.?.?.?.?.?\B7|\B8.?.?.?.?.?.?.?.?\B8|\B9.?.
?.?.?.?.?.?.?\B9|\BA.?.?.?.?.?.?.?.?\BA|\BB.?.?.?.?.?.
?.?.?\BB|\BC.?.?.?.?.?.?.?.?\BC|\BD.?.?.?.?.?.?.?.?\BD|
\BE.?.?.?.?.?.?.?.?\BE|\BF.?.?.?.?.?.?.?.?\BF|\C0.?.?.?
.?.?.?.?.?\C0|\C1.?.?.?.?.?.?.?.?\C1|\C2.?.?.?.?.?.?.?
.?\C2|\C3.?.?.?.?.?.?.?.?\C3|\C4.?.?.?.?.?.?.?.?\C4|\C5.
?.?.?.?.?.?.?.?\C5|\C6.?.?.?.?.?.?.?.?\C6|\C7.?.?.?.?.
?.?.?.?\C7|\C8.?.?.?.?.?.?.?.?\C8|\C9.?.?.?.?.?.?.?.?
\C9|\CA.?.?.?.?.?.?.?.?\CA|\CB.?.?.?.?.?.?.?.?\CB|\CC.?.
?.?.?.?.?.?.?\CC|\CD.?.?.?.?.?.?.?.?\CD|\CE.?.?.?.?.?.
?.?.?\CE|\CF.?.?.?.?.?.?.?.?\CF|\D0.?.?.?.?.?.?.?.?\D0|
\D1.?.?.?.?.?.?.?.?\D1|\D2.?.?.?.?.?.?.?.?\D2|\D3.?.?.?
.?.?.?.?.?\D3|\D4.?.?.?.?.?.?.?.?\D4|\D5.?.?.?.?.?.?.?
.?\D5|\D6.?.?.?.?.?.?.?.?\D6|\D7.?.?.?.?.?.?.?.?\D7|\D8.
?.?.?.?.?.?.?.?\D8|\D9.?.?.?.?.?.?.?.?\D9|\DA.?.?.?.?.
?.?.?.?\DA|\DB.?.?.?.?.?.?.?.?\DB|\DC.?.?.?.?.?.?.?.?
\DC|\DD.?.?.?.?.?.?.?.?\DD|\DE.?.?.?.?.?.?.?.?\DE|\DF.?.
?.?.?.?.?.?.?\DF|\E0.?.?.?.?.?.?.?.?\E0|\E1.?.?.?.?.?.
?.?.?\E1|\E2.?.?.?.?.?.?.?.?\E2|\E3.?.?.?.?.?.?.?.?\E3|
\E4.?.?.?.?.?.?.?.?\E4|\E5.?.?.?.?.?.?.?.?\E5|\E6.?.?.?
.?.?.?.?.?\E6|\E7.?.?.?.?.?.?.?.?\E7|\E8.?.?.?.?.?.?.?
.?\E8|\E9.?.?.?.?.?.?.?.?\E9|\EA.?.?.?.?.?.?.?.?\EA|\EB.
?.?.?.?.?.?.?.?\EB|\EC.?.?.?.?.?.?.?.?\EC|\ED.?.?.?.?.
?.?.?.?\ED|\EE.?.?.?.?.?.?.?.?\EE|\EF.?.?.?.?.?.?.?.?
\EF|\F0.?.?.?.?.?.?.?.?\F0|\F1.?.?.?.?.?.?.?.?\F1|\F2.?.
?.?.?.?.?.?.?\F2|\F3.?.?.?.?.?.?.?.?\F3|\F4.?.?.?.?.?.
?.?.?\F4|\F5.?.?.?.?.?.?.?.?\F5|\F6.?.?.?.?.?.?.?.?\F6|
\F7.?.?.?.?.?.?.?.?\F7|\F8.?.?.?.?.?.?.?.?\F8|\F9.?.?.?
.?.?.?.?.?\F9|\FA.?.?.?.?.?.?.?.?\FA|\FB.?.?.?.?.?.?.?
.?\FB|\FC.?.?.?.?.?.?.?.?\FC|\FD.?.?.?.?.?.?.?.?\FD|\FE.
?.?.?.?.?.?.?.?\FE|\FF.?.?.?.?.?.?.?.?\FF)"
add name=skypetoskype regexp="^..\02….........."
add name=counterstrike-source regexp="^\FF\FF\FF\FF.cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01…?\11|\FE\FD.?.?.?.?.?.?(\14
\01\06|\FF\FF\FF))|[]\01].?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0
-9]? "[\t-\r -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\t-\r -~]+")"
add name=soulseek regexp="^(\05..?|.\01.[ -~]+\01F..?.?.?.?.?.?.?)$"
add name=xunlei regexp="^[()]…?.?.?(reg|get|query)"
add name=ssl regexp="^(.?.?\16\03.\16\03|.?.?\01\03\01?.\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r
\n$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..?v\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~] Accept: application/x-rtsp-tunnell
ed|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]a=control:rtsp://)"
add name=thecircle regexp=
"^t\03ni.?[\01-\06]?t[\01-\05]s[
\n\0B](glob|who are you$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)$"
add name=subversion regexp="^\( success \( 1 2 \("
add name=imesh regexp="^(post[\t-\r -~]<passwordhash>….....................
........</passwordhash><clientver>|4\80?\r?\FC\FF\04|get[\t-\r -~]Host:
_imsh\.download-prod\.musicnet\.com|\02(\01|\02)\83.?.?.?.?.?.?.
?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\02(\01|
\02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.\03$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus
\n"
add name=stun regexp="^[\01\02]….............?$"
add name=tor regexp=TOR1. <identity>add name=radmin regexp="^\01\01(\08\08|\1B\1B)$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.\r
\n$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\.9|1\.0|1\
.1) [1-5][0-9][0-9] [\t-\r -~]#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=bittorrent regexp="^(\x13bittorrent protocol|azver\x01$|get /scrap
e\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data
\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]"Setting Manglenya :
/ip firewall mangle
add action=mark-connection chain=prerouting comment=exe disabled=no
layer7-protocol="Extension " .exe "" new-connection-mark=exe_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no
new-packet-mark=exe passthrough=no
add action=mark-connection chain=prerouting comment=zip disabled=no
layer7-protocol="Extension " .zip"" new-connection-mark=zip_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no
new-packet-mark=zip passthrough=no
add action=mark-connection chain=prerouting comment=rar disabled=no
layer7-protocol="Extension " .rar"" new-connection-mark=rar_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no
new-packet-mark=rar passthrough=no
add action=mark-connection chain=prerouting comment=cab disabled=no
layer7-protocol="Extension " .cab "" new-connection-mark=cab_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no
new-packet-mark=cab passthrough=no
add action=mark-connection chain=prerouting comment=asf disabled=no
layer7-protocol="Extension " .asf "" new-connection-mark=asf_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no
new-packet-mark=asf passthrough=no
add action=mark-connection chain=prerouting comment=mov disabled=no
layer7-protocol="Extension " .mov "" new-connection-mark=mov_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no
new-packet-mark=mov passthrough=no
add action=mark-connection chain=prerouting comment=wmv disabled=no
layer7-protocol="Extension " .wmv "" new-connection-mark=wmv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no
new-packet-mark=wmv passthrough=no
add action=mark-connection chain=prerouting comment=mpg disabled=no
layer7-protocol="Extension " .mpg "" new-connection-mark=mpg_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no
new-packet-mark=mpg passthrough=no
add action=mark-connection chain=prerouting comment=mkv disabled=no
layer7-protocol="Extension " .mkv "" new-connection-mark=mkv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no
new-packet-mark=mkv passthrough=no
add action=mark-connection chain=prerouting comment=avi disabled=no
layer7-protocol="Extension " .avi "" new-connection-mark=avi_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no
new-packet-mark=avi passthrough=no
add action=mark-connection chain=prerouting comment=flv disabled=no
layer7-protocol="Extension " .flv "" new-connection-mark=flv_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no
new-packet-mark=flv passthrough=no
add action=mark-connection chain=prerouting comment=pdf disabled=no
layer7-protocol="Extension " .pdf "" new-connection-mark=pdf_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no
new-packet-mark=pdf passthrough=no
add action=mark-connection chain=prerouting comment=wav disabled=no
layer7-protocol="Extension " .wav "" new-connection-mark=wav_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no
new-packet-mark=wav passthrough=no
add action=mark-connection chain=prerouting comment=rm disabled=no
layer7-protocol="Extension " .rm "" new-connection-mark=rm_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no
new-packet-mark=rm passthrough=no
add action=mark-connection chain=prerouting comment=mp3 disabled=no
layer7-protocol="Extension " .mp3 "" new-connection-mark=mp3_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no
new-packet-mark=mp3 passthrough=no
add action=mark-connection chain=prerouting comment=mp4 disabled=no
layer7-protocol="Extension " .mp4 "" new-connection-mark=mp4_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no
new-packet-mark=mp4 passthrough=no
add action=mark-connection chain=prerouting comment=ram disabled=no
layer7-protocol="Extension " .ram "" new-connection-mark=ram_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no
new-packet-mark=ram passthrough=no
add action=mark-connection chain=prerouting comment=rmvb disabled=no
layer7-protocol="Extension " .rmvb "" new-connection-mark=rmvb_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no
new-packet-mark=rmvb passthrough=no
add action=mark-connection chain=prerouting comment=dat disabled=no
layer7-protocol="Extension " .dat "" new-connection-mark=dat_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no
new-packet-mark=dat passthrough=no
add action=mark-connection chain=prerouting comment=daa disabled=no
layer7-protocol="Extension " .daa "" new-connection-mark=daa_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no
new-packet-mark=daa passthrough=no
add action=mark-connection chain=prerouting comment=iso disabled=no
layer7-protocol="Extension " .iso "" new-connection-mark=iso_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no
new-packet-mark=iso passthrough=no
add action=mark-connection chain=prerouting comment=bin disabled=no
layer7-protocol="Extension " .bin "" new-connection-mark=bin_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no
new-packet-mark=bin passthrough=no
add action=mark-connection chain=prerouting comment=vcd disabled=no
layer7-protocol="Extension " .vcd "" new-connection-mark=vcd_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no
new-packet-mark=vcd passthrough=no
add action=mark-connection chain=prerouting comment=mp2 disabled=no
layer7-protocol="Extension " .mp2 "" new-connection-mark=mp2_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no
new-packet-mark=mp2 passthrough=no
add action=mark-connection chain=prerouting comment=3gp disabled=no
layer7-protocol="Extension " .3gp "" new-connection-mark=3gp_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no
new-packet-mark=3gp passthrough=no
add action=mark-connection chain=prerouting comment=mpe disabled=no
layer7-protocol="Extension " .mpe "" new-connection-mark=mpe_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no
new-packet-mark=mpe passthrough=no
add action=mark-connection chain=prerouting comment=qt disabled=no
layer7-protocol="Extension " .qt "" new-connection-mark=qt_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no
new-packet-mark=qt passthrough=no
add action=mark-connection chain=prerouting comment=raw disabled=no
layer7-protocol="Extension " .raw "" new-connection-mark=raw_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no
new-packet-mark=raw passthrough=no
add action=mark-connection chain=prerouting comment=wma disabled=no
layer7-protocol="Extension " .wma "" new-connection-mark=wma_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no
new-packet-mark=wma passthrough=no
add action=mark-connection chain=prerouting comment=ogg disabled=no
layer7-protocol="Extension " .ogg "" new-connection-mark=ogg_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no
new-packet-mark=ogg passthrough=no
add action=mark-connection chain=prerouting comment=doc disabled=no
layer7-protocol="Extension " .doc "" new-connection-mark=doc_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no
new-packet-mark=doc passthrough=no
add action=mark-connection chain=prerouting comment=applejuice disabled=no
layer7-protocol=applejuice new-connection-mark=applejuice_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=applejuice_conn
disabled=no new-packet-mark=applejuice passthrough=no
add action=mark-connection chain=prerouting comment=ares disabled=no
layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no
new-packet-mark=ares passthrough=no
add action=mark-connection chain=prerouting comment=bittorent disabled=no
layer7-protocol=bittorrent new-connection-mark=bittorent_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bittorent_conn
disabled=no new-packet-mark=bittorent passthrough=no
add action=mark-connection chain=prerouting comment=chikka disabled=no
layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=
no new-packet-mark=chika passthrough=no
add action=mark-connection chain=prerouting comment=directconnect disabled=no
layer7-protocol=directconnect new-connection-mark=directconnect_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=directconnect_conn
disabled=no new-packet-mark=directconnect passthrough=no
add action=mark-connection chain=prerouting comment=ftp disabled=no
layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp disabled=no
new-packet-mark=ftp passthrough=no
add action=mark-connection chain=prerouting comment=doom3 disabled=no
layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=
no new-packet-mark=doom3 passthrough=no
add action=mark-connection chain=prerouting comment=edonkey disabled=no
layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=edonkey_conn
disabled=no new-packet-mark=edonkey passthrough=no
add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no
layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no
new-packet-mark=fastrack passthrough=no
add action=mark-connection chain=prerouting comment=gnutella disabled=no
layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=
yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=gnutella_conn
disabled=no new-packet-mark=gnutella passthrough=no
add action=mark-connection chain=prerouting comment=skype disabled=no
layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=
no new-packet-mark=skype passthrough=no
add action=mark-connection chain=prerouting comment=7z disabled=no
layer7-protocol="Extension " .7z "" new-connection-mark=7z_conn
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no
new-packet-mark=7z passthrough=noYang terakhir kita buat management bandwidht menggunakan queue tree.
( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )Buat parent dulu seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=128k name="traffic shapping" parent=global-out priority=8
( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )setelah itu setting childnya seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=applejuice packet-mark=applejuice parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ares packet-mark=ares parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=8 name=bittorent packet-mark=bittorent parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=chika packet-mark=chika parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dconnect packet-mark=directconnect parent=
"traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=64k name=skype packet-mark=skype parent="traffic shapping"
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8
queue=default( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss…. wusss..... wkwk... wk....wk....)
semoga bermanfaat.
salam</identity></clientver></i\1e\1c\e9"<br></stream:stream[\t-\r></peerplat>Mas Ardy , Tolong di jelaskan untuk setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
Alamat nya emang harus pake 10.10.3.2 ya ? Kenapa kok bisa begitu ?
Mohon dijelaskan, Thanks ! -
Klo network kecil ok lah model gt klo buat isp hancur zzzz…... klo paket di belok2an jelas latency besar palagi client banyak game online jelas terasa, sy lbh pilih pfsense - mikritink - client klo pun dibalik jelas sama2 double routing dr network client,limiter,pf,modem apa mau dalam 1 subnet? klo ga mau bnyk routing ya client set direct aja ke pf ga usah lwt limiter atau xtrem ke modemna langsung