Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mikrotik RB 750 + PFsense as Squid Box

    Indonesian
    30
    67
    80634
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chino
      last edited by

      Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :

      Topologi :

      ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
                                            | |
                                PFSense (Squid + Lusca)

      Saya harap pembaca sudah paham dengan cara kerja Mikocok

      Mikocok Conf :
      Ether 0  = PPoE Client ke Spedol
      Ether 1  = Ke Client IP 192.168.88.2-254
      Ether 2  = default
      Ether 3  = ke LAN PF Box IP 192.168.200.1
      Ether 4  = ke WAN PF Box IP 172.3.3.2

      Alat yang di butuhkan :

      1 unit Mikocok RB 750 / 750G
      1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
      4 unit kabel LAN
      1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke Speedol

      Langkah selanjutnya :

      Set pada sisi PF-nya

      1. Install pfbox (sesuai Manual).
      2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
      3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
      4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
      5. Buka menu system --> packeges --> Cari Lusca
      6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
      7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
      *. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
      *. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD      cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
      *. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
      *. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
      8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
      9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
      10. Restart PF Box --> setelah restart, PFBox udah Ready to work.

      Set pada sisi Mik*otik-nya

      1. IP --> address

      Flags: X - disabled, I - invalid, D - dynamic
      #  ADDRESS            NETWORK        BROADCAST      INTERFACE             
      0  ;;; default configuration
          192.168.88.1/24    192.168.88.0    192.168.88.255  ether2-local-master   
      1  10.10.30.6/28      10.10.30.0      10.10.30.15    ether1-gateway       
      2  192.168.200.100/24 192.168.200.0  192.168.200.255 ether4-local-slave   
      3  172.3.1.1/24      172.3.1.1      172.3.1.255    ether5-local-slave

      2. IP --> firewall --> Nat

      Flags: X - disabled, I - invalid, D - dynamic
      0  ;;; Client
          chain=srcnat action=masquerade out-interface=ether1-gateway

      1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
          protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
          dst-port=80

      2  ;;; Proxy
          chain=srcnat action=masquerade out-interface=ether5-local-slave

      3  ;;; NAT Proxy
          chain=srcnat action=masquerade src-address=192.168.200.1
          out-interface=ether1-gateway

      4  ;;; Belok ke-Proxy
          chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
          protocol=tcp in-interface=ether2-local-master dst-port=80

      3. IP --> firewall --> Nat

      Flags: X - disabled, A - active, D - dynamic,
      C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
      B - blackhole, U - unreachable, P - prohibit
      #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
      0 A S  0.0.0.0/0          10.10.30.6      10.10.30.1        1     
      1 X S  0.0.0.0/0          192.168.200.100 192.168.200.1      1     
      2 X S  0.0.0.0/0          10.10.30.6      192.168.200.1      2     
                                                10.10.30.1       
      3 ADC  10.10.30.0/28      10.10.30.6      ether1-gateway    0     
      4 ADC  172.3.1.0/24      172.3.1.1      ether5-local-slave 0     
      5 ADC  192.168.88.0/24    192.168.88.1    ether2-local-ma... 0     
      6 ADC  192.168.200.0/24  192.168.200.100 ether4-local-slave 0


      Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
      yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
      disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)

      ditunggu yee Commentnya

      Maju terus networking indonesia

      1 Reply Last reply Reply Quote 0
      • A
        asracomp
        last edited by

        Kalo begini gimana bos…?

        Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.

        1 Reply Last reply Reply Quote 0
        • C
          chino
          last edited by

          @asracomp:

          Kalo begini gimana bos…?

          Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.

          Kalo gw ma.. lebih yakin kalo RB yang tampil di depan dari pada PF yang tampil di depan coz serangan dari luar banyak yang bahaya boss.. ??? ??? ???. enaknya mikocok punya Winbox yang buat qite nudah monitor traffic masuk & keluar.. jd saya lbh prefer klo mikocok yg di depan.. coba PF punya tools sprti winbox pasti ane dah tempatin dia di depan… ;D dan model kaya di atas prosesnya bisa 2x routing..

          1 Reply Last reply Reply Quote 0
          • P
            poscom
            last edited by

            :)

            1 Reply Last reply Reply Quote 0
            • K
              kambeeng
              last edited by

              wah kata siapa pfsense nggak secure .. malah pf lebih secure di banding MK :D coba aja buktikan

              1 Reply Last reply Reply Quote 0
              • P
                poscom
                last edited by

                @kambeeng:

                wah kata siapa pfsense nggak secure .. malah pf lebih secure di banding MK :D coba aja buktikan

                nah jawaban ini yg sy tunggu2 BOS :) :) :) OK buangetttt Komandan

                1 Reply Last reply Reply Quote 0
                • S
                  serangku
                  last edited by

                  pada batasan tertentu om @chino benar adanya …
                  yang patut di diperhatikan adalah sisi banyaknya klien dari router itu sendiri

                  kalo klien RB750, katakanlah, 20 atau 30, dengan full setup, sepertinya
                  akan kolap itu RB, bukan karena os nya, tapi hardware yang sudah ngos2an
                  pastinya harus upgrade ke yg lebih tinggi, dan itu adalah cost yang tinggi pula.
                  terutama licensenya ...

                  untuk secure, setiap distro firewall, salah satu yang diutamakan adalah secure nya
                  so, nonsense kalau pf tidak secure, begitu juga sebaliknya ... it's fair enough

                  yang om @chino lakukan adalah kolaborasi
                  saling melengkapi antara 2 produk yang berbeda
                  sudah mahfum kalau mikrotik sangat terbatas dalam custom squidnya
                  pfsense sangat mudah untuk mendapatkan proxy performance
                  indah bukan konsep saling melengkapi ...

                  btw ... share nya om acungi jempol  :)
                  untuk single ethernet sangat bisa
                  om sendiri sudah mengaplikasikan single ethernet multiple interface
                  mangga dioprek lebih lanjut ...

                  1 Reply Last reply Reply Quote 0
                  • K
                    kambeeng
                    last edited by

                    kalau saya nggak bisa acungin jempol buat artikel seperti ini nggak ada gunanya .. langsung aja di stick hahahahah

                    1 Reply Last reply Reply Quote 0
                    • A
                      ardy_2006
                      last edited by

                      Klo sy setubuh, e' salah maksud sy se7 dengan TS. Msh Mikrotik RB 750G + PFsense as Squid Box.
                      emang setiap topology terkadang tidak pas/cocok dipake di setiap jaringan. klo saya :

                      client –------mikrotik ----------
                                            |                    |
                                            |                    | ------ internet
                                            |                    |
                                        PF (box) ----------

                      Mikrotik = port 1 mengarah clients
                                    port 2 mengarah Wan/Internet
                                    port 3 mengarah ke PF (box)
                      PF(Box) = Lan ----> port 3 mikrotik
                                    WAN ---> modem

                      intinya :

                      • Request destination port 80 dibelokan ke mesin PF. ( chain=dstnat action=dst-nat to-addresses=(ip address pfsense) to-ports=(port pfsense) protocol=tcp in-interface=(port 3 mengarah ke pfsense) dst-port=80 )
                      • Selain port 80 masuk ke mikrotik dengan management bandwidht menggunakan L7 protocol. ( idm & sodara sodaranya nggak berkutik )

                      Tipology ini belum tentu cocok dengan jaringan yg lain, so yg pasti buffer youtube lari kencang seperti dikejar anjing, ini yg sy suka. speedtest kecepatan LAN full speed semua ini hanya akal akalan mesin PF + LUSCA oprekan Mang Chuddy,Yg emang betul betul cocok buat kita kita yg fakir bandwidht  wk... wk.. wk....

                      1 Reply Last reply Reply Quote 0
                      • K
                        kambeeng
                        last edited by

                        @ardy_2006:

                        Klo sy setubuh, e' salah maksud sy se7 dengan TS. Msh Mikrotik RB 750G + PFsense as Squid Box.
                        emang setiap topology terkadang tidak pas/cocok dipake di setiap jaringan. klo saya :

                        client –------mikrotik ----------
                                               |                    |
                                               |                    | ------ internet
                                               |                    |
                                           PF (box) ----------

                        Mikrotik = port 1 mengarah clients
                                      port 2 mengarah Wan/Internet
                                      port 3 mengarah ke PF (box)
                        PF(Box) = Lan ----> port 3 mikrotik
                                      WAN ---> modem

                        intinya :

                        • Request destination port 80 dibelokan ke mesin PF. ( chain=dstnat action=dst-nat to-addresses=(ip address pfsense) to-ports=(port pfsense) protocol=tcp in-interface=(port 3 mengarah ke pfsense) dst-port=80 )
                        • Selain port 80 masuk ke mikrotik dengan management bandwidht menggunakan L7 protocol. ( idm & sodara sodaranya nggak berkutik )

                        Tipology ini belum tentu cocok dengan jaringan yg lain, so yg pasti buffer youtube lari kencang seperti dikejar anjing, ini yg sy suka. speedtest kecepatan LAN full speed semua ini hanya akal akalan mesin PF + LUSCA oprekan Mang Chuddy,Yg emang betul betul cocok buat kita kita yg fakir bandwidht   wk... wk.. wk....

                        Mas kasih yang gamblang yaaa sedetailnya :D

                        tks
                        PFSI

                        1 Reply Last reply Reply Quote 0
                        • A
                          ardy_2006
                          last edited by

                          siap komandan.  :)
                          mending ku buat tutorial dulu aja settingan aku.
                          ntar ku share disini. sapa tahu dengan dishare ada masuan sana sini & bisa makin garang konesinya.
                          Loading …...............................

                          1 Reply Last reply Reply Quote 0
                          • K
                            kavari
                            last edited by

                            @serangku:

                            pada batasan tertentu om @chino benar adanya …
                            yang patut di diperhatikan adalah sisi banyaknya klien dari router itu sendiri

                            kalo klien RB750, katakanlah, 20 atau 30, dengan full setup, sepertinya
                            akan kolap itu RB, bukan karena os nya, tapi hardware yang sudah ngos2an
                            pastinya harus upgrade ke yg lebih tinggi, dan itu adalah cost yang tinggi pula.
                            terutama licensenya ...

                            untuk secure, setiap distro firewall, salah satu yang diutamakan adalah secure nya
                            so, nonsense kalau pf tidak secure, begitu juga sebaliknya ... it's fair enough

                            yang om @chino lakukan adalah kolaborasi
                            saling melengkapi antara 2 produk yang berbeda
                            sudah mahfum kalau mikrotik sangat terbatas dalam custom squidnya
                            pfsense sangat mudah untuk mendapatkan proxy performance
                            indah bukan konsep saling melengkapi ...

                            btw ... share nya om acungi jempol  :)
                            untuk single ethernet sangat bisa
                            om sendiri sudah mengaplikasikan single ethernet multiple interface
                            mangga dioprek lebih lanjut ...

                            Sepakat om, masalah security lebih kepada brainware dibelakang firewall,apalagi jika enginennya masih dalam keluarga *nix ,firewallnya tidak jauh berbedalah. @chino benar bhw di mikrotik traffik monitoring lebih mudah, tapi di pfsense seharusnya juga bisa dilakukan dengan menambahkan package, baik dari pfsense sendiri maupun dari pihak ketiga.
                            Ada satu hal lagi mungkin yang patut dipertimbangkan o/ developer pfsense ,yakni ketersediaan hardware embed semacam routerboard mikrotik yang sangat ekonomis u/ pengguna soho. Atau jika memungkinkan pfsense bisa didevelop untuk arsitektur mips, ppc yang kompatible u/ routerboard mikrotik sehingga pfsense bisa di injek ke routerboard.
                            go..opensource

                            1 Reply Last reply Reply Quote 0
                            • A
                              asepyulisman
                              last edited by

                              maap, buat master yg udah pernah coba topologi seperti ini, apakah proxy hit di pfsense bisa naik ngak?? ???

                              sejak kenal pfsense si RB udah nganggur :D :D

                              Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.
                              
                              di pfsense===> 1\. squid   2\. lusca  3\. unbound
                              RB750G  ==> management bandwidth doang  
                              

                              kayaknya cuman ini satu-satunya jalan ke Roma buat aq :'( :'(

                              1 Reply Last reply Reply Quote 0
                              • K
                                kavari
                                last edited by

                                @asepyulisman:

                                maap, buat master yg udah pernah coba topologi seperti ini, apakah proxy hit di pfsense bisa naik ngak?? ???

                                sejak kenal pfsense si RB udah nganggur :D :D

                                Internet<--->ModemADSL(bridge)<--->(PPPoE)PFsense+LUSCA<--->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst.
                                
                                di pfsense===> 1\. squid   2\. lusca  3\. unbound
                                RB750G  ==> management bandwidth doang  
                                

                                kayaknya cuman ini satu-satunya jalan ke Roma buat aq :'( :'(

                                sayang kalo rb nya nganggur om :
                                Percaya aja bahwa masih banyak jalan keroma kok :-)

                                PFsense+LUSCA
                                                                                                                                      |
                                1. pfsense ===> Internet<–->ModemADSL(bridge)<--->(ppoe)RB750G(bandwidth Manage)<---> Switch/HUB<--->client...dst

                                2. pfsense ===> Internet<--->ModemADSL(bridge)<--->(ppoe)RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst
                                                                                                                                                                                                                      |
                                                                                                                                                                                                      PFsense+LUSCA
                                3.pfsense ===> Internet<--->(ppoe)ModemADSL(bridge)<---> Switch/HUB<------->RB750G(bandwidth Management)<---> Switch/HUB<--->client...dst
                                                                                                                                                |    <-- port80                                    |                                                                       
                                                                                                                                      PFsense+LUSCA------------------------------------

                                ayo....dipilih ....dipilih......dipilih

                                1 Reply Last reply Reply Quote 0
                                • D
                                  diol
                                  last edited by

                                  kalau saya pakai topology seperti ini

                                  adsl –--pcmikrotik----switch--client
                                                  |
                                                  |
                                              pfsense

                                  enggak tau setting pfsense udah tepat atau belum yg penting jalan


                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kambeeng
                                    last edited by

                                    ya coba di check dilognya bro… jalan atau belon

                                    salam
                                    PFSI

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      diol
                                      last edited by

                                      siap Ndan

                                      kalau di proxy report rata2 hit 40%,dengan konfigurasi standar Lusca/LUSCA r14850 patched: chudy r14,dengan client 15unit

                                      salam
                                      PFSI

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        asepyulisman
                                        last edited by

                                        adsl ----pcmikrotik----switch--client
                                                         |
                                                         |
                                                     pfsense
                                        

                                        om kalau boleh tau proxy hitnya nembus sampai berapa Mega ???

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          diol
                                          last edited by

                                          siang om

                                          rata2 0,5-1gb,mungkin gara2 kebiasan user kalau nonton dari youtube cepet ,jd kagak disimpan dulu.


                                          1 Reply Last reply Reply Quote 0
                                          • P
                                            pfsense_aja
                                            last edited by

                                            @chino:

                                            Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :

                                            Topologi :

                                            ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
                                                                                   | |
                                                                      PFSense (Squid + Lusca)

                                            Saya harap pembaca sudah paham dengan cara kerja Mikocok

                                            Mikocok Conf :
                                            Ether 0  = PPoE Client ke Spedol
                                            Ether 1  = Ke Client IP 192.168.88.2-254
                                            Ether 2  = default
                                            Ether 3  = ke LAN PF Box IP 192.168.200.1
                                            Ether 4  = ke WAN PF Box IP 172.3.3.2

                                            Alat yang di butuhkan :

                                            1 unit Mikocok RB 750 / 750G
                                            1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
                                            4 unit kabel LAN
                                            1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke Speedol

                                            Langkah selanjutnya :

                                            Set pada sisi PF-nya

                                            1. Install pfbox (sesuai Manual).
                                            2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
                                            3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
                                            4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
                                            5. Buka menu system --> packeges --> Cari Lusca
                                            6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
                                            7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
                                            *. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
                                            *. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD      cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
                                            *. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
                                            *. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
                                            8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
                                            9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
                                            10. Restart PF Box --> setelah restart, PFBox udah Ready to work.

                                            Set pada sisi Mik*otik-nya

                                            1. IP --> address

                                            Flags: X - disabled, I - invalid, D - dynamic
                                            #   ADDRESS            NETWORK         BROADCAST       INTERFACE             
                                            0   ;;; default configuration
                                                 192.168.88.1/24    192.168.88.0    192.168.88.255  ether2-local-master   
                                            1   10.10.30.6/28      10.10.30.0      10.10.30.15     ether1-gateway         
                                            2   192.168.200.100/24 192.168.200.0   192.168.200.255 ether4-local-slave     
                                            3   172.3.1.1/24       172.3.1.1       172.3.1.255     ether5-local-slave

                                            2. IP --> firewall --> Nat

                                            Flags: X - disabled, I - invalid, D - dynamic
                                            0   ;;; Client
                                                 chain=srcnat action=masquerade out-interface=ether1-gateway

                                            1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
                                                 protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
                                                 dst-port=80

                                            2   ;;; Proxy
                                                 chain=srcnat action=masquerade out-interface=ether5-local-slave

                                            3   ;;; NAT Proxy
                                                 chain=srcnat action=masquerade src-address=192.168.200.1
                                                 out-interface=ether1-gateway

                                            4   ;;; Belok ke-Proxy
                                                 chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
                                                 protocol=tcp in-interface=ether2-local-master dst-port=80

                                            3. IP --> firewall --> Nat

                                            Flags: X - disabled, A - active, D - dynamic,
                                            C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
                                            B - blackhole, U - unreachable, P - prohibit
                                            #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
                                            0 A S  0.0.0.0/0          10.10.30.6      10.10.30.1         1       
                                            1 X S  0.0.0.0/0          192.168.200.100 192.168.200.1      1       
                                            2 X S  0.0.0.0/0          10.10.30.6      192.168.200.1      2       
                                                                                       10.10.30.1       
                                            3 ADC  10.10.30.0/28      10.10.30.6      ether1-gateway     0       
                                            4 ADC  172.3.1.0/24       172.3.1.1       ether5-local-slave 0       
                                            5 ADC  192.168.88.0/24    192.168.88.1    ether2-local-ma... 0       
                                            6 ADC  192.168.200.0/24   192.168.200.100 ether4-local-slave 0


                                            Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
                                            yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
                                            disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)

                                            ditunggu yee Commentnya

                                            Maju terus networking indonesia

                                            kalo adsl nya ga mode bridge kk…  tapi dengan topologi yang sama... ada panduan ga kk...

                                            thx for share

                                            1 Reply Last reply Reply Quote 0
                                            • S
                                              serangku
                                              last edited by

                                              sah-sah saja tidak pake bridge …
                                              bisa saja pake mode dhcp atau static
                                              si modem sebagai dialer pppoe nya dan pfsense sebgai klien dr modem tsb

                                              alasan kenapa modem dibridge kan sehingga pfsense yg dial pppoe
                                              karena modem [sebagai dialer pppoe] akan menjadi masalah ketika load tinggi
                                              itu wajar karena modem umumnya terbatas kemampuan HW nya

                                              semoga bisa membantu

                                              1 Reply Last reply Reply Quote 0
                                              • P
                                                pfsense_aja
                                                last edited by

                                                @serangku:

                                                sah-sah saja tidak pake bridge …
                                                bisa saja pake mode dhcp atau static
                                                si modem sebagai dialer pppoe nya dan pfsense sebgai klien dr modem tsb

                                                alasan kenapa modem dibridge kan sehingga pfsense yg dial pppoe
                                                karena modem [sebagai dialer pppoe] akan menjadi masalah ketika load tinggi
                                                itu wajar karena modem umumnya terbatas kemampuan HW nya

                                                semoga bisa membantu

                                                thx atas responnya kk..

                                                ane cuma punya warnet kecil… jadi saya pikir g terlalu...

                                                nah.. ada panduan kah kk.. untuk permasalahan saya...??

                                                mohon pencerahan...

                                                1 Reply Last reply Reply Quote 0
                                                • S
                                                  serangku
                                                  last edited by

                                                  pencerahannya hanya satu aja …

                                                  langsung praktek lapangan
                                                  insya allah tidak akan kesasar

                                                  kalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
                                                  btw ... om mau tanya
                                                  pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?

                                                  tentunya semua tidak ada yg instan
                                                  cukup bermodal membaca dari how to yang sudah digelar teman2
                                                  pokoknya jangan cepat give up ...

                                                  1 Reply Last reply Reply Quote 0
                                                  • P
                                                    pfsense_aja
                                                    last edited by

                                                    @serangku:

                                                    pencerahannya hanya satu aja …

                                                    langsung praktek lapangan
                                                    insya allah tidak akan kesasar

                                                    kalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
                                                    btw ... om mau tanya
                                                    pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?

                                                    tentunya semua tidak ada yg instan
                                                    cukup bermodal membaca dari how to yang sudah digelar teman2
                                                    pokoknya jangan cepat give up ...

                                                    karena semangatnya untuk mencoba…

                                                    maaf jika merepotkan...
                                                    ada kendala yang saya hadapi...

                                                    saya donlot yang ini...http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110613-0929.iso.gz

                                                    pada saat saya mulai menginstall (saat cd booting)

                                                    muncul pesan error  :

                                                    mpoptions not found
                                                    panic: free: guard1 fail @ 0x1ed8c784 from /usr/pfsensesrc/src/sys/boot.i386/loader/../../common/interp. c:320

                                                    --> Press a key on the console to reboot <--

                                                    ane tekan enter...
                                                    reboot lagi.. dan tetep kembali ke error yang sama

                                                    cpu saya

                                                    ram 512 GB
                                                    hdd 20 GB
                                                    p4 (p4vp-mx)

                                                    salahnya dimana ya...

                                                    dan maaf jika.. membahas diluar pokok bahasan thread..

                                                    makasih buat semua senior2.......

                                                    1 Reply Last reply Reply Quote 0
                                                    • O
                                                      onomlakbok
                                                      last edited by

                                                      @chino:

                                                      Setelah ngubek-ngubek om Goo*le, PF Forum n Other Forum. untuk cari resep untuk mau buat RB 750 menjadi GARANG akhirnya bisa nemu resep seperti ini :

                                                      Topologi :

                                                      ADSL(Bridge) –---------- Mikocok -------------- Switch ------------ Client
                                                                                             | |
                                                                                PFSense (Squid + Lusca)

                                                      Saya harap pembaca sudah paham dengan cara kerja Mikocok

                                                      Mikocok Conf :
                                                      Ether 0  = PPoE Client ke Spedol
                                                      Ether 1  = Ke Client IP 192.168.88.2-254
                                                      Ether 2  = default
                                                      Ether 3  = ke LAN PF Box IP 192.168.200.1
                                                      Ether 4  = ke WAN PF Box IP 172.3.3.2

                                                      Alat yang di butuhkan :

                                                      1 unit Mikocok RB 750 / 750G
                                                      1 unit CPU Bekas/Baru asal masih bisa nyala dengan minimum Procesor PIII
                                                      4 unit kabel LAN
                                                      1 unit modem Spedol (Set Bridge) nanti mikrotik yang dial ke Speedol

                                                      Langkah selanjutnya :

                                                      Set pada sisi PF-nya

                                                      1. Install pfbox (sesuai Manual).
                                                      2. Setelah selesai install PFbox-nya masuk ke WEB Confignya.
                                                      3. Buka menu system --> packeges --> Cari SQUID 2.7 (yang udah pasti stable) trus Install
                                                      4. ketik pada Diagnostic -> Command promt : http://pfsense-cacheboy.googlecode.com/svn/trunk/script/package.sh && chmod +x package.sh && ./package.sh
                                                      5. Buka menu system --> packeges --> Cari Lusca
                                                      6. atau Cari tut's nginstall LUSCA cache PFsense di Mbah Goo*le (Lusca cache merupakan Optional Install)
                                                      7. Buka menu Services --> Proxy Services --> Pastikan Proxy Portnya 3128
                                                      *. TAB General --> centang Allow users on interface, tranparent proxy,Enabled logging, Transparent X-Forward, & Disable VIA --> klik Save
                                                      *. TAB Cache Mgmt --> Hardisk cache system = coos+aufs (bila sudah teristal Lusca), Coss HD      cache size 50, HD cache size 100, memory cache size 8 (Sesuaikan dengan kap. MEM), Max memory object size 4 (Sesuaikan dengan kap. MEM), Minimum object size 10 (Sesuaikan dengan kap. MEM), Maximum object size 6(Sesuaikan dengan kap. MEM)--> Klik Save
                                                      *. TAB Access control --> Allowed subnets (masukkan IP 192.168.88.0/24) --> klik Save
                                                      *. TAB Traffic Mgmt --> Matiin aja "Enable delay pool" (Biarin mikocok yg ngatur BW-nya)
                                                      8. Buat yang pake add-on LUSCA Cache configurasinya di sesuaikan dengan kebutuhan aja yah..
                                                      9. Lanjut pastikan Squid Services sudah berjalan. Klik Status Sevices --> Lihat Squid jalan atau tidak
                                                      10. Restart PF Box --> setelah restart, PFBox udah Ready to work.

                                                      Set pada sisi Mik*otik-nya

                                                      1. IP --> address

                                                      Flags: X - disabled, I - invalid, D - dynamic
                                                      #   ADDRESS            NETWORK         BROADCAST       INTERFACE             
                                                      0   ;;; default configuration
                                                           192.168.88.1/24    192.168.88.0    192.168.88.255  ether2-local-master   
                                                      1   10.10.30.6/28      10.10.30.0      10.10.30.15     ether1-gateway         
                                                      2   192.168.200.100/24 192.168.200.0   192.168.200.255 ether4-local-slave     
                                                      3   172.3.1.1/24       172.3.1.1       172.3.1.255     ether5-local-slave

                                                      2. IP --> firewall --> Nat

                                                      Flags: X - disabled, I - invalid, D - dynamic
                                                      0   ;;; Client
                                                           chain=srcnat action=masquerade out-interface=ether1-gateway

                                                      1 X chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
                                                           protocol=tcp src-address=192.168.88.0/24 in-interface=ether4-local-slave
                                                           dst-port=80

                                                      2   ;;; Proxy
                                                           chain=srcnat action=masquerade out-interface=ether5-local-slave

                                                      3   ;;; NAT Proxy
                                                           chain=srcnat action=masquerade src-address=192.168.200.1
                                                           out-interface=ether1-gateway

                                                      4   ;;; Belok ke-Proxy
                                                           chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
                                                           protocol=tcp in-interface=ether2-local-master dst-port=80

                                                      3. IP --> firewall --> Nat

                                                      Flags: X - disabled, A - active, D - dynamic,
                                                      C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
                                                      B - blackhole, U - unreachable, P - prohibit
                                                      #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
                                                      0 A S  0.0.0.0/0          10.10.30.6      10.10.30.1         1       
                                                      1 X S  0.0.0.0/0          192.168.200.100 192.168.200.1      1       
                                                      2 X S  0.0.0.0/0          10.10.30.6      192.168.200.1      2       
                                                                                                 10.10.30.1       
                                                      3 ADC  10.10.30.0/28      10.10.30.6      ether1-gateway     0       
                                                      4 ADC  172.3.1.0/24       172.3.1.1       ether5-local-slave 0       
                                                      5 ADC  192.168.88.0/24    192.168.88.1    ether2-local-ma... 0       
                                                      6 ADC  192.168.200.0/24   192.168.200.100 ether4-local-slave 0


                                                      Bagi akang-akang yang memiliki metoda yang lain mungkin dengan menggunakan 1 LAN card saja
                                                      yang menuju ke PF boxnya dapat memberikan masukkan bagaimana cara membuatnya? dan di share
                                                      disini untuk kemajuan teman-teman pecinta PFsense & Mikocok :)

                                                      ditunggu yee Commentnya

                                                      Maju terus networking indonesia

                                                      kalo setingan winboxnya digelar sekalian sangat membantu yang mo icip-icip  ;D

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        agismaniax
                                                        last edited by

                                                        @chino:

                                                        Kalo gw ma.. lebih yakin kalo RB yang tampil di depan dari pada PF yang tampil di depan coz serangan dari luar banyak yang bahaya boss.. ??? ??? ???. enaknya mikocok punya Winbox yang buat qite nudah monitor traffic masuk & keluar.. jd saya lbh prefer klo mikocok yg di depan.. coba PF punya tools sprti winbox pasti ane dah tempatin dia di depan… ;D dan model kaya di atas prosesnya bisa 2x routing..

                                                        apa gak ribet om pake 2 alat utk firewall + proxy? soalnya kalau usernya <25, menurut saya lebih ribet troubleshoot-nya jika ada masalah diantara kedua alat itu.

                                                        1 Reply Last reply Reply Quote 0
                                                        • Z
                                                          zetya87
                                                          last edited by

                                                          gk sabar nggu tutorial dari mas ardy nich
                                                          tlg step by step iah mas….. yang segamblang gamblangnya
                                                          maklum nol puthul iki  T.T

                                                          1 Reply Last reply Reply Quote 0
                                                          • C
                                                            Change
                                                            last edited by

                                                            wa,,rb750 skrg brp om??pgn nyobain.. ;D

                                                            News Today | Info Harga Terbaru | Top Stories | Free Wallpaper Image | Price and Specification

                                                            1 Reply Last reply Reply Quote 0
                                                            • O
                                                              onomlakbok
                                                              last edited by

                                                              @Change:

                                                              wa,,rb750 skrg brp om??pgn nyobain.. ;D

                                                              dah murah sekarang yg jual antara 290.000 - 350.000

                                                              1 Reply Last reply Reply Quote 0
                                                              • P
                                                                pfsense_aja
                                                                last edited by

                                                                :( :( :(  ane koq masih ga bisa terus ya… :( :(  setelah install... masuk ke web config nya ga bisa2...

                                                                1 Reply Last reply Reply Quote 0
                                                                • K
                                                                  kambeeng
                                                                  last edited by

                                                                  @pfsense_aja:

                                                                  @serangku:

                                                                  pencerahannya hanya satu aja …

                                                                  langsung praktek lapangan
                                                                  insya allah tidak akan kesasar

                                                                  kalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
                                                                  btw ... om mau tanya
                                                                  pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?

                                                                  tentunya semua tidak ada yg instan
                                                                  cukup bermodal membaca dari how to yang sudah digelar teman2
                                                                  pokoknya jangan cepat give up ...

                                                                  karena semangatnya untuk mencoba…

                                                                  maaf jika merepotkan...
                                                                  ada kendala yang saya hadapi...

                                                                  saya donlot yang ini...http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110613-0929.iso.gz

                                                                  pada saat saya mulai menginstall (saat cd booting)

                                                                  muncul pesan error  :

                                                                  mpoptions not found
                                                                  panic: free: guard1 fail @ 0x1ed8c784 from /usr/pfsensesrc/src/sys/boot.i386/loader/../../common/interp. c:320

                                                                  --> Press a key on the console to reboot <--

                                                                  ane tekan enter...
                                                                  reboot lagi.. dan tetep kembali ke error yang sama

                                                                  cpu saya

                                                                  ram 512 GB
                                                                  hdd 20 GB
                                                                  p4 (p4vp-mx)
                                                                  se
                                                                  salahnya dimana ya...

                                                                  dan maaf jika.. membahas diluar pokok bahasan thread..

                                                                  makasih buat semua senior2.......

                                                                  sepertinya kernel panic.. coba di cek .. waktu install pake singkle apa dual, sesuaikan dengan processornya.. kalauu masih seperti itu coba intasll pake 1.2.3 aja

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • C
                                                                    chino
                                                                    last edited by

                                                                    Terimakasih atas respond teman PFSI dan udah mau bergabung pada postingan saya ini.
                                                                    saya gak menyangka akan di respon sekian banyak user PFSI. ;D

                                                                    yang saya mau disini kita dapat belajar mengenai network yang lebih advance dengan berbagai macam model pola Networking. buat Om_Kembeng yang elmunya udah nyampe di langit (Semoga masih diberi elmu lg yg maha kuasa)AMIN, sebaiknya share or (give feedback) dunk's atas ide-idenya disini bukannya malah buat postingan orang jadi sampah/menganggap postingan orang itu remeh ??? ??? ???. yakin qite gak bakalan maju dengan menganggap sesuatu yang kecil itu lemah, dari yang kecil kita dapat menjadi besar.

                                                                    Saya rasa kita harusnya realistis aja MT udah cukup mantap pada posisinya untuk BW management, Traffic monitoring dgn toolsnya (Winboxnya), dan kelebihan lainnya. tetapi disisi yang lain punya kekurangan pada system Proxy management. makanya dgn dikawinkannya kedua alat ini maka saya anggap suatu perpaduan yang sangat baik untuk masa sekarang ini.

                                                                    Metode ini saya udah coba pada jaringan dgn WAN Bandwidth 3Mb dan Client 27 unit. Pada saad Pick Load local dapat mencapai 4Mb dengan dukungan HDD 500GB Mem 2GB Proc Dual Core 2.0Ghz dan cukup stabil. Cuma perlu restart 2 ato 3 hari dgn work time 24 Hour Full.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • S
                                                                      serangku
                                                                      last edited by

                                                                      always utk diingat …
                                                                      konsep saling melengkapi itu indah
                                                                      tidak ada yg sempurna plek ...
                                                                      setuju ... ?

                                                                      yg penting ... minumnya tetep pf  ;D [gak nyambung dah …]

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • K
                                                                        kidx13
                                                                        last edited by

                                                                        kenapa pfsense ku tidak bisa di transparent proxy dari mikrotik ?
                                                                        tapi jika browser di arahkan secara manual ke proxy pfsense, bis berfungsi dengan normal.

                                                                        ini settingan nat di mikrotik

                                                                        Flags: X - disabled, I - invalid, D - dynamic
                                                                        0 X ;;; place hotspot rules here
                                                                            chain=unused-hs-chain action=passthrough

                                                                        1 X ;;; NAT-Modem
                                                                            chain=srcnat action=masquerade out-interface=ether1-Modem

                                                                        2  ;;; NAT Public
                                                                            chain=srcnat action=masquerade out-interface=speedy

                                                                        6 X ;;; TRANSPARENT PROX + BYPASS CACHE SERVER LOKAL
                                                                            chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp dst-address-list=!Proxy in-interface=WiFi_All dst-port=80,8080,3128

                                                                        7 X ;;; TRANSPARENT PROXY
                                                                            chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp src-address-list=Local+Server dst-address-list=!Proxy
                                                                            dst-port=80,8080,3128

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • K
                                                                          kidx13
                                                                          last edited by

                                                                          ini log firewall dari pfsense
                                                                          saya pake ip 192.168.99.166

                                                                          Act      Time                    If    Source                    Destination            Proto
                                                                          block    Jul 18 14:50:29    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:49:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:48:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:47:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:46:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:45:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:44:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:43:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:42:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:41:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:40:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:40:00    LAN    0.0.0.0:68    255.255.255.255:67    UDP
                                                                          block    Jul 18 14:39:48    LAN    0.0.0.0:68    255.255.255.255:67    UDP
                                                                          block    Jul 18 14:39:48    LAN    0.0.0.0:68    255.255.255.255:67    UDP
                                                                          block    Jul 18 14:39:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:38:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:37:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:36:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:35:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:34:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:33:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:32:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:32:05    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:32:05    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:37    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:37    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:31:22    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:22    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:16    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:16    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:13    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:13    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:11    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:11    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:30:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:29:51    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:29:30    LAN    192.168.99.166:47107    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:29:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
                                                                          block    Jul 18 14:29:21    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:29:06    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:28:59    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:28:56    LAN    192.168.99.166:47107    192.168.99.2:3128    TCP:FA
                                                                          block    Jul 18 14:28:55    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • K
                                                                            kidx13
                                                                            last edited by

                                                                            mohon bantuannya untuk
                                                                            http://forum.pfsense.org/index.php/topic,38930.msg200664.html#msg200664

                                                                            belum dapat penyelesaian nya

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • A
                                                                              ardy_2006
                                                                              last edited by

                                                                              Sesuai dengan janji ( janji adalah hutang  :) , insya allah hutang segera terlunasi ) amiiin…. !!

                                                                              Just share settingan saya Mikocok bersanding dengan PFSense.

                                                                              Clients ------- Mikrotik 3 port -------- Inet

                                                                              port 3 mikrotik ----- pfsense ------ inernet

                                                                              modem : 192.168.2.1

                                                                              topology mikrotik menggunakan 3 ethernet :
                                                                              port 1 = WAN  ( 192.168.2.2 )
                                                                              port 2 = CLIENTS ( 192.168.1.1 )
                                                                              port 3 = PROXY PFSENSE ( 192.168.3.1 )

                                                                              topology pfsense menggunakan 2 ethernet :
                                                                              port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
                                                                              port 2 = WAN ( 192.168.2.3 )

                                                                              oke langsung kupas aja.
                                                                              asumsi mesin pfsense running well & tunning with LUSCA.
                                                                              oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.html

                                                                              sebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
                                                                              Settingan hotspot disini tidak usah dibahas googling aja tutnya.
                                                                              settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
                                                                              Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )

                                                                              setting nat :
                                                                              chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
                                                                              ( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )

                                                                              setting L7 :
                                                                              /ip firewall layer7-protocol
                                                                              add name="Extension " .exe "" regexp="^.get.+\.exe.$"
                                                                              add name="Extension " .mp4 "" regexp="^.get.+\.mp4.$"
                                                                              add name="Extension " .rar"" regexp="^.get.+\.rar.$"
                                                                              add name="Extension " .zip"" regexp="^.get.+\.zip.$"
                                                                              add name="Extension " .mp3 "" regexp="^.get.+\.mp3.$"
                                                                              add name="Extension " .7z "" regexp="^.get.+\.7z.$"
                                                                              add name="Extension " .cab "" regexp="^.get.+\.cab.$"
                                                                              add name="Extension " .asf "" regexp="^.get.+\.asf.$"
                                                                              add name="Extension " .mov "" regexp="^.get.+\.mov.$"
                                                                              add name="Extension " .wmv "" regexp="^.get.+\.wmv.$"
                                                                              add name="Extension " .mpg "" regexp="^.get.+\.mpg.$"
                                                                              add name="Extension " .mpeg "" regexp="^.get.+\.mpeg.$"
                                                                              add name="Extension " .mkv "" regexp="^.get.+\.mkv.$"
                                                                              add name="Extension " .avi "" regexp="^.get.+\.avi.$"
                                                                              add name="Extension " .flv "" regexp="^.get.+\.flv.$"
                                                                              add name="Extension " .pdf "" regexp="^.get.+\.pdf.$"
                                                                              add name="Extension " .wav "" regexp="^.get.+\.wav.$"
                                                                              add name="Extension " .rm "" regexp="^.get.+\.rm.$"
                                                                              add name="Extension " .rmvb "" regexp="^.get.+\.rmvb.$"
                                                                              add name="Extension " .dat "" regexp="^.get.+\.dat.$"
                                                                              add name="Extension " .daa "" regexp="^.get.+\.daa.$"
                                                                              add name="Extension " .iso "" regexp="^.get.+\.iso.$"
                                                                              add name="Extension " .nrg "" regexp="^.get.+\.nrg.$"
                                                                              add name="Extension " .bin "" regexp="^.get.+\.bin.$"
                                                                              add name="Extension " .vcd "" regexp="^.get.+\.vcd.$"
                                                                              add name="Extension " .mp2 "" regexp="^.get.+\.mp2.$"
                                                                              add name="Extension " .3gp "" regexp="^.get.+\.3gp.$"
                                                                              add name="Extension " .mpe "" regexp="^.get.+\.mpe.$"
                                                                              add name="Extension " .qt "" regexp="^.get.+\.qt.$"
                                                                              add name="Extension " .raw "" regexp="^.get.+\.raw.$"
                                                                              add name="Extension " .wma "" regexp="^.get.+\.wma.$"
                                                                              add name="Extension " .ogg "" regexp="^.get.+\.ogg.$"
                                                                              add name="Extension " .doc "" regexp="^.get.+\.doc.$"
                                                                              add name="Extension " .ram "" regexp="^.get.+\.ram.$"
                                                                              add name=edonkey regexp="^[\C5\D4\E3-\E5].?.?.?.?([\01\02\05\14\15\16\18
                                                                                  \19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99
                                                                                  \9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y….............?[ -~]|\96….$)"
                                                                              add name=goboogy regexp="<peerplat>|^get /getfilebyhash\.cgi\?|^get /queue_
                                                                                  register\.cgi\?|^get /getupdowninfo\.cgi\?"
                                                                              add name=soribada regexp="^GETMP3\r
                                                                                  \nFilename|^\01.?.?.?(Q:\+|Q2:)|^\10[\14-\16]\10[\15-\17].?.?.?.?
                                                                                  $"
                                                                              add name=rdp regexp=rdpdr.cliprdr.rdpsnd
                                                                              add name=gnutella regexp="^(gnd[\01\02]?.?.?\01|gnutella connect/[012]\.[0
                                                                                  -9]\r
                                                                                  \n|get /uri-res/n2r\?urn:sha1:|get /.user-agent: (gtk-gnutella|bearshar
                                                                                  e|mactella|gnucleus|gnotella|limewire|imesh)|get /.content-type: applicat
                                                                                  ion/x-gnutella-packets|giv [0-9]
                                                                              :[0-9a-f]
                                                                              /|queue [0-9a-f]
                                                                              [1-9][0-9]?[
                                                                                  0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[
                                                                                  1-9][0-9]?[0-9]?[0-9]?|gnutella.content-type: application/x-gnutella|.
                                                                                  …...............?lime)"
                                                                              add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST
                                                                                  \n"
                                                                              add name=nbns regexp="\01\10\01|\)\10\01\01|0\10\01"
                                                                              add name=shoutcast regexp=
                                                                                  "icy [1-5][0-9][0-9] [\t-\r -~]
                                                                              (content-type:audio|icy-)"
                                                                              add name=dns regexp="^.?.?.?.?[\01\02].?.?.?.?.?.?[\01-?][a-z0-9][
                                                                                  \01-?a-z]
                                                                              [\02-\06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\01-\10\1C][
                                                                                  \01\03\04\FF]"
                                                                              add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
                                                                              add name=poco regexp="^\80\94
                                                                                  \n\01….\1F\9E"
                                                                              add name=ciscovpn regexp="^\01\F4\01\F4"
                                                                              add name=x11 regexp="^[lb].?\0B"
                                                                              add name=xboxlive regexp="^X\80….....\F3|^\06XN"
                                                                              add name=applejuice regexp="^ajprot\r
                                                                                  \n"
                                                                              add name=zmaap regexp="^\1B\D7;H[\01\02]\01?\01"
                                                                              add name=live365 regexp=membername.session.player
                                                                              add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00"
                                                                              add name=http regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]
                                                                              (con
                                                                                  nection:|content-type:|content-length:|date:)|post [\t-\r -~]
                                                                              http/[01]\
                                                                                  .[019]"
                                                                              add name=sip regexp=
                                                                                  "^(invite|register|cancel) sip[\t-\r -~]sip/[0-2]\.[0-9]"
                                                                              add name=pop3 regexp="^(\+ok |-err )"
                                                                              add name=smb regexp="\FFsmb[r%]"
                                                                              add name=quake1 regexp="^\80\0C\01quake\03"
                                                                              add name=lpd regexp="^(\01[!-~]+|\02[!-~]+
                                                                                  \n.[\01\02\03][\01-
                                                                                  \n -~]
                                                                              |[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]|\05[!-~]+[\t-\r]+([a-z][!-~
                                                                                  ]
                                                                              [\t-\r]+[1-9][0-9]?[0-9]?|root[\t-\r]+[!-~]+).)
                                                                                  \n$"
                                                                              add name=mute regexp="^(Public|AES)Key: [0-9a-f]

                                                                                  \nEnd(Public|AES)Key
                                                                                  \n$"
                                                                              add name=ssh regexp="^ssh-[12]\.[0-9]"
                                                                              add name=jabber regexp=
                                                                                  "<stream:stream[\t-\r ][="" -~][\t-\r="" ]xmlns="['&quot;]jabber"<br">add name=ncp regexp="^(dmdt.\01.(""|\11\11|uu)|tncp.33)"
                                                                              add name=tls regexp="^(.?.?\16\03.
                                                                              \16\03|.?.?\01\03\01?.
                                                                              \0B)"
                                                                              add name=directconnect regexp="^(\$mynick |\$lock |\$key )"
                                                                              add name=netbios regexp="\81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-
                                                                                  P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A
                                                                                  -P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][
                                                                                  A-P][A-P]"
                                                                              add name=tftp regexp="^(\01|\02)[ -~](netascii|octet|mail)"
                                                                              add name=subspace regexp="^\01….\11\10........\01$"
                                                                              add name=hotline regexp="^....................TRTPHOTL\01\02"
                                                                              add name=doom3 regexp="^\FF\FFchallenge"
                                                                              add name=ftp regexp="^220[\t-\r -~]ftp"
                                                                              add name=kugoo regexp="^1..\8E"
                                                                              add name=tsp regexp="^[\01-\13\16-$]\01.?.?.?.?.?.?.?.?.?.?[ -~]+"
                                                                              add name=battlefield1942 regexp="^\01\11\10\|\F8\02\10@\06"
                                                                              add name=ssdp regexp="^notify[\t-\r ]\
                                                                              [\t-\r ]http/1\.1[\t-\r -~]ssdp:(ali
                                                                                  ve|byebye)|^m-search[\t-\r ]\
                                                                              [\t-\r ]http/1\.1[\t-\r -~]ssdp:discover"
                                                                              add name=imap regexp="^(\
                                                                              ok|a[0-9]+ noop)"
                                                                              add name=ares regexp="^\03[]Z].?.?\05$"
                                                                              add name=fasttrack regexp="^get (/.download/[ -~]
                                                                              |/.supernode[ -~]|/.status[
                                                                                  -~]|/.network[ -~]|/.files|/.hash=[0-9a-f]/[ -~]) http/1.1|user-agent:
                                                                                  kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g
                                                                                  ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?"
                                                                              add name=qq regexp="^.?\02.+\03$"
                                                                              add name=100bao regexp="^\01\01\05
                                                                                  \n"
                                                                              add name=aim regexp=
                                                                                  "^(\
                                                                              [\01\02].\03\0B|\\01.?.?.?.?\01)|flapon|toc_signon.0x"
                                                                              add name=unknown regexp=.
                                                                              add name=msn-filetransfer regexp=
                                                                                  "^(ver [ -~]msnftp\r
                                                                                  \nver msnftp\r
                                                                                  \nusr|method msnmsgr:)"
                                                                              add name=yahoo regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].
                                                                              \C0\80"
                                                                              add name=validcertssl regexp="^(.?.?\16\03.
                                                                              \16\03|.?.?\01\03\01?.\0B).
                                                                                  (thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust
                                                                                  _root|entrust\.net limited)"
                                                                              add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C$]…....?.?.?.?.?.?.
                                                                                  ?.?.?[\C6-\FF])"
                                                                              add name=gnucleuslan regexp=
                                                                                  "gnuclear connect/[\t-\r -~]user-agent: gnucleus [\t-\r -~]lan:"
                                                                              add name=vnc regexp="^rfb 00[1-9]\.00[0-9]
                                                                                  \n$"
                                                                              add name=bgp regexp=
                                                                                  "^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..?\01[\03\04]"
                                                                              add name=tesla regexp="\03\9A\89"111\.00 Beta |\E2<i\1e\1c\e9"<br>add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
                                                                              add name=h323 regexp=
                                                                                  "^\03..?\08…?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\05"
                                                                              add name=finger regexp=
                                                                                  "^[a-z][a-z0-9\-_]+|login: [\t-\r -~]
                                                                              name: [\t-\r -~]
                                                                              Directory:"
                                                                              add name=ident regexp="^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\t-\r],[\t-\r][1-9
                                                                                  ][0-9]?[0-9]?[0-9]?[0-9]?(\r
                                                                                  \n|[\r
                                                                                  \n])?$"
                                                                              add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]
                                                                                  \n$"
                                                                              add name=hddtemp regexp=
                                                                                  "^\|/dev/[a-z][a-z][a-z]\|[0-9a-z]\|[0-9][0-9]\|[cfk]\|"
                                                                              add name=socks regexp="\05[\01-\08]
                                                                              \05[\01-\08]?.\05[\01-\03][\01\03].\05[
                                                                                  \01-\08]?[\01\03]"
                                                                              add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+$"
                                                                              add name=dhcp regexp="^[\01\02][\01- ]\06.c\82sc"
                                                                              add name=smtp regexp="^220[\t-\r -~]
                                                                              (e?smtp|simple mail)"
                                                                              add name=ipp regexp=ipp://
                                                                              add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]? [\t-\r -~]cvr0\r
                                                                                  \n$|usr 1 [!-~]+ [0-9. ]+\r
                                                                                  \n$|ans 1 [!-~]+ [0-9. ]+\r
                                                                                  \n$"
                                                                              add name=irc regexp="^(nick[\t-\r -~]user[\t-\r -~]:|user[\t-\r -~]
                                                                              :[\02-\r
                                                                                  _-~]nick[\t-\r -~]\r
                                                                                  \n)"
                                                                              add name=gopher regexp="^[\t-\r][1-9,+tgi][\t-\r -~]\t[\t-\r -~]\t[a-z0-9.]
                                                                                  \.[a-z][a-z].?.?\t[1-9]"
                                                                              add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
                                                                              add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].?.?.?.?\02\01.?
                                                                                  \02\01.?0|\A4\06.+@\04.?.?.?.?\02\01.?\02\01.?C)"
                                                                              add name=nntp regexp=
                                                                                  "^(20[01][\t-\r -~]AUTHINFO USER|20[01][\t-\r -~]news)"
                                                                              add name=aimwebcontent regexp=user-agent:aim/
                                                                              add name=rtsp regexp="rtsp/1.0 200 ok"
                                                                              add name=skypeout regexp="^(\01.?.?.?.?.?.?.?.?\01|\02.?.?.?.?.?.
                                                                                  ?.?.?\02|\03.?.?.?.?.?.?.?.?\03|\04.?.?.?.?.?.?.?.?\04|
                                                                                  \05.?.?.?.?.?.?.?.?\05|\06.?.?.?.?.?.?.?.?\06|\07.?.?.?
                                                                                  .?.?.?.?.?\07|\08.?.?.?.?.?.?.?.?\08|\t.?.?.?.?.?.?.?.
                                                                                  ?\t|
                                                                                  \n.?.?.?.?.?.?.?.?
                                                                                  \n|\0B.?.?.?.?.?.?.?.?\0B|\0C.?.?.?.?.?.?.?.?\0C|\r.?.?.
                                                                                  ?.?.?.?.?.?\r|\0E.?.?.?.?.?.?.?.?\0E|\0F.?.?.?.?.?.?.
                                                                                  ?.?\0F|\10.?.?.?.?.?.?.?.?\10|\11.?.?.?.?.?.?.?.?\11|\12
                                                                                  .?.?.?.?.?.?.?.?\12|\13.?.?.?.?.?.?.?.?\13|\14.?.?.?.?
                                                                                  .?.?.?.?\14|\15.?.?.?.?.?.?.?.?\15|\16.?.?.?.?.?.?.?.?
                                                                                  \16|\17.?.?.?.?.?.?.?.?\17|\18.?.?.?.?.?.?.?.?\18|\19.?.
                                                                                  ?.?.?.?.?.?.?\19|\1A.?.?.?.?.?.?.?.?\1A|\1B.?.?.?.?.?.
                                                                                  ?.?.?\1B|\1C.?.?.?.?.?.?.?.?\1C|\1D.?.?.?.?.?.?.?.?\1D|
                                                                                  \1E.?.?.?.?.?.?.?.?\1E|\1F.?.?.?.?.?.?.?.?\1F| .?.?.?.
                                                                                  ?.?.?.?.? |!.?.?.?.?.?.?.?.?!|".?.?.?.?.?.?.?.?"|#.
                                                                                  ?.?.?.?.?.?.?.?#|\$.?.?.?.?.?.?.?.?\$|%.?.?.?.?.?
                                                                                  .?.?.?%|&.?.?.?.?.?.?.?.?&|'.?.?.?.?.?.?.?.?'|\(.?.?
                                                                                  .?.?.?.?.?.?\(|\).?.?.?.?.?.?.?.?\)|\
                                                                              .?.?.?.?.?.?
                                                                                  .?.?\
                                                                              |\+.?.?.?.?.?.?.?.?\+|,.?.?.?.?.?.?.?.?,|-.?.
                                                                                  ?.?.?.?.?.?.?-|\..?.?.?.?.?.?.?.?\.|/.?.?.?.?.?.?.
                                                                                  ?.?/|0.?.?.?.?.?.?.?.?0|1.?.?.?.?.?.?.?.?1|2.?.?.?.?
                                                                                  .?.?.?.?2|3.?.?.?.?.?.?.?.?3|4.?.?.?.?.?.?.?.?4|5.?.
                                                                                  ?.?.?.?.?.?.?5|6.?.?.?.?.?.?.?.?6|7.?.?.?.?.?.?.?.?
                                                                                  7|8.?.?.?.?.?.?.?.?8|9.?.?.?.?.?.?.?.?9|:.?.?.?.?.?.
                                                                                  ?.?.?:|;.?.?.?.?.?.?.?.?;|<.?.?.?.?.?.?.?.?<|=.?.?.?
                                                                                  .?.?.?.?.?=|>.?.?.?.?.?.?.?.?>|\?.?.?.?.?.?.?.?.?\
                                                                                  ?|@.?.?.?.?.?.?.?.?@|A.?.?.?.?.?.?.?.?A|B.?.?.?.?.?.
                                                                                  ?.?.?B|C.?.?.?.?.?.?.?.?C|D.?.?.?.?.?.?.?.?D|E.?.?.?
                                                                                  .?.?.?.?.?E|F.?.?.?.?.?.?.?.?F|G.?.?.?.?.?.?.?.?G|H.
                                                                                  ?.?.?.?.?.?.?.?H|I.?.?.?.?.?.?.?.?I|J.?.?.?.?.?.?.?
                                                                                  .?J|K.?.?.?.?.?.?.?.?K|L.?.?.?.?.?.?.?.?L|M.?.?.?.?.
                                                                                  ?.?.?.?M|N.?.?.?.?.?.?.?.?N|O.?.?.?.?.?.?.?.?O|P.?.?
                                                                                  .?.?.?.?.?.?P|Q.?.?.?.?.?.?.?.?Q|R.?.?.?.?.?.?.?.?R|
                                                                                  S.?.?.?.?.?.?.?.?S|T.?.?.?.?.?.?.?.?T|U.?.?.?.?.?.?.
                                                                                  ?.?U|V.?.?.?.?.?.?.?.?V|W.?.?.?.?.?.?.?.?W|X.?.?.?.?
                                                                                  .?.?.?.?X|Y.?.?.?.?.?.?.?.?Y|Z.?.?.?.?.?.?.?.?Z|[.?
                                                                                  .?.?.?.?.?.?.?[|].?.?.?.?.?.?.?.?]|].?.?.?.?.?
                                                                                  .?.?.?]|\^.?.?.?.?.?.?.?.?\^|.?.?.?.?.?.?.?.?|`.
                                                                                  ?.?.?.?.?.?.?.?`|a.?.?.?.?.?.?.?.?a|b.?.?.?.?.?.?.?
                                                                                  .?b|c.?.?.?.?.?.?.?.?c|d.?.?.?.?.?.?.?.?d|e.?.?.?.?.
                                                                                  ?.?.?.?e|f.?.?.?.?.?.?.?.?f|g.?.?.?.?.?.?.?.?g|h.?.?
                                                                                  .?.?.?.?.?.?h|i.?.?.?.?.?.?.?.?i|j.?.?.?.?.?.?.?.?j|
                                                                                  k.?.?.?.?.?.?.?.?k|l.?.?.?.?.?.?.?.?l|m.?.?.?.?.?.?.
                                                                                  ?.?m|n.?.?.?.?.?.?.?.?n|o.?.?.?.?.?.?.?.?o|p.?.?.?.?
                                                                                  .?.?.?.?p|q.?.?.?.?.?.?.?.?q|r.?.?.?.?.?.?.?.?r|s.?.
                                                                                  ?.?.?.?.?.?.?s|t.?.?.?.?.?.?.?.?t|u.?.?.?.?.?.?.?.?
                                                                                  u|v.?.?.?.?.?.?.?.?v|w.?.?.?.?.?.?.?.?w|x.?.?.?.?.?.
                                                                                  ?.?.?x|y.?.?.?.?.?.?.?.?y|z.?.?.?.?.?.?.?.?z|\{.?.?.
                                                                                  ?.?.?.?.?.?\{|\|.?.?.?.?.?.?.?.?\||\}.?.?.?.?.?.?.
                                                                                  ?.?\}|~.?.?.?.?.?.?.?.?~|\7F.?.?.?.?.?.?.?.?\7F|\80.?.
                                                                                  ?.?.?.?.?.?.?\80|\81.?.?.?.?.?.?.?.?\81|\82.?.?.?.?.?.
                                                                                  ?.?.?\82|\83.?.?.?.?.?.?.?.?\83|\84.?.?.?.?.?.?.?.?\84|
                                                                                  \85.?.?.?.?.?.?.?.?\85|\86.?.?.?.?.?.?.?.?\86|\87.?.?.?
                                                                                  .?.?.?.?.?\87|\88.?.?.?.?.?.?.?.?\88|\89.?.?.?.?.?.?.?
                                                                                  .?\89|\8A.?.?.?.?.?.?.?.?\8A|\8B.?.?.?.?.?.?.?.?\8B|\8C.
                                                                                  ?.?.?.?.?.?.?.?\8C|\8D.?.?.?.?.?.?.?.?\8D|\8E.?.?.?.?.
                                                                                  ?.?.?.?\8E|\8F.?.?.?.?.?.?.?.?\8F|\90.?.?.?.?.?.?.?.?
                                                                                  \90|\91.?.?.?.?.?.?.?.?\91|\92.?.?.?.?.?.?.?.?\92|\93.?.
                                                                                  ?.?.?.?.?.?.?\93|\94.?.?.?.?.?.?.?.?\94|\95.?.?.?.?.?.
                                                                                  ?.?.?\95|\96.?.?.?.?.?.?.?.?\96|\97.?.?.?.?.?.?.?.?\97|
                                                                                  \98.?.?.?.?.?.?.?.?\98|\99.?.?.?.?.?.?.?.?\99|\9A.?.?.?
                                                                                  .?.?.?.?.?\9A|\9B.?.?.?.?.?.?.?.?\9B|\9C.?.?.?.?.?.?.?
                                                                                  .?\9C|\9D.?.?.?.?.?.?.?.?\9D|\9E.?.?.?.?.?.?.?.?\9E|\9F.
                                                                                  ?.?.?.?.?.?.?.?\9F|\A0.?.?.?.?.?.?.?.?\A0|\A1.?.?.?.?.
                                                                                  ?.?.?.?\A1|\A2.?.?.?.?.?.?.?.?\A2|\A3.?.?.?.?.?.?.?.?
                                                                                  \A3|\A4.?.?.?.?.?.?.?.?\A4|\A5.?.?.?.?.?.?.?.?\A5|\A6.?.
                                                                                  ?.?.?.?.?.?.?\A6|\A7.?.?.?.?.?.?.?.?\A7|\A8.?.?.?.?.?.
                                                                                  ?.?.?\A8|\A9.?.?.?.?.?.?.?.?\A9|\AA.?.?.?.?.?.?.?.?\AA|
                                                                                  \AB.?.?.?.?.?.?.?.?\AB|\AC.?.?.?.?.?.?.?.?\AC|\AD.?.?.?
                                                                                  .?.?.?.?.?\AD|\AE.?.?.?.?.?.?.?.?\AE|\AF.?.?.?.?.?.?.?
                                                                                  .?\AF|\B0.?.?.?.?.?.?.?.?\B0|\B1.?.?.?.?.?.?.?.?\B1|\B2.
                                                                                  ?.?.?.?.?.?.?.?\B2|\B3.?.?.?.?.?.?.?.?\B3|\B4.?.?.?.?.
                                                                                  ?.?.?.?\B4|\B5.?.?.?.?.?.?.?.?\B5|\B6.?.?.?.?.?.?.?.?
                                                                                  \B6|\B7.?.?.?.?.?.?.?.?\B7|\B8.?.?.?.?.?.?.?.?\B8|\B9.?.
                                                                                  ?.?.?.?.?.?.?\B9|\BA.?.?.?.?.?.?.?.?\BA|\BB.?.?.?.?.?.
                                                                                  ?.?.?\BB|\BC.?.?.?.?.?.?.?.?\BC|\BD.?.?.?.?.?.?.?.?\BD|
                                                                                  \BE.?.?.?.?.?.?.?.?\BE|\BF.?.?.?.?.?.?.?.?\BF|\C0.?.?.?
                                                                                  .?.?.?.?.?\C0|\C1.?.?.?.?.?.?.?.?\C1|\C2.?.?.?.?.?.?.?
                                                                                  .?\C2|\C3.?.?.?.?.?.?.?.?\C3|\C4.?.?.?.?.?.?.?.?\C4|\C5.
                                                                                  ?.?.?.?.?.?.?.?\C5|\C6.?.?.?.?.?.?.?.?\C6|\C7.?.?.?.?.
                                                                                  ?.?.?.?\C7|\C8.?.?.?.?.?.?.?.?\C8|\C9.?.?.?.?.?.?.?.?
                                                                                  \C9|\CA.?.?.?.?.?.?.?.?\CA|\CB.?.?.?.?.?.?.?.?\CB|\CC.?.
                                                                                  ?.?.?.?.?.?.?\CC|\CD.?.?.?.?.?.?.?.?\CD|\CE.?.?.?.?.?.
                                                                                  ?.?.?\CE|\CF.?.?.?.?.?.?.?.?\CF|\D0.?.?.?.?.?.?.?.?\D0|
                                                                                  \D1.?.?.?.?.?.?.?.?\D1|\D2.?.?.?.?.?.?.?.?\D2|\D3.?.?.?
                                                                                  .?.?.?.?.?\D3|\D4.?.?.?.?.?.?.?.?\D4|\D5.?.?.?.?.?.?.?
                                                                                  .?\D5|\D6.?.?.?.?.?.?.?.?\D6|\D7.?.?.?.?.?.?.?.?\D7|\D8.
                                                                                  ?.?.?.?.?.?.?.?\D8|\D9.?.?.?.?.?.?.?.?\D9|\DA.?.?.?.?.
                                                                                  ?.?.?.?\DA|\DB.?.?.?.?.?.?.?.?\DB|\DC.?.?.?.?.?.?.?.?
                                                                                  \DC|\DD.?.?.?.?.?.?.?.?\DD|\DE.?.?.?.?.?.?.?.?\DE|\DF.?.
                                                                                  ?.?.?.?.?.?.?\DF|\E0.?.?.?.?.?.?.?.?\E0|\E1.?.?.?.?.?.
                                                                                  ?.?.?\E1|\E2.?.?.?.?.?.?.?.?\E2|\E3.?.?.?.?.?.?.?.?\E3|
                                                                                  \E4.?.?.?.?.?.?.?.?\E4|\E5.?.?.?.?.?.?.?.?\E5|\E6.?.?.?
                                                                                  .?.?.?.?.?\E6|\E7.?.?.?.?.?.?.?.?\E7|\E8.?.?.?.?.?.?.?
                                                                                  .?\E8|\E9.?.?.?.?.?.?.?.?\E9|\EA.?.?.?.?.?.?.?.?\EA|\EB.
                                                                                  ?.?.?.?.?.?.?.?\EB|\EC.?.?.?.?.?.?.?.?\EC|\ED.?.?.?.?.
                                                                                  ?.?.?.?\ED|\EE.?.?.?.?.?.?.?.?\EE|\EF.?.?.?.?.?.?.?.?
                                                                                  \EF|\F0.?.?.?.?.?.?.?.?\F0|\F1.?.?.?.?.?.?.?.?\F1|\F2.?.
                                                                                  ?.?.?.?.?.?.?\F2|\F3.?.?.?.?.?.?.?.?\F3|\F4.?.?.?.?.?.
                                                                                  ?.?.?\F4|\F5.?.?.?.?.?.?.?.?\F5|\F6.?.?.?.?.?.?.?.?\F6|
                                                                                  \F7.?.?.?.?.?.?.?.?\F7|\F8.?.?.?.?.?.?.?.?\F8|\F9.?.?.?
                                                                                  .?.?.?.?.?\F9|\FA.?.?.?.?.?.?.?.?\FA|\FB.?.?.?.?.?.?.?
                                                                                  .?\FB|\FC.?.?.?.?.?.?.?.?\FC|\FD.?.?.?.?.?.?.?.?\FD|\FE.
                                                                                  ?.?.?.?.?.?.?.?\FE|\FF.?.?.?.?.?.?.?.?\FF)"
                                                                              add name=skypetoskype regexp="^..\02….........."
                                                                              add name=counterstrike-source regexp="^\FF\FF\FF\FF.cstrikeCounter-Strike"
                                                                              add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.hl2mpDeathmatch"
                                                                              add name=freenet regexp="^\01[\08\t][\03\04]"
                                                                              add name=battlefield2 regexp="^(\11 \01…?\11|\FE\FD.?.?.?.?.?.?(\14
                                                                                  \01\06|\FF\FF\FF))|[]\01].?battlefield2"
                                                                              add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0
                                                                                  -9]? "[\t-\r -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\t-\r -~]+")"
                                                                              add name=soulseek regexp="^(\05..?|.\01.[ -~]+\01F..?.?.?.?.?.?.?)$"
                                                                              add name=xunlei regexp="^[()]…?.?.?(reg|get|query)"
                                                                              add name=ssl regexp="^(.?.?\16\03.
                                                                              \16\03|.?.?\01\03\01?.
                                                                              \0B)"
                                                                              add name=citrix regexp="2&\85\92X"
                                                                              add name=whois regexp="^[ !-~]+\r
                                                                                  \n$"
                                                                              add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.dodDay of Defeat"
                                                                              add name=teamspeak regexp="^\F4\BE\03.teamspeak"
                                                                              add name=worldofwarcraft regexp="^\06\EC\01"
                                                                              add name=ventrilo regexp="^..?v\$\CF"
                                                                              add name=http-rtsp regexp="^(get[\t-\r -~]
                                                                              Accept: application/x-rtsp-tunnell
                                                                                  ed|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]a=control:rtsp://)"
                                                                              add name=thecircle regexp=
                                                                                  "^t\03ni.?[\01-\06]?t[\01-\05]s[
                                                                                  \n\0B](glob|who are you$|query data)"
                                                                              add name=uucp regexp="^\10here="
                                                                              add name=pcanywhere regexp="^(nq|st)$"
                                                                              add name=subversion regexp="^\( success \( 1 2 \("
                                                                              add name=imesh regexp="^(post[\t-\r -~]
                                                                              <passwordhash>….....................
                                                                                  ........</passwordhash><clientver>|4\80?\r?\FC\FF\04|get[\t-\r -~]Host:
                                                                                  _imsh\.download-prod\.musicnet\.com|\02(\01|\02)\83.?.?.?.?.?.?.
                                                                                  ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\02(\01|
                                                                                  \02)\83)"
                                                                              add name=cimd regexp="\02[0-4][0-9]:[0-9]+.
                                                                              \03$"
                                                                              add name=mohaa regexp="^\FF\FF\FF\FFgetstatus
                                                                                  \n"
                                                                              add name=stun regexp="^[\01\02]….............?$"
                                                                              add name=tor regexp=TOR1.
                                                                              <identity>add name=radmin regexp="^\01\01(\08\08|\1B\1B)$"
                                                                              add name=unset regexp=.
                                                                              add name=chikka regexp="^CTPv1.[123] Kamusta.
                                                                              \r
                                                                                  \n$"
                                                                              add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\.9|1\.0|1\
                                                                                  .1) [1-5][0-9][0-9] [\t-\r -~]
                                                                              #####REPLAY_CHUNK_START#####)"
                                                                              add name=armagetron regexp=YCLC_E|CYEL
                                                                              add name=bittorrent regexp="^(\x13bittorrent protocol|azver\x01$|get /scrap
                                                                                  e\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data
                                                                                  \?fid=)|d1:ad2:id20:|\x08'7P\)[RP]"

                                                                              Setting Manglenya :
                                                                              /ip firewall mangle
                                                                              add action=mark-connection chain=prerouting comment=exe disabled=no
                                                                                  layer7-protocol="Extension " .exe "" new-connection-mark=exe_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no
                                                                                  new-packet-mark=exe passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=zip disabled=no
                                                                                  layer7-protocol="Extension " .zip"" new-connection-mark=zip_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no
                                                                                  new-packet-mark=zip passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=rar disabled=no
                                                                                  layer7-protocol="Extension " .rar"" new-connection-mark=rar_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no
                                                                                  new-packet-mark=rar passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=cab disabled=no
                                                                                  layer7-protocol="Extension " .cab "" new-connection-mark=cab_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no
                                                                                  new-packet-mark=cab passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=asf disabled=no
                                                                                  layer7-protocol="Extension " .asf "" new-connection-mark=asf_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no
                                                                                  new-packet-mark=asf passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mov disabled=no
                                                                                  layer7-protocol="Extension " .mov "" new-connection-mark=mov_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no
                                                                                  new-packet-mark=mov passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=wmv disabled=no
                                                                                  layer7-protocol="Extension " .wmv "" new-connection-mark=wmv_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no
                                                                                  new-packet-mark=wmv passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mpg disabled=no
                                                                                  layer7-protocol="Extension " .mpg "" new-connection-mark=mpg_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no
                                                                                  new-packet-mark=mpg passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mkv disabled=no
                                                                                  layer7-protocol="Extension " .mkv "" new-connection-mark=mkv_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no
                                                                                  new-packet-mark=mkv passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=avi disabled=no
                                                                                  layer7-protocol="Extension " .avi "" new-connection-mark=avi_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no
                                                                                  new-packet-mark=avi passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=flv disabled=no
                                                                                  layer7-protocol="Extension " .flv "" new-connection-mark=flv_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no
                                                                                  new-packet-mark=flv passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=pdf disabled=no
                                                                                  layer7-protocol="Extension " .pdf "" new-connection-mark=pdf_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no
                                                                                  new-packet-mark=pdf passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=wav disabled=no
                                                                                  layer7-protocol="Extension " .wav "" new-connection-mark=wav_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no
                                                                                  new-packet-mark=wav passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=rm disabled=no
                                                                                  layer7-protocol="Extension " .rm "" new-connection-mark=rm_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no
                                                                                  new-packet-mark=rm passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mp3 disabled=no
                                                                                  layer7-protocol="Extension " .mp3 "" new-connection-mark=mp3_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no
                                                                                  new-packet-mark=mp3 passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mp4 disabled=no
                                                                                  layer7-protocol="Extension " .mp4 "" new-connection-mark=mp4_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no
                                                                                  new-packet-mark=mp4 passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=ram disabled=no
                                                                                  layer7-protocol="Extension " .ram "" new-connection-mark=ram_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no
                                                                                  new-packet-mark=ram passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=rmvb disabled=no
                                                                                  layer7-protocol="Extension " .rmvb "" new-connection-mark=rmvb_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no
                                                                                  new-packet-mark=rmvb passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=dat disabled=no
                                                                                  layer7-protocol="Extension " .dat "" new-connection-mark=dat_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no
                                                                                  new-packet-mark=dat passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=daa disabled=no
                                                                                  layer7-protocol="Extension " .daa "" new-connection-mark=daa_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no
                                                                                  new-packet-mark=daa passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=iso disabled=no
                                                                                  layer7-protocol="Extension " .iso "" new-connection-mark=iso_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no
                                                                                  new-packet-mark=iso passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=bin disabled=no
                                                                                  layer7-protocol="Extension " .bin "" new-connection-mark=bin_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no
                                                                                  new-packet-mark=bin passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=vcd disabled=no
                                                                                  layer7-protocol="Extension " .vcd "" new-connection-mark=vcd_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no
                                                                                  new-packet-mark=vcd passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mp2 disabled=no
                                                                                  layer7-protocol="Extension " .mp2 "" new-connection-mark=mp2_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no
                                                                                  new-packet-mark=mp2 passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=3gp disabled=no
                                                                                  layer7-protocol="Extension " .3gp "" new-connection-mark=3gp_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no
                                                                                  new-packet-mark=3gp passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=mpe disabled=no
                                                                                  layer7-protocol="Extension " .mpe "" new-connection-mark=mpe_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no
                                                                                  new-packet-mark=mpe passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=qt disabled=no
                                                                                  layer7-protocol="Extension " .qt "" new-connection-mark=qt_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no
                                                                                  new-packet-mark=qt passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=raw disabled=no
                                                                                  layer7-protocol="Extension " .raw "" new-connection-mark=raw_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no
                                                                                  new-packet-mark=raw passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=wma disabled=no
                                                                                  layer7-protocol="Extension " .wma "" new-connection-mark=wma_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no
                                                                                  new-packet-mark=wma passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=ogg disabled=no
                                                                                  layer7-protocol="Extension " .ogg "" new-connection-mark=ogg_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no
                                                                                  new-packet-mark=ogg passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=doc disabled=no
                                                                                  layer7-protocol="Extension " .doc "" new-connection-mark=doc_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no
                                                                                  new-packet-mark=doc passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=applejuice disabled=no
                                                                                  layer7-protocol=applejuice new-connection-mark=applejuice_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=applejuice_conn
                                                                                  disabled=no new-packet-mark=applejuice passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=ares disabled=no
                                                                                  layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no
                                                                                  new-packet-mark=ares passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=bittorent disabled=no
                                                                                  layer7-protocol=bittorrent new-connection-mark=bittorent_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=bittorent_conn
                                                                                  disabled=no new-packet-mark=bittorent passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=chikka disabled=no
                                                                                  layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=
                                                                                  no new-packet-mark=chika passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=directconnect disabled=no
                                                                                  layer7-protocol=directconnect new-connection-mark=directconnect_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=directconnect_conn
                                                                                  disabled=no new-packet-mark=directconnect passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=ftp disabled=no
                                                                                  layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=ftp disabled=no
                                                                                  new-packet-mark=ftp passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=doom3 disabled=no
                                                                                  layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=
                                                                                  no new-packet-mark=doom3 passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=edonkey disabled=no
                                                                                  layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=edonkey_conn
                                                                                  disabled=no new-packet-mark=edonkey passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no
                                                                                  layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no
                                                                                  new-packet-mark=fastrack passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=gnutella disabled=no
                                                                                  layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=
                                                                                  yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=gnutella_conn
                                                                                  disabled=no new-packet-mark=gnutella passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=skype disabled=no
                                                                                  layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes
                                                                                  protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=
                                                                                  no new-packet-mark=skype passthrough=no
                                                                              add action=mark-connection chain=prerouting comment=7z disabled=no
                                                                                  layer7-protocol="Extension " .7z "" new-connection-mark=7z_conn
                                                                                  passthrough=yes protocol=tcp
                                                                              add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no
                                                                                  new-packet-mark=7z passthrough=no

                                                                              Yang terakhir kita buat management bandwidht menggunakan queue tree.
                                                                              ( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )

                                                                              Buat parent dulu seperti ini :
                                                                              /queue tree
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=128k name="traffic shapping" parent=global-out priority=8
                                                                              ( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )

                                                                              setelah itu setting childnya seperti ini :

                                                                              /queue tree
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=applejuice packet-mark=applejuice parent=
                                                                                  "traffic shapping" priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=ares packet-mark=ares parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=8 name=bittorent packet-mark=bittorent parent=
                                                                                  "traffic shapping" priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=chika packet-mark=chika parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=dconnect packet-mark=directconnect parent=
                                                                                  "traffic shapping" priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8
                                                                                  queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=64k name=skype packet-mark=skype parent="traffic shapping"
                                                                                  priority=8 queue=default
                                                                              add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                  max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8
                                                                                  queue=default

                                                                              ( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss…. wusss.....  wkwk... wk....wk....)

                                                                              semoga bermanfaat.
                                                                              salam</identity></clientver></i\1e\1c\e9"<br></stream:stream[\t-\r></peerplat>

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • O
                                                                                onomlakbok
                                                                                last edited by

                                                                                Thx share setingan mikrotiknya
                                                                                dicoba dulu kl mogok bantuin dorongnya :D

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • H
                                                                                  hd509509
                                                                                  last edited by

                                                                                  @ardy_2006:

                                                                                  Sesuai dengan janji ( janji adalah hutang  :) , insya allah hutang segera terlunasi ) amiiin…. !!

                                                                                  Just share settingan saya Mikocok bersanding dengan PFSense.

                                                                                  Clients ------- Mikrotik 3 port -------- Inet

                                                                                  port 3 mikrotik ----- pfsense ------ inernet

                                                                                  modem : 192.168.2.1

                                                                                  topology mikrotik menggunakan 3 ethernet :
                                                                                  port 1 = WAN  ( 192.168.2.2 )
                                                                                  port 2 = CLIENTS ( 192.168.1.1 )
                                                                                  port 3 = PROXY PFSENSE ( 192.168.3.1 )

                                                                                  topology pfsense menggunakan 2 ethernet :
                                                                                  port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
                                                                                  port 2 = WAN ( 192.168.2.3 )

                                                                                  oke langsung kupas aja.
                                                                                  asumsi mesin pfsense running well & tunning with LUSCA.
                                                                                  oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.html

                                                                                  sebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
                                                                                  Settingan hotspot disini tidak usah dibahas googling aja tutnya.
                                                                                  settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
                                                                                  Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )

                                                                                  setting nat :
                                                                                  chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
                                                                                  ( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )

                                                                                  setting L7 :
                                                                                  /ip firewall layer7-protocol
                                                                                  add name="Extension " .exe "" regexp="^.get.+\.exe.$"
                                                                                  add name="Extension " .mp4 "" regexp="^.get.+\.mp4.$"
                                                                                  add name="Extension " .rar"" regexp="^.get.+\.rar.$"
                                                                                  add name="Extension " .zip"" regexp="^.get.+\.zip.$"
                                                                                  add name="Extension " .mp3 "" regexp="^.get.+\.mp3.$"
                                                                                  add name="Extension " .7z "" regexp="^.get.+\.7z.$"
                                                                                  add name="Extension " .cab "" regexp="^.get.+\.cab.$"
                                                                                  add name="Extension " .asf "" regexp="^.get.+\.asf.$"
                                                                                  add name="Extension " .mov "" regexp="^.get.+\.mov.$"
                                                                                  add name="Extension " .wmv "" regexp="^.get.+\.wmv.$"
                                                                                  add name="Extension " .mpg "" regexp="^.get.+\.mpg.$"
                                                                                  add name="Extension " .mpeg "" regexp="^.get.+\.mpeg.$"
                                                                                  add name="Extension " .mkv "" regexp="^.get.+\.mkv.$"
                                                                                  add name="Extension " .avi "" regexp="^.get.+\.avi.$"
                                                                                  add name="Extension " .flv "" regexp="^.get.+\.flv.$"
                                                                                  add name="Extension " .pdf "" regexp="^.get.+\.pdf.$"
                                                                                  add name="Extension " .wav "" regexp="^.get.+\.wav.$"
                                                                                  add name="Extension " .rm "" regexp="^.get.+\.rm.$"
                                                                                  add name="Extension " .rmvb "" regexp="^.get.+\.rmvb.$"
                                                                                  add name="Extension " .dat "" regexp="^.get.+\.dat.$"
                                                                                  add name="Extension " .daa "" regexp="^.get.+\.daa.$"
                                                                                  add name="Extension " .iso "" regexp="^.get.+\.iso.$"
                                                                                  add name="Extension " .nrg "" regexp="^.get.+\.nrg.$"
                                                                                  add name="Extension " .bin "" regexp="^.get.+\.bin.$"
                                                                                  add name="Extension " .vcd "" regexp="^.get.+\.vcd.$"
                                                                                  add name="Extension " .mp2 "" regexp="^.get.+\.mp2.$"
                                                                                  add name="Extension " .3gp "" regexp="^.get.+\.3gp.$"
                                                                                  add name="Extension " .mpe "" regexp="^.get.+\.mpe.$"
                                                                                  add name="Extension " .qt "" regexp="^.get.+\.qt.$"
                                                                                  add name="Extension " .raw "" regexp="^.get.+\.raw.$"
                                                                                  add name="Extension " .wma "" regexp="^.get.+\.wma.$"
                                                                                  add name="Extension " .ogg "" regexp="^.get.+\.ogg.$"
                                                                                  add name="Extension " .doc "" regexp="^.get.+\.doc.$"
                                                                                  add name="Extension " .ram "" regexp="^.get.+\.ram.$"
                                                                                  add name=edonkey regexp="^[\C5\D4\E3-\E5].?.?.?.?([\01\02\05\14\15\16\18
                                                                                      \19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99
                                                                                      \9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y….............?[ -~]|\96….$)"
                                                                                  add name=goboogy regexp="<peerplat>|^get /getfilebyhash\.cgi\?|^get /queue_
                                                                                      register\.cgi\?|^get /getupdowninfo\.cgi\?"
                                                                                  add name=soribada regexp="^GETMP3\r
                                                                                      \nFilename|^\01.?.?.?(Q:\+|Q2:)|^\10[\14-\16]\10[\15-\17].?.?.?.?
                                                                                      $"
                                                                                  add name=rdp regexp=rdpdr.cliprdr.rdpsnd
                                                                                  add name=gnutella regexp="^(gnd[\01\02]?.?.?\01|gnutella connect/[012]\.[0
                                                                                      -9]\r
                                                                                      \n|get /uri-res/n2r\?urn:sha1:|get /.user-agent: (gtk-gnutella|bearshar
                                                                                      e|mactella|gnucleus|gnotella|limewire|imesh)|get /.content-type: applicat
                                                                                      ion/x-gnutella-packets|giv [0-9]
                                                                                  :[0-9a-f]
                                                                                  /|queue [0-9a-f]
                                                                                  [1-9][0-9]?[
                                                                                      0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[
                                                                                      1-9][0-9]?[0-9]?[0-9]?|gnutella.content-type: application/x-gnutella|.
                                                                                      …...............?lime)"
                                                                                  add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST
                                                                                      \n"
                                                                                  add name=nbns regexp="\01\10\01|\)\10\01\01|0\10\01"
                                                                                  add name=shoutcast regexp=
                                                                                      "icy [1-5][0-9][0-9] [\t-\r -~]
                                                                                  (content-type:audio|icy-)"
                                                                                  add name=dns regexp="^.?.?.?.?[\01\02].?.?.?.?.?.?[\01-?][a-z0-9][
                                                                                      \01-?a-z]
                                                                                  [\02-\06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\01-\10\1C][
                                                                                      \01\03\04\FF]"
                                                                                  add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
                                                                                  add name=poco regexp="^\80\94
                                                                                      \n\01….\1F\9E"
                                                                                  add name=ciscovpn regexp="^\01\F4\01\F4"
                                                                                  add name=x11 regexp="^[lb].?\0B"
                                                                                  add name=xboxlive regexp="^X\80….....\F3|^\06XN"
                                                                                  add name=applejuice regexp="^ajprot\r
                                                                                      \n"
                                                                                  add name=zmaap regexp="^\1B\D7;H[\01\02]\01?\01"
                                                                                  add name=live365 regexp=membername.session.player
                                                                                  add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00"
                                                                                  add name=http regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]
                                                                                  (con
                                                                                      nection:|content-type:|content-length:|date:)|post [\t-\r -~]
                                                                                  http/[01]\
                                                                                      .[019]"
                                                                                  add name=sip regexp=
                                                                                      "^(invite|register|cancel) sip[\t-\r -~]sip/[0-2]\.[0-9]"
                                                                                  add name=pop3 regexp="^(\+ok |-err )"
                                                                                  add name=smb regexp="\FFsmb[r%]"
                                                                                  add name=quake1 regexp="^\80\0C\01quake\03"
                                                                                  add name=lpd regexp="^(\01[!-~]+|\02[!-~]+
                                                                                      \n.[\01\02\03][\01-
                                                                                      \n -~]
                                                                                  |[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]|\05[!-~]+[\t-\r]+([a-z][!-~
                                                                                      ]
                                                                                  [\t-\r]+[1-9][0-9]?[0-9]?|root[\t-\r]+[!-~]+).)
                                                                                      \n$"
                                                                                  add name=mute regexp="^(Public|AES)Key: [0-9a-f]

                                                                                      \nEnd(Public|AES)Key
                                                                                      \n$"
                                                                                  add name=ssh regexp="^ssh-[12]\.[0-9]"
                                                                                  add name=jabber regexp=
                                                                                      "<stream:stream[\t-\r ][="" -~][\t-\r="" ]xmlns="['&quot;]jabber"<br">add name=ncp regexp="^(dmdt.\01.(""|\11\11|uu)|tncp.33)"
                                                                                  add name=tls regexp="^(.?.?\16\03.
                                                                                  \16\03|.?.?\01\03\01?.
                                                                                  \0B)"
                                                                                  add name=directconnect regexp="^(\$mynick |\$lock |\$key )"
                                                                                  add name=netbios regexp="\81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-
                                                                                      P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A
                                                                                      -P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][
                                                                                      A-P][A-P]"
                                                                                  add name=tftp regexp="^(\01|\02)[ -~](netascii|octet|mail)"
                                                                                  add name=subspace regexp="^\01….\11\10........\01$"
                                                                                  add name=hotline regexp="^....................TRTPHOTL\01\02"
                                                                                  add name=doom3 regexp="^\FF\FFchallenge"
                                                                                  add name=ftp regexp="^220[\t-\r -~]ftp"
                                                                                  add name=kugoo regexp="^1..\8E"
                                                                                  add name=tsp regexp="^[\01-\13\16-$]\01.?.?.?.?.?.?.?.?.?.?[ -~]+"
                                                                                  add name=battlefield1942 regexp="^\01\11\10\|\F8\02\10@\06"
                                                                                  add name=ssdp regexp="^notify[\t-\r ]\
                                                                                  [\t-\r ]http/1\.1[\t-\r -~]ssdp:(ali
                                                                                      ve|byebye)|^m-search[\t-\r ]\
                                                                                  [\t-\r ]http/1\.1[\t-\r -~]ssdp:discover"
                                                                                  add name=imap regexp="^(\
                                                                                  ok|a[0-9]+ noop)"
                                                                                  add name=ares regexp="^\03[]Z].?.?\05$"
                                                                                  add name=fasttrack regexp="^get (/.download/[ -~]
                                                                                  |/.supernode[ -~]|/.status[
                                                                                      -~]|/.network[ -~]|/.files|/.hash=[0-9a-f]/[ -~]) http/1.1|user-agent:
                                                                                      kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g
                                                                                      ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?"
                                                                                  add name=qq regexp="^.?\02.+\03$"
                                                                                  add name=100bao regexp="^\01\01\05
                                                                                      \n"
                                                                                  add name=aim regexp=
                                                                                      "^(\
                                                                                  [\01\02].\03\0B|\\01.?.?.?.?\01)|flapon|toc_signon.0x"
                                                                                  add name=unknown regexp=.
                                                                                  add name=msn-filetransfer regexp=
                                                                                      "^(ver [ -~]msnftp\r
                                                                                      \nver msnftp\r
                                                                                      \nusr|method msnmsgr:)"
                                                                                  add name=yahoo regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].
                                                                                  \C0\80"
                                                                                  add name=validcertssl regexp="^(.?.?\16\03.
                                                                                  \16\03|.?.?\01\03\01?.\0B).
                                                                                      (thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust
                                                                                      _root|entrust\.net limited)"
                                                                                  add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C$]…....?.?.?.?.?.?.
                                                                                      ?.?.?[\C6-\FF])"
                                                                                  add name=gnucleuslan regexp=
                                                                                      "gnuclear connect/[\t-\r -~]user-agent: gnucleus [\t-\r -~]lan:"
                                                                                  add name=vnc regexp="^rfb 00[1-9]\.00[0-9]
                                                                                      \n$"
                                                                                  add name=bgp regexp=
                                                                                      "^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..?\01[\03\04]"
                                                                                  add name=tesla regexp="\03\9A\89"111\.00 Beta |\E2<i\1e\1c\e9"<br>add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
                                                                                  add name=h323 regexp=
                                                                                      "^\03..?\08…?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\05"
                                                                                  add name=finger regexp=
                                                                                      "^[a-z][a-z0-9\-_]+|login: [\t-\r -~]
                                                                                  name: [\t-\r -~]
                                                                                  Directory:"
                                                                                  add name=ident regexp="^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\t-\r],[\t-\r][1-9
                                                                                      ][0-9]?[0-9]?[0-9]?[0-9]?(\r
                                                                                      \n|[\r
                                                                                      \n])?$"
                                                                                  add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]
                                                                                      \n$"
                                                                                  add name=hddtemp regexp=
                                                                                      "^\|/dev/[a-z][a-z][a-z]\|[0-9a-z]\|[0-9][0-9]\|[cfk]\|"
                                                                                  add name=socks regexp="\05[\01-\08]
                                                                                  \05[\01-\08]?.\05[\01-\03][\01\03].\05[
                                                                                      \01-\08]?[\01\03]"
                                                                                  add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+$"
                                                                                  add name=dhcp regexp="^[\01\02][\01- ]\06.c\82sc"
                                                                                  add name=smtp regexp="^220[\t-\r -~]
                                                                                  (e?smtp|simple mail)"
                                                                                  add name=ipp regexp=ipp://
                                                                                  add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]? [\t-\r -~]cvr0\r
                                                                                      \n$|usr 1 [!-~]+ [0-9. ]+\r
                                                                                      \n$|ans 1 [!-~]+ [0-9. ]+\r
                                                                                      \n$"
                                                                                  add name=irc regexp="^(nick[\t-\r -~]user[\t-\r -~]:|user[\t-\r -~]
                                                                                  :[\02-\r
                                                                                      _-~]nick[\t-\r -~]\r
                                                                                      \n)"
                                                                                  add name=gopher regexp="^[\t-\r][1-9,+tgi][\t-\r -~]\t[\t-\r -~]\t[a-z0-9.]
                                                                                      \.[a-z][a-z].?.?\t[1-9]"
                                                                                  add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
                                                                                  add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].?.?.?.?\02\01.?
                                                                                      \02\01.?0|\A4\06.+@\04.?.?.?.?\02\01.?\02\01.?C)"
                                                                                  add name=nntp regexp=
                                                                                      "^(20[01][\t-\r -~]AUTHINFO USER|20[01][\t-\r -~]news)"
                                                                                  add name=aimwebcontent regexp=user-agent:aim/
                                                                                  add name=rtsp regexp="rtsp/1.0 200 ok"
                                                                                  add name=skypeout regexp="^(\01.?.?.?.?.?.?.?.?\01|\02.?.?.?.?.?.
                                                                                      ?.?.?\02|\03.?.?.?.?.?.?.?.?\03|\04.?.?.?.?.?.?.?.?\04|
                                                                                      \05.?.?.?.?.?.?.?.?\05|\06.?.?.?.?.?.?.?.?\06|\07.?.?.?
                                                                                      .?.?.?.?.?\07|\08.?.?.?.?.?.?.?.?\08|\t.?.?.?.?.?.?.?.
                                                                                      ?\t|
                                                                                      \n.?.?.?.?.?.?.?.?
                                                                                      \n|\0B.?.?.?.?.?.?.?.?\0B|\0C.?.?.?.?.?.?.?.?\0C|\r.?.?.
                                                                                      ?.?.?.?.?.?\r|\0E.?.?.?.?.?.?.?.?\0E|\0F.?.?.?.?.?.?.
                                                                                      ?.?\0F|\10.?.?.?.?.?.?.?.?\10|\11.?.?.?.?.?.?.?.?\11|\12
                                                                                      .?.?.?.?.?.?.?.?\12|\13.?.?.?.?.?.?.?.?\13|\14.?.?.?.?
                                                                                      .?.?.?.?\14|\15.?.?.?.?.?.?.?.?\15|\16.?.?.?.?.?.?.?.?
                                                                                      \16|\17.?.?.?.?.?.?.?.?\17|\18.?.?.?.?.?.?.?.?\18|\19.?.
                                                                                      ?.?.?.?.?.?.?\19|\1A.?.?.?.?.?.?.?.?\1A|\1B.?.?.?.?.?.
                                                                                      ?.?.?\1B|\1C.?.?.?.?.?.?.?.?\1C|\1D.?.?.?.?.?.?.?.?\1D|
                                                                                      \1E.?.?.?.?.?.?.?.?\1E|\1F.?.?.?.?.?.?.?.?\1F| .?.?.?.
                                                                                      ?.?.?.?.? |!.?.?.?.?.?.?.?.?!|".?.?.?.?.?.?.?.?"|#.
                                                                                      ?.?.?.?.?.?.?.?#|\$.?.?.?.?.?.?.?.?\$|%.?.?.?.?.?
                                                                                      .?.?.?%|&.?.?.?.?.?.?.?.?&|'.?.?.?.?.?.?.?.?'|\(.?.?
                                                                                      .?.?.?.?.?.?\(|\).?.?.?.?.?.?.?.?\)|\
                                                                                  .?.?.?.?.?.?
                                                                                      .?.?\
                                                                                  |\+.?.?.?.?.?.?.?.?\+|,.?.?.?.?.?.?.?.?,|-.?.
                                                                                      ?.?.?.?.?.?.?-|\..?.?.?.?.?.?.?.?\.|/.?.?.?.?.?.?.
                                                                                      ?.?/|0.?.?.?.?.?.?.?.?0|1.?.?.?.?.?.?.?.?1|2.?.?.?.?
                                                                                      .?.?.?.?2|3.?.?.?.?.?.?.?.?3|4.?.?.?.?.?.?.?.?4|5.?.
                                                                                      ?.?.?.?.?.?.?5|6.?.?.?.?.?.?.?.?6|7.?.?.?.?.?.?.?.?
                                                                                      7|8.?.?.?.?.?.?.?.?8|9.?.?.?.?.?.?.?.?9|:.?.?.?.?.?.
                                                                                      ?.?.?:|;.?.?.?.?.?.?.?.?;|<.?.?.?.?.?.?.?.?<|=.?.?.?
                                                                                      .?.?.?.?.?=|>.?.?.?.?.?.?.?.?>|\?.?.?.?.?.?.?.?.?\
                                                                                      ?|@.?.?.?.?.?.?.?.?@|A.?.?.?.?.?.?.?.?A|B.?.?.?.?.?.
                                                                                      ?.?.?B|C.?.?.?.?.?.?.?.?C|D.?.?.?.?.?.?.?.?D|E.?.?.?
                                                                                      .?.?.?.?.?E|F.?.?.?.?.?.?.?.?F|G.?.?.?.?.?.?.?.?G|H.
                                                                                      ?.?.?.?.?.?.?.?H|I.?.?.?.?.?.?.?.?I|J.?.?.?.?.?.?.?
                                                                                      .?J|K.?.?.?.?.?.?.?.?K|L.?.?.?.?.?.?.?.?L|M.?.?.?.?.
                                                                                      ?.?.?.?M|N.?.?.?.?.?.?.?.?N|O.?.?.?.?.?.?.?.?O|P.?.?
                                                                                      .?.?.?.?.?.?P|Q.?.?.?.?.?.?.?.?Q|R.?.?.?.?.?.?.?.?R|
                                                                                      S.?.?.?.?.?.?.?.?S|T.?.?.?.?.?.?.?.?T|U.?.?.?.?.?.?.
                                                                                      ?.?U|V.?.?.?.?.?.?.?.?V|W.?.?.?.?.?.?.?.?W|X.?.?.?.?
                                                                                      .?.?.?.?X|Y.?.?.?.?.?.?.?.?Y|Z.?.?.?.?.?.?.?.?Z|[.?
                                                                                      .?.?.?.?.?.?.?[|].?.?.?.?.?.?.?.?]|].?.?.?.?.?
                                                                                      .?.?.?]|\^.?.?.?.?.?.?.?.?\^|.?.?.?.?.?.?.?.?|`.
                                                                                      ?.?.?.?.?.?.?.?`|a.?.?.?.?.?.?.?.?a|b.?.?.?.?.?.?.?
                                                                                      .?b|c.?.?.?.?.?.?.?.?c|d.?.?.?.?.?.?.?.?d|e.?.?.?.?.
                                                                                      ?.?.?.?e|f.?.?.?.?.?.?.?.?f|g.?.?.?.?.?.?.?.?g|h.?.?
                                                                                      .?.?.?.?.?.?h|i.?.?.?.?.?.?.?.?i|j.?.?.?.?.?.?.?.?j|
                                                                                      k.?.?.?.?.?.?.?.?k|l.?.?.?.?.?.?.?.?l|m.?.?.?.?.?.?.
                                                                                      ?.?m|n.?.?.?.?.?.?.?.?n|o.?.?.?.?.?.?.?.?o|p.?.?.?.?
                                                                                      .?.?.?.?p|q.?.?.?.?.?.?.?.?q|r.?.?.?.?.?.?.?.?r|s.?.
                                                                                      ?.?.?.?.?.?.?s|t.?.?.?.?.?.?.?.?t|u.?.?.?.?.?.?.?.?
                                                                                      u|v.?.?.?.?.?.?.?.?v|w.?.?.?.?.?.?.?.?w|x.?.?.?.?.?.
                                                                                      ?.?.?x|y.?.?.?.?.?.?.?.?y|z.?.?.?.?.?.?.?.?z|\{.?.?.
                                                                                      ?.?.?.?.?.?\{|\|.?.?.?.?.?.?.?.?\||\}.?.?.?.?.?.?.
                                                                                      ?.?\}|~.?.?.?.?.?.?.?.?~|\7F.?.?.?.?.?.?.?.?\7F|\80.?.
                                                                                      ?.?.?.?.?.?.?\80|\81.?.?.?.?.?.?.?.?\81|\82.?.?.?.?.?.
                                                                                      ?.?.?\82|\83.?.?.?.?.?.?.?.?\83|\84.?.?.?.?.?.?.?.?\84|
                                                                                      \85.?.?.?.?.?.?.?.?\85|\86.?.?.?.?.?.?.?.?\86|\87.?.?.?
                                                                                      .?.?.?.?.?\87|\88.?.?.?.?.?.?.?.?\88|\89.?.?.?.?.?.?.?
                                                                                      .?\89|\8A.?.?.?.?.?.?.?.?\8A|\8B.?.?.?.?.?.?.?.?\8B|\8C.
                                                                                      ?.?.?.?.?.?.?.?\8C|\8D.?.?.?.?.?.?.?.?\8D|\8E.?.?.?.?.
                                                                                      ?.?.?.?\8E|\8F.?.?.?.?.?.?.?.?\8F|\90.?.?.?.?.?.?.?.?
                                                                                      \90|\91.?.?.?.?.?.?.?.?\91|\92.?.?.?.?.?.?.?.?\92|\93.?.
                                                                                      ?.?.?.?.?.?.?\93|\94.?.?.?.?.?.?.?.?\94|\95.?.?.?.?.?.
                                                                                      ?.?.?\95|\96.?.?.?.?.?.?.?.?\96|\97.?.?.?.?.?.?.?.?\97|
                                                                                      \98.?.?.?.?.?.?.?.?\98|\99.?.?.?.?.?.?.?.?\99|\9A.?.?.?
                                                                                      .?.?.?.?.?\9A|\9B.?.?.?.?.?.?.?.?\9B|\9C.?.?.?.?.?.?.?
                                                                                      .?\9C|\9D.?.?.?.?.?.?.?.?\9D|\9E.?.?.?.?.?.?.?.?\9E|\9F.
                                                                                      ?.?.?.?.?.?.?.?\9F|\A0.?.?.?.?.?.?.?.?\A0|\A1.?.?.?.?.
                                                                                      ?.?.?.?\A1|\A2.?.?.?.?.?.?.?.?\A2|\A3.?.?.?.?.?.?.?.?
                                                                                      \A3|\A4.?.?.?.?.?.?.?.?\A4|\A5.?.?.?.?.?.?.?.?\A5|\A6.?.
                                                                                      ?.?.?.?.?.?.?\A6|\A7.?.?.?.?.?.?.?.?\A7|\A8.?.?.?.?.?.
                                                                                      ?.?.?\A8|\A9.?.?.?.?.?.?.?.?\A9|\AA.?.?.?.?.?.?.?.?\AA|
                                                                                      \AB.?.?.?.?.?.?.?.?\AB|\AC.?.?.?.?.?.?.?.?\AC|\AD.?.?.?
                                                                                      .?.?.?.?.?\AD|\AE.?.?.?.?.?.?.?.?\AE|\AF.?.?.?.?.?.?.?
                                                                                      .?\AF|\B0.?.?.?.?.?.?.?.?\B0|\B1.?.?.?.?.?.?.?.?\B1|\B2.
                                                                                      ?.?.?.?.?.?.?.?\B2|\B3.?.?.?.?.?.?.?.?\B3|\B4.?.?.?.?.
                                                                                      ?.?.?.?\B4|\B5.?.?.?.?.?.?.?.?\B5|\B6.?.?.?.?.?.?.?.?
                                                                                      \B6|\B7.?.?.?.?.?.?.?.?\B7|\B8.?.?.?.?.?.?.?.?\B8|\B9.?.
                                                                                      ?.?.?.?.?.?.?\B9|\BA.?.?.?.?.?.?.?.?\BA|\BB.?.?.?.?.?.
                                                                                      ?.?.?\BB|\BC.?.?.?.?.?.?.?.?\BC|\BD.?.?.?.?.?.?.?.?\BD|
                                                                                      \BE.?.?.?.?.?.?.?.?\BE|\BF.?.?.?.?.?.?.?.?\BF|\C0.?.?.?
                                                                                      .?.?.?.?.?\C0|\C1.?.?.?.?.?.?.?.?\C1|\C2.?.?.?.?.?.?.?
                                                                                      .?\C2|\C3.?.?.?.?.?.?.?.?\C3|\C4.?.?.?.?.?.?.?.?\C4|\C5.
                                                                                      ?.?.?.?.?.?.?.?\C5|\C6.?.?.?.?.?.?.?.?\C6|\C7.?.?.?.?.
                                                                                      ?.?.?.?\C7|\C8.?.?.?.?.?.?.?.?\C8|\C9.?.?.?.?.?.?.?.?
                                                                                      \C9|\CA.?.?.?.?.?.?.?.?\CA|\CB.?.?.?.?.?.?.?.?\CB|\CC.?.
                                                                                      ?.?.?.?.?.?.?\CC|\CD.?.?.?.?.?.?.?.?\CD|\CE.?.?.?.?.?.
                                                                                      ?.?.?\CE|\CF.?.?.?.?.?.?.?.?\CF|\D0.?.?.?.?.?.?.?.?\D0|
                                                                                      \D1.?.?.?.?.?.?.?.?\D1|\D2.?.?.?.?.?.?.?.?\D2|\D3.?.?.?
                                                                                      .?.?.?.?.?\D3|\D4.?.?.?.?.?.?.?.?\D4|\D5.?.?.?.?.?.?.?
                                                                                      .?\D5|\D6.?.?.?.?.?.?.?.?\D6|\D7.?.?.?.?.?.?.?.?\D7|\D8.
                                                                                      ?.?.?.?.?.?.?.?\D8|\D9.?.?.?.?.?.?.?.?\D9|\DA.?.?.?.?.
                                                                                      ?.?.?.?\DA|\DB.?.?.?.?.?.?.?.?\DB|\DC.?.?.?.?.?.?.?.?
                                                                                      \DC|\DD.?.?.?.?.?.?.?.?\DD|\DE.?.?.?.?.?.?.?.?\DE|\DF.?.
                                                                                      ?.?.?.?.?.?.?\DF|\E0.?.?.?.?.?.?.?.?\E0|\E1.?.?.?.?.?.
                                                                                      ?.?.?\E1|\E2.?.?.?.?.?.?.?.?\E2|\E3.?.?.?.?.?.?.?.?\E3|
                                                                                      \E4.?.?.?.?.?.?.?.?\E4|\E5.?.?.?.?.?.?.?.?\E5|\E6.?.?.?
                                                                                      .?.?.?.?.?\E6|\E7.?.?.?.?.?.?.?.?\E7|\E8.?.?.?.?.?.?.?
                                                                                      .?\E8|\E9.?.?.?.?.?.?.?.?\E9|\EA.?.?.?.?.?.?.?.?\EA|\EB.
                                                                                      ?.?.?.?.?.?.?.?\EB|\EC.?.?.?.?.?.?.?.?\EC|\ED.?.?.?.?.
                                                                                      ?.?.?.?\ED|\EE.?.?.?.?.?.?.?.?\EE|\EF.?.?.?.?.?.?.?.?
                                                                                      \EF|\F0.?.?.?.?.?.?.?.?\F0|\F1.?.?.?.?.?.?.?.?\F1|\F2.?.
                                                                                      ?.?.?.?.?.?.?\F2|\F3.?.?.?.?.?.?.?.?\F3|\F4.?.?.?.?.?.
                                                                                      ?.?.?\F4|\F5.?.?.?.?.?.?.?.?\F5|\F6.?.?.?.?.?.?.?.?\F6|
                                                                                      \F7.?.?.?.?.?.?.?.?\F7|\F8.?.?.?.?.?.?.?.?\F8|\F9.?.?.?
                                                                                      .?.?.?.?.?\F9|\FA.?.?.?.?.?.?.?.?\FA|\FB.?.?.?.?.?.?.?
                                                                                      .?\FB|\FC.?.?.?.?.?.?.?.?\FC|\FD.?.?.?.?.?.?.?.?\FD|\FE.
                                                                                      ?.?.?.?.?.?.?.?\FE|\FF.?.?.?.?.?.?.?.?\FF)"
                                                                                  add name=skypetoskype regexp="^..\02….........."
                                                                                  add name=counterstrike-source regexp="^\FF\FF\FF\FF.cstrikeCounter-Strike"
                                                                                  add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.hl2mpDeathmatch"
                                                                                  add name=freenet regexp="^\01[\08\t][\03\04]"
                                                                                  add name=battlefield2 regexp="^(\11 \01…?\11|\FE\FD.?.?.?.?.?.?(\14
                                                                                      \01\06|\FF\FF\FF))|[]\01].?battlefield2"
                                                                                  add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0
                                                                                      -9]? "[\t-\r -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\t-\r -~]+")"
                                                                                  add name=soulseek regexp="^(\05..?|.\01.[ -~]+\01F..?.?.?.?.?.?.?)$"
                                                                                  add name=xunlei regexp="^[()]…?.?.?(reg|get|query)"
                                                                                  add name=ssl regexp="^(.?.?\16\03.
                                                                                  \16\03|.?.?\01\03\01?.
                                                                                  \0B)"
                                                                                  add name=citrix regexp="2&\85\92X"
                                                                                  add name=whois regexp="^[ !-~]+\r
                                                                                      \n$"
                                                                                  add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.dodDay of Defeat"
                                                                                  add name=teamspeak regexp="^\F4\BE\03.teamspeak"
                                                                                  add name=worldofwarcraft regexp="^\06\EC\01"
                                                                                  add name=ventrilo regexp="^..?v\$\CF"
                                                                                  add name=http-rtsp regexp="^(get[\t-\r -~]
                                                                                  Accept: application/x-rtsp-tunnell
                                                                                      ed|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\t-\r -~]a=control:rtsp://)"
                                                                                  add name=thecircle regexp=
                                                                                      "^t\03ni.?[\01-\06]?t[\01-\05]s[
                                                                                      \n\0B](glob|who are you$|query data)"
                                                                                  add name=uucp regexp="^\10here="
                                                                                  add name=pcanywhere regexp="^(nq|st)$"
                                                                                  add name=subversion regexp="^\( success \( 1 2 \("
                                                                                  add name=imesh regexp="^(post[\t-\r -~]
                                                                                  <passwordhash>….....................
                                                                                      ........</passwordhash><clientver>|4\80?\r?\FC\FF\04|get[\t-\r -~]Host:
                                                                                      _imsh\.download-prod\.musicnet\.com|\02(\01|\02)\83.?.?.?.?.?.?.
                                                                                      ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\02(\01|
                                                                                      \02)\83)"
                                                                                  add name=cimd regexp="\02[0-4][0-9]:[0-9]+.
                                                                                  \03$"
                                                                                  add name=mohaa regexp="^\FF\FF\FF\FFgetstatus
                                                                                      \n"
                                                                                  add name=stun regexp="^[\01\02]….............?$"
                                                                                  add name=tor regexp=TOR1.
                                                                                  <identity>add name=radmin regexp="^\01\01(\08\08|\1B\1B)$"
                                                                                  add name=unset regexp=.
                                                                                  add name=chikka regexp="^CTPv1.[123] Kamusta.
                                                                                  \r
                                                                                      \n$"
                                                                                  add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\.9|1\.0|1\
                                                                                      .1) [1-5][0-9][0-9] [\t-\r -~]
                                                                                  #####REPLAY_CHUNK_START#####)"
                                                                                  add name=armagetron regexp=YCLC_E|CYEL
                                                                                  add name=bittorrent regexp="^(\x13bittorrent protocol|azver\x01$|get /scrap
                                                                                      e\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data
                                                                                      \?fid=)|d1:ad2:id20:|\x08'7P\)[RP]"

                                                                                  Setting Manglenya :
                                                                                  /ip firewall mangle
                                                                                  add action=mark-connection chain=prerouting comment=exe disabled=no
                                                                                      layer7-protocol="Extension " .exe "" new-connection-mark=exe_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no
                                                                                      new-packet-mark=exe passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=zip disabled=no
                                                                                      layer7-protocol="Extension " .zip"" new-connection-mark=zip_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no
                                                                                      new-packet-mark=zip passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=rar disabled=no
                                                                                      layer7-protocol="Extension " .rar"" new-connection-mark=rar_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no
                                                                                      new-packet-mark=rar passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=cab disabled=no
                                                                                      layer7-protocol="Extension " .cab "" new-connection-mark=cab_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no
                                                                                      new-packet-mark=cab passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=asf disabled=no
                                                                                      layer7-protocol="Extension " .asf "" new-connection-mark=asf_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no
                                                                                      new-packet-mark=asf passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mov disabled=no
                                                                                      layer7-protocol="Extension " .mov "" new-connection-mark=mov_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no
                                                                                      new-packet-mark=mov passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=wmv disabled=no
                                                                                      layer7-protocol="Extension " .wmv "" new-connection-mark=wmv_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no
                                                                                      new-packet-mark=wmv passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mpg disabled=no
                                                                                      layer7-protocol="Extension " .mpg "" new-connection-mark=mpg_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no
                                                                                      new-packet-mark=mpg passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mkv disabled=no
                                                                                      layer7-protocol="Extension " .mkv "" new-connection-mark=mkv_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no
                                                                                      new-packet-mark=mkv passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=avi disabled=no
                                                                                      layer7-protocol="Extension " .avi "" new-connection-mark=avi_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no
                                                                                      new-packet-mark=avi passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=flv disabled=no
                                                                                      layer7-protocol="Extension " .flv "" new-connection-mark=flv_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no
                                                                                      new-packet-mark=flv passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=pdf disabled=no
                                                                                      layer7-protocol="Extension " .pdf "" new-connection-mark=pdf_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no
                                                                                      new-packet-mark=pdf passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=wav disabled=no
                                                                                      layer7-protocol="Extension " .wav "" new-connection-mark=wav_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no
                                                                                      new-packet-mark=wav passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=rm disabled=no
                                                                                      layer7-protocol="Extension " .rm "" new-connection-mark=rm_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no
                                                                                      new-packet-mark=rm passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mp3 disabled=no
                                                                                      layer7-protocol="Extension " .mp3 "" new-connection-mark=mp3_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no
                                                                                      new-packet-mark=mp3 passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mp4 disabled=no
                                                                                      layer7-protocol="Extension " .mp4 "" new-connection-mark=mp4_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no
                                                                                      new-packet-mark=mp4 passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=ram disabled=no
                                                                                      layer7-protocol="Extension " .ram "" new-connection-mark=ram_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no
                                                                                      new-packet-mark=ram passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=rmvb disabled=no
                                                                                      layer7-protocol="Extension " .rmvb "" new-connection-mark=rmvb_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no
                                                                                      new-packet-mark=rmvb passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=dat disabled=no
                                                                                      layer7-protocol="Extension " .dat "" new-connection-mark=dat_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no
                                                                                      new-packet-mark=dat passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=daa disabled=no
                                                                                      layer7-protocol="Extension " .daa "" new-connection-mark=daa_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no
                                                                                      new-packet-mark=daa passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=iso disabled=no
                                                                                      layer7-protocol="Extension " .iso "" new-connection-mark=iso_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no
                                                                                      new-packet-mark=iso passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=bin disabled=no
                                                                                      layer7-protocol="Extension " .bin "" new-connection-mark=bin_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no
                                                                                      new-packet-mark=bin passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=vcd disabled=no
                                                                                      layer7-protocol="Extension " .vcd "" new-connection-mark=vcd_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no
                                                                                      new-packet-mark=vcd passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mp2 disabled=no
                                                                                      layer7-protocol="Extension " .mp2 "" new-connection-mark=mp2_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no
                                                                                      new-packet-mark=mp2 passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=3gp disabled=no
                                                                                      layer7-protocol="Extension " .3gp "" new-connection-mark=3gp_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no
                                                                                      new-packet-mark=3gp passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=mpe disabled=no
                                                                                      layer7-protocol="Extension " .mpe "" new-connection-mark=mpe_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no
                                                                                      new-packet-mark=mpe passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=qt disabled=no
                                                                                      layer7-protocol="Extension " .qt "" new-connection-mark=qt_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no
                                                                                      new-packet-mark=qt passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=raw disabled=no
                                                                                      layer7-protocol="Extension " .raw "" new-connection-mark=raw_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no
                                                                                      new-packet-mark=raw passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=wma disabled=no
                                                                                      layer7-protocol="Extension " .wma "" new-connection-mark=wma_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no
                                                                                      new-packet-mark=wma passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=ogg disabled=no
                                                                                      layer7-protocol="Extension " .ogg "" new-connection-mark=ogg_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no
                                                                                      new-packet-mark=ogg passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=doc disabled=no
                                                                                      layer7-protocol="Extension " .doc "" new-connection-mark=doc_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no
                                                                                      new-packet-mark=doc passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=applejuice disabled=no
                                                                                      layer7-protocol=applejuice new-connection-mark=applejuice_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=applejuice_conn
                                                                                      disabled=no new-packet-mark=applejuice passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=ares disabled=no
                                                                                      layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no
                                                                                      new-packet-mark=ares passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=bittorent disabled=no
                                                                                      layer7-protocol=bittorrent new-connection-mark=bittorent_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=bittorent_conn
                                                                                      disabled=no new-packet-mark=bittorent passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=chikka disabled=no
                                                                                      layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=
                                                                                      no new-packet-mark=chika passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=directconnect disabled=no
                                                                                      layer7-protocol=directconnect new-connection-mark=directconnect_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=directconnect_conn
                                                                                      disabled=no new-packet-mark=directconnect passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=ftp disabled=no
                                                                                      layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=ftp disabled=no
                                                                                      new-packet-mark=ftp passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=doom3 disabled=no
                                                                                      layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=
                                                                                      no new-packet-mark=doom3 passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=edonkey disabled=no
                                                                                      layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=edonkey_conn
                                                                                      disabled=no new-packet-mark=edonkey passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no
                                                                                      layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no
                                                                                      new-packet-mark=fastrack passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=gnutella disabled=no
                                                                                      layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=
                                                                                      yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=gnutella_conn
                                                                                      disabled=no new-packet-mark=gnutella passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=skype disabled=no
                                                                                      layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes
                                                                                      protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=
                                                                                      no new-packet-mark=skype passthrough=no
                                                                                  add action=mark-connection chain=prerouting comment=7z disabled=no
                                                                                      layer7-protocol="Extension " .7z "" new-connection-mark=7z_conn
                                                                                      passthrough=yes protocol=tcp
                                                                                  add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no
                                                                                      new-packet-mark=7z passthrough=no

                                                                                  Yang terakhir kita buat management bandwidht menggunakan queue tree.
                                                                                  ( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )

                                                                                  Buat parent dulu seperti ini :
                                                                                  /queue tree
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=128k name="traffic shapping" parent=global-out priority=8
                                                                                  ( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )

                                                                                  setelah itu setting childnya seperti ini :

                                                                                  /queue tree
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=applejuice packet-mark=applejuice parent=
                                                                                      "traffic shapping" priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=ares packet-mark=ares parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=8 name=bittorent packet-mark=bittorent parent=
                                                                                      "traffic shapping" priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=chika packet-mark=chika parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=dconnect packet-mark=directconnect parent=
                                                                                      "traffic shapping" priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8
                                                                                      queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=64k name=skype packet-mark=skype parent="traffic shapping"
                                                                                      priority=8 queue=default
                                                                                  add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
                                                                                      max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8
                                                                                      queue=default

                                                                                  ( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss…. wusss.....  wkwk... wk....wk....)

                                                                                  semoga bermanfaat.
                                                                                  salam</identity></clientver></i\1e\1c\e9"<br></stream:stream[\t-\r></peerplat>

                                                                                  Mas Ardy , Tolong di jelaskan untuk setting nat :
                                                                                  chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
                                                                                  Alamat nya emang harus pake 10.10.3.2 ya ? Kenapa kok bisa begitu ?
                                                                                  Mohon dijelaskan, Thanks !

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • M
                                                                                    mxn
                                                                                    last edited by

                                                                                    Klo network kecil ok lah model gt klo buat isp hancur zzzz…... klo paket di belok2an jelas latency besar palagi client banyak game online jelas terasa, sy lbh pilih pfsense - mikritink - client klo pun dibalik jelas sama2 double routing dr network client,limiter,pf,modem apa mau dalam 1 subnet? klo ga mau bnyk routing ya client set direct aja ke pf ga usah lwt limiter atau xtrem ke modemna langsung

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post