Monday, February 8, 2010

Kasus Mikrotik

Diagram Gambar :

Pertanyaan :

Bagaimana setting di Router B jika yang diinginkan sebagai berikut :

1. Di Client A (192.168.2.2/24) untuk akses ke Database (192.168.1.5) unlimited dan akses ke internet limit 256k per-client ?

2. Di Client B (192.168.3.2/29) hanya bisa mengakses Database (192.168.1.5) saja ?

3. Client Wireless terdapat router mikrotik. Yang mana jika tidak menggunakan login, hanya bisa mengakses Database (192.168.1.5), sedangkan jika login bisa Internet dan bisa mengakses Database (192.168.1.5) ?

Settingan saat ini yang saya gunakan sangat mengganggu, jika salah satu client A men-download, maka client A, client B dan client wireless lain nya akan terasa lelet untuk mengakses Internet maupun Database (192.168.1.5).

Sedangkan di Router A, Bandwitdh untuk Router B diatur untuk akses Database (192.168.1.5) unlimited dan untuk akses Internet 1Mb.


Jawaban dari user Xeon di Forum Mikrotik:

No. 1

1. /ip firewall mangle

a. add action=mark-connection chain=forward connection-state=new disabled=no dst-address=192.168.1.5 new-connection-mark=CON-192.168.2.0/24-192.168.1.5 passthrough=yes src-address=192.168.2.0/24

b. add action=mark-packet chain=forward connection-mark=CON-192.168.2.0/24-192.168.1.5 disabled=no new-packet-mark=192.168.2.0/24-192.168.1.5 passthrough=no

c. add action=mark-connection chain=forward connection-state=new disabled=no new-connection-mark=CON-192.168.2.0/24 passthrough=yes src-address=192.168.2.0/24

d. add action=mark-packet chain=forward connection-mark=CON-192.168.2.0/24 disabled=no new-packet-mark=192.168.2.0/24 passthrough=no

2. /queue type

a. add kind=pcq name=PCQ-DL-256 pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000

b. add kind=pcq name=PCQ-UP-256 pcq-classifier=src-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000

3. /queue tree

a. add name=DOWNLOAD parent=eth2

b. add name=DL-192.168.2.0/24 packet-mark=192.168.2.0/24-192.168.1.5 parent=DOWNLOAD

c. add name=256K-DL-192.168.2.0/24 packet-mark=192.168.2.0/24 parent=DOWNLOAD queue=PCQ-DL-256

d. add name=UPLOAD parent=eth1

e. add name=UP-192.168.2.0/24 packet-mark=192.168.2.0/24-192.168.1.5 parent=UPLOAD

f. add name=256K-UP-192.168.2.0/24 packet-mark=192.168.2.0/24 parent=UPLOAD queue=PCQ-UP-256

No. 2

/ip firewall filter

· add action=accept chain=forward connection-state=established disabled=no

· add action=accept chain=forward connection-state=related disabled=no

· add action=drop chain=forward connection-state=invalid disabled=no

· add action=accept chain=forward connection-state=new disabled=no dst-address=192.168.1.5 in-interface=eth3 src-address=192.168.3.0/29

· add action=drop chain=forward connection-state=new disabled=no in-interface=eth3 src-address=192.168.3.0/29

No. 3

Maksudnya pakai hotspotnya Mikrotik? Kalau iya, tinggal ditambahin aja di walled gardennya, pake dst-address 192.168.1.5/32 kemudian actionnya allow.

Oleh : pada 1 comment:
Subscribe to: Posts (Atom)