Mikrotik Training: Oktober 2012

Minggu, 21 Oktober 2012

Mikrotik di GAME ONLINE (rumit deh)

Mikrotik di Sebuah Game Online

# jun/05/2007 22:47:33 by RouterOS 2.9.6
# software id = DA2N-TMT
#
/ interface ethernet
set Public name=”Public” mtu=1500 mac-address=00:0A:EB:AB:DB:5C arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
set Lan name=”Lan” mtu=1500 mac-address=00:60:97:5A:EA:94 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
/ interface bridge port
set Public bridge=none priority=128 path-cost=10
set Lan bridge=none priority=128 path-cost=10
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 \
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
keepalive-timeout=30 default-profile=default-encryption
/ ip pool
add name=”dhcp-pool” ranges=192.168.0.1-192.168.0.29
/ ip telephony region
/ ip telephony gatekeeper
set gatekeeper=none remote-id=”” remote-address=0.0.0.0
/ ip telephony aaa
set use-radius-accounting=no interim-update=0s
/ ip telephony codec
move G.711-uLaw-64k/sw
move G.711-ALaw-64k/sw
move G.729A-8k/sw
move G.729-8k/sw
move G.723.1-6.3k/sw
move GSM-06.10-13.2k/sw
move LPC-10-2.5k/sw
/ ip accounting
set enabled=yes account-local-traffic=yes threshold=256
/ ip accounting web-access
set accessible-via-web=yes address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip arp
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=Public type=external disabled=no
add interface=Lan type=internal disabled=no
/ ip traffic-flow
set enabled=no interfaces=Lan cache-entries=4k active-flow-timeout=30m \
inactive-flow-timeout=15s
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Public comment=”” disabled=no
add address=192.168.0.24/24 network=192.168.0.0 broadcast=192.168.0.255 \
interface=Lan comment=”” disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 \
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” \
disabled=no
add method=CONNECT dst-port=443 action=allow comment=”allow CONNECT only to \
SSL ports 443 \[https\] and 563 \[snews\]” disabled=no
add method=CONNECT dst-port=563 action=allow comment=”allow CONNECT only to \
SSL ports 443 \[https\] and 563 \[snews\]” disabled=no
add method=CONNECT action=deny comment=”allow CONNECT only to SSL ports 443 \
\[https\] and 563 \[snews\]” disabled=no
/ ip neighbor discovery
set Public discover=yes
set Lan discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=dns_conn passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=dns_conn passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
new-connection-mark=ym_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
new-connection-mark=cs_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection \
new-connection-mark=irc_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=mt_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
new-connection-mark=ssh_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=http passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=dns_conn action=mark-packet \
new-packet-mark=dns passthrough=no comment=”” disabled=yes
add chain=prerouting connection-mark=ym_conn action=mark-packet \
new-packet-mark=ym passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet \
new-packet-mark=cs passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
new-packet-mark=irc passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
new-packet-mark=mt passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet \
new-packet-mark=email passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet \
new-packet-mark=ssh passthrough=no comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet \
new-packet-mark=test-up passthrough=no comment=”UP TRAFFIC” disabled=no
add chain=forward src-address=192.168.1.0/24 action=mark-connection \
new-connection-mark=test-conn passthrough=yes comment=”CONN-MARK” \
disabled=no
add chain=forward in-interface=Public connection-mark=test-conn \
action=mark-packet new-packet-mark=test-down passthrough=no comment=” \
DOWN-DIRECT CONNECTION” disabled=no
add chain=output out-interface=Lan dst-address=192.168.0.0/24 \
action=mark-packet new-packet-mark=test-down passthrough=no \
comment=”DOWN-VIA PROXY” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 \
comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 \
comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 \
comment=”” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Public action=accept comment=”Allow connection \
to router from local network” disabled=no
add chain=input action=accept comment=”” disabled=no
add chain=forward in-interface=Lan protocol=tcp dst-port=6112 \
connection-limit=100,32 action=reject reject-with=icmp-network-unreachable \
comment=”” disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”Port \
scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping \
port scanners” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445-3000 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=445-3000 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=udp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=tcp dst-port=100-1000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=100-1000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=1000-3000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=1000-3000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=40000-50000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=40000-50000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus action=return comment=”” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set mms disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-server
add name=”dhcp1″ interface=Lan lease-time=3d bootp-support=static add-arp=yes \
disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.1 mac-address=00:1F:00:00:09:B4 \
client-id=”1:0:1f:0:0:9:b4″ comment=”” disabled=no
add address=192.168.0.17 mac-address=00:50:BA:C3:07:A0 \
client-id=”1:0:50:ba:c3:7:a0″ comment=”” disabled=no
add address=192.168.0.11 mac-address=00:50:BA:C3:07:54 \
client-id=”1:0:50:ba:c3:7:54″ comment=”” disabled=no
add address=192.168.0.16 mac-address=00:50:BA:C3:07:60 \
client-id=”1:0:50:ba:c3:7:60″ comment=”” disabled=no
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.24 \
dns-server=192.168.0.24,202.134.0.155,202.134.2.5,203.130.206.250,202.155.0\
.10,202.155.0.15 comment=””
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” \
html-directory=hotspot rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=no
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname=”proxy.dj.net” \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster.dj.net” max-object-size=4096KiB \
cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” \
disabled=no
/ ip web-proxy cache
add action=allow comment=”” disabled=no
/ ip web-proxy direct
add action=allow comment=”” disabled=no
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=echo disabled=no
add topics=critical prefix=”” action=echo disabled=no
add topics=firewall prefix=”” action=memory disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
check-interval=1d user=””
/ system clock dst
set dst-delta=+01:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 \
00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes \
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”Dj.Net”
/ system note
set show-at-login=yes note=””
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
flow-control=hardware
set serial1 name=”serial1″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default \
use-encryption=default only-one=default change-tcp-mss=default comment=””
set default-encryption name=”default-encryption” use-compression=default \
use-vj-compression=default use-encryption=yes only-one=default \
change-tcp-mss=default comment=””
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name=”pcq-download” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
/ queue simple
add name=”HTTP” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=http priority=1 queue=default/default \
limit-at=0/8000 max-limit=0/30000 total-queue=default disabled=no
add name=”DNS” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=dns priority=1 queue=default/default limit-at=0/0 \
max-limit=0/0 total-queue=default disabled=no
add name=”YMessenger” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=ym priority=1 queue=default/default \
limit-at=0/0 max-limit=0/0 total-queue=default disabled=no
add name=”CounterStrike” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=cs priority=1 queue=default/default \
limit-at=0/0 max-limit=0/0 total-queue=default disabled=no
add name=”GameOnline” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=irc priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”Mikrotik” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mt priority=1 queue=default/default \
limit-at=0/0 max-limit=0/0 total-queue=default disabled=no
add name=”Email” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=email priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”SSH” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=ssh priority=1 queue=default/default limit-at=0/0 \
max-limit=0/0 total-queue=default disabled=no
add name=”Dj” dst-address=192.168.0.0/24 interface=Lan parent=none priority=8 \
queue=default/default limit-at=0/384000 max-limit=0/384000 \
total-queue=default disabled=no
add name=”1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/0 max-limit=0/0 total-queue=default disabled=no
add name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”16″ target-addresses=192.168.0.16/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”17″ target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”18″ target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”19″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/70000 total-queue=default disabled=no
add name=”20″ target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”21″ target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”22″ target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=ethernet-default/ethernet-default \
limit-at=0/8000 max-limit=0/52000 total-queue=default disabled=no
add name=”23″ target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Dj priority=8 queue=default/default limit-at=0/8000 \
max-limit=0/52000 total-queue=default \
time=0s-24m,sun,mon,tue,wed,thu,fri,sat disabled=no
/ queue tree
add name=”downstream” parent=Lan packet-mark=test-down limit-at=0 \
queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”upstream” parent=global-in packet-mark=test-up limit-at=0 \
queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” \
disabled=no
add name=”op” group=write address=0.0.0.0/0 comment=”” disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\
tp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius
add service=”” called-id=”” domain=”” address=0.0.0.0 secret=”” \
authentication-port=1812 accounting-port=1813 timeout=300ms \
accounting-backup=no realm=”” comment=”” disabled=no
/ radius incoming
set accept=yes port=1700
/ driver
/ snmp
set enabled=yes contact=”admin” location=”admin”
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=yes memory-limit=64 file-name=”” file-limit=10 \
streaming-enabled=yes streaming-server=192.168.0.24 filter-stream=yes \
filter-protocol=all-frames filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes \
allow-target=yes disabled=no
add simple-queue=Dj allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes \
disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool netwatch
add host=202.134.0.155 timeout=1s interval=1s up-script=”Link Jakarta Up” \
down-script=”Jakarta Down” comment=”Link Jakarta” disabled=no
add host=202.134.2.5 timeout=1s interval=1s up-script=”Link SurabayaUp” \
down-script=”Link Surabaya Down” comment=”Link Surabaya” disabled=no

http://yoyok.wordpress.com/2007/06/27/mikrotik-di-sebuah-game-online/

queue type pcq di Mikrotik

Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth yang ada secara merata untuk para pelahap-bandwidth™

saat jaringan pada posisi peak.

Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria, maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10 Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek e-mail & blog

OK, langsung saja ke caranya :

Asumsi : Network Address 192.168.169.0/28, interface yang mengarah ke pengguna diberi nama LAN, dan interface yang mengarah ke upstream provider diberi nama INTERNET;
Ketikkan di console atau terminal :
> /ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
> /ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
> /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
> /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
> /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
> /queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM
Good Luck!!

Load Balancing Mikrotik 1

Load-balancing & Fail-over di MikroTik

Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.
Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .

Yang akan dilakukan :

Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
Menjadikan salah satunya sebagai back-up dengan teknik fail-over.

OK, mari saja kita mulai eksperimennya :

IP address untuk akses ke LAN :
> /ip address add address=192.168.0.1/28 interface=LAN
IP address untuk akses ke jalur DSL :
> /ip address add address=10.32.57.253/29 interface=DSL
IP address untuk akses ke jalur Wireless :
> /ip address add address=10.9.8.2/29 interface=WIRELESS
Tentukan gateway dengan rasionya masing-masing :
> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.
> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM
> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping
> /ip route add gateway=10.32.57.254
Good Luck!!

http://yoyok.wordpress.com/2007/06/27/load-balancing-fail-over-di-mikrotik/

Praktik queue

Queue dengan SRC-NAT dan WEB-PROXY

Pada penggunaan queue (bandwidth limiter), penentuan CHAIN pada MENGLE sangat menentukan jalannya sebuah rule. Jika kita memasang SRC-NAT dan WEB-PROXY pada mesin yang sama, sering kali agak sulit untuk membuat rule QUEUE yang sempurna. Penjelasan detail mengenai pemilihan CHAIN, dapat dilihat pada manual Mikrotik di sini.

Percobaan yang dilakukan menggunakan sebuah PC dengan Mikrotik RouterOS versi 2.9.28. Pada mesin tersebut, digunakan 2 buah interface, satu untuk gateway yang dinamai PUBLIC dan satu lagi untuk jaringan lokal yang dinamai LAN.
[admin@instaler] > in pr
Flags: X – disabled, D – dynamic, R – running
# NAME TYPE RX-RATE TX-RATE MTU
0 R public ether 0 0 1500
1 R lan wlan 0 0 1500
Dan berikut ini adalah IP Address yang digunakan. Subnet 192.168.0.0/24 adalah subnet gateway untuk mesin ini.
[admin@instaler] > ip ad pr
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.217/24 192.168.0.0 192.168.0.255 public
1 172.21.1.1/24 172.21.1.0 172.21.1.255 lan
Fitur web-proxy dengan transparan juga diaktifkan.
[admin@instaler] > ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB
Fungsi MASQUERADE diaktifkan, juga satu buah rule REDIRECTING untuk membelokkan traffic HTTP menuju ke WEB-PROXY
[admin@instaler] ip firewall nat> pr
Flags: X – disabled, I – invalid, D – dynamic
0 chain=srcnat out-interface=public
src-address=172.21.1.0/24 action=masquerade
1 chain=dstnat in-interface=lan src-address=172.21.1.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128
Berikut ini adalah langkah terpenting dalam proses ini, yaitu pembuatan MANGLE. Kita akan membutuhkan 2 buah PACKET-MARK. Satu untuk paket data upstream, yang pada contoh ini kita sebut test-up. Dan satu lagi untuk paket data downstream, yang pada contoh ini kita sebut test-down.
Untuk paket data upstream, proses pembuatan manglenya cukup sederhana. Kita bisa langsung melakukannya dengan 1 buah rule, cukup dengan menggunakan parameter SRC-ADDRESS dan IN-INTERFACE. Di sini kita menggunakan chain prerouting. Paket data untuk upstream ini kita namai test-up.
Namun, untuk paket data downstream, kita membutuhkan beberapa buah rule. Karena kita menggunakan translasi IP/masquerade, kita membutuhkan Connection Mark. Pada contoh ini, kita namai test-conn.
Kemudian, kita harus membuat juga 2 buah rule. Rule yang pertama, untuk paket data downstream non HTTP yang langsung dari internet (tidak melewati proxy). Kita menggunakan chain forward, karena data mengalir melalui router.
Rule yang kedua, untuk paket data yang berasal dari WEB-PROXY. Kita menggunakan chain output, karena arus data berasal dari aplikasi internal di dalam router ke mesin di luar router.
Paket data untuk downstream pada kedua rule ini kita namai test-down.
Jangan lupa, parameter passthrough hanya diaktifkan untuk connection mark saja.
[admin@instaler] > ip firewall mangle print
Flags: X – disabled, I – invalid, D – dynamic
0 ;;; UP TRAFFIC
chain=prerouting in-interface=lan
src-address=172.21.1.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
1 ;;; CONN-MARK
chain=forward src-address=172.21.1.0/24
action=mark-connection
new-connection-mark=test-conn passthrough=yes
2 ;;; DOWN-DIRECT CONNECTION
chain=forward in-interface=public
connection-mark=test-conn action=mark-packet
new-packet-mark=test-down passthrough=no
3 ;;; DOWN-VIA PROXY
chain=output out-interface=lan
dst-address=172.21.1.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no
Untuk tahap terakhir, tinggal mengkonfigurasi queue. Di sini kita menggunakan queue tree. Satu buah rule untuk data dowstream, dan satu lagi untuk upstream. Yang penting di sini, adalah pemilihan parent. Untuk downstream, kita menggunakan parent lan, sesuai dengan interface yang mengarah ke jaringan lokal, dan untuk upstream, kita menggunakan parent global-in.
[admin@instaler] > queue tree pr
Flags: X – disabled, I – invalid
0 name=”downstream” parent=lan packet-mark=test-down
limit-at=32000 queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name=”upstream” parent=global-in
packet-mark=test-up limit-at=32000
queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
Variasi lainnya, untuk bandwidth management, dimungkinkan juga kita menggunakan tipe queue PCQ, yang bisa secara otomatis membagi trafik per client.
Source dari mikrotik.co.id

VPN dengan PPTP

Tutorial Mikrotik VPN : Point to Point Tunnel Protocol (PPTP)

Summary
PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server.
General applications of PPTP tunnels:
* For secure router-to-router tunnels over the Internet
* To link (bridge) local Intranets or LANs (when EoIP is also used)
* For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)
Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server.
Description
PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows).
PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.
PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information.
PPTP Client Setup
Submenu level : /interface pptp-client
Property Description
name (name; default: pptp-out1) – interface name for reference
mtu (integer; default: 1460) – Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) – Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets)
connect-to (IP address)- the IP address of the PPTP server to connect to
user (string)- user name to use when logging on to the remote server
password (string; default: “”)- user password to use when logging to the remote server
profile (name; default: default) – profile to use when connecting to the remote server
add-default-route (yes | no; default: no) – whether to use the server which this client is connected to as its default router (gateway)
Example
To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway:
[admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \
\… user=john add-default-route=yes password=john
[admin@MikroTik] interface pptp-client> print
Flags: X – disabled, R – running
0 X name=”test2″ mtu=1460 mru=1460 connect-to=10.1.1.12 user=”john”
password=”john” profile=default add-default-route=yes
[admin@MikroTik] interface pptp-client> enable 0
Monitoring PPTP Client
Command name : /interface pptp-client monitor
Property Description
Statistics:
uptime (time) – connection time displayed in days, hours, minutes, and seconds
encoding (string) – encryption and encoding (if asymmetric, separated with ‘/’) being used in this connection
status (string) – status of the client:
# Dialing – attempting to make a connection
# Verifying password… – connection has been established to the server, password verification in progress
# Connected – self-explanatory
# Terminated – interface is not enabled or the other side will not establish a connection
Example
Example of an established connection:
[admin@MikroTik] interface pptp-client> monitor test2
uptime: 4h35s
encoding: MPPE 128 bit, stateless
status: Connected
[admin@MikroTik] interface pptp-client>
PPTP Server Setup
Submenu level : /interface pptp-server server
[admin@MikroTik] interface pptp-server server> print
enabled: no
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>
Description
The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created.
Property Description
enabled (yes | no; default: no) – defines whether PPTP server is enabled or not
mtu (integer; default: 1460) – Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) – Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) – authentication algorithm
default-profile (name; default: default) – default profile to use
Example
To enable PPTP server:
[admin@MikroTik] interface pptp-server server> set enabled=yes
[admin@MikroTik] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>
PPTP Server Users
Submenu level : /interface pptp-server
Description
There are two types of items in PPTP server configuration – static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly.
Property Description
name – interface name
user – the name of the user that is configured statically or added dynamically
Statistics:
mtu – shows (cannot be set here) client’s MTU
client-address – shows (cannot be set here) the IP of the connected client
uptime – shows how long the client is connected
encoding (string) – encryption and encoding (if asymmetric, separated with ‘/’) being used in this connection
Example
To add a static entry for ex1 user:
[admin@MikroTik] interface pptp-server> add user=ex1
[admin@MikroTik] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 DR ex 1460 10.0.0.202 6m32s none
1 pptp-in1 ex1
[admin@MikroTik] interface pptp-server>
In this example an already connected user ex is shown besides the one we just added.
PPTP Router-to-Router Secure Tunnel Example
The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet.
There are two routers in this example:
* [HomeOffice]
Interface LocalHomeOffice 10.150.2.254/24
Interface ToInternet 192.168.80.1/24
* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface LocalRemoteOffice 10.150.1.254/24
Each router is connected to a different ISP. One router can access another router through the Internet.
On the PPTP server a user must be set up for the client:
[admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.0.103.1 remote-address=10.0.103.2
[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”" password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==”"
[admin@HomeOffice] ppp secret>
Then the user should be added in the PPTP server list:
[admin@HomeOffice] interface pptp-server> add user=ex
[admin@HomeOffice] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 pptp-in1 ex
[admin@HomeOffice] interface pptp-server>
And finally, the server must be enabled:
[admin@HomeOffice] interface pptp-server server> set enabled=yes
[admin@HomeOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@HomeOffice] interface pptp-server server>
Add a PPTP client to the RemoteOffice router:
[admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \
\… password=lkjrht disabled=no
[admin@RemoteOffice] interface pptp-client> print
Flags: X – disabled, R – running
0 R name=”pptp-out1″ mtu=1460 mru=1460 connect-to=192.168.80.1 user=”ex”
password=”lkjrht” profile=default add-default-route=no
[admin@RemoteOffice] interface pptp-client>
Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables ‘direct’ communication between the routers over third party networks.
To route the local Intranets over the PPTP tunnel – add these routes:
[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2
[admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1
On the PPTP server it can alternatively be done using routes parameter of the user configuration:
[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”" password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==”"
[admin@HomeOffice] ppp secret> set 0 routes=”10.150.1.0/24 10.0.103.2 1″
[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”" password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2
routes=”10.150.1.0/24 10.0.103.2 1″
[admin@HomeOffice] ppp secret>
Test the PPTP tunnel connection:
[admin@RemoteOffice]> /ping 10.0.103.1
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms
Test the connection through the PPTP tunnel to the LocalHomeOffice interface:
[admin@RemoteOffice]> /ping 10.150.2.254
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms
To bridge a LAN over this secure tunnel, please see the example in the ‘EoIP’ section of the manual. To set the maximum speed for traffic over this tunnel, please consult the ‘Queues’ section.
Connecting a Remote Client via PPTP Tunnel
The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels)
Please, consult the respective manual on how to set up a PPTP client with the software You are using.
The router in this example:
* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24
The client computer can access the router through the Internet.
On the PPTP server a user must be set up for the client:
[admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.150.1.254 remote-address=10.150.1.2
[admin@RemoteOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”" password=”lkjrht” profile=default
local-address=10.150.1.254 remote-address=10.150.1.2 routes==”"
[admin@RemoteOffice] ppp secret>
Then the user should be added in the PPTP server list:
[admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex
[admin@RemoteOffice] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 FromLaptop ex
[admin@RemoteOffice] interface pptp-server>
And the server must be enabled:
[admin@RemoteOffice] interface pptp-server server> set enabled=yes
[admin@RemoteOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@RemoteOffice] interface pptp-server server>
Finally, the proxy APR must be enabled on the ‘Office’ interface:
[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] interface ethernet> print
Flags: X – disabled, R – running
# NAME MTU MAC-ADDRESS ARP
0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled
1 R Office 1500 00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>
ref: http://www.mikrotik.com/documentation//manual_2.7/Interface/PPTP.html

VPN dengan EOIP

Tutorial Mikrotik VPN : EoIP

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
Network setups with EoIP interfaces:

Possibility to bridge LANs over the Internet
Possibility to bridge LANs over encrypted tunnels
Possibility to bridge LANs over 802.11b ‘ad-hoc‘ wireless networks

An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP. Specific Properties:

Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same ‘Tunnel ID’.
The EoIP interface appears as an Ethernet interface under the interface list.
This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
Maximal count of EoIP tunnels is 65536.

This is how to set up EoIP to bridge two (or more) Mikrotik routers for central PPPoE authentication
Using 2 routers called R1 and R2 that have an IP connection between them and R2 has 2 ethernet ports, i.e. you can ping rB from R1 and R1 from R2 where the R1 facing eth port is called eth1 and its other port is called eth2.
1. create a new EoIP tunnel on R1.
2. create a new EoIP tunnel on R2, where the tunnel ID is the same as the one on R1 but the MAC addreses are different.
4. create a new bridge on R1 and R2
3. add a PPPoE server to the Bridge on R1.
4. on R2 and add eth2 and the EoIP tunnel to the bridge.
5. put an IP address onto eth2 (any address seems to work, but it maybe better to use a different subnet for routing purposes).
Now you should be able to establish a PPPoE connection from a PC plugged into the eth2 port on router R2, this PPPoE connection will terminate on router R1.
This is not the most efficient method of using the available bandwidth on a network, but is perhaps easier than having a PPPoE A/C on every Mikrotik router and using RADIUS as you can just have PPP secrets setup on one router.

Referensi Konfigurasi Bandwidth

Untuk setting Mikrotik sebagai router dan bandwidth manager settingan dimodem adalah standar bawaan modem yaitu ppoe, jadi yang melakukan dial up adalah modem speedy.

Jika dialnya menggunakan Mikrotik maka settingan modem adalah brigde.

Setingan yang mudah dan gampang seperti di postingan ini.
Baru dilanjutkan untuk pengaturan bandwidth managernya,
Silahkan dibaca di:
http://warnet-speedy.blogspot.com/2012/08/menyeimbangkan-antara-browsing-game.html

http://warnet-speedy.blogspot.com/2012/07/melimit-download-file-dengan-mikrotik.html

http://warnet-speedy.blogspot.com/2012/06/membagi-rata-bandwidth-telkom-speedy.html

Batasi Download Client yg Gak Mau Rugi

Melimit Download File Dengan MikroTik [Queue Tree + Mangle] Warnet Pakai Speedy

Melimit Download File Dengan MikroTik

Bagi Warnet yang mempunyai jaringan menggunakan Telkom Speedy dengan bandwidth pas-pas an, atau mungkin di daerah yang hanya bisa mendapatkan bandwidth sebesar 1Mb kebawah mengalami kewalahan untuk melayani 10 atau unit computer client.
Apalagi disaat semua client on line, sangat terasa betapa lambatnya koneksi ke jaringan internet.

Study Kasus:

Misalnya,
Warnet A menggunakan layanan Telkom Speedy 1Mb, dengan 10 unit computer client, dan suatu hari semua computer client online, secara logika bahwa besar bandwidth 1Mb akan dibagi sama rata, masing-masing pc medapatkan bagian 1/10 dari 1Mb.
Tapi ternyata, di client nomor 2 (misalnya) ada yang teriak .." Lag Ooooy ",... " Yahh... ada yang setel b*k*p nih ", yang lain juga teriak. (Dah seperti tempat pelelangan ikan deh tu warnet) dan tentu operator pusing dan tidak bisa ngapa-ngapain, wong jatah dari speedy cuma segitu.

Setelah usut punya usut, dan coba meremot dari billing, ternyata computer client nomor 5 lagi download MP3, mending satu MP3, tiga buah downloadan sekaligus, ya jelas saja yang lain teriak, apalagi client nomor 5 mendownload menggunakan INTERNET DOWNLOAD MANAGER,.. selesai dah yang lain nggk kebagian jatah, buka halaman browser lemotnya setengah modar.

Kalau kasus ini dibiarkan dan tidak segera diatasi, bisa dipastikan warnet pakai speedy akan sepi, ditinggalkan oleh konsumen dengan catatat "WARNET LOLA" atau " WARNET CACAD", dsb.

Penyelidikan Kasus (Asumsi):

Setelah di cek ternyata warnet tersebut tidak menggunakan bandwidth manager (misalnya MikroTik), hanya mengandalkan modem bawaan dari Telkom Speedy.
Atau Warnet menggunakan bandwidth manager (MikroTik) tapi tidak menggunakan dengan baik, atau sperlunya saja. Atau cuma Membagi Rata Bandwidth Telkom Speedy Dengan MikroTik dan itu tidak cukup.
Atau Jaringan Telkom Speedy lagi sedang bermasalah di daerah tersebut.

Penyelesaian Kasus:

Permasalah pertama dapat diatasi dengan menggunakan MikroTik dengan memanfaatkan segala fungsi dari MikroTik itu sendiri.

Permasalahan kedua, selain dengan Membagi Rata Bandwidth Telkom Speedy Dengan MikroTik, juga dengan Melimit Downlaod File Dengan MikroTik itu sendiri..

Cara Melimit Downlaod File Dengan MikroTik

1. Romote MikroTik dengan WinBox

2. Akan tampil jendela seperti ini

3. Pada jendela WinBox klik " Ip " -------> " Firewall " --------> " Layer 7 Protocol " -------> " + "

4. Pada jendela seperti ini masukan "script" yang dibawah kemudian klik "OK"

Name : YOUTUBE
Regexp: http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)

5. Pada halaman WinBox klik " New Terminal " kemudian copykan "script" dibawah ini terus "OK"

/ip firewall layer7-protocol add name=”EXE” regexp="\\.(exe)"
/ip firewall layer7-protocol add name=”RAR” regexp="\\.(rar)"
/ip firewall layer7-protocol add name=”ZIP” regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp=\\.(vcd)

6. Buat Manglenya.. Pada halaman WinBox klik " New Terminal ", kemudan copykan "script" dibawah ini jangan lupa klik "OK"

/ip firewall mangle add action=mark-packet \
chain=prerouting comment="YOUTUBE MARK PACKET " disabled=no \
layer7-protocol=YOUTUBE new-packet-mark=YOUTUBE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no \
layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no \
layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no \
layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no \
layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no \
layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no \
layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no \
layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no \
layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no \
layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no \
layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no \
layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no \
layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no \
layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no \
layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no \
layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no \
layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no \
layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no \
layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no \
layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no \
layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no \
layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no \
layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no \
layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no \
layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no \
layer7-protocol=VCD new-packet-mark=VCD passthrough=no

7. Mari mulai melimit dengan Queue Tree (contoh setiap file dilimit sebesar 512kb untuk file : rar, exe, flv, zip, vcd, mpe dll), jika ada 5 orang client download MP3 maka 512kb akan dibagi 3, sama untuk file yang lainya.

Sesuaikan dengan bandwidth yang ada, jangan sampai kedodoran. (untuk bandwidth 1Mb sebaiknya ganti 512kb dengan 128kb).

Caranya,. klik " New Terminal " copykan "script" dibawah ini kemudian klik " OK "

/queue tree add name="LIMIT FILE EXTENTION" parent=global-out \
limit-at=0 priority=3 max-limit=512000 burst-limit=\
0 burst-threshold=0 burst-time=0s
/queue tree add name="YOUTUBE" parent="LIMIT FILE EXTENTION" \
packet-mark=YOUTUBE limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="7z" parent="LIMIT FILE EXTENTION" \
packet-mark=7z limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="LIMIT FILE EXTENTION" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="LIMIT FILE EXTENTION" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="LIMIT FILE EXTENTION" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="LIMIT FILE EXTENTION" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="LIMIT FILE EXTENTION" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="LIMIT FILE EXTENTION" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="LIMIT FILE EXTENTION" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="LIMIT FILE EXTENTION" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="LIMIT FILE EXTENTION" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="LIMIT FILE EXTENTION" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="LIMIT FILE EXTENTION" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="LIMIT FILE EXTENTION" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="LIMIT FILE EXTENTION" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="LIMIT FILE EXTENTION" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="LIMIT FILE EXTENTION" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="LIMIT FILE EXTENTION" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="LIMIT FILE EXTENTION" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="LIMIT FILE EXTENTION" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="LIMIT FILE EXTENTION" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="LIMIT FILE EXTENTION" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s

8. Test download salah satu file menggunakan INTERNET DOWNLOAD MANGER (IDM) dan lihat perubahan warna QUEUE, merah, kuning dan hijau

Caranya pada halaman WinBox klik "Queue" kemudian pilih "Queue Tree" dan hasilnya:

9. Selesai,.. silahkan berexperimen sendiri..

Catatan Penting :

Jika ingin mematikan limit download cukup dengan klik dua kali file target, kemudian klik "disable" dan terus "OK" perhatikan perobahan dan pengaruhnya pada browsing.
Usahakan script nya di copy kan ke notepad dulu baru ke WinBox.

Kasus Ditutup (Selesai):

Jika masih ada client yang berteriak coba lakukan speed test telkom speedy, kemungkinan jaringan dalam perbaikan atau dari BRAS Telkomnya sendiri yang lagi DOWN!.

Apa aja software u Warnet ???

Software dan Aplikasi Pendukung Warnet

Bagi yang baru memulai usaha warnet, tentulah membutuhkan software atau aplikasi-aplikasi pendukung untuk kelancaran usaha warnet tersebut.

Banyak software-software standar dan gratis yang perlu di instal di komputer klien. Software untuk browsing, add on, plugin dan lain sebagainay.
Dibawah ini daftar software yang kudu atau wajib di instal di computer warnet
A. Warnet Browsing

No.	Nama Software	Fungsi	Download Link
1.	Mozilla Firefox	Web Browser	Mozilla Firefox
2.	Google Chrome	Web Browser	Google Chrome
3.	Opera	Web Browser	Opera
4.	Adobe Reader	Membaca Dokumen PDF	Adober Reader
5.	Foxit Reader	Membaca Dokumen PDF	Foxit Reader
6.	Open Office	Membuat Dokumen Word	OpenOffice
7.	Microsoft Office	Membuat Dokumen Word	Microsoft Office
8.	Flash Player	Memutar gambar/ file .swf di internet seperti game flash, video youtube dll.	Non-IE IE
9.	K-Lite Codec Pack	Audio/Video Codec	K-Lite Codec Pack
10.	VLC Media Player	Video Player	VLC Media Player
11.	Winamp	Audio/Video Player	Winamp
12.	Java Runtime	Java Script	Java Runtime
13.	Yahoo! Messeger	Chat	Yahoo! Messenger
14.	WinRar	File Extracting	WinRar
15.	CC Cleaner	Cleaning Tools	CC Cleaner
16.	DeepFreeze	Frozen Tools	DeepFreeze
17.	Anti Virus		Avast Anti virus
			Avira Anti virus
			AVG Anti Virus
18.	Billing Warnet	Billing	Google Serach !

Catt : Kalau ada yang kurang tolong ditambahkan.
B. Warnet Game Online
Selain software di atas, khusus untuk warnet Game Online yang diperlukan adalah Software gamenya seperti Point Blank, Lost Saga Car Rider, Rohan, RF Online, Ayo Dance, Seal Online dll.

No.	Nama Game	Game Portal	Download Link
1.	Point Blank	Gemscool	Point Blank
2.	Lost Saga	Gemscool	Lost Saga
3.	Kart Rider	Gemscool	Kart Rider
4.	Atlantica	Gemscool	Atlantica
			Dan lain-lain >>>>>
5.	RF Online	Lyto Game	RF Online
6.	ROHAN Online	Lyto Game	ROHAN Online
7.	Cross Fire	Lyto Game	Cross Fire
8.	Seal Online	Lyto Game	Seal Online
			Dan lain-lain >>>>>
9.	Ayo Dance	Megaxus	Ayo Dance
10	Counter Strike	Megaxus	Counter Strike Online
11.	War Rock	Megaxus	War Rock
12.	Lineage II	Megaxus	Lineage II
			Dan lain-lain >>>>>

Catt : Silahkan cara game yang sesuai dengan warnet anda