Scribd
Upload
320 views

Queue Tree

This document contains the configuration of a MikroTik router. It sets up interfaces, wireless security, firewall rules, traffic shaping queues and more. Key points: - It configures 3 interfaces - WAN, LAN and hotspot, along with IP addresses and DHCP servers. - Firewall rules are added for traffic marking and shaping of different services like browsing, downloads, uploads etc. - Traffic queues are defined to prioritize certain traffic like video over others for bandwidth management.

Uploaded by

fabiananggik
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
320 views

Queue Tree

This document contains the configuration of a MikroTik router. It sets up interfaces, wireless security, firewall rules, traffic shaping queues and more. Key points: - It configures 3 interfaces - WAN, LAN and hotspot, along with IP addresses and DHCP servers. - Firewall rules are added for traffic marking and shaping of different services like browsing, downloads, uploads etc. - Traffic queues are defined to prioritize certain traffic like video over others for bandwidth management.

Uploaded by

fabiananggik
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

# sep/20/2019 13:43:36 by RouterOS 6.45.

6
# software id = UR6B-NRHF
#
# model = 2011UiAS-2HnD
# serial number = 614A059093AE
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - WAN"
set [ find default-name=ether2 ] name="ether2 - LAN"
set [ find default-name=ether3 ] name="ether3 - HOTSPOT"
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"
add name=ZIP regexp="pk\\x03\\x04\\x14"
add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70"
add name=RAR regexp="Rar\\x21\\x1a\\x07"
add name=Youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
add name=MP3 regexp="\\.(mp3)"
/ip hotspot profile
add dns-name=fncncpt.my hotspot-address=192.168.222.1 login-by=http-chap \
name=HOTSPOT
/ip hotspot user profile
add address-list=Paket-VIP idle-timeout=5m name=VIP
add address-list=Paket-GRATIS idle-timeout=5m name=GRATIS shared-users=10
/ip pool
add name=LAN ranges=192.168.111.2-192.168.111.52
add name=HOTSPOT ranges=192.168.222.2-192.168.222.100
/ip dhcp-server
add add-arp=yes address-pool=LAN disabled=no interface="ether2 - LAN" name=\
LAN
add add-arp=yes address-pool=HOTSPOT disabled=no interface="ether3 - HOTSPOT" \
lease-time=1h name=HOTSPOT
/ip hotspot
add address-pool=HOTSPOT addresses-per-mac=1 disabled=no interface=\
"ether3 - HOTSPOT" name=FNCNCPT profile=HOTSPOT
/queue type
add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=\
64 pcq-src-address6-mask=64
add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 \
pcq-src-address6-mask=64
/queue tree
add max-limit=30M name="TOTAL DOWNLOAD" parent=global queue=default
add max-limit=30M name="TOTAL UPLOAD" parent="ether1 - WAN" queue=default
add max-limit=30M name="A. LAN DOWN" packet-mark=LAN parent="TOTAL DOWNLOAD" \
queue=default
add max-limit=30M name="B. HOTSPOT DOWN" parent="TOTAL DOWNLOAD" queue=\
default
add limit-at=30M max-limit=30M name="1. VIP DOWN" packet-mark=Paket-VIP \
parent="B. HOTSPOT DOWN" queue=down_pcq
add limit-at=3M max-limit=3M name="2. GRATIS DOWN" packet-mark=Paket-GRATIS \
parent="B. HOTSPOT DOWN" queue=down_pcq
add limit-at=30M max-limit=30M name="A. LAN UP" packet-mark=LAN parent=\
"TOTAL UPLOAD" queue=default
add max-limit=30M name="B. HOTSPOT UP" parent="TOTAL UPLOAD" queue=default
add limit-at=30M max-limit=30M name="1. VIP UP" packet-mark=Paket-VIP parent=\
"B. HOTSPOT UP" queue=up_pcq
add limit-at=3M max-limit=3M name="2. GRATIS UP" packet-mark=Paket-GRATIS \
parent="B. HOTSPOT UP" queue=up_pcq
add max-limit=10M name="1. Download Traffic" parent="A. LAN DOWN" queue=\
default
add max-limit=10M name="1. Extensi Down" packet-mark=extensi_down parent=\
"1. Download Traffic" queue=down_pcq
add max-limit=6M name="2. Heavy Browsing Down" packet-mark=\
heavy_browsing_down parent="1. Download Traffic" queue=down_pcq
add max-limit=5M name="3. Small Browsing Down" packet-mark=\
small_browsing_down parent="1. Download Traffic" queue=down_pcq
add max-limit=10M name="3. Youtube Down" packet-mark=koneksi-youtube parent=\
"1. Download Traffic" priority=7 queue=down_pcq
add max-limit=15M name="1. Upload Traffic" parent="A. LAN UP" queue=default
add max-limit=15M name="1. Extensi Up" packet-mark=extensi_up parent=\
"1. Upload Traffic" queue=up_pcq
add max-limit=15M name="2. Heavy Browsing Up" packet-mark=heavy_browsing_up \
parent="1. Upload Traffic" priority=7 queue=up_pcq
add max-limit=15M name="3. Small Browsing Up" packet-mark=small_browsing_up \
parent="1. Upload Traffic" priority=5 queue=up_pcq
add max-limit=15M name="4. Youtube Up" packet-mark=koneksi-youtube parent=\
"1. Upload Traffic" priority=7 queue=default
add limit-at=1M max-limit=10M name="2. DNS Down" packet-mark=dns_down parent=\
"A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=2M max-limit=10M name="3. ICMP Down" packet-mark=icmp_down \
parent="A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=512k max-limit=3M name="4. Games Down" packet-mark=games_down \
parent="A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=3M max-limit=3M name="5. Remote Down" packet-mark=remote_down \
parent="A. LAN DOWN" priority=3 queue=down_pcq
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=192.168.111.1/24 interface="ether2 - LAN" network=192.168.111.0
add address=192.168.222.1/24 interface="ether3 - HOTSPOT" network=\
192.168.222.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface="ether1 - WAN"
/ip dhcp-server network
add address=192.168.111.0/24 gateway=192.168.111.1
add address=192.168.222.0/24 comment="hotspot network" gateway=192.168.222.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.111.0/24 list=LAN
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=prerouting comment=LAN new-connection-mark=\
LAN passthrough=yes src-address-list=LAN
add action=mark-packet chain=postrouting connection-mark=LAN new-packet-mark=\
LAN passthrough=no
add action=mark-connection chain=prerouting comment="PAKET VIP" \
new-connection-mark=Paket-VIP passthrough=yes src-address-list=Paket-VIP
add action=mark-packet chain=postrouting connection-mark=Paket-VIP \
new-packet-mark=Paket-VIP passthrough=no
add action=mark-connection chain=prerouting comment="PAKET GRATIS" \
new-connection-mark=Paket-GRATIS passthrough=yes src-address-list=\
Paket-GRATIS
add action=mark-packet chain=postrouting connection-mark=Paket-GRATIS \
new-packet-mark=Paket-GRATIS passthrough=no
add action=accept chain=prerouting comment="Bypass Local Traffic" \
dst-address-list=LAN src-address-list=LAN
add action=accept chain=forward dst-address-list=LAN src-address-list=LAN
add action=mark-connection chain=forward comment="Games Traffic" dst-port=\
39190-39200 new-connection-mark=games passthrough=yes protocol=tcp \
src-address-list=LAN
add action=mark-connection chain=forward dst-port=40000-40010 \
new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
LAN
add action=mark-packet chain=forward connection-mark=games in-interface=\
"ether1 - WAN" new-packet-mark=games_down passthrough=no
add action=mark-connection chain=forward comment="ICMP Traffic" \
new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=\
LAN
add action=mark-packet chain=forward connection-mark=icmp in-interface=\
"ether1 - WAN" new-packet-mark=icmp_down passthrough=no protocol=icmp
add action=mark-packet chain=forward connection-mark=icmp in-interface=\
"ether2 - LAN" new-packet-mark=icmp_up passthrough=no protocol=icmp
add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 \
new-connection-mark=dns passthrough=yes protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=dns in-interface=\
"ether1 - WAN" new-packet-mark=dns_down passthrough=no protocol=udp
add action=mark-packet chain=forward connection-mark=dns in-interface=\
"ether2 - LAN" new-packet-mark=dns_up passthrough=no protocol=udp
add action=mark-connection chain=forward comment="Remote Traffic" dst-port=\
22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=\
tcp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=remote in-interface=\
"ether1 - WAN" new-packet-mark=remote_down passthrough=no
add action=mark-packet chain=forward connection-mark=remote in-interface=\
"ether2 - LAN" new-packet-mark=remote_up passthrough=no
add action=mark-connection chain=prerouting comment="Google Video" \
layer7-protocol=Youtube new-connection-mark=koneksi-youtube passthrough=\
yes
add action=mark-packet chain=postrouting connection-mark=koneksi-youtube \
new-packet-mark=koneksi-youtube passthrough=no
add action=mark-connection chain=forward comment="Extension Layer7" \
layer7-protocol=EXE new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=ZIP \
new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=MP3 \
new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=RAR \
new-connection-mark=extensi passthrough=yes
add action=mark-packet chain=forward connection-mark=extensi in-interface=\
"ether1 - WAN" new-packet-mark=extensi_down passthrough=no
add action=mark-packet chain=forward connection-mark=extensi in-interface=\
"ether2 - LAN" new-packet-mark=extensi_up passthrough=no
add action=mark-connection chain=forward comment="Browsing Traffic" \
connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=\
yes src-address-list=LAN
add action=mark-connection chain=forward comment="Heavy Traffic" \
connection-bytes=1024000-0 connection-mark=browsing connection-rate=\
256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=\
tcp
add action=mark-connection chain=forward connection-bytes=1024000-0 \
connection-mark=browsing connection-rate=256k-102400k \
new-connection-mark=heavy_traffic passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=heavy_traffic \
in-interface="ether1 - WAN" new-packet-mark=heavy_browsing_down \
passthrough=no
add action=mark-packet chain=forward connection-mark=heavy_traffic \
in-interface="ether2 - LAN" new-packet-mark=heavy_browsing_up \
passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface=\
"ether1 - WAN" new-packet-mark=small_browsing_down passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface=\
"ether2 - LAN" new-packet-mark=small_browsing_up passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface="ether1 - WAN"
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.222.0/24
/ip hotspot user
add name=admin
add name=1 password=1 profile=GRATIS server=FNCNCPT
/system clock
set time-zone-name=Asia/Jakarta
/tool user-manager database
set db-path=user-manager

You might also like