Scribd
Upload
366 views

Queue Tree

This document contains the configuration of a MikroTik router. It sets up interfaces, wireless security, firewall rules, traffic shaping queues and more. Key points: - It configures 3 interfaces - WAN, LAN and hotspot, along with IP addresses and DHCP servers. - Firewall rules are added for traffic marking and shaping of different services like browsing, downloads, uploads etc. - Traffic queues are defined to prioritize certain traffic like video over others for bandwidth management.

Uploaded by

fabiananggik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
366 views

Queue Tree

This document contains the configuration of a MikroTik router. It sets up interfaces, wireless security, firewall rules, traffic shaping queues and more. Key points: - It configures 3 interfaces - WAN, LAN and hotspot, along with IP addresses and DHCP servers. - Firewall rules are added for traffic marking and shaping of different services like browsing, downloads, uploads etc. - Traffic queues are defined to prioritize certain traffic like video over others for bandwidth management.

Uploaded by

fabiananggik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

# sep/20/2019 13:43:36 by RouterOS 6.45.

6
# software id = UR6B-NRHF
#
# model = 2011UiAS-2HnD
# serial number = 614A059093AE
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - WAN"
set [ find default-name=ether2 ] name="ether2 - LAN"
set [ find default-name=ether3 ] name="ether3 - HOTSPOT"
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"
add name=ZIP regexp="pk\\x03\\x04\\x14"
add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70"
add name=RAR regexp="Rar\\x21\\x1a\\x07"
add name=Youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
add name=MP3 regexp="\\.(mp3)"
/ip hotspot profile
add dns-name=fncncpt.my hotspot-address=192.168.222.1 login-by=http-chap \
name=HOTSPOT
/ip hotspot user profile
add address-list=Paket-VIP idle-timeout=5m name=VIP
add address-list=Paket-GRATIS idle-timeout=5m name=GRATIS shared-users=10
/ip pool
add name=LAN ranges=192.168.111.2-192.168.111.52
add name=HOTSPOT ranges=192.168.222.2-192.168.222.100
/ip dhcp-server
add add-arp=yes address-pool=LAN disabled=no interface="ether2 - LAN" name=\
LAN
add add-arp=yes address-pool=HOTSPOT disabled=no interface="ether3 - HOTSPOT" \
lease-time=1h name=HOTSPOT
/ip hotspot
add address-pool=HOTSPOT addresses-per-mac=1 disabled=no interface=\
"ether3 - HOTSPOT" name=FNCNCPT profile=HOTSPOT
/queue type
add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=\
64 pcq-src-address6-mask=64
add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 \
pcq-src-address6-mask=64
/queue tree
add max-limit=30M name="TOTAL DOWNLOAD" parent=global queue=default
add max-limit=30M name="TOTAL UPLOAD" parent="ether1 - WAN" queue=default
add max-limit=30M name="A. LAN DOWN" packet-mark=LAN parent="TOTAL DOWNLOAD" \
queue=default
add max-limit=30M name="B. HOTSPOT DOWN" parent="TOTAL DOWNLOAD" queue=\
default
add limit-at=30M max-limit=30M name="1. VIP DOWN" packet-mark=Paket-VIP \
parent="B. HOTSPOT DOWN" queue=down_pcq
add limit-at=3M max-limit=3M name="2. GRATIS DOWN" packet-mark=Paket-GRATIS \
parent="B. HOTSPOT DOWN" queue=down_pcq
add limit-at=30M max-limit=30M name="A. LAN UP" packet-mark=LAN parent=\
"TOTAL UPLOAD" queue=default
add max-limit=30M name="B. HOTSPOT UP" parent="TOTAL UPLOAD" queue=default
add limit-at=30M max-limit=30M name="1. VIP UP" packet-mark=Paket-VIP parent=\
"B. HOTSPOT UP" queue=up_pcq
add limit-at=3M max-limit=3M name="2. GRATIS UP" packet-mark=Paket-GRATIS \
parent="B. HOTSPOT UP" queue=up_pcq
add max-limit=10M name="1. Download Traffic" parent="A. LAN DOWN" queue=\
default
add max-limit=10M name="1. Extensi Down" packet-mark=extensi_down parent=\
"1. Download Traffic" queue=down_pcq
add max-limit=6M name="2. Heavy Browsing Down" packet-mark=\
heavy_browsing_down parent="1. Download Traffic" queue=down_pcq
add max-limit=5M name="3. Small Browsing Down" packet-mark=\
small_browsing_down parent="1. Download Traffic" queue=down_pcq
add max-limit=10M name="3. Youtube Down" packet-mark=koneksi-youtube parent=\
"1. Download Traffic" priority=7 queue=down_pcq
add max-limit=15M name="1. Upload Traffic" parent="A. LAN UP" queue=default
add max-limit=15M name="1. Extensi Up" packet-mark=extensi_up parent=\
"1. Upload Traffic" queue=up_pcq
add max-limit=15M name="2. Heavy Browsing Up" packet-mark=heavy_browsing_up \
parent="1. Upload Traffic" priority=7 queue=up_pcq
add max-limit=15M name="3. Small Browsing Up" packet-mark=small_browsing_up \
parent="1. Upload Traffic" priority=5 queue=up_pcq
add max-limit=15M name="4. Youtube Up" packet-mark=koneksi-youtube parent=\
"1. Upload Traffic" priority=7 queue=default
add limit-at=1M max-limit=10M name="2. DNS Down" packet-mark=dns_down parent=\
"A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=2M max-limit=10M name="3. ICMP Down" packet-mark=icmp_down \
parent="A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=512k max-limit=3M name="4. Games Down" packet-mark=games_down \
parent="A. LAN DOWN" priority=1 queue=down_pcq
add limit-at=3M max-limit=3M name="5. Remote Down" packet-mark=remote_down \
parent="A. LAN DOWN" priority=3 queue=down_pcq
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=192.168.111.1/24 interface="ether2 - LAN" network=192.168.111.0
add address=192.168.222.1/24 interface="ether3 - HOTSPOT" network=\
192.168.222.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface="ether1 - WAN"
/ip dhcp-server network
add address=192.168.111.0/24 gateway=192.168.111.1
add address=192.168.222.0/24 comment="hotspot network" gateway=192.168.222.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.111.0/24 list=LAN
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-connection chain=prerouting comment=LAN new-connection-mark=\
LAN passthrough=yes src-address-list=LAN
add action=mark-packet chain=postrouting connection-mark=LAN new-packet-mark=\
LAN passthrough=no
add action=mark-connection chain=prerouting comment="PAKET VIP" \
new-connection-mark=Paket-VIP passthrough=yes src-address-list=Paket-VIP
add action=mark-packet chain=postrouting connection-mark=Paket-VIP \
new-packet-mark=Paket-VIP passthrough=no
add action=mark-connection chain=prerouting comment="PAKET GRATIS" \
new-connection-mark=Paket-GRATIS passthrough=yes src-address-list=\
Paket-GRATIS
add action=mark-packet chain=postrouting connection-mark=Paket-GRATIS \
new-packet-mark=Paket-GRATIS passthrough=no
add action=accept chain=prerouting comment="Bypass Local Traffic" \
dst-address-list=LAN src-address-list=LAN
add action=accept chain=forward dst-address-list=LAN src-address-list=LAN
add action=mark-connection chain=forward comment="Games Traffic" dst-port=\
39190-39200 new-connection-mark=games passthrough=yes protocol=tcp \
src-address-list=LAN
add action=mark-connection chain=forward dst-port=40000-40010 \
new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
LAN
add action=mark-packet chain=forward connection-mark=games in-interface=\
"ether1 - WAN" new-packet-mark=games_down passthrough=no
add action=mark-connection chain=forward comment="ICMP Traffic" \
new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=\
LAN
add action=mark-packet chain=forward connection-mark=icmp in-interface=\
"ether1 - WAN" new-packet-mark=icmp_down passthrough=no protocol=icmp
add action=mark-packet chain=forward connection-mark=icmp in-interface=\
"ether2 - LAN" new-packet-mark=icmp_up passthrough=no protocol=icmp
add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 \
new-connection-mark=dns passthrough=yes protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=dns in-interface=\
"ether1 - WAN" new-packet-mark=dns_down passthrough=no protocol=udp
add action=mark-packet chain=forward connection-mark=dns in-interface=\
"ether2 - LAN" new-packet-mark=dns_up passthrough=no protocol=udp
add action=mark-connection chain=forward comment="Remote Traffic" dst-port=\
22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=\
tcp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=remote in-interface=\
"ether1 - WAN" new-packet-mark=remote_down passthrough=no
add action=mark-packet chain=forward connection-mark=remote in-interface=\
"ether2 - LAN" new-packet-mark=remote_up passthrough=no
add action=mark-connection chain=prerouting comment="Google Video" \
layer7-protocol=Youtube new-connection-mark=koneksi-youtube passthrough=\
yes
add action=mark-packet chain=postrouting connection-mark=koneksi-youtube \
new-packet-mark=koneksi-youtube passthrough=no
add action=mark-connection chain=forward comment="Extension Layer7" \
layer7-protocol=EXE new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=ZIP \
new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=MP3 \
new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=RAR \
new-connection-mark=extensi passthrough=yes
add action=mark-packet chain=forward connection-mark=extensi in-interface=\
"ether1 - WAN" new-packet-mark=extensi_down passthrough=no
add action=mark-packet chain=forward connection-mark=extensi in-interface=\
"ether2 - LAN" new-packet-mark=extensi_up passthrough=no
add action=mark-connection chain=forward comment="Browsing Traffic" \
connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=\
yes src-address-list=LAN
add action=mark-connection chain=forward comment="Heavy Traffic" \
connection-bytes=1024000-0 connection-mark=browsing connection-rate=\
256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=\
tcp
add action=mark-connection chain=forward connection-bytes=1024000-0 \
connection-mark=browsing connection-rate=256k-102400k \
new-connection-mark=heavy_traffic passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=heavy_traffic \
in-interface="ether1 - WAN" new-packet-mark=heavy_browsing_down \
passthrough=no
add action=mark-packet chain=forward connection-mark=heavy_traffic \
in-interface="ether2 - LAN" new-packet-mark=heavy_browsing_up \
passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface=\
"ether1 - WAN" new-packet-mark=small_browsing_down passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface=\
"ether2 - LAN" new-packet-mark=small_browsing_up passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface="ether1 - WAN"
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.222.0/24
/ip hotspot user
add name=admin
add name=1 password=1 profile=GRATIS server=FNCNCPT
/system clock
set time-zone-name=Asia/Jakarta
/tool user-manager database
set db-path=user-manager

You might also like