/ip address
add address=192.168.1.2/24 interface=ether1 comment="To Gateway"
add address=192.168.2.1/24 interface=ether2
add address=192.168.3.1/24 interface=ether3
add address=192.168.4.1/24 interface=ether4
add address=192.168.5.1/24 interface=ether5
/interface pppoe-client
add name="Speedy-PPPoE1" max-mtu=1480 max-mru=1480 mrru=disabled interface=ether1 user="id 14xxxxxxxxxxxxxxxx@telkom.net" password="xxxxxxYYxx" profile=default add-default-route=yes dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2
/ip fi na
add chain=srcnat action=masquerade out-interface=pppoe-out1 comment=ppoe
add chain=srcnat action=masquerade out-interface=ether1-inet
add chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=53 protocol=udp in-interface=ether2-warnet dst-port=53 comment=unbound
add chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=3128 protocol=tcp in-interface=ether2-warnet dst-port=80 comment=squid
add chain=dstnat action=dst-nat to-addresses=192.168.2.4 to-ports=50 protocol=tcp in-interface=pppoe-out1 dst-port=50 comment=server
add chain=dstnat action=dst-nat to-addresses=192.168.2.4 to-ports=100 protocol=tcp in-interface=pppoe-out1 dst-port=100
add chain=dstnat action=dst-nat to-addresses=192.168.2.12 to-ports=9999 protocol=tcp dst-address=192.168.1.2 dst-port=9999
add chain=dstnat action=dst-nat to-addresses=192.168.2.4 to-ports=5900 protocol=tcp in-interface=pppoe-out1 dst-port=5900
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=icmp passthrough=no protocol=icmp comment=icmp
add action=mark-packet new-packet-mark=squid dscp=12 passthrough=no chain=prerouting comment=squid
:for e from=2 to=35 do={
/ip fi ma
add action mark-connection new-connection-mark="pc$e" src-address="192.168.2.$e" chain=prerouting
add action=mark-packet new-packet-mark="pc$e" connection-mark="pc$e" chain=prerouting passthrough=no
}
/queue tree add name=squid parent=ether2-warnet packet-mark=squid
/queue tree add parent=ether2-warnet max-limit=2M name=Downlink
/queue type add name=PCQ-1Mbps kind=pcq pcq-rate=1024k pcq-classifier=dst-address
:for e from=2 to=35 do={
/queue tree
add parent=Downlink limit-at=80k max-limit=512k name="pc$e" packet-mark="pc$e" queue=PCQ-1Mbps
}
/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
/ip firewall filter
add action=accept chain=forward comment="allow established connections" \
connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=no
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no \
dst-port=21 in-interface=Speedy-PPPoE1 protocol=tcp src-address-list=\
FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" \
disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList \
address-list-timeout=1d chain=output comment="" content=\
"530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH Brute Forcers" disabled=no \
dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp src-address-list=\
IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList \
address-list-timeout=1d chain=input comment="" connection-state=new \
disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 \
address-list-timeout=1m chain=input comment="" connection-state=new \
disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 \
address-list-timeout=1m chain=input comment="" connection-state=new \
disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 \
address-list-timeout=1m chain=input comment="" connection-state=new \
disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no \
in-interface=Speedy-PPPoE1 src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=12h chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
Speedy-PPPoE1 protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment="Allow limited pings" disabled=no \
in-interface=Speedy-PPPoE1 limit=50/5s,2 protocol=icmp
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" \
disabled=no protocol=udp src-port=135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=udp src-port=\
445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=\
135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
protocol=tcp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=\
445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=4691 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=5933 protocol=\
tcp
add action=drop chain=forward comment="Blok LLMNR" disabled=no dst-port=5355 \
protocol=udp
add action=drop chain=forward comment="" disabled=no dst-port=4647 protocol=\
udp
add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
src-port=25
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=7777 protocol=\
tcp
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=no
tinggal kroscek hehe :p
Monday, January 16, 2012
Sunday, January 15, 2012
dari om oktama :D
ip firewall mangle add action=mark-packet new-packet-mark=squid dscp=12 passthrough=no chain=prerouting
:for e from=2 to=35 do={
/ip fi ma
add action mark-connection new-connection-mark="pc$e" src-address="192.168.2.$e" chain=prerouting
add action=mark-packet new-packet-mark="pc$e" connection-mark="pc$e" chain=prerouting passthrough=no
}
queue tree add name=squid parent=ether2-warnet packet-mark=squid
queue tree add parent=ether2-warnet max-limit=2M name=Downlink
queue type add name=PCQ-1Mbps kind=pcq pcq-rate=1024k pcq-classifier=dst-address
:for e from=2 to=35 do={
/queue tree
add parent=Downlink limit-at=128k max-limit=1024k name="pc$e" packet-mark="pc$e" queue=PCQ-1Mbps
}
:for e from=2 to=35 do={
/ip fi ma
add action mark-connection new-connection-mark="pc$e" src-address="192.168.2.$e" chain=prerouting
add action=mark-packet new-packet-mark="pc$e" connection-mark="pc$e" chain=prerouting passthrough=no
}
queue tree add name=squid parent=ether2-warnet packet-mark=squid
queue tree add parent=ether2-warnet max-limit=2M name=Downlink
queue type add name=PCQ-1Mbps kind=pcq pcq-rate=1024k pcq-classifier=dst-address
:for e from=2 to=35 do={
/queue tree
add parent=Downlink limit-at=128k max-limit=1024k name="pc$e" packet-mark="pc$e" queue=PCQ-1Mbps
}
Thursday, January 5, 2012
menghilangkan creensaver billing pcman dan Cara mengganti background pcman client
bagi para pengguna billing pcman mungkin dulu creensaver nya kelihatan bagus tetapi sekarang servernya sudah of maka akan kelihatan tidak enak dipandang mata maka langkah untuk menghilangkan creensavernya adalah buka C:/windows/system32/ cari file pmscr langsung delete aja
C:/windows/system32/pcImage
ganti ajah
gambar yg namanya
New_bglock.gif
ama gambar sesuai keinginan agan agan
tips nya : itu kan gambar .gif, otomatis kualitas gambar jelek ga kaya .jpg
cara ngakalinya
misal agan punya gambar blablabla.jpg
nah agan re name ajah jadi New_bglock.gif
trus di copy replace ke
C:/windows/system32/pcImage
untuk yg belum tau, kalo standard windows xp
extension .gif, .jpg itu di hide
nah nampilinya
di windows explorer, klik Tools>>Folder Options... >>View
ceklis nya di ilangin yg ada bacaan
[-] Hide extensions for known file types
Cara mengganti background pcman client
buka di client agan agan( bukan di server )C:/windows/system32/pcImage
ganti ajah
gambar yg namanya
New_bglock.gif
ama gambar sesuai keinginan agan agan
tips nya : itu kan gambar .gif, otomatis kualitas gambar jelek ga kaya .jpg
cara ngakalinya
misal agan punya gambar blablabla.jpg
nah agan re name ajah jadi New_bglock.gif
trus di copy replace ke
C:/windows/system32/pcImage
untuk yg belum tau, kalo standard windows xp
extension .gif, .jpg itu di hide
nah nampilinya
di windows explorer, klik Tools>>Folder Options... >>View
ceklis nya di ilangin yg ada bacaan
[-] Hide extensions for known file types
Solusi Screen Saver PCMAN yang Blank
Setelah masa layanan PCMan yang telah berakhir,maka iklan Gemscool yang biasa kita lihat pun menjadi kosong karena website yang menampung iklan itu seperti biasanya sudah tidak beroperasi.
Bagaimana caranya agar tampilan screensaver ini tidak mengganggu?
Ada dua solusi yang belum terbuktikan,silakan Anda coba dan komentari apakah sol;usi ini berfungsi baik.
Bagaimana caranya agar tampilan screensaver ini tidak mengganggu?
Ada dua solusi yang belum terbuktikan,silakan Anda coba dan komentari apakah sol;usi ini berfungsi baik.
- Hapus/ rename saja file pmscr.exe
yang ada di C:\WINDOWS\system32 - Atau boleh juga bolck file pmscr dengan mengsettingnya di counter Pcman.
Subscribe to:
Posts (Atom)