Konfigurasi Mangle dan Routing Game di Mikrotik

Konfigurasi Mangle dan Routing Game di Mikrotik

Mangle dan Routing Game di Mikrotik sering kali menjadi pertanyaan di beberapa orang personal yang mencoba membuat konfigurasi di router mikrotiknya. Pada tulisan Saya kali ini Saya mencoba untuk berbagi konfigurasi dual koneksi internet, dimana jalur 1 digunakan untuk internet saja dan jalur 2 digunakan untuk koneksi game.

Step by Step Konfigurasi Routing Game Mikrotik

ASUMSI
IP Koneksi 1 = 10.10.1.1 di port ether1, sebagai jalur koneksi internet umum. 
IP Koneksi 2 = 10.10.2.1 di port ether2, sebagai jalur koneksi game. 

1. Pembuatan Parameter Adress List 
Langkah pertama yang Saya lakukan adalah mengelompokkan blok IP atau IP tertentu di firewall address-list. 

 /ip firewall address-list 
add address=10.5.50.0/24 list=client 
add address=10.5.50.0/24 list=local 
add address=10.10.1.0/24 list=local 
add address=10.10.2.0/24 list=local 

2. Capture Traffic Game Menggunakan RAW
Berikutnya gunakan parameter raw supaya IP address server game dapat dimasukkan ke address-list mikrotik kita, jadikan time out sehari agar bisa refresh lagi ketika servernya dynamic.

/ip firewall raw 
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=Summoners content=withhive.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment="Mobile Legends" content=mobile-legends.net dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=ShenZhenTencent content=shenzhentencent.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=Tencent content=tencent.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=SoftLayer content=softLayer.net dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=beijing-shujujia-technology-co-ltd content=beijing-shujujia-technology-co-ltd disabled=yes dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=pubgmobile.com content=pubgmobile.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=garena content=.garena.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting content=.garena.co.id dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting content=.garena.sg dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting content=.garena. dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting comment=dota2 content=dota2.com dst-address-list=!local src-address-list=client
add action=add-dst-to-address-list address-list=games address-list-timeout=1d chain=prerouting content=steampowered.com dst-address-list=!local src-address-list=client

3. Pembuatan Parameter Mangle
Agar traffic mendapatkan "tanda", maka perlu dilakukan pembuatan parameter mangle game.

/ip firewall mangle
add action=accept chain=prerouting in-interface=ether1
add action=accept chain=prerouting in-interface=ether2
add action=mark-connection chain=prerouting comment="PORT GAME" dst-port=30097-30147,30000-30150,9001,30101-30106,5057,5228,5001-5009 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=5601-5602,5020-5030,5605,5101-5109,5001-5009,30101 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=5520-5529,5020-5030,5501-5509,5517,5510,5010 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=5520-5529,5551,5651,5153,5523,5022,5010 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=7006,39003,39698,39779,6006,7889,8001,10012 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=10001-10007,10012,7008,2000,20001,10100 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=10001-10007,10012,6006,6008,7008,2000,20001,10100 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=7006,39003,39698,39779,6006,7889,8001,10012 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=10012,17500 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=10147,10491,10010,10013,10612,20002,20001,20000,12235,13748,13972,13894,11455,10096,10039 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=1700,10071 new-connection-mark="PORT GAME" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=9339 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-address-list=games dst-port=!80,81,443 new-connection-mark="PORT GAME" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-address-list=games dst-port=!80,81,443 new-connection-mark="PORT GAME" passthrough=yes protocol=udp

4. Mangle Routing Game
Jalur game supaya dapat dilakukan routing, maka buat parameter routing, letakkan diatas parameter packet dengan opsi passthrough=yes

/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark="PORT GAME" new-routing-mark=games_routing passthrough=yes

5. Mangle Packet Mark Game
Parameter ini opsional menurut Saya, tapi Saya gunakan parameter ini untuk membuat limiter pada simple queue mikrotik. 

 /ip firewall mangle
add action=mark-packet chain=prerouting connection-mark="PORT GAME" new-packet-mark=pkt_game passthrough=no
add action=mark-packet chain=forward connection-mark="PORT GAME" new-packet-mark=pkt_game passthrough=no 

6. Pengaturan Routing Game
Selanjutnya lakukan routing untuk menentukan harus lewat mana koneksi game tersebut.

/ip route
add check-gateway=ping comment="MAIN ROUTE" distance=1 gateway=10.10.2.1
add check-gateway=ping distance=2 gateway=10.10.2.1
add check-gateway=ping comment="ROUTING GAME" distance=1 gateway=10.10.2.1 routing-mark=games_routing
add check-gateway=ping distance=2 gateway=10.10.1.1 routing-mark=games_routing

Disini koneksi dengan gateway 10.10.1.1 adalah sebagai route utama jaringan, dan 10.10.2.1 dijadikan sebagai backup. Sementara gateway 10.10.2.1 adalah route utama game, dan 10.10.1.1 sebagai backupnya.

7. Konfigurasi Simple Queue Koneksi Game
Selanjutnya kita buat parameter simple queue untuk koneksi game, jika kita jadikan sebagai prioritas, maka letakkan di urutan paling atas, atau setidaknya dibawah ICMP, dengan priority 1.

/queue simple
add max-limit=10M/10M name="2. GAME" packet-marks=game_pkt priority=1/1 target=192.168.111.0/24,10.5.50.0/24

8. Konfigurasi Fasttrack Gaming
Saya mencoba resolve permasalahan yang direquest oleh salah seorang rekan untuk membuat rule fasttrack port game di Mikrotik.

/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=30097-30147,30000-30150,9001,30101-30106,5057,5228,5001-5009 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=5601-5602,5020-5030,5605,5101-5109,5001-5009,30101 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=5520-5529,5020-5030,5501-5509,5517,5510,5010 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=5520-5529,5551,5651,5153,5523,5022,5010 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=7006,39003,39698,39779,6006,7889,8001,10012 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=10001-10007,10012,7008,2000,20001,10100 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=10001-10007,10012,6006,6008,7008,2000,20001,10100 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=7006,39003,39698,39779,6006,7889,8001,10012 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=10012,17500 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=10147,10491,10010,10013,10612,20002,20001,20000,12235,13748,13972,13894,11455,10096,10039 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=1700,10071 protocol=udp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-port=9339 protocol=tcp src-address-list=client
add action=fasttrack-connection chain=forward connection-state=established,related disabled=yes dst-address-list=whatsapp src-address-list=client
add action=accept chain=forward connection-state=established,related disabled=yes protocol=tcp
add action=accept chain=forward connection-state=established,related disabled=yes protocol=udp

Sekian tulisan Saya kali ini, semoga menjadi amal jariyah Kita semua.. Aamiin

Ditulis oleh Mas Pay, owner Jagal Laptop dan Bhuana Cahaya Komputama - MALANG


Posted by Jagal Laptop at August 21, 2021

0 comments :

 
Jagal Laptop @2019