The pfSense Store

Author Topic: Mikrotik RB 750 + PFsense as Squid Box  (Read 68995 times)

0 Members and 1 Guest are viewing this topic.

Offline kambeeng

  • Moderator
  • Full Member
  • *****
  • Posts: 284
  • Karma: +1/-10
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #30 on: July 05, 2011, 05:36:14 am »
pencerahannya hanya satu aja ...

langsung praktek lapangan
insya allah tidak akan kesasar

kalau pun kesasar, teman2 disini siap memberikan panduan lebih lanjut
btw ... om mau tanya
pfsense digunakan dedicate sebagai mesin all in one atau bagaimana ?

tentunya semua tidak ada yg instan
cukup bermodal membaca dari how to yang sudah digelar teman2
pokoknya jangan cepat give up ...


karena semangatnya untuk mencoba...

maaf jika merepotkan...
ada kendala yang saya hadapi...

saya donlot yang ini...http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110613-0929.iso.gz

pada saat saya mulai menginstall (saat cd booting)

muncul pesan error  :

mpoptions not found
panic: free: guard1 fail @ 0x1ed8c784 from /usr/pfsensesrc/src/sys/boot.i386/loader/../../common/interp. c:320

--> Press a key on the console to reboot <--

ane tekan enter...
reboot lagi.. dan tetep kembali ke error yang sama

cpu saya

ram 512 GB
hdd 20 GB
p4 (p4vp-mx)
se
salahnya dimana ya...

dan maaf jika.. membahas diluar pokok bahasan thread..

makasih buat semua senior2.......

sepertinya kernel panic.. coba di cek .. waktu install pake singkle apa dual, sesuaikan dengan processornya.. kalauu masih seperti itu coba intasll pake 1.2.3 aja

Offline sis.net.id

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-1
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #31 on: July 05, 2011, 10:42:46 am »
Terimakasih atas respond teman PFSI dan udah mau bergabung pada postingan saya ini.
saya gak menyangka akan di respon sekian banyak user PFSI. ;D

yang saya mau disini kita dapat belajar mengenai network yang lebih advance dengan berbagai macam model pola Networking. buat Om_Kembeng yang elmunya udah nyampe di langit (Semoga masih diberi elmu lg yg maha kuasa)AMIN, sebaiknya share or (give feedback) dunk's atas ide-idenya disini bukannya malah buat postingan orang jadi sampah/menganggap postingan orang itu remeh ??? ??? ???. yakin qite gak bakalan maju dengan menganggap sesuatu yang kecil itu lemah, dari yang kecil kita dapat menjadi besar.

Saya rasa kita harusnya realistis aja MT udah cukup mantap pada posisinya untuk BW management, Traffic monitoring dgn toolsnya (Winboxnya), dan kelebihan lainnya. tetapi disisi yang lain punya kekurangan pada system Proxy management. makanya dgn dikawinkannya kedua alat ini maka saya anggap suatu perpaduan yang sangat baik untuk masa sekarang ini.

Metode ini saya udah coba pada jaringan dgn WAN Bandwidth 3Mb dan Client 27 unit. Pada saad Pick Load local dapat mencapai 4Mb dengan dukungan HDD 500GB Mem 2GB Proc Dual Core 2.0Ghz dan cukup stabil. Cuma perlu restart 2 ato 3 hari dgn work time 24 Hour Full.


Offline serangku

  • Sr. Member
  • ****
  • Posts: 467
  • Karma: +1/-5
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #32 on: July 05, 2011, 11:57:12 am »
always utk diingat ...
konsep saling melengkapi itu indah
tidak ada yg sempurna plek ...
setuju ... ?

yg penting ... minumnya tetep pf  ;D [gak nyambung dah ...]

Offline kidx13

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #33 on: July 15, 2011, 08:16:05 am »
kenapa pfsense ku tidak bisa di transparent proxy dari mikrotik ?
tapi jika browser di arahkan secara manual ke proxy pfsense, bis berfungsi dengan normal.

ini settingan nat di mikrotik

Flags: X - disabled, I - invalid, D - dynamic
 0 X ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough

 1 X ;;; NAT-Modem
     chain=srcnat action=masquerade out-interface=ether1-Modem

 2   ;;; NAT Public
     chain=srcnat action=masquerade out-interface=speedy


 6 X ;;; TRANSPARENT PROX + BYPASS CACHE SERVER LOKAL
     chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp dst-address-list=!Proxy in-interface=WiFi_All dst-port=80,8080,3128

 7 X ;;; TRANSPARENT PROXY
     chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp src-address-list=Local+Server dst-address-list=!Proxy
     dst-port=80,8080,3128

Offline kidx13

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #34 on: July 18, 2011, 01:59:38 am »
ini log firewall dari pfsense
saya pake ip 192.168.99.166

Act       Time                    If    Source                    Destination            Proto
block    Jul 18 14:50:29    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:49:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:48:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:47:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:46:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:45:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:44:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:43:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:42:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:41:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:40:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:40:00    LAN    0.0.0.0:68    255.255.255.255:67    UDP
block    Jul 18 14:39:48    LAN    0.0.0.0:68    255.255.255.255:67    UDP
block    Jul 18 14:39:48    LAN    0.0.0.0:68    255.255.255.255:67    UDP
block    Jul 18 14:39:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:38:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:37:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:36:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:35:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:34:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:33:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:32:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:32:05    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:32:05    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:37    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:37    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:31:22    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:22    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:16    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:16    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:13    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:13    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:11    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:11    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51910    192.168.99.2:3128    TCP:FA
block    Jul 18 14:31:10    LAN    192.168.99.166:51908    192.168.99.2:3128    TCP:FA
block    Jul 18 14:30:28    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:29:51    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
block    Jul 18 14:29:30    LAN    192.168.99.166:47107    192.168.99.2:3128    TCP:FA
block    Jul 18 14:29:27    LAN    192.168.1.100:5678    255.255.255.255:5678    UDP
block    Jul 18 14:29:21    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
block    Jul 18 14:29:06    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
block    Jul 18 14:28:59    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA
block    Jul 18 14:28:56    LAN    192.168.99.166:47107    192.168.99.2:3128    TCP:FA
block    Jul 18 14:28:55    LAN    192.168.99.166:47254    192.168.99.2:3128    TCP:FA

Offline kidx13

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #35 on: July 19, 2011, 04:18:20 am »
mohon bantuannya untuk
http://forum.pfsense.org/index.php/topic,38930.msg200664.html#msg200664

belum dapat penyelesaian nya

Offline ardy_2006

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #36 on: July 25, 2011, 09:28:04 am »
Sesuai dengan janji ( janji adalah hutang  :) , insya allah hutang segera terlunasi ) amiiin.... !!

Just share settingan saya Mikocok bersanding dengan PFSense.

Clients ------- Mikrotik 3 port -------- Inet

port 3 mikrotik ----- pfsense ------ inernet

modem : 192.168.2.1

topology mikrotik menggunakan 3 ethernet :
port 1 = WAN  ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )

topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )

oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.html

sebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )

setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )


setting L7 :
/ip firewall layer7-protocol
add name="Extension \" .exe \"" regexp="^.*get.+\\.exe.*\$"
add name="Extension \" .mp4 \"" regexp="^.*get.+\\.mp4.*\$"
add name="Extension \" .rar\"" regexp="^.*get.+\\.rar.*\$"
add name="Extension \" .zip\"" regexp="^.*get.+\\.zip.*\$"
add name="Extension \" .mp3 \"" regexp="^.*get.+\\.mp3.*\$"
add name="Extension \" .7z \"" regexp="^.*get.+\\.7z.*\$"
add name="Extension \" .cab \"" regexp="^.*get.+\\.cab.*\$"
add name="Extension \" .asf \"" regexp="^.*get.+\\.asf.*\$"
add name="Extension \" .mov \"" regexp="^.*get.+\\.mov.*\$"
add name="Extension \" .wmv \"" regexp="^.*get.+\\.wmv.*\$"
add name="Extension \" .mpg \"" regexp="^.*get.+\\.mpg.*\$"
add name="Extension \" .mpeg \"" regexp="^.*get.+\\.mpeg.*\$"
add name="Extension \" .mkv \"" regexp="^.*get.+\\.mkv.*\$"
add name="Extension \" .avi \"" regexp="^.*get.+\\.avi.*\$"
add name="Extension \" .flv \"" regexp="^.*get.+\\.flv.*\$"
add name="Extension \" .pdf \"" regexp="^.*get.+\\.pdf.*\$"
add name="Extension \" .wav \"" regexp="^.*get.+\\.wav.*\$"
add name="Extension \" .rm \"" regexp="^.*get.+\\.rm.*\$"
add name="Extension \" .rmvb \"" regexp="^.*get.+\\.rmvb.*\$"
add name="Extension \" .dat \"" regexp="^.*get.+\\.dat.*\$"
add name="Extension \" .daa \"" regexp="^.*get.+\\.daa.*\$"
add name="Extension \" .iso \"" regexp="^.*get.+\\.iso.*\$"
add name="Extension \" .nrg \"" regexp="^.*get.+\\.nrg.*\$"
add name="Extension \" .bin \"" regexp="^.*get.+\\.bin.*\$"
add name="Extension \" .vcd \"" regexp="^.*get.+\\.vcd.*\$"
add name="Extension \" .mp2 \"" regexp="^.*get.+\\.mp2.*\$"
add name="Extension \" .3gp \"" regexp="^.*get.+\\.3gp.*\$"
add name="Extension \" .mpe \"" regexp="^.*get.+\\.mpe.*\$"
add name="Extension \" .qt \"" regexp="^.*get.+\\.qt.*\$"
add name="Extension \" .raw \"" regexp="^.*get.+\\.raw.*\$"
add name="Extension \" .wma \"" regexp="^.*get.+\\.wma.*\$"
add name="Extension \" .ogg \"" regexp="^.*get.+\\.ogg.*\$"
add name="Extension \" .doc \"" regexp="^.*get.+\\.doc.*\$"
add name="Extension \" .ram \"" regexp="^.*get.+\\.ram.*\$"
add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\
    \19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99\
    \9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_\
    register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
    \nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
    \$"
add name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0\
    -9]\r\
    \n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
    e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
    ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
    0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
    1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
    ..................\?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
    \n"
add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add name=shoutcast regexp=\
    "icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\
    \01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\
    \01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94\
    \n\01....\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].\?\0B"
add name=xboxlive regexp="^X\80........\F3|^\06XN"
add name=applejuice regexp="^ajprot\r\
    \n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add name=live365 regexp=membername.*session.*player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
    nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
    .[019]"
add name=sip regexp=\
    "^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
    \n.[\01\02\03][\01-\
    \n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~\
    ]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
    \n\$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
    \nEnd(Public|AES)Key\
    \n\$"
add name=ssh regexp="^ssh-[12]\\.[0-9]"
add name=jabber regexp=\
    "<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-\
    P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A\
    -P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
    A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add name=subspace regexp="^\01....\11\10........\01\$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]*ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(ali\
    ve|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
add name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].\?.\?\05\$"
add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ \
    -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: \
    kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g\
    ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=qq regexp="^.\?\02.+\03\$"
add name=100bao regexp="^\01\01\05\
    \n"
add name=aim regexp=\
    "^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=\
    "^(ver [ -~]*msnftp\r\
    \nver msnftp\r\
    \nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*\
    (thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust\
    \_root|entrust\\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\
    \?.\?.\?[\C6-\FF])"
add name=gnucleuslan regexp=\
    "gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
    \n\$"
add name=bgp regexp=\
    "^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=\
    "^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=finger regexp=\
    "^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[1-9\
    ][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
    \n|[\r\
    \n])\?\$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
    \n\$"
add name=hddtemp regexp=\
    "^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\
    \01-\08]\?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~]*cvr0\r\
    \n\$|usr 1 [!-~]+ [0-9. ]+\r\
    \n\$|ans 1 [!-~]+ [0-9. ]+\r\
    \n\$"
add name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02-\r\
    \_-~]*nick[\t-\r -~]*\r\
    \n)"
add name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-9.]\
    *\\.[a-z][a-z].\?.\?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\
    \02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add name=nntp regexp=\
    "^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
    \?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
    \05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
    .\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
    \?\t|\
    \n.\?.\?.\?.\?.\?.\?.\?.\?\
    \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
    \?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
    \?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
    .\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
    .\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
    \16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
    \?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
    \?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
    \1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
    \?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
    \?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
    .\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
    .\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
    .\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
    \?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
    \?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
    .\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
    \?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
    7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
    \?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
    .\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
    \?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
    \?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
    .\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
    \?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
    .\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
    \?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
    .\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
    S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
    \?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
    .\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
    .\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
    .\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
    \?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
    .\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
    \?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
    .\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
    k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
    \?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
    .\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
    \?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
    u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
    \?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
    \?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
    \?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
    \?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
    \?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
    \85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
    .\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
    .\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
    \?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
    \?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
    \90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
    \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
    \?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
    \98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
    .\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
    .\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
    \?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
    \?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
    \A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
    \?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
    \?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
    \AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
    .\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
    .\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
    \?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
    \?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
    \B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
    \?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
    \?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
    \BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
    .\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
    .\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
    \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
    \?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
    \C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
    \?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
    \?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
    \D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
    .\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
    .\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
    \?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
    \?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
    \DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
    \?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
    \?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
    \E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
    .\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
    .\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
    \?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
    \?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
    \EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
    \?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
    \?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
    \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
    .\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
    .\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
    \?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add name=skypetoskype regexp="^..\02............."
add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\
    \01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0\
    -9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r\
    \n\$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunnell\
    ed|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
add name=thecircle regexp=\
    "^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
    \n\0B](glob|who are you\$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)\$"
add name=subversion regexp="^\\( success \\( 1 2 \\("
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>........................\
    ........</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host:\
    \_imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\
    \?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\
    \02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
    \n"
add name=stun regexp="^[\01\02]................\?\$"
add name=tor regexp=TOR1.*<identity>
add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
    \n\$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\\
    .1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=bittorrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrap\
    e\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\
    \\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

Setting Manglenya :
/ip firewall mangle
add action=mark-connection chain=prerouting comment=exe disabled=no \
    layer7-protocol="Extension \" .exe \"" new-connection-mark=exe_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no \
    new-packet-mark=exe passthrough=no
add action=mark-connection chain=prerouting comment=zip disabled=no \
    layer7-protocol="Extension \" .zip\"" new-connection-mark=zip_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no \
    new-packet-mark=zip passthrough=no
add action=mark-connection chain=prerouting comment=rar disabled=no \
    layer7-protocol="Extension \" .rar\"" new-connection-mark=rar_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no \
    new-packet-mark=rar passthrough=no
add action=mark-connection chain=prerouting comment=cab disabled=no \
    layer7-protocol="Extension \" .cab \"" new-connection-mark=cab_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no \
    new-packet-mark=cab passthrough=no
add action=mark-connection chain=prerouting comment=asf disabled=no \
    layer7-protocol="Extension \" .asf \"" new-connection-mark=asf_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no \
    new-packet-mark=asf passthrough=no
add action=mark-connection chain=prerouting comment=mov disabled=no \
    layer7-protocol="Extension \" .mov \"" new-connection-mark=mov_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no \
    new-packet-mark=mov passthrough=no
add action=mark-connection chain=prerouting comment=wmv disabled=no \
    layer7-protocol="Extension \" .wmv \"" new-connection-mark=wmv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no \
    new-packet-mark=wmv passthrough=no
add action=mark-connection chain=prerouting comment=mpg disabled=no \
    layer7-protocol="Extension \" .mpg \"" new-connection-mark=mpg_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no \
    new-packet-mark=mpg passthrough=no
add action=mark-connection chain=prerouting comment=mkv disabled=no \
    layer7-protocol="Extension \" .mkv \"" new-connection-mark=mkv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no \
    new-packet-mark=mkv passthrough=no
add action=mark-connection chain=prerouting comment=avi disabled=no \
    layer7-protocol="Extension \" .avi \"" new-connection-mark=avi_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no \
    new-packet-mark=avi passthrough=no
add action=mark-connection chain=prerouting comment=flv disabled=no \
    layer7-protocol="Extension \" .flv \"" new-connection-mark=flv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no \
    new-packet-mark=flv passthrough=no
add action=mark-connection chain=prerouting comment=pdf disabled=no \
    layer7-protocol="Extension \" .pdf \"" new-connection-mark=pdf_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no \
    new-packet-mark=pdf passthrough=no
add action=mark-connection chain=prerouting comment=wav disabled=no \
    layer7-protocol="Extension \" .wav \"" new-connection-mark=wav_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no \
    new-packet-mark=wav passthrough=no
add action=mark-connection chain=prerouting comment=rm disabled=no \
    layer7-protocol="Extension \" .rm \"" new-connection-mark=rm_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no \
    new-packet-mark=rm passthrough=no
add action=mark-connection chain=prerouting comment=mp3 disabled=no \
    layer7-protocol="Extension \" .mp3 \"" new-connection-mark=mp3_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no \
    new-packet-mark=mp3 passthrough=no
add action=mark-connection chain=prerouting comment=mp4 disabled=no \
    layer7-protocol="Extension \" .mp4 \"" new-connection-mark=mp4_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no \
    new-packet-mark=mp4 passthrough=no
add action=mark-connection chain=prerouting comment=ram disabled=no \
    layer7-protocol="Extension \" .ram \"" new-connection-mark=ram_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no \
    new-packet-mark=ram passthrough=no
add action=mark-connection chain=prerouting comment=rmvb disabled=no \
    layer7-protocol="Extension \" .rmvb \"" new-connection-mark=rmvb_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no \
    new-packet-mark=rmvb passthrough=no
add action=mark-connection chain=prerouting comment=dat disabled=no \
    layer7-protocol="Extension \" .dat \"" new-connection-mark=dat_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no \
    new-packet-mark=dat passthrough=no
add action=mark-connection chain=prerouting comment=daa disabled=no \
    layer7-protocol="Extension \" .daa \"" new-connection-mark=daa_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no \
    new-packet-mark=daa passthrough=no
add action=mark-connection chain=prerouting comment=iso disabled=no \
    layer7-protocol="Extension \" .iso \"" new-connection-mark=iso_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no \
    new-packet-mark=iso passthrough=no
add action=mark-connection chain=prerouting comment=bin disabled=no \
    layer7-protocol="Extension \" .bin \"" new-connection-mark=bin_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no \
    new-packet-mark=bin passthrough=no
add action=mark-connection chain=prerouting comment=vcd disabled=no \
    layer7-protocol="Extension \" .vcd \"" new-connection-mark=vcd_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no \
    new-packet-mark=vcd passthrough=no
add action=mark-connection chain=prerouting comment=mp2 disabled=no \
    layer7-protocol="Extension \" .mp2 \"" new-connection-mark=mp2_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no \
    new-packet-mark=mp2 passthrough=no
add action=mark-connection chain=prerouting comment=3gp disabled=no \
    layer7-protocol="Extension \" .3gp \"" new-connection-mark=3gp_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no \
    new-packet-mark=3gp passthrough=no
add action=mark-connection chain=prerouting comment=mpe disabled=no \
    layer7-protocol="Extension \" .mpe \"" new-connection-mark=mpe_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no \
    new-packet-mark=mpe passthrough=no
add action=mark-connection chain=prerouting comment=qt disabled=no \
    layer7-protocol="Extension \" .qt \"" new-connection-mark=qt_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no \
    new-packet-mark=qt passthrough=no
add action=mark-connection chain=prerouting comment=raw disabled=no \
    layer7-protocol="Extension \" .raw \"" new-connection-mark=raw_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no \
    new-packet-mark=raw passthrough=no
add action=mark-connection chain=prerouting comment=wma disabled=no \
    layer7-protocol="Extension \" .wma \"" new-connection-mark=wma_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no \
    new-packet-mark=wma passthrough=no
add action=mark-connection chain=prerouting comment=ogg disabled=no \
    layer7-protocol="Extension \" .ogg \"" new-connection-mark=ogg_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no \
    new-packet-mark=ogg passthrough=no
add action=mark-connection chain=prerouting comment=doc disabled=no \
    layer7-protocol="Extension \" .doc \"" new-connection-mark=doc_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no \
    new-packet-mark=doc passthrough=no
add action=mark-connection chain=prerouting comment=applejuice disabled=no \
    layer7-protocol=applejuice new-connection-mark=applejuice_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=applejuice_conn \
    disabled=no new-packet-mark=applejuice passthrough=no
add action=mark-connection chain=prerouting comment=ares disabled=no \
    layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no \
    new-packet-mark=ares passthrough=no
add action=mark-connection chain=prerouting comment=bittorent disabled=no \
    layer7-protocol=bittorrent new-connection-mark=bittorent_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bittorent_conn \
    disabled=no new-packet-mark=bittorent passthrough=no
add action=mark-connection chain=prerouting comment=chikka disabled=no \
    layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=\
    no new-packet-mark=chika passthrough=no
add action=mark-connection chain=prerouting comment=directconnect disabled=no \
    layer7-protocol=directconnect new-connection-mark=directconnect_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=directconnect_conn \
    disabled=no new-packet-mark=directconnect passthrough=no
add action=mark-connection chain=prerouting comment=ftp disabled=no \
    layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp disabled=no \
    new-packet-mark=ftp passthrough=no
add action=mark-connection chain=prerouting comment=doom3 disabled=no \
    layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=\
    no new-packet-mark=doom3 passthrough=no
add action=mark-connection chain=prerouting comment=edonkey disabled=no \
    layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=edonkey_conn \
    disabled=no new-packet-mark=edonkey passthrough=no
add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no \
    layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no \
    new-packet-mark=fastrack passthrough=no
add action=mark-connection chain=prerouting comment=gnutella disabled=no \
    layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=\
    yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=gnutella_conn \
    disabled=no new-packet-mark=gnutella passthrough=no
add action=mark-connection chain=prerouting comment=skype disabled=no \
    layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=\
    no new-packet-mark=skype passthrough=no
add action=mark-connection chain=prerouting comment=7z disabled=no \
    layer7-protocol="Extension \" .7z \"" new-connection-mark=7z_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no \
    new-packet-mark=7z passthrough=no

Yang terakhir kita buat management bandwidht menggunakan queue tree.
( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )

Buat parent dulu seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=128k name="traffic shapping" parent=global-out priority=8
( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )

setelah itu setting childnya seperti ini :

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=applejuice packet-mark=applejuice parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ares packet-mark=ares parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=8 name=bittorent packet-mark=bittorent parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=chika packet-mark=chika parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=dconnect packet-mark=directconnect parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=64k name=skype packet-mark=skype parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8 \
    queue=default


( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss.... wusss.....  wkwk... wk....wk....)

semoga bermanfaat.
salam

Offline onomlakbok

  • Full Member
  • ***
  • Posts: 127
  • Karma: +1/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #37 on: August 02, 2011, 03:43:15 am »
Thx share setingan mikrotiknya
dicoba dulu kl mogok bantuin dorongnya :D

Offline hd509509

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #38 on: September 26, 2011, 10:45:09 am »
Sesuai dengan janji ( janji adalah hutang  :) , insya allah hutang segera terlunasi ) amiiin.... !!

Just share settingan saya Mikocok bersanding dengan PFSense.

Clients ------- Mikrotik 3 port -------- Inet

port 3 mikrotik ----- pfsense ------ inernet

modem : 192.168.2.1

topology mikrotik menggunakan 3 ethernet :
port 1 = WAN  ( 192.168.2.2 )
port 2 = CLIENTS ( 192.168.1.1 )
port 3 = PROXY PFSENSE ( 192.168.3.1 )

topology pfsense menggunakan 2 ethernet :
port 1 = LAN ( port 3 mikrotik ) ( 192.168.3.2 )
port 2 = WAN ( 192.168.2.3 )

oke langsung kupas aja.
asumsi mesin pfsense running well & tunning with LUSCA.
oprekan & tune-up bisa open panduan dari om anto_DIGIT http://forum.pfsense.org/index.php/topic,29019.0.html

sebagai manageable clients, baik itu hotspot & management bandwidht semua ada dimikrotik.
Settingan hotspot disini tidak usah dibahas googling aja tutnya.
settingan ini menggunakan L7 untuk filternya. Khusus untuk destination port 80, dibelokan ke arah pfsense sebagai proxy servernya port 3128.
Maaf bung disini PFSense hanya dijadikan proxy server ( Maknyuss.... )

setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
( maksudnya semua request port 80 di arahkan ke address Proxy Server ( PFSense )


setting L7 :
/ip firewall layer7-protocol
add name="Extension \" .exe \"" regexp="^.*get.+\\.exe.*\$"
add name="Extension \" .mp4 \"" regexp="^.*get.+\\.mp4.*\$"
add name="Extension \" .rar\"" regexp="^.*get.+\\.rar.*\$"
add name="Extension \" .zip\"" regexp="^.*get.+\\.zip.*\$"
add name="Extension \" .mp3 \"" regexp="^.*get.+\\.mp3.*\$"
add name="Extension \" .7z \"" regexp="^.*get.+\\.7z.*\$"
add name="Extension \" .cab \"" regexp="^.*get.+\\.cab.*\$"
add name="Extension \" .asf \"" regexp="^.*get.+\\.asf.*\$"
add name="Extension \" .mov \"" regexp="^.*get.+\\.mov.*\$"
add name="Extension \" .wmv \"" regexp="^.*get.+\\.wmv.*\$"
add name="Extension \" .mpg \"" regexp="^.*get.+\\.mpg.*\$"
add name="Extension \" .mpeg \"" regexp="^.*get.+\\.mpeg.*\$"
add name="Extension \" .mkv \"" regexp="^.*get.+\\.mkv.*\$"
add name="Extension \" .avi \"" regexp="^.*get.+\\.avi.*\$"
add name="Extension \" .flv \"" regexp="^.*get.+\\.flv.*\$"
add name="Extension \" .pdf \"" regexp="^.*get.+\\.pdf.*\$"
add name="Extension \" .wav \"" regexp="^.*get.+\\.wav.*\$"
add name="Extension \" .rm \"" regexp="^.*get.+\\.rm.*\$"
add name="Extension \" .rmvb \"" regexp="^.*get.+\\.rmvb.*\$"
add name="Extension \" .dat \"" regexp="^.*get.+\\.dat.*\$"
add name="Extension \" .daa \"" regexp="^.*get.+\\.daa.*\$"
add name="Extension \" .iso \"" regexp="^.*get.+\\.iso.*\$"
add name="Extension \" .nrg \"" regexp="^.*get.+\\.nrg.*\$"
add name="Extension \" .bin \"" regexp="^.*get.+\\.bin.*\$"
add name="Extension \" .vcd \"" regexp="^.*get.+\\.vcd.*\$"
add name="Extension \" .mp2 \"" regexp="^.*get.+\\.mp2.*\$"
add name="Extension \" .3gp \"" regexp="^.*get.+\\.3gp.*\$"
add name="Extension \" .mpe \"" regexp="^.*get.+\\.mpe.*\$"
add name="Extension \" .qt \"" regexp="^.*get.+\\.qt.*\$"
add name="Extension \" .raw \"" regexp="^.*get.+\\.raw.*\$"
add name="Extension \" .wma \"" regexp="^.*get.+\\.wma.*\$"
add name="Extension \" .ogg \"" regexp="^.*get.+\\.ogg.*\$"
add name="Extension \" .doc \"" regexp="^.*get.+\\.doc.*\$"
add name="Extension \" .ram \"" regexp="^.*get.+\\.ram.*\$"
add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\
    \19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99\
    \9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_\
    register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
    \nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
    \$"
add name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0\
    -9]\r\
    \n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
    e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
    ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
    0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
    1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
    ..................\?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
    \n"
add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add name=shoutcast regexp=\
    "icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\
    \01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\
    \01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94\
    \n\01....\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].\?\0B"
add name=xboxlive regexp="^X\80........\F3|^\06XN"
add name=applejuice regexp="^ajprot\r\
    \n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add name=live365 regexp=membername.*session.*player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
    nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
    .[019]"
add name=sip regexp=\
    "^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
    \n.[\01\02\03][\01-\
    \n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~\
    ]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
    \n\$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
    \nEnd(Public|AES)Key\
    \n\$"
add name=ssh regexp="^ssh-[12]\\.[0-9]"
add name=jabber regexp=\
    "<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-\
    P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A\
    -P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
    A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add name=subspace regexp="^\01....\11\10........\01\$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]*ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(ali\
    ve|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
add name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].\?.\?\05\$"
add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ \
    -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: \
    kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g\
    ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=qq regexp="^.\?\02.+\03\$"
add name=100bao regexp="^\01\01\05\
    \n"
add name=aim regexp=\
    "^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=\
    "^(ver [ -~]*msnftp\r\
    \nver msnftp\r\
    \nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*\
    (thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust\
    \_root|entrust\\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\
    \?.\?.\?[\C6-\FF])"
add name=gnucleuslan regexp=\
    "gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
    \n\$"
add name=bgp regexp=\
    "^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=\
    "^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=finger regexp=\
    "^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[1-9\
    ][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
    \n|[\r\
    \n])\?\$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
    \n\$"
add name=hddtemp regexp=\
    "^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\
    \01-\08]\?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~]*cvr0\r\
    \n\$|usr 1 [!-~]+ [0-9. ]+\r\
    \n\$|ans 1 [!-~]+ [0-9. ]+\r\
    \n\$"
add name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02-\r\
    \_-~]*nick[\t-\r -~]*\r\
    \n)"
add name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-9.]\
    *\\.[a-z][a-z].\?.\?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\
    \02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add name=nntp regexp=\
    "^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
    \?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
    \05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
    .\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
    \?\t|\
    \n.\?.\?.\?.\?.\?.\?.\?.\?\
    \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
    \?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
    \?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
    .\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
    .\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
    \16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
    \?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
    \?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
    \1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
    \?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
    \?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
    .\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
    .\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
    .\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
    \?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
    \?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
    .\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
    \?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
    7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
    \?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
    .\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
    \?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
    \?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
    .\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
    \?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
    .\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
    \?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
    .\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
    S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
    \?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
    .\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
    .\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
    .\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
    \?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
    .\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
    \?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
    .\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
    k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
    \?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
    .\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
    \?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
    u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
    \?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
    \?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
    \?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
    \?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
    \?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
    \85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
    .\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
    .\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
    \?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
    \?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
    \90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
    \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
    \?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
    \98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
    .\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
    .\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
    \?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
    \?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
    \A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
    \?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
    \?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
    \AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
    .\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
    .\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
    \?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
    \?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
    \B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
    \?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
    \?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
    \BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
    .\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
    .\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
    \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
    \?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
    \C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
    \?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
    \?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
    \D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
    .\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
    .\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
    \?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
    \?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
    \DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
    \?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
    \?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
    \E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
    .\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
    .\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
    \?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
    \?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
    \EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
    \?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
    \?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
    \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
    .\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
    .\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
    \?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add name=skypetoskype regexp="^..\02............."
add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\
    \01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0\
    -9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r\
    \n\$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunnell\
    ed|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
add name=thecircle regexp=\
    "^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
    \n\0B](glob|who are you\$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)\$"
add name=subversion regexp="^\\( success \\( 1 2 \\("
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>........................\
    ........</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host:\
    \_imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\
    \?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\
    \02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
    \n"
add name=stun regexp="^[\01\02]................\?\$"
add name=tor regexp=TOR1.*<identity>
add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
    \n\$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\\
    .1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=bittorrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrap\
    e\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\
    \\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

Setting Manglenya :
/ip firewall mangle
add action=mark-connection chain=prerouting comment=exe disabled=no \
    layer7-protocol="Extension \" .exe \"" new-connection-mark=exe_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=exe_conn disabled=no \
    new-packet-mark=exe passthrough=no
add action=mark-connection chain=prerouting comment=zip disabled=no \
    layer7-protocol="Extension \" .zip\"" new-connection-mark=zip_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=zip_conn disabled=no \
    new-packet-mark=zip passthrough=no
add action=mark-connection chain=prerouting comment=rar disabled=no \
    layer7-protocol="Extension \" .rar\"" new-connection-mark=rar_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rar_conn disabled=no \
    new-packet-mark=rar passthrough=no
add action=mark-connection chain=prerouting comment=cab disabled=no \
    layer7-protocol="Extension \" .cab \"" new-connection-mark=cab_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cab_conn disabled=no \
    new-packet-mark=cab passthrough=no
add action=mark-connection chain=prerouting comment=asf disabled=no \
    layer7-protocol="Extension \" .asf \"" new-connection-mark=asf_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=asf_conn disabled=no \
    new-packet-mark=asf passthrough=no
add action=mark-connection chain=prerouting comment=mov disabled=no \
    layer7-protocol="Extension \" .mov \"" new-connection-mark=mov_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mov_conn disabled=no \
    new-packet-mark=mov passthrough=no
add action=mark-connection chain=prerouting comment=wmv disabled=no \
    layer7-protocol="Extension \" .wmv \"" new-connection-mark=wmv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wmv_conn disabled=no \
    new-packet-mark=wmv passthrough=no
add action=mark-connection chain=prerouting comment=mpg disabled=no \
    layer7-protocol="Extension \" .mpg \"" new-connection-mark=mpg_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpg_conn disabled=no \
    new-packet-mark=mpg passthrough=no
add action=mark-connection chain=prerouting comment=mkv disabled=no \
    layer7-protocol="Extension \" .mkv \"" new-connection-mark=mkv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mkv_conn disabled=no \
    new-packet-mark=mkv passthrough=no
add action=mark-connection chain=prerouting comment=avi disabled=no \
    layer7-protocol="Extension \" .avi \"" new-connection-mark=avi_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=avi_conn disabled=no \
    new-packet-mark=avi passthrough=no
add action=mark-connection chain=prerouting comment=flv disabled=no \
    layer7-protocol="Extension \" .flv \"" new-connection-mark=flv_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=flv_conn disabled=no \
    new-packet-mark=flv passthrough=no
add action=mark-connection chain=prerouting comment=pdf disabled=no \
    layer7-protocol="Extension \" .pdf \"" new-connection-mark=pdf_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=pdf_conn disabled=no \
    new-packet-mark=pdf passthrough=no
add action=mark-connection chain=prerouting comment=wav disabled=no \
    layer7-protocol="Extension \" .wav \"" new-connection-mark=wav_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wav_conn disabled=no \
    new-packet-mark=wav passthrough=no
add action=mark-connection chain=prerouting comment=rm disabled=no \
    layer7-protocol="Extension \" .rm \"" new-connection-mark=rm_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rm_conn disabled=no \
    new-packet-mark=rm passthrough=no
add action=mark-connection chain=prerouting comment=mp3 disabled=no \
    layer7-protocol="Extension \" .mp3 \"" new-connection-mark=mp3_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp3_conn disabled=no \
    new-packet-mark=mp3 passthrough=no
add action=mark-connection chain=prerouting comment=mp4 disabled=no \
    layer7-protocol="Extension \" .mp4 \"" new-connection-mark=mp4_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp4_conn disabled=no \
    new-packet-mark=mp4 passthrough=no
add action=mark-connection chain=prerouting comment=ram disabled=no \
    layer7-protocol="Extension \" .ram \"" new-connection-mark=ram_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ram_conn disabled=no \
    new-packet-mark=ram passthrough=no
add action=mark-connection chain=prerouting comment=rmvb disabled=no \
    layer7-protocol="Extension \" .rmvb \"" new-connection-mark=rmvb_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=rmvb_conn disabled=no \
    new-packet-mark=rmvb passthrough=no
add action=mark-connection chain=prerouting comment=dat disabled=no \
    layer7-protocol="Extension \" .dat \"" new-connection-mark=dat_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dat_conn disabled=no \
    new-packet-mark=dat passthrough=no
add action=mark-connection chain=prerouting comment=daa disabled=no \
    layer7-protocol="Extension \" .daa \"" new-connection-mark=daa_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=daa_conn disabled=no \
    new-packet-mark=daa passthrough=no
add action=mark-connection chain=prerouting comment=iso disabled=no \
    layer7-protocol="Extension \" .iso \"" new-connection-mark=iso_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=iso_conn disabled=no \
    new-packet-mark=iso passthrough=no
add action=mark-connection chain=prerouting comment=bin disabled=no \
    layer7-protocol="Extension \" .bin \"" new-connection-mark=bin_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bin_conn disabled=no \
    new-packet-mark=bin passthrough=no
add action=mark-connection chain=prerouting comment=vcd disabled=no \
    layer7-protocol="Extension \" .vcd \"" new-connection-mark=vcd_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vcd_conn disabled=no \
    new-packet-mark=vcd passthrough=no
add action=mark-connection chain=prerouting comment=mp2 disabled=no \
    layer7-protocol="Extension \" .mp2 \"" new-connection-mark=mp2_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mp2_conn disabled=no \
    new-packet-mark=mp2 passthrough=no
add action=mark-connection chain=prerouting comment=3gp disabled=no \
    layer7-protocol="Extension \" .3gp \"" new-connection-mark=3gp_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=3gp_conn disabled=no \
    new-packet-mark=3gp passthrough=no
add action=mark-connection chain=prerouting comment=mpe disabled=no \
    layer7-protocol="Extension \" .mpe \"" new-connection-mark=mpe_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=mpe_conn disabled=no \
    new-packet-mark=mpe passthrough=no
add action=mark-connection chain=prerouting comment=qt disabled=no \
    layer7-protocol="Extension \" .qt \"" new-connection-mark=qt_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=qt_conn disabled=no \
    new-packet-mark=qt passthrough=no
add action=mark-connection chain=prerouting comment=raw disabled=no \
    layer7-protocol="Extension \" .raw \"" new-connection-mark=raw_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=raw_conn disabled=no \
    new-packet-mark=raw passthrough=no
add action=mark-connection chain=prerouting comment=wma disabled=no \
    layer7-protocol="Extension \" .wma \"" new-connection-mark=wma_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wma_conn disabled=no \
    new-packet-mark=wma passthrough=no
add action=mark-connection chain=prerouting comment=ogg disabled=no \
    layer7-protocol="Extension \" .ogg \"" new-connection-mark=ogg_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ogg_conn disabled=no \
    new-packet-mark=ogg passthrough=no
add action=mark-connection chain=prerouting comment=doc disabled=no \
    layer7-protocol="Extension \" .doc \"" new-connection-mark=doc_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doc_conn disabled=no \
    new-packet-mark=doc passthrough=no
add action=mark-connection chain=prerouting comment=applejuice disabled=no \
    layer7-protocol=applejuice new-connection-mark=applejuice_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=applejuice_conn \
    disabled=no new-packet-mark=applejuice passthrough=no
add action=mark-connection chain=prerouting comment=ares disabled=no \
    layer7-protocol=ares new-connection-mark=ares_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ares_conn disabled=no \
    new-packet-mark=ares passthrough=no
add action=mark-connection chain=prerouting comment=bittorent disabled=no \
    layer7-protocol=bittorrent new-connection-mark=bittorent_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=bittorent_conn \
    disabled=no new-packet-mark=bittorent passthrough=no
add action=mark-connection chain=prerouting comment=chikka disabled=no \
    layer7-protocol=chikka new-connection-mark=chikka_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=chikka_conn disabled=\
    no new-packet-mark=chika passthrough=no
add action=mark-connection chain=prerouting comment=directconnect disabled=no \
    layer7-protocol=directconnect new-connection-mark=directconnect_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=directconnect_conn \
    disabled=no new-packet-mark=directconnect passthrough=no
add action=mark-connection chain=prerouting comment=ftp disabled=no \
    layer7-protocol=ftp new-connection-mark=ftp passthrough=no protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp disabled=no \
    new-packet-mark=ftp passthrough=no
add action=mark-connection chain=prerouting comment=doom3 disabled=no \
    layer7-protocol=doom3 new-connection-mark=doom3_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=doom3_conn disabled=\
    no new-packet-mark=doom3 passthrough=no
add action=mark-connection chain=prerouting comment=edonkey disabled=no \
    layer7-protocol=edonkey new-connection-mark=edonkey_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=edonkey_conn \
    disabled=no new-packet-mark=edonkey passthrough=no
add action=mark-connection chain=prerouting comment=fastrack_conn disabled=no \
    layer7-protocol=fasttrack new-connection-mark=fasttrack passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fasttrack disabled=no \
    new-packet-mark=fastrack passthrough=no
add action=mark-connection chain=prerouting comment=gnutella disabled=no \
    layer7-protocol=gnutella new-connection-mark=gnutella_conn passthrough=\
    yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=gnutella_conn \
    disabled=no new-packet-mark=gnutella passthrough=no
add action=mark-connection chain=prerouting comment=skype disabled=no \
    layer7-protocol=skypeout new-connection-mark=skype_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=skype_conn disabled=\
    no new-packet-mark=skype passthrough=no
add action=mark-connection chain=prerouting comment=7z disabled=no \
    layer7-protocol="Extension \" .7z \"" new-connection-mark=7z_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=7z_conn disabled=no \
    new-packet-mark=7z passthrough=no

Yang terakhir kita buat management bandwidht menggunakan queue tree.
( Boleh juga menggunakan simple queueu terserah anda suka suka sesuai selera )

Buat parent dulu seperti ini :
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=128k name="traffic shapping" parent=global-out priority=8
( ini nantinya khusus alokasi buat para mania bandwidht sesuaikan dengan besarnya bw yg anda miliki )

setelah itu setting childnya seperti ini :

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=exe packet-mark=exe parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=zip packet-mark=zip parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rar packet-mark=rar parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=cab packet-mark=cab parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=asf packet-mark=asf parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mov packet-mark=mov parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wmv packet-mark=wmv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mpg packet-mark=mpg parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mkv packet-mark=mkv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=avi packet-mark=avi parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=flv packet-mark=flv parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=pdf packet-mark=pdf parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wav packet-mark=wav parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rm packet-mark=rm parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp3 packet-mark=mp3 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp4 packet-mark=mp4 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ram packet-mark=ram parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=rmvb packet-mark=rmvb parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=dat packet-mark=dat parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=daa packet-mark=daa parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=iso packet-mark=iso parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=bin packet-mark=bin parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=vcd packet-mark=vcd parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mp2 packet-mark=mp2 parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=3gp packet-mark=3gp parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=mpe packet-mark=mpe parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=qt packet-mark=qt parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=raw packet-mark=raw parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=wma packet-mark=wma parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ogg packet-mark=ogg parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=doc packet-mark=doc parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=applejuice packet-mark=applejuice parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ares packet-mark=ares parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=8 name=bittorent packet-mark=bittorent parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=chika packet-mark=chika parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=dconnect packet-mark=directconnect parent=\
    "traffic shapping" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ftp packet-mark=ftp parent="traffic shapping" priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=doom3 packet-mark=doom3 parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=edonkey packet-mark=edonkey parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=fasttrack packet-mark=fastrack parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=gnutella packet-mark=gnutella parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=64k name=skype packet-mark=skype parent="traffic shapping" \
    priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=7z packet-mark=7z parent="traffic shapping" priority=8 \
    queue=default


( dijamin insya allah segala macam downloader mati kutu. Maksud Queue diatas kita alokasikan untuk downloader mania bw sebesar 128k, sesuai selera bung. Caching video youtube berlari kencang bak dikejar anjing. browsing wusss.... wusss.....  wkwk... wk....wk....)

semoga bermanfaat.
salam

Mas Ardy , Tolong di jelaskan untuk setting nat :
chain=dstnat action=dst-nat to-addresses=10.10.3.2 to-ports=3128 protocol=tcp in-interface=CLIENTS dst-port=80
Alamat nya emang harus pake 10.10.3.2 ya ? Kenapa kok bisa begitu ?
Mohon dijelaskan, Thanks !

Offline mxn

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #39 on: September 29, 2011, 03:39:13 pm »
Klo network kecil ok lah model gt klo buat isp hancur zzzz...... klo paket di belok2an jelas latency besar palagi client banyak game online jelas terasa, sy lbh pilih pfsense - mikritink - client klo pun dibalik jelas sama2 double routing dr network client,limiter,pf,modem apa mau dalam 1 subnet? klo ga mau bnyk routing ya client set direct aja ke pf ga usah lwt limiter atau xtrem ke modemna langsung

Offline ardy_2006

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #40 on: October 08, 2011, 07:47:31 am »
Klo network kecil ok lah model gt klo buat isp hancur zzzz...... klo paket di belok2an jelas latency besar palagi client banyak game online jelas terasa, sy lbh pilih pfsense - mikritink - client klo pun dibalik jelas sama2 double routing dr network client,limiter,pf,modem apa mau dalam 1 subnet? klo ga mau bnyk routing ya client set direct aja ke pf ga usah lwt limiter atau xtrem ke modemna langsung

topology network yg kita gunakan belum tentu cocok diterapkan di network yang lain.
nggak ada salahnya kita mencoba. kalau ada error & kurang pas bisa saling share. Ngomongin masalah latency tentunya berkaitan dengan hardware yang kita gunakan. faktor I/O juga harus diperhatian. PFSENSE saya menggunakan dual LAN CARD server & mobo asus 478/1.8GH/80GBx2/2GB & dua power supply yg pasti bukan power supply abal abal digandeng dengan mikrotik RB 750 G versi 5.7 melayani 30 - 50 clients online bersamaan msh anteng anteng aja ping time masih rata rata satuan paling banter belasan. jarak client 5km-20km menggunakan wireless sebagai media koneksi. So pasti perangkat / AP juga diperhitungkan. jangan cuma asal & asal cuma pasang.

Offline serangku

  • Sr. Member
  • ****
  • Posts: 467
  • Karma: +1/-5
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #41 on: October 09, 2011, 11:21:07 am »
nothing perfect on this world ...

sekelas ISP pemilihan hardware, juga topologi sangatlah diutamakan
tidak berarti kelas low dan middle user tdk boleh pake high grade hardware
selalu untuk diingat ... jangan salahkan pf nya
para developer dan user (worl wide) sudah mengimplementasikan pf di kelas entreprise
tinggal ambil kesimpulan ... apakah pf untuk anda ?

Offline ardy_2006

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #42 on: October 09, 2011, 10:32:02 pm »
nothing perfect on this world ...


Setujuh banget juragan. selain itu " every system is vulnerable "


Offline hd509509

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #43 on: October 23, 2011, 06:36:28 pm »

[/quote]
Mas Ardy Tolong bisa di jelaskan lebih detail untuk settingan NAT-nya ? Saya sdh coba cara seperti di atas tetapi belum berhasil.Atau mungkin ada rekan2 yg sdh berhasil mohon bisa di sharing di sini.Thanks !

Offline kambeeng

  • Moderator
  • Full Member
  • *****
  • Posts: 284
  • Karma: +1/-10
    • View Profile
Re: Mikrotik RB 750 + PFsense as Squid Box
« Reply #44 on: October 26, 2011, 12:32:53 am »
Om setuju dengan setingan di atas ... btw setelah om amati nggak ada exception untuk game online di sini hanya memcekek... applikasi atau port yang hau s bandwidth .....

jika mau untuk game online .. nya lebih wuss ..

perlu ditambah mangle .., dnegan acuan sebagai berikut ... setiap ... source yanng menuju port atau ip game online akan di tangkap .. dan di tandai .., dengan mark connection ... game onlinenya .. seteloah itu baru ditandai paketnya contoh ... PB .. setelah tertangkap paket tersebut di larikan  ke que tree ., contoh buat PB .. dengan acuan semua bandwith untuk game online di losss

semoga berhasil

Kambeeng
PFSI