Bahan dasar :
- Modem ADSL Speedy Bridge Mode
- RB750 ROS 4.6
- Squid proxy yang berjalan transparant pada port 3128 + zph pada distro TSL (Trustix Secure Linux)

Sekrenario :
- PPPOE Telkom Speedy 2M down dan 512 up*
- 1M untuk jatah download semua client dengan batasan maksimal 256kbps/client
- Akses tanpa dibatasi limit untuk beberapa IP tertentu (dalam hal ini IP 192.168.2.27 dan 192.168.2.28)
- Browsing tidak dibatasi
- Aplikasi QOS pada outbound/paket yang keluar dari pppoe telkom speedy

*)berdasarkan brosur yang mereka tawarkan, syarat dan ketentuan berlaku

Manifest IP address yang digunakan :

[MODEM]
Modem IP Address = 192.168.1.1/24

[CLIENTS]
Client IP Address = 192.168.2.1-29/27

[SQUID BOX]
eth0 = 192.168.3.29/30

squid.conf dengan zph
view source
print?
1	http_port 3128 transparent
2	zph_mode tos
3	zph_local 0x30
4	zph_parent 0
5	zph_option 136

Saya tidak membahas proses instalasi squidnya disini, saya anggap squid sudah berjalan normal dan siap menerima rikwes.

[MIKROTIK BOX] Basic Configuration
view source
print?
1	/interface ethernet
2	set 0 comment="Public Interface" name=Public
3	set 1 comment="Local Interface" name=Local
4	set 2 comment="Proxy Interface" name=Proxy
view source
print?
1	/ip address
2	add address=192.168.2.30/27 broadcast=192.168.2.31 comment="" disabled=no \
3	    interface=Local network=192.168.2.0
4	add address=192.168.3.30/30 broadcast=192.168.3.31 comment="" disabled=no \
5	    interface=Proxy network=192.168.3.28
6	add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
7	    interface=Public network=192.168.1.0
view source
print?

1	/interface pppoe-client
2	add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
3	    "PPPOE Speedy" dial-on-demand=no disabled=no interface=Public max-mru=\
4	    1480 max-mtu=1480 mrru=disabled name=Speedy password=****** profile=\
5	    default service-name="" use-peer-dns=no user=******@telkom.net
view source
print?
1	/ip dns
2	set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
3	    max-udp-packet-size=512 servers="125.160.4.82,203.130.196.155,203.130.196.\
4	    5,222.124.204.34,202.134.0.61,8.8.4.4,8.8.8.8"
view source
print?
1	/ip service
2	set telnet address=0.0.0.0/0 disabled=yes port=23
3	set ftp address=0.0.0.0/0 disabled=yes port=21
4	set www address=0.0.0.0/0 disabled=yes port=80
5	set ssh address=0.0.0.0/0 disabled=yes port=22
6	set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
7	set api address=0.0.0.0/0 disabled=yes port=8728
8	set winbox address=0.0.0.0/0 disabled=no port=8291
view source
print?
1	/system ntp client
2	set enabled=yes mode=unicast primary-ntp=131.107.13.100 secondary-ntp=\
3	    192.43.244.18
view source
print?
1	/ip service
2	set telnet address=0.0.0.0/0 disabled=yes port=23
3	set ftp address=0.0.0.0/0 disabled=yes port=21
4	set www address=0.0.0.0/0 disabled=yes port=80
5	set ssh address=0.0.0.0/0 disabled=yes port=22
6	set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
7	set api address=0.0.0.0/0 disabled=yes port=8728
8	set winbox address=0.0.0.0/0 disabled=no port=8291
view source
print?
1	/ip firewall address-list
2	add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET
3	add address=192.168.2.0/27 comment="" disabled=no list=ApisTECH

=================end of basic configuration=================

Untuk firewall filternya saya pake home firewalling aja, yang penting aman dari dalam dan luar….
view source
print?
001	/ip firewall filter
002	add action=drop chain=input comment="Drop Invalid connections" \
003	    connection-state=invalid disabled=no
004	add action=add-src-to-address-list address-list="port scanners" \
005	    address-list-timeout=2w chain=input comment="Port scanners to list " \
006	    disabled=no protocol=tcp psd=21,3s,3,1
007	add action=add-src-to-address-list address-list="port scanners" \
008	    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
009	    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
010	add action=add-src-to-address-list address-list="port scanners" \
011	    address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
012	    protocol=tcp tcp-flags=fin,syn
013	add action=add-src-to-address-list address-list="port scanners" \
014	    address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
015	    protocol=tcp tcp-flags=syn,rst
016	add action=add-src-to-address-list address-list="port scanners" \
017	    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
018	    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
019	add action=add-src-to-address-list address-list="port scanners" \
020	    address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
021	    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
022	add action=add-src-to-address-list address-list="port scanners" \
023	    address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
024	    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
025	add action=drop chain=input comment="Dropping port scanners" disabled=no \
026	    src-address-list="port scanners"
027	add action=accept chain=input comment="Allow Established connections" \
028	    connection-state=established disabled=no
029	add action=accept chain=input comment="Allow Related connections" \
030	    connection-state=related disabled=no
031	add action=accept chain=input comment="Allow ICMP from LOCAL Network" \
032	    disabled=no protocol=icmp src-address-list=ApisTECH
033	add action=accept chain=input comment="Allow ICMP from PROXY Network" \
034	    disabled=no protocol=icmp src-address-list=ProxyNET
035	add action=accept chain=input comment="Allow Input from LOCAL Network" \
036	    disabled=no src-address-list=ApisTECH
037	add action=accept chain=input comment="Allow Input from PROXY Network" \
038	    disabled=no src-address-list=ProxyNET
039	add action=drop chain=input comment="Drop everything else" disabled=no
040	add action=drop chain=forward comment="Drop Invalid connections" \
041	    connection-state=invalid disabled=no
042	add action=jump chain=forward comment="Bad packets filtering" disabled=no \
043	    jump-target=tcp protocol=tcp
044	add action=jump chain=forward comment="" disabled=no jump-target=udp \
045	    protocol=udp
046	add action=jump chain=forward comment="" disabled=no jump-target=icmp \
047	    protocol=icmp
048	add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
049	    protocol=tcp
050	add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
051	    protocol=tcp
052	add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
053	    111 protocol=tcp
054	add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
055	    135 protocol=tcp
056	add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
057	    protocol=tcp
058	add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
059	    protocol=tcp
060	add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
061	    protocol=tcp
062	add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
063	    12345-12346 protocol=tcp
064	add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
065	    protocol=tcp
066	add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
067	    3133 protocol=tcp
068	add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
069	    protocol=tcp
070	add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
071	add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
072	    protocol=udp
073	add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
074	    111 protocol=udp
075	add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
076	    135 protocol=udp
077	add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
078	    protocol=udp
079	add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
080	    protocol=udp
081	add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
082	    3133 protocol=udp
083	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
084	    icmp-options=0:0-255 limit=5,5 protocol=icmp
085	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
086	    icmp-options=3:0 protocol=icmp
087	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
088	    icmp-options=3:3 limit=5,5 protocol=icmp
089	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
090	    icmp-options=3:4 limit=5,5 protocol=icmp
091	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
092	    icmp-options=8:0-255 limit=5,5 protocol=icmp
093	add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
094	    icmp-options=11:0-255 limit=5,5 protocol=icmp
095	add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
096	add action=accept chain=forward comment="Allow Established connections" \
097	    connection-state=established disabled=no
098	add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
099	    disabled=no src-address-list=ApisTECH
100	add action=accept chain=forward comment="Allow Forward from PROXY Network" \
101	    disabled=no src-address-list=ProxyNET
102	add action=drop chain=forward comment="Drop everything else" disabled=no

Untuk NAT nya sebagai berikut :
view source
print?
01	/ip firewall nat
02	add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
03	    dst-port=53 in-interface=Local protocol=udp to-ports=53
04	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
05	    in-interface=Local protocol=tcp to-ports=53
06	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
07	    in-interface=Proxy protocol=udp to-ports=53
08	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
09	    in-interface=Proxy protocol=tcp to-ports=53
10	add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
11	    dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
12	    protocol=tcp to-addresses=192.168.3.29 to-ports=3128
13	add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address=\
14	    192.168.2.30 dst-port=22,81,10000 in-interface=Local protocol=tcp \
15	    to-addresses=192.168.3.29
16	add action=masquerade chain=srcnat comment="MASQUERADE MODEM" disabled=no \
17	    out-interface=Public
18	add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no \
19	    out-interface=Speedy

Penjelasan :
- Transparent DNS agar client tidak bisa menggunakan NS selain yang terpasang di mikrotik
- Masquerade pada modem agar modem dapat diakses dari client*
- Mengarahkan rikwes dari client tujuan port 80,8080,3128 ke squid external (TSL)
- Services yang digunakan pada TSL yaitu http (port 81), SSH (port 22) dan webmin (port 10000)

*)Ditemukan secara tidak sengaja oleh senpai cipete I-HO menurut pengakuannya sih

Untuk manglenya biar saya jelaskan satu-persatu biar ga bingung :
view source
print?
1	/ip firewall mangle
2	add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
3	    dscp=12 new-packet-mark=proxy-hit passthrough=no

Menandai paket proxy-hit dari external proxy yang nantinya pada rule queue diberikan kebebasan tanpa proses limitasi
view source
print?
01	add action=change-dscp chain=postrouting comment=CRITICAL disabled=no \
02	    new-dscp=1 protocol=icmp
03	add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
04	    new-dscp=1 protocol=udp
05	add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
06	    new-dscp=1 protocol=tcp
07	add action=mark-connection chain=postrouting comment="" disabled=no dscp=1 \
08	    new-connection-mark=critical_conn passthrough=yes
09	add action=mark-packet chain=postrouting comment="" connection-mark=\
10	    critical_conn disabled=no new-packet-mark=critical_pkt passthrough=no

Menandai paket ICMP dan DNS request untuk diberikan prioritas tertinggi
view source
print?
01	add action=mark-connection chain=prerouting comment=MARK-ALL-CONN disabled=no \
02	    dst-address-list=!ApisTECH in-interface=Local new-connection-mark=\
03	    all.pre_conn passthrough=yes
04	add action=mark-connection chain=forward comment="" disabled=no \
05	    new-connection-mark=all.post_conn out-interface=Local passthrough=yes \
06	    src-address-list=!ApisTECH
07	add action=mark-packet chain=prerouting comment="" connection-mark=\
08	    all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
09	add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \
10	    disabled=no new-packet-mark=all.post_pkt passthrough=yes

Menandai SEMUA paket keluar masuk dari Local interface SELAIN ke Local Address
view source
print?
1	add action=mark-connection chain=prerouting comment=GAMES connection-mark=\
2	    all.pre_conn disabled=no dst-port=9339,843 new-connection-mark=games_conn \
3	    passthrough=yes protocol=tcp
4	add action=mark-connection chain=prerouting comment="" connection-mark=\
5	    all.pre_conn disabled=no dst-port=40000-40010 new-connection-mark=\
6	    games_conn passthrough=yes protocol=udp
7	add action=mark-packet chain=forward comment="" connection-mark=games_conn \
8	    disabled=no new-packet-mark=games_pkt passthrough=no

Menandai Paket2 GAMES untuk diberikan prioritas KEDUA
view source
print?
01	add action=mark-connection chain=prerouting comment=HTTP-CLIENT \
02	    connection-mark=all.pre_conn disabled=no new-connection-mark=\
03	    browsing_conn packet-size=0-64 passthrough=yes protocol=tcp tcp-flags=ack
04	add action=mark-connection chain=prerouting comment="" connection-mark=\
05	    all.pre_conn disabled=no dst-port=80,443 new-connection-mark=\
06	    browsing_conn passthrough=yes protocol=tcp
07	add action=mark-packet chain=forward comment="" connection-bytes=0-131072 \
08	    connection-mark=browsing_conn disabled=no new-packet-mark=browsing_pkt \
09	    passthrough=no protocol=tcp
10	add action=mark-connection chain=prerouting comment=HTTP-PROXY disabled=no \
11	    dst-address-list=!ApisTECH dst-port=80,443 new-connection-mark=proxy_conn \
12	    passthrough=yes protocol=tcp src-address-list=ProxyNET
13	add action=mark-packet chain=forward comment="" connection-mark=proxy_conn \
14	    disabled=no new-packet-mark=proxy_pkt passthrough=no

Menandai paket untuk browsing TERMASUK http req dari external proxy dengan conn-byte=0-131072 serta paket2 protocol tcp yang berukuran kecil (packet-size=0-64 tcp-flags=ack) untuk diberikan prioritas KETIGA
view source
print?
1	add action=mark-connection chain=prerouting comment=REALTIME connection-mark=\
2	    all.pre_conn disabled=no dst-port=22,179,110,161,8291 \
3	    new-connection-mark=realtime_conn passthrough=yes protocol=tcp
4	add action=mark-connection chain=prerouting comment="" connection-mark=\
5	    all.pre_conn disabled=no dst-port=123 new-connection-mark=realtime_conn \
6	    passthrough=yes protocol=udp
7	add action=mark-packet chain=forward comment="" connection-mark=realtime_conn \
8	    disabled=no new-packet-mark=realtime_pkt passthrough=no

Menandai paket2 REALTIME ACCESS untuk diberikan prioritas KEEMPAT
view source
print?
1	add action=mark-connection chain=prerouting comment=FILETRANSER \
2	    connection-mark=all.pre_conn disabled=no dst-port=20,21,23 \
3	    new-connection-mark=communication_conn passthrough=yes protocol=tcp
4	add action=mark-packet chain=forward comment="" connection-mark=\
5	    communication_conn disabled=no new-packet-mark=communication_pkt \
6	    passthrough=no

Menandai paket2 FILETRANSFER untuk diberikan prioritas KELIMA
view source
print?
1	add action=mark-connection chain=prerouting comment=NORMAL connection-mark=\
2	    all.pre_conn disabled=no dst-address-list=!ProxyNET new-connection-mark=\
3	    normal_conn passthrough=yes
4	add action=mark-packet chain=forward comment="" connection-mark=normal_conn \
5	    disabled=no new-packet-mark=normal_pkt passthrough=no

Menandai semua paket yang tersisa SELAIN tujuan Proxy untuk diberikan prioritas KEENAM
view source
print?
1	add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=\
2	    131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
3	    192.168.2.1 new-packet-mark=ApisTECH01.d_pkt passthrough=no protocol=tcp
4	add action=mark-packet chain=forward comment="" connection-bytes=\
5	    131072-4294967295 connection-mark=all.post_conn disabled=no dst-address=\
6	    192.168.2.2 new-packet-mark=ApisTECH02.d_pkt passthrough=no protocol=tcp

………………..dst sampe jumlah client terpenuhi semua

Menandai paket protocol tcp yang diteruskan ke client untuk memberikan batasan download pada masing-masing client dengan conn-byte=131072-4294967295

Setelah itu buat queue type nya
view source
print?
01	/queue type
02	add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=200 pcq-rate=0 \
03	    pcq-total-limit=8000
04	add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=200 pcq-rate=\
05	    0 pcq-total-limit=8000
06	add kind=pfifo name=pfifo-critical pfifo-limit=10
07	add kind=pcq name=pcq_critical.up pcq-classifier=src-address,src-port \
08	    pcq-limit=20 pcq-rate=0 pcq-total-limit=500
09	add kind=pcq name=pcq_critical.down pcq-classifier=dst-address,dst-port \
10	    pcq-limit=20 pcq-rate=0 pcq-total-limit=500

Setelah itu menambahkan queue tree nya…..
view source
print?
1	/queue tree
2	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
3	    max-limit=0 name="A. PROXY HIT" packet-mark=proxy-hit parent=Local \
4	    priority=1 queue=default
5	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
6	    max-limit=0 name="B. CRITICAL" packet-mark=critical_pkt parent=Speedy \
7	    priority=1 queue=pfifo-critical

Tanpa limit dengan prioritas pertama untuk proxy hit dan critical
view source
print?
1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
2	    max-limit=0 name="C. INBOUND" packet-mark=all.post_pkt parent=global-out \
3	    priority=8
4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
5	    max-limit=0 name="D. OUTBOUND" packet-mark=all.pre_pkt parent=Speedy \
6	    priority=8

Membuat parent untuk inbound (traffic masuk ke client) dan outbound (traffic keluar dari pppoe speedy)

Untuk child INBOUND nya saya bagi menjadi beberapa prioritas seperti berikut :
view source
print?
01	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
02	    max-limit=0 name="A. GAMES" packet-mark=games_pkt parent="C. INBOUND" \
03	    priority=2 queue=pcq_critical.down
04	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
05	    max-limit=0 name="B. HTTP" packet-mark=browsing_pkt parent="C. INBOUND" \
06	    priority=3 queue=pcq_down
07	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
08	    max-limit=128k name="C. REALTIME" packet-mark=realtime_pkt parent=\
09	    "C. INBOUND" priority=4 queue=pcq_critical.down
10	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
11	    max-limit=128k name="D. FILETRANS" packet-mark=communication_pkt parent=\
12	    "C. INBOUND" priority=5 queue=pcq_down
13	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
14	    max-limit=128k name="E. NORMAL" packet-mark=normal_pkt parent=\
15	    "C. INBOUND" priority=6 queue=pcq_down

Kemudian bikin parent untuk download per client nya :
view source
print?
1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
2	    max-limit=1024k name="F. DOWN 1M" parent="C. INBOUND" priority=8
3	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
4	    max-limit=0 name="G. DOWN 2M" parent="C. INBOUND" priority=8

Disini saya buat 2 parent untuk 1M dan 2M (atau tanpa limit)
Setelah itu bikin child nya, untuk memberikan batasan download per clientnya
view source
print?
1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
2	    max-limit=256k name=ApisTECH01-D packet-mark=ApisTECH01.d_pkt parent=\
3	    "F. DOWN 1M" priority=8 queue=pcq_down
4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
5	    max-limit=256k name=ApisTECH02-D packet-mark=ApisTECH02.d_pkt parent=\
6	    "F. DOWN 1M" priority=8 queue=pcq_down

…………………..dst sampe semua paket ke masing2 client terpenuhi

Batasan download sebesar 1M untuk semua client dan maksimum 256k per client
view source
print?
1	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
2	    max-limit=0 name=ApisTECH27-D packet-mark=ApisTECH27.d_pkt parent=\
3	    "G. DOWN 2M" priority=8 queue=pcq_down
4	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
5	    max-limit=0 name=ApisTECH28-D packet-mark=ApisTECH28.d_pkt parent=\
6	    "G. DOWN 2M" priority=8 queue=pcq_down

Tanpa batasan download untuk IP 192.168.2.27 dan 192.168.2.28

Setelah itu bikin limit untuk uploadnya
view source
print?
01	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
02	    max-limit=0 name="A. GAMES UP" packet-mark=games_pkt parent="D. OUTBOUND" \
03	    priority=2 queue=pcq_critical.up
04	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
05	    max-limit=256k name="B. HTTP UP" packet-mark=proxy_pkt parent=\
06	    "D. OUTBOUND" priority=3 queue=pcq_up
07	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=32k \
08	    max-limit=64k name="C. REALTIME UP" packet-mark=realtime_pkt parent=\
09	    "D. OUTBOUND" priority=4 queue=pcq_critical.up
10	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
11	    max-limit=128k name="D. FILETRANS UP" packet-mark=communication_pkt \
12	    parent="D. OUTBOUND" priority=5 queue=pcq_up
13	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
14	    max-limit=128k name="E. NORMAL UP" packet-mark=normal_pkt parent=\
15	    "D. OUTBOUND" priority=6 queue=pcq_up

Diurutkan berdasarkan prioritas paket keluar, mulai dari games, http request, realtime connection, filetransfer dan normal request

Hasil akhir yang saya capai, masing2 client tidak terganggu oleh aktifitas download ketika mereka browsing atau maen games, baik pada saat user sedang uploadpun tidak mengganggu/memperbesar latency games…. sependek pengetahuan saya soal mikrotik setelah beberapa kali uji coba, mungkin ini setingan terbaik yang pernah saya buat.

Terimakasih kepada pihak-pihak yang telah membantu mengenalkan saya kepada mikrotik, terutama rekan-rekan warnetters KASKUS. Silahkan contoh diatas dikembangkan lagi, biar mikrotiknya ngga cmn berfungsi sokor konek, sing penting nyambung…..

:D