{"id":62,"date":"2011-02-09T12:55:16","date_gmt":"2011-02-09T12:55:16","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=62"},"modified":"2012-08-08T00:15:35","modified_gmt":"2012-08-08T00:15:35","slug":"62","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/02\/09\/62\/","title":{"rendered":"Packet Shaping &#8211; Packet Filter di FreeBSD"},"content":{"rendered":"<p>Original Link :\u00a0 <a href=\"http:\/\/unilanet.unila.ac.id\/~gigih\/index.php?option=com_content&amp;task=view&amp;id=37&amp;Itemid=34\">http:\/\/unilanet.unila.ac.id\/~gigih\/index.php?option=com_content&amp;task=view&amp;id=37&amp;Itemid=34<\/a><\/p>\n<p>Banyak yang tanya ke Gue gimana sih cara mengatur bandwidth, kalo mesin servernya Pake FreeBSD<\/p>\n<p>di FreeBSD dikenal ALTQ yang berfungsi sebagai traffick shapper untuk membatasi bandwith client. Sebelum versi FreeBSD 5.3 keluar service NAT,Firewall,ALTQ\u00a0\u00a0 diinstall terpisah,\u00a0 Setelah generasi 5.xx keluar, muncul teknologi baru di FREEBSD yaitu PF (Packet Filter).<\/p>\n<p>Teknologi ini merupakan penggabungan dari service NAT,Firewall,ALTQ dalam satu kesatuan yang utuh.<\/p>\n<p>Ok lansung aja deh kita eksperiment, otre&#8230;&#8230;.<!--more--><\/p>\n<p>Asumsi saya, Mesin yang akan kita konfigurasi sudah terhubung dengan jaringan bisa ping-pingan dan bisa resolv DNS. Jika belom baca lagi deh manual gua tentang<\/p>\n<p>pemberian &#8220;identitas&#8221; pada FreeBSD<\/p>\n<p>pastikan bahwa\u00a0\u00a0 statement\u00a0 pf_enable=&#8221;YES&#8221; telah dimasukkan di \/etc\/rc.conf<\/p>\n<p>Jika udah langsung aja buak editor Vi kesayangan anda<\/p>\n<p>Dibawah ini merupakan contoh\u00a0 konfigurasi Traffick shapping dengan Menggunakan PF<\/p>\n<p>proxy# vi \/etc\/pf.conf<\/p>\n<table border=\"0\" width=\"702\">\n<tbody>\n<tr>\n<td>############################################################<br \/>\n# Basic (Working) RULE For BSD TELKOM GW<br \/>\n# NO IMPROVEMENT YET<br \/>\n# Update 07-12-2005<br \/>\n# Gigih Forda Nama :<br \/>\n############################################################&nbsp;<\/p>\n<p>eIF\u00a0 = &#8220;rl0&#8221;\u00a0 ## Menuju ke TELKOM<br \/>\niIF\u00a0 = &#8220;em0&#8221; ## Network 1<br \/>\ndIF\u00a0 = &#8220;re0&#8221;\u00a0 ## Ke Inherent Dikti<\/p>\n<p>altq on $iIF hfsc bandwidth 40Mb queue { local, internet }<br \/>\nqueue internet bandwidth 4Mb { qPROXY, qGIGIH, qGATEDIAL, qWIFI, qMGT, qAKT, qBBS, qSCSC }<\/p>\n<p>queue qPROXY bandwidth 2744Kb priority 5 hfsc(realtime 2744Kb<br \/>\nupperlimit 2744Kb linkshare 60% red)<br \/>\nqueue qGATEDIAL bandwidth 400Kb priority 4 hfsc(realtime 400Kb<br \/>\nupperlimit 400Kb linkshare 10% red)<br \/>\nqueue qMGT bandwidth 64Kb priority 4 hfsc(realtime 66Kb<br \/>\nupperlimit 66Kb linkshare 5% red)<br \/>\nqueue qAKT bandwidth 64Kb priority 4 hfsc(realtime 66Kb<br \/>\nupperlimit 66Kb linkshare 5% red)<br \/>\nqueue qSCSC bandwidth 64Kb priority 4 hfsc(realtime 64Kb<br \/>\nupperlimit 64Kb linkshare 1% red)<br \/>\nqueue qWIFI bandwidth 256Kb priority 4 hfsc(realtime 256Kb<br \/>\nupperlimit 256Kb linkshare 3% red)<br \/>\nqueue qGIGIH bandwidth 64Kb priority 4 hfsc(realtime 64Kb<br \/>\nupperlimit 64Kb linkshare 1% red)<br \/>\nqueue qBBS bandwidth 128Kb priority 4 hfsc(realtime 256Kb<br \/>\nupperlimit 1500Kb linkshare 5% red)<br \/>\nqueue local bandwidth 90% hfsc(default)<\/p>\n<p>nat on $dIF from 192.168.1.1 to 152.118.0.0\/16 -&gt; 203.88.66.49<br \/>\nnat on $dIF from 192.168.1.204 to 167.205.0.0\/16 -&gt;\u00a0 167.205.143.5<\/p>\n<p>binat on $dIF from 192.168.10.252 to any -&gt; 167.205.143.9<\/p>\n<p>##### 2). Rules KE UI\u00a0\u00a0 #########<br \/>\nnat\u00a0\u00a0\u00a0\u00a0\u00a0 on $dIF from {192.168.9.9,192.168.113.0\/24}\u00a0\u00a0 to\u00a0 152.118.0.0\/16 -&gt; 167.205.143.10<br \/>\n##### 3). RULES\u00a0 KE UGM\u00a0\u00a0 #######<br \/>\nnat\u00a0\u00a0\u00a0\u00a0\u00a0 on $dIF from { 192.168.90.0\/24,192.168.112.0\/24,192.168.113.0\/24}\u00a0\u00a0 to\u00a0 222.124.0.0\/16 -&gt; 167.205.143.10<\/p>\n<p>## Transparent PROXY SQUID<br \/>\nrdr on $iIF inet proto tcp from 192.168.1.0\/24 to !192.168.0.0\/16 port www -&gt; 127.0.0.1 port 3128<\/p>\n<p># from lan to internet<br \/>\npass in\u00a0 log on $iIF inet from any to any<br \/>\npass out log on $iIF inet from any to any<\/p>\n<p>pass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet from 192.168.1.0\/24 to any keep state queue qBBS<br \/>\npass\u00a0 in\u00a0 log on $iIF inet from 192.168.1.0\/24 to<br \/>\n{ $iIF, 172.16.1.0\/27, 203.88.66.32\/27, 202.72.204.32\/27, 202.174.156.128\/27 } keep state<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.1.0\/24 to { 127.0.0.1, $iIF:0 } port 3128 keep state queue qBBS<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.1.215\u00a0 to any keep state queue qGATEDIAL<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from {192.168.1.235,192.168.9.13,192.168.9.0\/24}\u00a0 to any keep state queue qWIFI<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from { 192.168.112.15, 192.168.112.16 } to any keep state queue qMGT<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from { 192.168.113.8 } to any keep state queue qAKT<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.1.115\u00a0\u00a0\u00a0 to $iIF:0 port 3128 keep state queue qPROXY<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.30.2\u00a0\u00a0 to any keep state queue qSCSC<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.1.204 to any\u00a0 keep state queue qGIGIH<br \/>\npass\u00a0 in\u00a0\u00a0\u00a0\u00a0\u00a0 on $iIF inet proto tcp from 192.168.0.0\/16 to $iIF:0 port 8080 keep state queue qSQAUTH<\/p>\n<p>pass\u00a0 out log on $iIF inet proto tcp from $iIF to any keep state flags S\/SA<\/p>\n<p>pass quick on lo0 all<br \/>\n#pass in all<br \/>\npass out all<\/p>\n<p>pass quick on $eIF from any to any<br \/>\npass quick on $dIF from any to any<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Yang mesti diingat, urut-urutan dari PF ini harus benar<\/p>\n<ul>\n<li>Rules ALTQ pada posisi paling atas<\/li>\n<li>Rules NAT harus setelah ALQ<\/li>\n<li>Rule firewall setelah NAT<\/li>\n<\/ul>\n<p>jika urutan nya tidak sesuai maka akan tampil pesan error, please be ware<\/p>\n<p>Setelah itu reboot server anda<\/p>\n<p>untuk mengecek apakah ALTQ sudah berjalan sesuai harapan ketik command berikut<\/p>\n<p>pfctl -vvsq<\/p>\n<p>Selamat mencoba, semoga bermanfaat<\/p>\n<p>please leave a comment\u00a0 if u feel confious<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Original Link :\u00a0 http:\/\/unilanet.unila.ac.id\/~gigih\/index.php?option=com_content&amp;task=view&amp;id=37&amp;Itemid=34 Banyak yang tanya ke Gue gimana sih cara mengatur bandwidth, kalo mesin servernya Pake FreeBSD di FreeBSD dikenal ALTQ yang berfungsi sebagai traffick shapper untuk membatasi bandwith client. Sebelum versi FreeBSD 5.3 keluar service NAT,Firewall,ALTQ\u00a0\u00a0 diinstall terpisah,\u00a0 Setelah generasi 5.xx keluar, muncul teknologi baru di FREEBSD yaitu PF (Packet Filter). Teknologi &hellip; <a href=\"https:\/\/dosen.unila.ac.id\/gigih\/2011\/02\/09\/62\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Packet Shaping &#8211; Packet Filter di FreeBSD&#8221;<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,5],"tags":[],"class_list":["post-62","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-old-post-dari-unilanet"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/62"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}