[admin@BM somebody] ip route> pr Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf # DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE 0 ADC 6n.21n.6.0/28 6n.21n.6.14 Local 1 ADC 6n.21n.6.16/28 6n.21n.6.30 Local 2 ADC 6n.21n.6.32/28 6n.21n.6.47 Local 3 ADC 6n.21n.6.32/27 6n.21n.6.62 Local 4 ADC 6n.21n.6.64/28 6n.21n.6.78 Local 5 ADC 6n.21n.6.80/28 6n.21n.6.94 Local 6 A S ;;; XXX Routing 6n.21n.6.96/28 6n.21n.6.126 r 6n.21n.6.12n Local 7 A S 6n.21n.6.112/29 6n.21n.6.126 r 6n.21n.6.12n Local 8 ADC 6n.21n.6.120/29 6n.21n.6.126 Local 9 ADC 6n.21n.6.128/30 6n.21n.6.129 Public 10 ADC 6n.21n.6.136/29 6n.21n.6.139 Public 11 ADC 6n.21n.6.144/28 6n.21n.6.158 Local 12 A S ;;; dari hotel ke internet 12n.81.64.0/25 22n.12n.4.190 r 22n.12n.4.189 Public 13 A S 125.162.59.0/24 22n.12n.4.190 r 22n.12n.4.189 Public 14 ADC 192.168.168.0/24 192.168.168.1 Local 15 A S 202.0.0.0/8 22n.12n.4.190 r 22n.12n.4.189 Public 16 A S 203.0.0.0/8 22n.12n.4.190 r 22n.12n.4.189 Public 17 ADC 22n.12n.4.176/29 22n.12n.4.182 Local 18 ADC 22n.12n.4.184/29 22n.12n.4.190 Public 19 X S ;;; Via IPricot 0.0.0.0/0 u 6n.21n.6.130 20 X S ;;; Via Cisco 0.0.0.0/0 r 6n.21n.6.138 Public 21 X S ;;; Via SDSL 0.0.0.0/0 r 22n.12n.4.189 Public 22 A S ;;; Static Equal Routing 0.0.0.0/0 r 6n.21n.6.138 Public [admin@BM somebody] ip address> pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 ;;; Gateway somebody 6n.21n.6.14/28 6n.21n.6.0 6n.21n.6.15 Local 1 ;;; Gateway VIP 6n.21n.6.30/28 6n.21n.6.16 6n.21n.6.31 Local 2 ;;; Gateway Middle 6n.21n.6.62/27 6n.21n.6.32 6n.21n.6.63 Local 3 ;;; Gateway Soho 6n.21n.6.78/28 6n.21n.6.64 6n.21n.6.79 Local 4 ;;; Gateway Hotel 6n.21n.6.94/28 6n.21n.6.80 6n.21n.6.95 Local 5 22n.12n.4.190/29 22n.12n.4.184 22n.12n.4.191 Public 6 6n.21n.6.139/29 6n.21n.6.136 6n.21n.6.143 Public 7 ;;; Toko X Network 192.168.168.1/24 192.168.168.0 192.168.168.255 Local 8 6n.21n.6.47/28 6n.21n.6.32 6n.21n.6.47 Local 9 ;;; Network Gateway 6n.21n.6.129/30 6n.21n.6.128 6n.21n.6.131 Public 10 ;;; Gateway XXX 6n.21n.6.126/29 6n.21n.6.120 6n.21n.6.127 Local 11 ;;; RT / RW Net Gateway 6n.21n.6.158/28 6n.21n.6.144 6n.21n.6.159 Local 12 ;;; Block IP SDSL 22n.12n.4.182/29 22n.12n.4.176 22n.12n.4.183 Local [admin@BM somebody] ip firewall nat> pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=dstnat in-interface=Local src-address=6n.21n.6.0/24 dst-address=!6n.21n.6.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=6n.21n.6.140 to-ports=8080 1 chain=dstnat in-interface=Local src-address=192.168.60.0/26 dst-address=!6n.21n.6.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=6n.21n.6.140 to-ports=8080 2 chain=dstnat in-interface=Local src-address=192.168.61.0/26 dst-address=!6n.21n.6.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=6n.21n.6.140 to-ports=8080 3 chain=dstnat in-interface=Local src-address=192.168.168.0/24 dst-address=!6n.21n.6.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=6n.21n.6.140 to-ports=8080 4 ;;; Block Toko X chain=srcnat out-interface=Public src-address=192.168.168.0/24 action=src-nat to-addresses=6n.21n.6.47 to-ports=0-65535 5 ;;; Block RT / RW Tempat X chain=srcnat out-interface=Public src-address=192.168.60.0/26 action=src-nat to-addresses=6n.21n.6.145 to-ports=0-65535 6 ;;; Tempat Y RT / RW chain=srcnat out-interface=Public src-address=192.168.61.0/26 action=src-nat to-addresses=6n.21n.6.146 to-ports=0-65535 7 chain=srcnat out-interface=Public src-address=6n.21n.6.0/24 dst-address=202.0.0.0/8 action=src-nat to-addresses=22n.12n.4.190 to-ports=0-65535 8 chain=srcnat out-interface=Public src-address=6n.21n.6.0/24 dst-address=203.0.0.0/8 action=src-nat to-addresses=22n.12n.4.190 to-ports=0-65535 [admin@BM somebody] ip firewall mangle> pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting in-interface=Local protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes 1 chain=prerouting in-interface=Local protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http_conn passthrough=yes 2 chain=prerouting in-interface=Local protocol=tcp dst-port=21 action=mark-connection new-connection-mark=http_conn passthrough=yes 3 chain=prerouting in-interface=Local protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes 4 chain=prerouting in-interface=Local protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes 5 chain=prerouting in-interface=Local protocol=tcp dst-port=5050-5061 action=mark-connection new-connection-mark=ym_con> passthrough=yes 6 chain=prerouting in-interface=Local protocol=udp dst-port=27015 action=mark-connection new-connection-mark=cs_conn passthrough=yes 7 chain=prerouting in-interface=Local protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=irc_conn passthrough=yes 8 chain=prerouting in-interface=Local protocol=tcp dst-port=8291 action=mark-connection new-connection-mark=mt_conn passthrough=yes 9 chain=prerouting in-interface=Local protocol=tcp dst-port=110 action=mark-connection new-connection-mark=http_conn passthrough=yes 10 chain=prerouting in-interface=Local protocol=tcp dst-port=25 action=mark-connection new-connection-mark=http_conn passthrough=yes 11 chain=prerouting in-interface=Local protocol=tcp dst-port=22 action=mark-connection new-connection-mark=ssh_conn passthrough=yes 12 ;;; P2P Traffic chain=prerouting in-interface=Local protocol=tcp p2p=all-p2p action=mark-connection new-connection-mark=http_conn passthrough=yes 13 chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no 14 chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-mark=dns passthrough=no 15 chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-mark=ym passthrough=no 16 chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-mark=cs passthrough=no 17 chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-mark=irc passthrough=no 18 chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-mark=mt passthrough=no 19 chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-mark=ssh passthrough=no 20 X ;;; mark all indonesia source connection traffic chain=forward src-address-list=nice action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes 21 X ;;; mark all indonesia destination connection traffic chain=forward dst-address-list=nice action=mark-connection new-connection-mark=mark-con-indonesia passthrough=yes 22 X ;;; mark all overseas source connection traffic chain=forward src-address-list=!nice action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes 23 X ;;; mark all overseas destination connection traffic chain=forward dst-address-list=!nice action=mark-connection new-connection-mark=mark-con-overseas passthrough=yes 24 X ;;; mark all indonesia traffic chain=prerouting connection-mark=mark-con-indonesia action=mark-packet new-packet-mark=indonesia passthrough=yes 25 X ;;; mark all overseas traffic chain=prerouting connection-mark=mark-con-overseas action=mark-packet new-packet-mark=overseas passthrough=yes [admin@BM somebody] ip firewall address-list> pr Flags: X - disabled, D - dynamic # LIST ADDRESS 0 D black_list 202.78.168.20 1 D black_list 165.98.233.4 2 D black_list 21n.239.98.111 3 D black_list 80.139.162.119 4 D black_list 22n.12n.33.226 5 D black_list 190.64.107.17 6 D black_list 60.28.200.143 7 D black_list 202.145.3.155 8 D black_list 200.57.146.137 9 D black_list 193.130.133.4 10 D black_list 218.20.218.251 ######################################################################## Documentation,Editing,Optimization by baratev.sourceforge.net ########################################################################