«
»

Mikrotik sebagai gateway internet (step by step)

Mengganti nama hostname

[admin@Mikrotik] > system identity set name=kaltik

[admin@kaltik] >

Mengganti password default

[admin@kaltik] > password

old password: *****

new password: *****

retype new password: *****

[admin@kaltik] >

Melihat interface card

[admin@kaltik] > interface print

Flags: D – dynamic, X – disabled, R – running, S – slave

# NAME TYPE MTU

0 R ether1 ether 1500

1 R ether2 ether 1500

Jika interfacenya ada tanda X (disabled) setelah nomor (0,1), maka periksa lagi
etherned cardnya, seharusnya R (running).

Setting IP Address

Memberikan IP address pada interface Mikrotik. Misalkan Ether2 akan kita gunakan untuk
koneksi ke Internet (WAN) dengan IP 192.168.2.1 dan Ether1 akan kita gunakan untuk network LAN
kita dengan IP 192.168.1.1

[admin@kaltik] > ip address add address=192.168.1.1 netmask=255.255.255.0 interface=ether1

[admin@kaltik] > ip address add address=192.168.2.1 netmask=255.255.255.0 interface=ether2

Melihat konfigurasi IP address yang sudah kita berikan

[admin@kaltik] > ip address print

Flags: X – disabled, I – invalid, D – dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether1

1 192.168.2.1/24 192.168.2.0 192.168.2.255 ether2

[admin@kaltik] >

Gateway

Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah 192.168.2.1

[admin@kaltik] > ip route add gateway=192.168.2.3

Melihat Tabel routing pada Mikrotik Routers

[admin@kaltik] > ip route print

Flags: X – disabled, A – active, D – dynamic, C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,

B – blackhole, U – unreachable, P – prohibit

# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 reachable 192.168.2.3 1 ether2

1 ADC 192.168.1.0/24 192.168.1.1 0 ether1

2 ADC 192.168.2.0/24 192.168.2.1 0 ether2

Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar

[admin@kaltik] > ping 192.168.2.3

192.168.2.3 64 byte ping: ttl=64 time<1 ms

NAT (Network Address Translation)

[admin@kaltik] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether2

Setup Masquerading

Jika Mikrotik akan kita pergunakan sebagai gateway server, maka agar client computer pada network dapat terkoneksi ke internet perlu kita masquerading.

[admin@kaltik] > ip firewall nat print

Flags: X – disabled, I – invalid, D – dynamic

0 chain=srcnat action=masquerade out-interface=ether2

Name server

Setup DNS pada Mikrotik Routers, misalkan DNS dengan Ip Addressnya
Primary =192.168.1.1, Secondary = 202.134.0.155

[admin@kaltik] > ip dns set primary-dns=192.168.1.1 allow-remote-requests=yes

[admin@kaltik] > ip dns set secondary-dns=202.134.0.155 allow-remote-requests=yes

Melihat konfigurasi DNS

[admin@kaltik] > ip dns print

primary-dns: 192.168.1.1

secondary-dns: 202.134.0.155

allow-remote-requests: yes

max-udp-packet-size: 512

cache-size: 2048KiB

cache-max-ttl: 1w

cache-used: 5KiB

Tes untuk akses domain, misalnya dengan ping nama domain

[admin@kaltik] > ping www.yahoo.com
216.109.112.135 64 byte ping: ttl=48 time=250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 571/571.0/571 ms

Jika sudah berhasil reply berarti seting DNS sudah benar.

Selesai…

Materi ini di ambil dari www.belajar-bareng.co.cc, dengan sidikit modifikasi.

Materi ini sudah di ujicoba oleh www.agnubis.wordpress.com, dan berjalan dengan baik.

Siapa saja boleh mengambil/memodifikasi materi dari site ini tanpa harus meminta ijin dari penulis.

DHCP (Dynamic Host Configuration Protocol) Server

Tambahkan IP address pool

[admin@kaltik] > ip pool add name=dhcp-pool1 ranges=192.168.1.100-192.168.1.200

[admin@kaltik] > ip dhcp-server network add address=192.168.1.0/24 gateway=192.1

68.1.1 dns-server=192.168.1.1,202.134.0.155 \ comment=”kaltik.net”

[admin@kaltik] > ip dhcp-server add interface=ether1 address-pool=dhcp-pool1

Lihat status DHCP server

[admin@kaltik] > ip dhcp-server network print

# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN

0 ;;; kaltik

192.168.1.0/24 192.168.1.1 192.168.1.1

202.134.0.155

[admin@kaltik] > ip dhcp-server print

Flags: X – disabled, I – invalid

# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP

0 X dhcp1 ether1 dhcp-pool1 3d

Tanda X menyatakan bahwa DHCP server belum active.

Mangaktifkan DHCP Server

[admin@kaltik] > ip dhcp-server enable 0

Transparent Proxy Server

Proxy server merupakan program yang dapat mempercepat akses ke suatu web yang sudah diakses oleh komputer lain, karena sudah di simpan didalam caching server.Transparent proxy menguntungkan dalam management client, karena system administrator tidak perlu lagi melakukan setup proxy disetiap browser komputer client karena redirection dilakukan otomatis di sisi server.

Setting web proxy

[admin@kaltik] > ip web-proxy set enabled=yes src-address=0.0.0.0 port=8080

\ hostname=”jigscratch.com” transparent-proxy=yes

\ parent-proxy=0.0.0.0:0 cache-administrator=”kalman@jig@scratch.com”

\ max-object-size=131072KiB cache-drive=system max-cache-size=unlimited

\ max-ram-cache-size=unlimited

note : tidak ada tab

hostname=”jigscratch.com “

parent-proxy=0.0.0.0:0

max-object-size=131072KiB

cache-drive=sys

Setting firewall untuk Transparant Proxy

[admin@kaltik] > ip firewall nat

add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 \ comment=”" disabled=no

add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 \ comment=”" disabled=no

add chain=dstnat protocol=tcp dst-port=8000 action=redirect to-ports=8080 \ comment=”" disabled=no

note : tidak ada tab

comment=””

Melihat hasil konfigurasi web-proxy

[admin@kaltik] > ip web-proxy print

enabled: yes

src-address: 0.0.0.0

port: 8080

hostname: “jigscratch.com”

transparent-proxy: yes

parent-proxy: 0.0.0.0:0

cache-administrator: “kalman@jig@scratch.com”

max-object-size: 131072KiB

cache-drive: system

max-cache-size: unlimited

max-ram-cache-size: unlimited

status: running

reserved-for-cache: 8276992KiB

reserved-for-ram-cache: 2048KiB

Monitoring kerja web-proxy

[admin@kaltik] > ip web-proxy print

enabled: yes

src-address: 0.0.0.0

port: 8080

hostname: “jigscratch.com”

transparent-proxy: yes

parent-proxy: 0.0.0.0:0

cache-administrator: “kalman@jig@scratch.com”

max-object-size: 131072KiB

cache-drive: system

max-cache-size: unlimited

max-ram-cache-size: unlimited

status: running

reserved-for-cache: 8276992KiB

reserved-for-ram-cache: 2048KiB

[admin@kaltik] > ip web-proxy monitor

status: running

uptime: 39m37s

clients: 0

requests: 0

hits: 0

cache-size: 0KiB

ram-storage-size: 100KiB

received-from-servers: 0KiB

sent-to-clients: 0KiB

hits-sent-to-clients: 0KiB

– [Q quit|D dump|C-z pause]

Bandwidth Management

Simple Queue

Download di limit , upload tidak dilimit

[admin@kaltik] queue simple> add name=”trafikshaping” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/24 interface=all parent=none priority=1 queue=default/default \ limit-at=0/64000 max-limit=0/192000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”02″ target-addresses=192.168.1.2/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”03″ target-addresses=192.168.1.3/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”04″ target-addresses=192.168.1.4/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”05″ target-addresses=192.168.1.5/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”06″ target-addresses=192.168.1.6/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”07″ target-addresses=192.168.1.7/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”08″ target-addresses=192.168.1.8/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”09″ target-addresses=192.168.1.9/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”10″ target-addresses=192.168.1.10/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”11″ target-addresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”12″ target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”13″ target-addresses=192.168.1.13/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”14″ target-addresses=192.168.1.14/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”15″ target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

[admin@kaltik] queue simple> add name=”16″ target-addresses=192.168.1.16/32 dst-address=0.0.0.0/0 interface=all parent=trafikshaping priority=1 queue=default/default \ limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

note :

limit-at – tidak bisa di tab

PCQ (Per Connection Queue) — Bandwidth di bagi rata ke semua user aktif

MANGLE

[admin@kaltik] > ip firewall mangle add chain=forward src-address=192.168.1.0/24 \ action=mark-connection new-connection-mark=users-con

[admin@kaltik] > ip firewall mangle add connection-mark=users-con action=mark-packet \ new-packet-mark=users chain=forward

note :

action –- tidak bisa di tab

new-packet-mark=users — tidak bisa di tab

Queue Tree – Bila b/w yang di terima dari ISP berubah2

[admin@kaltik] > queue type add name=pcq-download kind=pcq pcq-classifier=dst-address

[admin@kaltik] > queue type add name=pcq-upload kind=pcq pcq-classifier=src-address

[admin@kaltik] > queue tree add parent=ether1 queue=pcq-download packet-mark=users

[admin@kaltik] > queue tree add parent=ether2 queue=pcq-upload packet-mark=users

Queue Tree – Bila b/w yang di terima dari ISP tetap

Trafik Downstream

[admin@kaltik] > queue tree add name=Download parent=ether1 max-limit=256000

[admin@kaltik] > queue tree add parent=Download queue=pcq-download packet-mark=users

Trafik Upstream

[admin@kaltik] > queue tree add name=Upload parent=ether2 max-limit=256000

[admin@kaltik] > queue tree add parent=Upload queue=pcq-upload packet-mark=users

MRTG via Web

[admin@kaltik] > tool graphing set store-every=5min

[admin@kaltik] > tool graphing interface add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no

Service dan Melihat Service yang Aktif dengan PortScanner

[admin@kaltik] > ip service print

Flags: X – disabled, I – invalid

# NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0

1 ftp 21 0.0.0.0/0

2 www 80 0.0.0.0/0

3 ssh 22 0.0.0.0/0

4 X www-ssl 443 0.0.0.0/0 none

[admin@kaltik] > ip service set 1 disabled=yes

[admin@kaltik] > ip service print

Flags: X – disabled, I – invalid

# NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0

1 X ftp 21 0.0.0.0/0

2 www 80 0.0.0.0/0

3 ssh 22 0.0.0.0/0

4 X www-ssl 443 0.0.0.0/0 none

This entry was posted on June 26, 2009 at 2:01 am and is filed under Mikrotik . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.