Mikrotik adalah sistem operasi yang sangat sesuai digunakan untuk mesin router, kehandalan dan kemudahan instalasi-nya menjadikan mikrotik banyak digunakan oleh kalangan bisnis skala kecil dan menengah.
Disini saya tidak membahas mengenai dimana software bisa diperoleh, silahkan anda mencari sendiri
Cek dulu gateway default dengan membuat koneksi ke speedy melalui Ms Windows...
ketika sudah terkoneksi, buka command prompt anda, kemudian ketikkan route print dan didapatkan hasil seperti ini
CODE
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 125.162.xx.xx 125.162.xx.xx 1
[b]125.162.56.1[/b] 255.255.255.255 125.162.xx.xx 125.162.xx.xx 1
125.162.xx.xx 255.255.255.255 127.0.0.1 127.0.0.1 50
125.255.255.255 255.255.255.255 125.162.xx.xx 125.162.xx.xx 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.252 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 125.162.xx.xx 125.162.xx.xx 1
255.255.255.255 255.255.255.255 125.162.61.24 125.162.61.24 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 125.162.xx.xx
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 125.162.xx.xx 125.162.xx.xx 1
[b]125.162.56.1[/b] 255.255.255.255 125.162.xx.xx 125.162.xx.xx 1
125.162.xx.xx 255.255.255.255 127.0.0.1 127.0.0.1 50
125.255.255.255 255.255.255.255 125.162.xx.xx 125.162.xx.xx 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.252 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 125.162.xx.xx 125.162.xx.xx 1
255.255.255.255 255.255.255.255 125.162.61.24 125.162.61.24 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 125.162.xx.xx
Yang saya bold adalah default gateway untuk jaringan speedy ditempat saya 125.162.56.1
Persiapan Instalasi (Mikrotik digunakan sebagai router+dial up speedy)
1. CPU standar (saya hanya menggunakan Intel Pentium III 600 MB, memory 256 MB & Harddisk 4,3 GB, 2 NIC)
2. CD Instalasi Mikrotik
3. Pastikan bahwa BIOS sudah diset untuk boot awal dari CD
Instalasi Mikrotik
1. Setelah proses booting akan muncul menu pilihan software yang mau di install, pilih sesuai kebutuhan yang akan
direncanakan
Gambar 1. Pilihan Paket Instalasi
Gambar 2. Pilihan Paket telah dipilih dan siap diinstal
2. Ketik “ i “ setelah selesai memilih software, lalu akan menu pilihan seperti ini :
* Do you want to keep old configuration ? [y/n]ketikY
* Continue ? [y/n]ketikY
Gambar 3. Proses Instalasi
Instalasi tak perlu dilakukan, tinggal ikuti default dari system saja
3. Setelah selesai Instalasi, system akan melakukan restart, dan akan ada pilihan untuk melakukan check system disk, tekan
“ y “ (yes) aja biar system melakukan pengecekan harddisk anda
4. Kemudian akan muncul menu login, ketikan
Gambar 4. Proses Login ke menu mikrotik
user :admin
password : kosong (enter aja langsung)
Konsep dasar IP addres dan SubNetting
dalam bentuk PDF bisa kamu download di LINK INI
Administrasi System
Jika anda ingin merubah System name dari mikrotik menjadi GLOBAL ketikan perintah berikut
CODE
/system identitiy set name=Global
Konfigurasi IP
untuk menuju ke modem kita tentukan IP 192.168.1.2(publik) (Rata2 modem menggunakan IP 192.168.1.1(Asumsi))
untuk IP lokal kita tentukan IP 192.168.0.1(lokal)
Penamaan interface dan IP
CODE
/interface ehternet set ether1 name=publik
/interface ehternet set ether2 name=lokal
/interface ehternet set ether2 name=lokal
kemudian cek apakah penamaan interface ethernet sudah sesuai
CODE
/interface print
/ip address add address=192.168.1.2/28 interface=public
/ip address add address=192.168.0.1/24 interface=lokal
/ip address print
/ip address add address=192.168.1.2/28 interface=public
/ip address add address=192.168.0.1/24 interface=lokal
/ip address print
Mulai dari sini, kita sudah bisa menggunakan tool lain untuk administrasi sistem; bisa menggunakan winbox ato bisa dengan menggunakan web browser untuk web administration.
Untuk mendownload winbox, buka browser anda dan ketik alamat yg menjadi gateway lokal anda (gateway lokal diatas adalah 192.168.0.1). Lihat gambar dibawah ini.
Gambar 5. Web Administator Mikrotik Router OS dan download Winbox via browser
beberapa aplikasi mikrotik yang di tambahkan
1. Winbox
Utility untuk melakukan remote GUI ke Router Mikrotik. For windows. Download di SINI
2. Bandwidth Tester (Server/Client)
Utility untuk melakukan testing besarnya throuput dari komputer ke Mikrotik Router, baik via jaringan kabel ataupun wireless. For windows. Updated Januari 2006 Download di SINI
3. MT Syslog Daemon
Merupakan server log system, untuk menerima kiriman pesan log dari router download di SINI
4. Neighbour Viewer dan Mac Telnet
Untuk melihat Mikrotik yang terhubung langsung dengan komputer Anda, dan melakukan telnet berbasis mac address (tidak membutuhkan ip address) Download di SINI
Konfigurasi Dial Up Speedy
CODE
/interface
pppoe-client add name=ppppoe-user-aku user=11xxxxxxx@telkom.net
password=123456 interface=publik service-name=internet disabled=no
Menentukan gateway dan perintah masquerading jaringan lokal
CODE
/ip route add gateway=125.162.56.1 #(IP Gateway yg sebelumnya kita cari diatas)
/ip firewall nat add chain=src-nat action=masquerade
/ip firewall nat add chain=src-nat action=masquerade
Konfigurasi dns
CODE
/ip dns set primary-dns=203.130.xxx.xxx #Silahkan sesuaikan dengan keinginan anda sendiri
/ip dns set secondary-dns=202.134.0.xxx
/ip dns allow-remote-request=yes
/ip dns set secondary-dns=202.134.0.xxx
/ip dns allow-remote-request=yes
Konfigurasi transparant web proxy
CODE
/ip web-proxy set enables=yes port=8080 hostname=sankdewa.bluefame.com transparent-proxy=yes
Menambah rule Firewall untuk melakukan nat (network address translation) dari Client yg meminta koneksi port 80 dipindahkan ke port 8080 (proxy)
/ip firewall nat add in-interface=lokal dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat dst-address=192.168.0.1/24
Menambah rule Firewall untuk melakukan nat (network address translation) dari Client yg meminta koneksi port 80 dipindahkan ke port 8080 (proxy)
/ip firewall nat add in-interface=lokal dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat dst-address=192.168.0.1/24
Membuat DHCP Server agar Client mendapatkan IP Ostomastis
Buat Pool untuk IP Address
CODE
/ip pool add name=dhcp-pool ranges=192.168.0.5-192.0.30
Jika ada 25 PC Client yang ingin kita buat sebagai DHCP Client (Mendapatkan IP Address secara ostomastis)
Kemudian menambahkan DHCP Network dan Default Gateway untuk DHCP CLient diatas
CODE
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1
Menentukan Interface yg digunakan sebagai alamat DHCP Server
CODE
/ip dhcp-server add interface=lokal address-pool=dhcp-pool
Mengaktifkan DHCP Server
CODE
/ip dhcp-server enable 0
kemudian dilihat apakan DHCP Server telah aktif dengan perintah
ip dhcp-server print
kemudian dilihat apakan DHCP Server telah aktif dengan perintah
ip dhcp-server print
Untuk konfigurasi rule-rule firewall, secepatnya saya post.
Tools untuk membantu pembuatan script mikrotik
download
CODE
Apabila mesin anda hanya dapat di aksess hanya dari ip yang anda ingin kan, itu dapat di atur di perintah firewall filter nya.
Berikut cth firewall yang saya berikan :
Sebelumnya definisikan ip yang anda inginkan untuk di permitkan dengan perintah
<admin@Mikrotik>ip firewall add address-list=192.168.0.0/24, 10.40.93.0/24 name=ournetwork
<admin@Mikrotik>ip firewall filter
add chain=forward connection-state=established action=accept comment=”allow \
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid \
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop \
Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor \
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop \
Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop \
Dumaru.Y, sebaiknya di didisable karena juga sering digunakan utk vpn atau \
webmin” disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop \
MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop \
SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, \
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus \
chain” disabled=no
add chain=input connection-state=established action=accept comment=”Accept \
established connections” disabled=no
add chain=input connection-state=related action=accept comment=”Accept related \
connections” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow \
limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=”Drop excess pings” \
disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork \
action=accept comment=”FTP” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork \
action=accept comment=”SSH for secure shell” disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork \
action=accept comment=”Telnet” disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork \
action=accept comment=”Web” disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork \
action=accept comment=”winbox” disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” \
disabled=no
add chain=input src-address-list=ournetwork action=accept comment=”From \
Datautama network” disabled=no
add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything \
else” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
diambil dari MIKROTIK INDONSIA
info kesehatan cek web kami
dietsehatocd.wordpress.com
Berikut cth firewall yang saya berikan :
Sebelumnya definisikan ip yang anda inginkan untuk di permitkan dengan perintah
<admin@Mikrotik>ip firewall add address-list=192.168.0.0/24, 10.40.93.0/24 name=ournetwork
<admin@Mikrotik>ip firewall filter
add chain=forward connection-state=established action=accept comment=”allow \
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid \
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop \
Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor \
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop \
Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop \
Dumaru.Y, sebaiknya di didisable karena juga sering digunakan utk vpn atau \
webmin” disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop \
MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop \
SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, \
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus \
chain” disabled=no
add chain=input connection-state=established action=accept comment=”Accept \
established connections” disabled=no
add chain=input connection-state=related action=accept comment=”Accept related \
connections” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow \
limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=”Drop excess pings” \
disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork \
action=accept comment=”FTP” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork \
action=accept comment=”SSH for secure shell” disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork \
action=accept comment=”Telnet” disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork \
action=accept comment=”Web” disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork \
action=accept comment=”winbox” disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” \
disabled=no
add chain=input src-address-list=ournetwork action=accept comment=”From \
Datautama network” disabled=no
add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything \
else” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
diambil dari MIKROTIK INDONSIA
info kesehatan cek web kami
dietsehatocd.wordpress.com
Tidak ada komentar:
Posting Komentar