Dasar Mikrotik

Written by Bima Firewall 0 comments Posted in:
Share

1. instal pake cd mikrotik

a. boot dg cd mikrotik

b. setelah bisa boot pake iso linux, pilih beberapa paket yang dibutuhkan. (kalo bingung centang aja semua)

c ikuti aja langkahnya tekan (Yes) (Yes)

setelah restart, login : admin pass : (kosong)

trus copy paste aja tulisan berikut ;

DASAR_______________
system identity set name=warnet.beenet
user set admin password=sukasukalu

ethernet____________________
interface ethernet enable ether1
interface ethernet enable ether2
interface Ethernet set ether1 name=intranet
interface Ethernet set ether2 name=internet

IP ADDRESS_______________
ip address add interface=internet address=XXXXX (dari ISP)
ip address add interface=intranet address=192.168.0.1/24

route_______________
ip route add gateway=XXXXX (dari ISP)

dns___________
ip dns set primary-dns=XXXXX (dari ISP) 2 secondary-dns=XXXXX (dari ISP)

nat & filter firewall standar_______________
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
ip firewall filter add chain=input in-interface=LAN action=accept
ip firewall filter add chain=input in-interface=INTERNET action=accept

dhcp server______________________________________
ip dhcp-server setup
dhcp server interface: intranet
dhcp address space: 192.168.0.0/24
gateway for dhcp network: 192.168.0.1
addresses to give out: 192.168.0.2-192.168.0.254
dns servers: XXXXX (dari ISP),XXXXX (dari ISP)
lease time: 3d

web proxy_________________________
ip web-proxy
set enabled=yes
set src-address=0.0.0.0
set port=8080
set hostname=”proxy-apaaja”
set transparent-proxy=yes
set parent-proxy=0.0.0.0:0
set cache-administrator=”silahkan.pannggil.operator”
set max-object-size=4096KiB
set cache-drive=system
set max-cache-size=unlimited
set max-ram-cache-size=unlimited

bikinredirect port ke transparant proxy__________________________
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

PCQ ________________________
/ip firewall mangle add chain=forward src-address=192.168.169.0/28
action=mark-connection new-connection-mark=client1-cm
/ip firewall mangle add connection-mark=client1-cm action=mark-packet
new-packet-mark=client1-pm chain=forward

/queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
/queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
/queue tree add parent=intranet queue=downsteam-pcq packet-mark=client1-pm
/queue tree add parent=internet queue=upstream-pcq packet-mark=client1-pm

simpel queue______________________________
queue simple add name=kbu-01 target-addresses=192.168.0.11
queue simple add name=kbu-02 target-addresses=192.168.0.12
queue simple add name=kbu-03 target-addresses=192.168.0.13
queue simple add name=kbu-04 target-addresses=192.168.0.14
queue simple add name=kbu-05 target-addresses=192.168.0.15
queue simple add name=kbu-06 target-addresses=192.168.0.16
queue simple add name=kbu-07 target-addresses=192.168.0.17
queue simple add name=kbu-08 target-addresses=192.168.0.18
queue simple add name=kbu-09 target-addresses=192.168.0.19
queue simple add name=kbu-10 target-addresses=192.168.0.20
queue simple add name=xbilling target-addresses=192.168.0.2

BLOX SPAM____________________________
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

0 comments:



:)) :)] ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} ~x( :-t b-( :-L x( =))

Post a Comment

Powered by Blogger.

Komentar