Tutorial ini di kutip dari Forum Mikrotik yang dibuat oleh kucingGarong
# SETUP MIKROTIK (base 1)
1. setelah mikrotik terinstall dengan baik dan benar jalankan mikrotik anda
2. masukkan username & password, dalam hal ini karena masih baru maka default usernam : admin pasword : blank
3. ganti nama ethernet anda jika anda mau, dalam hal ini anda dapat memberikan nama apa saja = [kucing@mikrotik] >interface
[kucing@mikrotik] interface >print (melihat dulu berapa banyak ethernet yg terpasang)
[kucing@mikrotik] interface >set 0 name=LAN
[kucing@mikrotik] interface >set 1 name=WAN
4. kemudian nambahkan ip addressnya
[kucing@mikrotik] >ip address
[kucing@mikrotik] ip address >add address=192.168.0.1/255.255.0.0 interface=LAN ----> ini untuk ip interface lokal
[kucing@mikrotik] ip address >add address=203.90.1.1/255.255.255.240 interface=WAN ---> ini untuk ip global yg di dapet dari ISP
5. kemudian masukin gatewaynya
[kucing@mikrotik] > ip route
[kucing@mikrotik] ip route >add gateway=xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx ----> ini merupakan gateway untuk keluar
6. kemudian setup webproxy
[kucing@mikrotik] >ip web-proxy
[kucing@mikrotik] ip web-proxy >set enable=yes
[kucing@mikrotik] ip web-proxy >set transparent-proxy=yes
[kucing@mikrotik] ip web-proxy >set max-object-size=1200KiB ---> ini supaya nge loadnya ngacir si web proxy
7. kemudian tambahkan rule supaya si client yg menggunakan port 80 akan di oper ke web-proxy
[kucing@mikrotik] >ip firewall nat
[kucing@mikrotik] ip firewall nat >add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128
8. kemudian masukan dns nya
[kucing@mikrotik] >ip dns
[kucing@mikrotik] ip dns >set primary-dns=xxx.xxx.xxx.xxx
[kucing@mikrotik] ip dns >set secondary-dns=xxx.xxx.xxx.xxx
9. Sekarang masqurade interface WANnya
[kucing@mikrotik]>ip firewall nat
[kucing@mikrotik] ip firewall nat>add chain=srcnat out-interface=WAN action=masquerade
10. sekarang coba ping ke gateway & dns dari mikrotik, kalo REPLY berarti dah konek
11. heuehuueeuhehehueuheuh selesai juga dah tutorial ke 2 gw
----TUTORIAL SETUP HOTSPOT----
1.[kucing@mikrotik]>ip hotspot
2.[kucing@mikrotik] ip hotspot>setup
hotspot interface:LAN
local address of network:xxx.xxx.xxx.xxx/xx -->ip dari inteface LAN
masqurade network:yes
address pool of network:xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx
select certificate:none
ip address of SMTP server:0.0.0.0
DNS server:
DNS name:
name of local hotspot user: admin ----> user untuk masuk ke halam hotspot
password for the user:
3. sekarang buka web browser, ketikan ip addressnya hotspot
4.masukan username yg telah di buat tadi
5.walah berhasil kan......
------TUTORIAL USER MANAGER WITH HOTSPOT-------
1. enable dulu use-radius di hotspot
[kucing@mikrotik]>ip hotspot profile
2. [kucing@mikrotik] ip hotspot profile>print
3. akan terlihat profile2 yg telah di buat, kemudian tentukan profile mana yg akan di pake di use-radius
[kucing@mikrotik]ip hotspot profile> set 0 use-radius=yes
0 = merupakan nomor profile
4.sekarang bikin radiusnya
[kucing@mikrotik]>radius
[kucing@mikrotik]radius>add address=127.0.0.1
[kucing@mikrotik]radius>print
[kucing@mikrotik]radius>set 0 service=hotspot, login secret=12345678
5.sekarang bikin owner untuk di usermanager
[kucing@mikrotik]>/ tool user-manager customer add login="test" password="test" permissions=owner
6.sekarang bikin penghubung/supaya si mikrotik ngeroute ke usermanager
[kucing@mikrotik]>/ tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=12345678
7.nah setelah ini smua dah di buat, sekarang untuk ngetes apakah usermanager dah konek apa blom
8.buka web browser ketik " 127.0.0.1/userman "
9.akan tampil halaman login userman, masukin dah tuh username=test password=test
10.huehueuhehuuehehuehuheu.....akhirnya kelar juga tutorial usermanagernya
------TUTORIAL 2 ISP IN 1 ROUTER WITH LOADBALANCING------
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment="" disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment="" disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama interface "Local" dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment="" disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment="" \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment="" disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment="" disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment="" \
disabled=no comment="gateway for the router itself"
# SETUP QUEUE
mungkin banyak tersebar dimana2 bagaimana cara untuk membatasi BW, tapi kali ini saya mau mencoba memberikan tutorial yg sudah saya uji terlebih dahulu selama 40 jam 30 menit 100 detik dan berfungsi 100% dengan sempurna
oke kita mulai saja=
1. kita bikin/setup mangle dulu =
[Kucing@mikrotik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 UP LOAD
chain=prerouting in-interface=LAN
src-address=xxx.xxx.xxx.xxx/xx action=mark-packet
new-packet-mark=test-up passthrough=no
1 MARK-KONEKSI
chain=forward src-address=xxx.xxx.xxx.xxx/xx
action=mark-connection
new-connection-mark=test-conn passthrough=yes
2 ;;; DOWN DIRECT KONEKSI
chain=forward in-interface=WAN
connection-mark=test-conn action=mark-packet
new-packet-mark=test-down passthrough=no
3 ;;; DOWN VIA PROXY
chain=output out-interface=LAN
dst-address=xxx.xxx.xxx.xxx/xx action=mark-packet
new-packet-mark=test-down passthrough=no
2. Tahap terahkir adalah membuat queue tree=
[Kucing@mikrotik] > queue tree pr
Flags: X - disabled, I - invalid
0 name="download" parent=LAN packet-mark=test-down
limit-at=32000 queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name="UPLOAD" parent=global-in
packet-mark=test-up limit-at=32000
queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s
di sini saya menggunakan queue typenya adalah PCQ kenapa, karena PCQ bisa secara otomatis membagi trafik per client
TUTORIAL MISAHIN BW LOKAL DAN INTERNATIONAL
1. Bikin src-address list dengan nama nise
2. atau dengan copy-paste src-address yg di sediain oleh nise
http://www.datautama.net.id/harijant...utama-nice.php
copy-paste bisa di lakukan dari putty.exe
3. Bikin mangel / supaya tau itu koneksi & paket nya dateng dari lokal ato international
/ ip firewall mangle
- add chain=forward src-address-list=nice action=mark-connection \
new-connection-mark=con-indonesia passthrough=yes comment=”mark all \
indonesia source connection traffic” disabled=no ----> untuk lokal
- add chain=forward dst-address-list=nice action=mark-connection \
new-connection-mark=con-indonesia passthrough=yes comment=”mark all \
indonesia destination connection traffic” disabled=no ----> untuk lokal
- add chain=forward src-address-list=!nice action=mark-connection \
new-connection-mark=con-overseas passthrough=yes comment=”mark all \
overseas source connection traffic” disabled=no ---> Untuk International
- add chain=forward dst-address-list=!nice action=mark-connection \
new-connection-mark=con-overseas passthrough=yes comment=”mark all \
overseas destination connection traffic” disabled=no
- add chain=prerouting connection-mark=con-indonesia action=mark-packet \
new-packet-mark=indonesia passthrough=yes comment=”mark all indonesia \
traffic” disabled=no ---> paket lokal
- add chain=prerouting connection-mark=con-overseas action=mark-packet \
new-packet-mark=overseas passthrough=yes comment=”mark all overseas \
traffic” disabled=no ----> paket international
4. Bikin simple queue =
/ queue simple
- add name=”test-indonesia” target-addresses=xxx.xxx.xxx.xxx/xx \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=indonesia \
direction=both priority=8 queue=default/default limit-at=0/0 \
max-limit=256000/256000 total-queue=default disabled=no ---> 256 UPLOAD & DOWNLOAD (LOKAL)
- add name=”test-overseas” target-addresses=xxx.xxx.xxx.xxx/xx \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=overseas \
direction=both priority=8 queue=default/default limit-at=0/0 \
max-limit=128000/128000 total-queue=default disabled=no ----> 256 UPLOAD & DOWNLOAD (INTERNATIONAL)
5. Untuk mengetahui benar ato tidaknya silahkan mengunjungi
http://www.sijiwae.net/speedtest/ ---> liat di kolom kecepatan koneksi
TUTORIAL SETING IP-PROXY & CONTOH PENGGUNANNYA (BASIC)
1. Mulai dengan mengkonfigure ip-proxy
/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080 ---> bisa menggunakan port selain 8080
parent-proxy: 0.0.0.0:0
parent-proxy-port : 3128 ---> kalo ada lebih dari satu proxy
cache-drive: system
cache-administrator: "TESTING"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d
2. Sekarang buat supaya proxynya jadi transparan
/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 --->letakan setelah masquarade
3. Pastiin supaya proxy ente2 ga ada yg pake
/ip firewall filter
chain=input in-interface=PUBLIC-INTERFACE src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop
4. Contoh untuk memblok suatu site
/ip proxy access
dst-host=www.google.com action=deny
bisa juga memblok per ip, dengan memasukan src-address
5. Contoh untuk memblok/memberhentikan suatu jenis file
/ip proxy access
path=*.exe action=deny
path=*.mp3 action=deny
path=*.zip action=deny
path=*.rar action=deny.
6. Contoh lain
/ip proxy access
dst-host=:sex action=deny ---> akan memblok semua site yg ada kata SEX
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar