SETTING MICROTIK

SETTING MICROTIK

  • pilihlah paket – paket dibawah ini untuk install OS Microtik :

System, dhcp, Advance Tools, RouTing, Security, Web – Proxy.

  • ganti nama system sesuai dengan selera anda :

[admin@microtik] > system identity set name=warnet

Selanjutnya promt shell akan berubah menjadi :
Seperti yg anda inginkan :
[admin@warnet] >

  • Ubahlah Password OS microtik anda dengan cara :

[admin@warnet] >user set admin password=………………………………

  • aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :

[admin@warnet] >interface ethernet enable ether1
[admin@warnet] >interface ethernet enable ether2

  • Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :

[admin@warnet] >interface Ethernet set ether1 name=modem =====è Ethernet yg utk modem
[admin@warnet] >interface ethernet set ether2 name=local ===è Ethernet yg untuk ke HUB

  • Masukan IP pada kedua landcard :

[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) / netmask
[admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0

  • masukkan IP gateway yg di berikan dari ISP :

[admin@warnet] > ip route add gateway=10.11.1.1560

  • SETTING DNS :

[admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2

setelah itu coba ping semua IP yang telah di setting di atas.

[b][font=”]KONFIGURASI FIREWALL DAN NETWORK
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
[font=”]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept
/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept

ip firewall filter add chain=input action=drop

ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”” yahuu.net=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ip firewall nat add in-interface=modem
dst-port=80 protocol=tcp action=redirect
to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24

================================================== ================

yang 3128 semuanya di ganti 8080 : caranya :

ip web-proxy set enable=yes
/ip web-proxy set port=3128
/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )
/ip web-proxy set hostname=”proxy.prima”
/ip web-proxy set allow-remote-requests=yes
/ip web-proxy set cache-administrator: “primanet.slawi@yahoo.com”
================================================== ================================================== ========
FILTERING :
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter
add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections”
add chain=input connection-state=established action=accept \comment=”Allow Established connections”
add chain=input protocol=udp action=accept \ comment=”Allow UDP”
add chain=input protocol=icmp action=accept \ comment=”Allow ICMP”
add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router from known network”
add chain=input action=drop comment=”Drop anything else”

ANTI VIRUS UTK MICROTIK :
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++

add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else”================================================== =====

SECURITY ROUTER MICROTIK ANDA :
/ ip firewall filteradd chain=input connection-state=established comment=”Accept established connections”add chain=input connection-state=related comment=”Accept related connections”add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else”
http://wiki.mikrotik.com/wiki/Securing_your_router
================================================== ========================================
SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :
/ip firewall filteradd chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections”add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++

#MatikanPort yang Biasa di pakai Spam :
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-p

diatas di cek di websitenya lagi : http://www.mikrotik.com/documentation/manual_2.7/
http://www.mikrotik.com/docs/ros/2.9/ip/webproxy

lihat di system resource
dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print

************************************************** ******************************************
Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X – disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export
# oct/12/2005 09:51:23 by RouterOS 2.9.5
# software id = 1TLC-xxx
#
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no

32 Comments

  1. kimong
    Posted Juli 16, 2007 at 4:25 am | Permalink

    thanks atas info nya semoga bisa bermanfaat buat kita2 khususna generasi muda IT indonesia…

  2. Recoba
    Posted Juli 27, 2007 at 1:58 pm | Permalink

    Boss Thx For Share

    Truss Ada Ngak Tutor Yang Versi Winbox nya Untuk Yang Di Atas..

    Thx Sebelumnya….

  3. rekhwan
    Posted Agustus 14, 2007 at 2:59 am | Permalink

    ok ni tutorianya
    maka cih………

  4. yanto
    Posted Agustus 15, 2007 at 1:17 am | Permalink

    hallo mas saya mau tau nih cara bikin seting pc router mikrotik sebagai isp pakai dua Nic , kalau bisa lengkap dengan proxy dan pembagian bandwidth iternasional dan lokalnya..???????
    di tunggu jawabannya………..
    makasih sebelumnya!!!!

  5. yani
    Posted Agustus 15, 2007 at 1:19 am | Permalink

    ok

  6. koboi
    Posted Agustus 17, 2007 at 6:11 pm | Permalink

    mas, numpang tanya tentang setting split ip (bener ga yah istilahnya??) pokoknya biar masing² ip address di lan bisa dapet bandwidth ato speed yg sama gitu mas..
    selain microtik ada ga software yg bisa bagi bandwidth misalnya buat windows os?

  7. LOL^^
    Posted September 10, 2007 at 6:22 am | Permalink

    L

    L

  8. maryadi
    Posted Oktober 18, 2007 at 10:23 pm | Permalink

    Thanks and Okeh bangeeet….
    smoga menjadi amal kebaikan

  9. david
    Posted Oktober 25, 2007 at 4:14 pm | Permalink

    mas mau konsul,

    di microtik ada fitur untuk timmer hospot ngak, misalnya pake router microtic dan access point SMC waktu conect 15 menit langsung minta konnection ulang.. dan setiap konnect site pertama didirect ke sebuah website…

    mohon pencerahaanya…. di email aja mas

    terima kasih banyak

  10. icin
    Posted November 19, 2007 at 2:47 pm | Permalink

    oke banget sangat membantu trimakasih

  11. Stephan
    Posted Desember 5, 2007 at 6:33 am | Permalink

    Thanks banget untuk artikelnya.
    Sangat membantu buat saya.
    Btw gimana ya setting untuk Port Forwarding. Jadi saya punya mailserver di belakang Mikrotik.
    Port yang harus di buka 25, 110 dan 32000 untuk webmailnya. Thanks

  12. poigun
    Posted Desember 21, 2007 at 3:04 am | Permalink

    setelah mengikuti petunjuk diatas ketika masuk pada konfigurasi firewall kok tiba-tiba winbox/putty jadi nggak bisa. mohon petunjuk dong mas…
    makasih..!!!!

  13. henry satria
    Posted Februari 12, 2008 at 1:23 am | Permalink

    Setelah firewall aktif kenapa aku kok ga bisa akses ssh??
    Biasanya aku remote pake ssh ato putty kalau di windows.

    Terima kasih sebelumnya

  14. ludi kenapi
    Posted April 9, 2008 at 1:47 pm | Permalink

    makasih bos…..atas info nya…..

  15. doni permono
    Posted April 17, 2008 at 12:40 pm | Permalink

    mas..setelah saya baca artikel di atas .. sangat bagus sekali … ada yang mau saya tanyakan mas..

    jika mikrotik saya hanya di gunakan untuk WAN saja tanpa tersambung ke internet bisa apa tidak ?
    dan konfigurasi apa yang di ubah dari settingan ip ethernet tsb..

    terima kasih..

    nb : kalau bisa jawab ke email saya aja…donipermono_82@yahoo.co.id
    terima kasih sekali lagi…

    salam kenal

    regard

    Doni Permono

  16. eddy
    Posted Mei 5, 2008 at 11:37 pm | Permalink

    info yang apik/sip/menarik/and top bgt ooy….

  17. eki
    Posted Mei 18, 2008 at 4:24 pm | Permalink

    Mas, mau nanya nih. Saya punya linksys WRT54G sebagai router, namun dikarenakan saya tidak puas dengan fiturnya, saya ingin gantikan router dengan mikrotik. Gimana ya mas caranya agar linksys WRT54G td masih bisa dipakai sebagai AP wireless? Thx mas

  18. eki
    Posted Mei 18, 2008 at 4:27 pm | Permalink

    Mas, mau nanya nih. Saya punya linksys WRT54G sebagai router. Karena saya tidak puas dengan fiturnya, saya ingin gantikan router ke mikrotik yang akan saya install. Gimana ya mas settingnya agar linksys WRT54G td masih bisa dipakai sebagai AP wireless. Thx mas.

  19. diazromeri
    Posted Juni 23, 2008 at 6:50 pm | Permalink

    waduh dah lama cari terotoril ini …

    thanks berat mas ….

    semoga dikasih berkah dan rezeki yang berlimpah …

  20. sImple
    Posted Juli 1, 2008 at 1:41 pm | Permalink

    mas, sibuk gak!
    tolong settingin mikrotik donk di tempat kerja saya. supaya bisa nembak sinyal keluar ma diterima di luar. sudah ada RB133 + antena Grid (2bh). WirelessG+Omni (1bh).

    contact ke YM saya ya..

    rahman_idp@yahoo.com

    thank’s

  21. fadli
    Posted Juli 15, 2008 at 11:51 am | Permalink

    # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else”

    mas yoyok yg diatas itu maksudnya apa
    itu IP apa yg disertakan?
    plese dijawab ya.

  22. yudhi
    Posted Juli 24, 2008 at 11:27 am | Permalink

    mas yoyok saya sudah install mikrotik n bisa jalan,saya bisa browse ke router mikrotik saya, jg menggunakan winbox bisa di akses, tetapi setelah ganti isp router saya gak bisa di browse maupun tidak bisa di akses pake winbox….apa tuh penyebabya?
    mohon di balas ya mas

  23. sky
    Posted Juli 28, 2008 at 4:04 pm | Permalink

    ehhmm..ehhmm..mas2 omm2 tante2..tolong aq dunk..aq kan lage buat server dota pvpgn sendri..nah skrg tgl ngatur gmn ip kita bs di akses org2 seindonesia..soalnya ampe skrg aq msh blm bs diakses..tolong bantuannya bgt cara setting ip local jd ip public yg bs di akses org2 thx..email ke sky_azzach@yahoo.com

  24. razor
    Posted November 19, 2008 at 11:26 am | Permalink

    kl blh tanya, bisa ga mikrotik di jebol/d tembus..?
    kl bs gmn cranya?
    thx

  25. Sutiono Setiawan
    Posted April 2, 2009 at 7:52 pm | Permalink

    mas, numpang tanya selain microtik ada ga software yg bisa bagi bandwidth misalnya buat windows os?

  26. Posted April 5, 2009 at 4:35 am | Permalink

    ada tutorialnya g maz……..kirimin donk,karena aku masih sangat g paham yang diterangkan di atas. ni email saya. hendri@bame.co.cc
    terimakasih

  27. fauzi
    Posted Juni 1, 2009 at 12:48 pm | Permalink

    Thanks za mas…
    Ta coba zaa…

  28. murphy yuwono
    Posted Agustus 12, 2009 at 8:58 am | Permalink

    mas admin, kan bxk temen2 yg pda nanya diatas, kebetulan saya mempunyai beberapa masalah yg sama dengan diatas, minta smua answernya dong mas, kirim via email ja mas ke sy, please mas lagi butuh bgt alias bloody time bgt mas, sy tunggu reply dan answernya mas….

  29. hendhy
    Posted Desember 12, 2009 at 1:09 pm | Permalink

    aku mau tanya aj, bleh kan?
    masih soal microtic;microtic bisa nyedot bandwidh g?
    gini soalnya,aku ad warnet tp g pake microtic sdg sekitar ad jg yg buka warnet tp pake microtic.warnetku yg g pake microtic koneksinya agak lelet bgt,ap lg pas speedy lg error jaringannya.g bsa konek sm skali,tp warnet lain msh bsa wl cman berapa kb aj.itu gmana bos?
    kasih petunjuk y buat aku.
    terima kasih banyak.

  30. citra
    Posted Juni 5, 2010 at 8:57 pm | Permalink

    wah bgus2 pas ma peljran qw…syukron2

  31. isall
    Posted September 8, 2010 at 10:41 am | Permalink

    mas yoyok, saya baru buka warnet pakai speedy. saya mau tanya tentang penggunaan / pengoprasian mikrotik RB750. agar stabil acces nya. tp saya masih belum bisa nyeting nya…tolong diajarkan mas..trims

  32. sinar
    Posted Oktober 21, 2010 at 9:08 pm | Permalink

    mantap


2 Trackbacks/Pingbacks

  1. […] dan dikirimkan oleh Juli 13, 2007 at 2:45 pm dan disimpan di bawah Mikrotik, Networking. Tandai permalink. Telusuri setiap komentar di sini dengan RSS feed kiriman ini. Tulis komen atau tinggalkan […]

  2. […] ************************************************** ****************************************** Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X – disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export # oct/12/2005 09:51:23 by RouterOS 2.9.5 # software id = 1TLC-xxx # / tool graphing set store-every=5min / tool graphing queue add simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no / tool graphing resource add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no / tool graphing interface add interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=no add interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=no add interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no source […]

Tulis sebuah Komentar

You must be logged in to post a comment.
%d blogger menyukai ini: