Senin, 19 Maret 2012

Membangun Router Menggunakan Mikrotik

system identity set name=war.net
user set admin password=123456

ethernet
interface ethernet enable ether1
interface ethernet enable ether2
interface ethernet set ether1 name=internet
interface ethernet set ether2 name=local

IP ADDRESS_
ip address add interface=internet address=XXXXX (dari ISP)
ip address add interface=intranet address=192.168.0.1/24

ip route
ip route add gateway=XXXXX (dari ISP)

ip dns
ip dns set primary-dns=XXXXX (dari ISP) 2 secondary-dns=XXXXX (dari ISP)

nat & filter firewall standarip

ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
ip firewall filter add chain=input in-interface=internet action=accept
ip firewall filter add chain=input in-interface=local action=accept

dhcp server

ip dhcp-server setup
dhcp server interface: local
dhcp address space: 192.168.0.0/24
gateway for dhcp network: 192.168.0.1
addresses to give out: 192.168.0.2-192.168.0.254
dns servers: XXXXX (dari ISP),XXXXX (dari ISP)
lease time: 3d

web proxy

ip web-proxy
set enabled=yes
set src-address=0.0.0.0
set port=8080
set hostname="proxy.xcode.net"
set transparent-proxy=yes
set parent-proxy=0.0.0.0:0
set cache-administrator="admin.xcode.net"
set max-object-size=4096KiB
set cache-drive=system
set max-cache-size=unlimited
set max-ram-cache-size=unlimited

bikin redirect port ke transparant proxy

/ip firewall nat add chain=srcnat action=masquerade out-interface=internet
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

PCQ

/ip firewall mangle add chain=forward src-address=192.168.1.0/24 action=mark-connection new-connection-mark=client1-cm
/ip firewall mangle add connection-mark=client1-cm action=mark-packet new-packet-mark=client1-pm chain=forward
/queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
/queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
/queue tree add parent=internet queue=downsteam-pcq packet-mark=client1-pm
/queue tree add parent=local queue=upstream-pcq packet-mark=client1-pm

simpel queue

queue simple add name=kbu-01 target-addresses=192.168.0.101
queue simple add name=kbu-02 target-addresses=192.168.0.102
queue simple add name=kbu-03 target-addresses=192.168.0.103
queue simple add name=kbu-04 target-addresses=192.168.0.104
queue simple add name=kbu-05 target-addresses=192.168.0.105
queue simple add name=kbu-06 target-addresses=192.168.0.106
queue simple add name=kbu-07 target-addresses=192.168.0.107
queue simple add name=kbu-08 target-addresses=192.168.0.108
queue simple add name=kbu-09 target-addresses=192.168.0.109
queue simple add name=kbu-10 target-addresses=192.168.0.110
queue simple add name=kbu-11 target-addresses=192.168.0.111
queue simple add name=billing target-addresses=192.168.0.100


BLOX SPAM

/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop

/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop

/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop

/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop


/ip firewall nat add in-interface=local dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat dst-address=192.168.1.1/24

ip firewall nat add chain=srcnat action=masquerade out-interface=

ip firewall filter add chain=input in-interface=internet action=accept
ip firewall filter add chain=input action=drop

Tidak ada komentar:

Posting Komentar