SETTING MICROTIK - pilihlah paket – paket dibawah ini untuk install OS Microtik :
System, dhcp, Advance Tools, RouTing, Security, Web – Proxy. - ganti nama system sesuai dengan selera anda :
[admin@microtik] > system identity set name=warnet Selanjutnya promt shell akan berubah menjadi : Seperti yg anda inginkan : [admin@warnet] > - Ubahlah Password OS microtik anda dengan cara :
[admin@warnet] >user set admin password=……………………………… - aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :
[admin@warnet] >interface ethernet enable ether1 [admin@warnet] >interface ethernet enable ether2 - Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :
[admin@warnet] >interface Ethernet set ether1 name=modem =====è Ethernet yg utk modem [admin@warnet] >interface ethernet set ether2 name=local ===è Ethernet yg untuk ke HUB - Masukan IP pada kedua landcard :
[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) / netmask [admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0 - masukkan IP gateway yg di berikan dari ISP :
[admin@warnet] > ip route add gateway=10.11.1.1560 [admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2 setelah itu coba ping semua IP yang telah di setting di atas. [b][font=”]KONFIGURASI FIREWALL DAN NETWORK ip firewall nat add action=masquerade chain=srcnat ip firewall filter add chain=input connection-state=invalid action=drop ip firewall filter add chain=input protocol=udp action=accept ip firewall filter add chain=input protocol=icmp action=accept [font=”]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept /ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept ip firewall filter add chain=input action=drop ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”” yahuu.net=yes parent-proxy=0.0.0.0:0 \ cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \ max-ram-cache-size=unlimited ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ip firewall nat add in-interface=modem dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24 ================================================== ================ yang 3128 semuanya di ganti 8080 : caranya : ip web-proxy set enable=yes /ip web-proxy set port=3128 /ip web-proxy set max-cache-size=3145728 ( 3 kali total ram ) /ip web-proxy set hostname=”proxy.prima” /ip web-proxy set allow-remote-requests=yes /ip web-proxy set cache-administrator: “primanet.slawi@yahoo.com” ================================================== ================================================== ======== FILTERING : http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections” add chain=input connection-state=established action=accept \comment=”Allow Established connections” add chain=input protocol=udp action=accept \ comment=”Allow UDP” add chain=input protocol=icmp action=accept \ comment=”Allow ICMP” add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router from known network” add chain=input action=drop comment=”Drop anything else” ANTI VIRUS UTK MICROTIK : add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else”================================================== ===== SECURITY ROUTER MICROTIK ANDA : / ip firewall filteradd chain=input connection-state=established comment=”Accept established connections”add chain=input connection-state=related comment=”Accept related connections”add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else” “http://wiki.mikrotik.com/wiki/Securing_your_router“ ================================================== ======================================== SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA : /ip firewall filteradd chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections”add chain=forward connection-state=invalid action=drop comment=”drop invalid connections” add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot” ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++ #MatikanPort yang Biasa di pakai Spam : /ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop /ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop /ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop /ip firewall filter add chain=forward dst-p diatas di cek di websitenya lagi : http://www.mikrotik.com/documentation/manual_2.7/ http://www.mikrotik.com/docs/ros/2.9/ip/webproxy lihat di system resource dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print ************************************************** ****************************************** Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X - disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export # oct/12/2005 09:51:23 by RouterOS 2.9.5 # software id = 1TLC-xxx # / tool graphing set store-every=5min / tool graphing queue add simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no / tool graphing resource add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no / tool graphing interface add interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=no add interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=no add interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no Label: komtek |