Shoeisparrows’s Weblog

Just another WordPress.com weblog

Archive for the ‘Mikrotik’ Category

paket priority mikrotik

Posted by shoeisparrows on August 2, 2009

0   ;;; .::By shoei::.  Prio P2P
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=prio_conn_p2p passthrough=yes

1   chain=prerouting connection-mark=prio_conn_p2p action=mark-packet
new-packet-mark=prio_p2p_packet passthrough=no

2   ;;; Prio Download_Services
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

3   chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

4   chain=prerouting protocol=tcp dst-port=143 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

5   chain=prerouting protocol=tcp dst-port=993 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

6   chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

7   chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

8   chain=prerouting protocol=tcp dst-port=80 connection-bytes=500000-0
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

9   chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

10   chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

11   chain=prerouting connection-mark=prio_conn_download_services
action=mark-packet new-packet-mark=prio_download_packet passthrough=yes

12   ;;; Prio Ensign_Services
chain=prerouting protocol=tcp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

13   chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
14   chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

15   chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

16   chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

17   chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

18   chain=prerouting protocol=tcp dst-port=179 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

19   chain=prerouting protocol=tcp dst-port=8000 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

20   chain=prerouting connection-mark=prio_conn_ensign_services
action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no

21   ;;; Prio User_Request
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

22   chain=prerouting dst-address-list=user_request action=mark-connection
new-connection-mark=prio_conn_user_services passthrough=yes

23   chain=prerouting connection-mark=prio_conn_user_services
action=mark-packet new-packet-mark=prio_request_packet passthrough=yes

24   chain=prerouting protocol=gre action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

25   ;;; Prio_Communication
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

26   chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

27   chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

28   chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

29   chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

30   chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

31   chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

32   chain=prerouting protocol=ipencap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

33   chain=prerouting protocol=ipsec-esp action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

34   chain=prerouting protocol=ipsec-ah action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

35   chain=prerouting protocol=ipip action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

36   chain=prerouting protocol=encap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

37   chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet new-packet-mark=prio_comm_packet passthrough=no

nah kl skrip ini bwt paket pritory berdasarkan bandwitch
38 X ;;; .:: By Rendy ::.   mark basic client
chain=forward src-address-list=Basic_class_client action=mark-connection
new-connection-mark=Basic_client_conn passthrough=yes

39 X chain=forward connection-mark=basic_client_conn action=mark-packet
new-packet-mark=basic_clien_traffic passthrough=no

40 X ;;; mark srandard client traffic
chain=forward src-address-list=Standard_class_client
action=mark-connection new-connection-mark=standard_client_conn
passthrough=yes

41 X chain=forward connection-mark=standard_client_conn action=mark-packet
new-packet-mark=standard_client_traffic passthrough=no

42 X ;;; mark business client traffic
chain=forward src-address-list=Business_class_client
action=mark-connection new-connection-mark=business_client_conn
passthrough=yes

43 X chain=forward connection-mark=Business_client_conn action=mark-packet
new-packet-mark=business_client_traffic passthrough=no

44 X ;;; Check for unmarked traffic
chain=forward action=log log-prefix=””

Advertisements

Posted in Mikrotik | Leave a Comment »

Fitur-fitur mikrotik

Posted by shoeisparrows on July 31, 2009

Address List, Pengelompokan IP address berdasarkan nama.

Asynchronous, Mendukung serial PPP dial-in/dialout, dengan otentikasi CHAP, PAP, MSCHAPv1 dan MSCHAPv2, Radius, dial on demand, modem pool hingga 128 ports.

Bonding, Mendukung dalam pengkombinasian beberapa antarmuka ethernet ke dalam 1 pipa pada koneksi yang cepat.

Bridge, Mendukung fungsi bridge spanning tree, multiple bridge interface, bridge firewalling.

Data Rate Management, QoS berbasis HTB dengan penggunaan busrt, PCQ, RED, SFQ, FIFO queue, CIR, MIR, limit antar peer to peer.

DHCP, Mendukung DHCP tiap antar muka; DHCP relay; DHCP client, multiple network DHCP; static and dynamic DHCP leases.

Firewall and NAT, Mendukung pemfilteran koneksi peer to peer, source NAT dan destination NAT. Mampu memfilter berdasarkan MAC, IP address, range port, protokol IP, pemilihan opsi protokol seperti ICMP, TCP flags dan MSS.

Hotspot, Hotspot gateway dengan otentifikasi RADIUS. Mendukung limit data rate, SSL, HTTPS.

IPSec, Protokol AH dan ESP untuk IPSec; MODP Diffie-Hellman groups 1, 2, 5; MD5 dan algoritma SHA1 hashing; algoritma enkripsi menggunakan DES, 3DES, AES-128, AES-129, AES-256; Perfect Forwarding Secresy (PFS) MODP groups 1, 2, 5.

ISDN, Mendukung ISDN dial-in/dial out. Dengan otentikasi PAP, CHAP, MSCHAPv1 dan MSCHAPv2, Radius. Mendukung 128K bundle, Cisco HDLC, x751, x75ui, x75bui line protokol.

M3P, Mikrotik Protokol Paket Packer untuk wireless links dan ethernet.

MNDP, Mikrotik Discovery Neighbor Protocol, juga mendukung Cisco Discovery Protocol (CDP).

Monitoring/Accounting, Laporan traffic IP, log, statistik graphs yang dapat diakses melalui HTTP.

NTP, Network Time Protokol untuk server dan client; sinkronisasi menggunkan system GPS.

Point to Point Tunneling Protocol, PPTP, PPPoE dan L2TP Access Concentrators; protokol otentikasi menggunakan PAP, CHAP, MSCHAPv1, MSCHAPv2; otentikasi dan laporan RADIUs; enkripsi MPPE; kompresi untuk PpoE; Limit data rate.

Proxy, Cache untuk FTP dan HTTP proxy server; HTTPS proxy; transparent proxy untuk DNS dan HTTP; mendukung protokol SOKCS; mendukung parent proxy; statik DNS.

Routing, Routing statik dan dinamik; RIP v1/v2, OSPF v2, BGP v4.

SDSL, Mendukung Single Line DSL; mode pemutusan jalur koneksi dan jaringan.

Simple Tunnels, Tunnel IPIP dan EoIP (Ethernet over IP).

SNMP, Mode akses read only.

Synchronous, V.35, V.24, E1/T1, X21, DS3 (T3) media types; sync-PPP, Cisco HDLC; Frame Relay line protocol; ANSI-617d (ANDI atau annex D) dan Q933a (CCIT atau annex A); Frame Relay jenis LMI.

Tool, Ping; Traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer; Dinamic DNS update.

UpnP, Mendukung antar muka universal Plug and Play.

VLAN, Mendukung Virtual LAN IEEE802.1q untuk jaringan ethernet dan wireless; multiple VLAN; VLAN bridging.

VOIP, Mendukung aplikasi voice over IP.

VRPP, Mendukung Virtual Router Redudant Protocol.

Winbox, Aplikasi mode GUI untuk meremote dan mengkonfigurasi MikroTik RouterOS.

fitur-fitur ini saya kutip dari :

http://solocybercity.wordpress.com/2008/09/04/fitur-fitur-mikrotik/

Posted in Mikrotik | Leave a Comment »

firewall di mikrotik

Posted by shoeisparrows on July 29, 2009

skrip bwt firewall di mikrotik

0 ;;; block discovery mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
1 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
2 ;;; block discovery mikrotik
chain=output mac-protocol=ip dst-port=5678 ip-protocol=udp action=drop
3 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
4 ;;; block winbox mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=8291 ip-protocol=tcp action=drop
5 ;;; block request DHCP
ip firewall filter add chain=input mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
6 ;;; block request DHCP
ip firewall filter add chain=forward mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
7 ;;; block request DHCP
ip firewall filter add chain=output mac-protocol=ip dst-port=68 ip-protocol=udp action=drop

8;;;block tracert

ip firewall filter add chain=forward protocol=icmp icmp-options=11:0 action=drop comment=”Drop
Traceroute”
ip firewall filter add chain=forward protocol=icmp icmp-options=3:3 action=drop comment=”Drop Traceroute”

Mudah-mudahan bemanfaat,,

Posted in Mikrotik | Leave a Comment »

Aturan Firewall

Posted by shoeisparrows on July 28, 2009

Aturan firewall menentukan kriteria-kriteria untuk paket dan targetnya. Bila paket tidak memenuhi kriteria tersebut,
aturan selanjutnya dalam ipchains dibandingkan. Kriteria yang dapat diterapkan pada paket antara lain :

  • ACCEPT. Menerima paket
  • DENY. Menolak paket tanpa memberi pesan atau return
  • REJECT. Menolak paket namun memberi pesan penolakan
  • MASQ. Membungkus paket seakan-akan paket berasal dari gateway
  • REDIRECT. Membelokkan paket ke port tertentu
  • RETURN. Sama dengan REDIRECT
  • user defined. Buatan user sendiri

Posted in Mikrotik | Leave a Comment »

Membuat router speedy menggunakan mikrotik

Posted by shoeisparrows on July 10, 2009

maaf kalo salah coz baru belajar,,hehhehehehhe,,,

Anggap saja qt sudah berhasil menginstal mikrotiknya,,,

sekarang qt lanjut ke setting mikrotiknya,hal yg petama qt lakukan adalah membuat IP address, dan memiliki minimal 2 interfaces. Interfaces pertama adalah untuk dari modem ADSL ke Mikrotik, interfaces 2 untuk switch.

[INTERNET]——[MODEM ADSL]——[ROUTER MIKROTIK]——[SWITCH]———[CLIENT]

[shoei@Naon she?] > ip address add address=192.168.1.2/24 interface=ether1 (buat ke modem)

[shoei@Naon she?] > ip address add address=192.168.10.1/24 interface=ether1 (buat ke switch)

qt liat IP yg qt buat

[shoei@Naon she?] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.10.1/24 192.168.10.0 192.168.10.255 Switch
1 192.168.1.2/24 192.168.1.0 192.168.1.255 ether1

[shoei@Naon she?] > interface pppoe-client add name=pppoe-client-speedy user=142xxxxxxxxx@telkom.net
password=XXXXXXXXXX interface=speedy service-name=internet disabled=no

saya buat PPPOE di mikrotik karena saya modusnya briged

[shoei@Naon she?] > ip dns set primary-dns=(DNS utama speedy)

[shoei@Naon she?] > ip dns print
primary-dns: 222.124.204.34
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 90KiB
Selanjutnya setting masquerade, untuk meneruskan perintah dari routing dari semua client ke NAT firewall mikrotik,,

[shoei@Naon she?] >ip firewall nat add chain=srcnat action=masquerade

maaf kalo ada yg salah coz masih belajar,,hehheehhe,,

coz saya lupa-lupa ingat,,hehehhehe

Posted in Mikrotik | Leave a Comment »