Sabtu, 24 September 2011

First Time RB750/RB450- Step By Step Instalation Guide

Buka Winbox pada PC/Laptop anda
(kalau ga ada download via www.mikrotik.co.id bag download area)





Klik Browse ( titik tiga di kiri tombol connect ), lalu muncul maccaddress
klik 2x dan klik connect selanjutnya winbox akan loading data





Setelah masuk ke GUI Winbox. Umumnya akan muncul layar seperti ini




Pilihlah Remove Configuration
Lalu Close Winbox dan coba ulangi langkah connect di atas

Setelah Masuk.. Lakukan Langkah Setting Mikrotik Mulai dari Setting Ip address








/ip address add address=192.168.1.2/24 interface=ether1 comment="To Gateway" 
/ip address add address=192.168.2.1/24 interface=ether2
/ip address add address=192.168.3.1/24 interface=ether3
/ip address add address=192.168.4.1/24 interface=ether4
/ip address add address=192.168.5.1/24 interface=ether5





Topologi dan kondisi setting di atas ialah, Ether1 menuju ke modem / gateway yang mempunyai IP 192.168.1.1, jadi Ether1 pada RB750 di beri IP 192.168.1.2/24 ( Satu Network dengan Gatewaynya ). Apabila anda kondisikan dengan ISP. maupun modem yang ber IP lain. anda tinggal sesuaikan IP Ether1 satu network dengan Ip Uplink di atasnya / Ip Gateway yang ada diatasnya.


Tambahan Setting IP Route


/ip route add gateway 192.168.1.1


Tambahan Setting Masquerade



/ip firerewall nat add  chain=srcnat action=masquerade out-interface=ether1

Setting DNS

Setting DNS Server Mikrotik
- masuk ke menu IP > DNS
- pilih tombol setting
- Masukkan Primary DNS yang di berikan oleh ISP
- Masukkan Secondary DNS yang di berikan oleh ISP
- Centang allow remote request
- OK

Setting Pc Client
- Secara dasar Router anda telah siap.
- Pasang Ether2 pada Switch Hub
- Pasang Pc pada Switch Hub yang sama
- Setting IP IP komputer dengan konfigurasi
IP Address : 192.168.0.2 - 192.168.0.254
Subnet mask : 255.255.255.0
Gateway : 192.168.0.1
DNS : 192.168.0.1
Selesai.. Router anda siap digunakan



Add NTP Client 



/system ntp client add enabled: yes mode: unicast primary-ntp: 152.118.24.8 \
secondary-ntp: 91.189.94.4

/system clock add time-zone-name:Asia/jakarta





Tambahkan Rule NAT Masquerade tersebut, dengan menggunakan Ether1 ( ether yang menuju gateway ) sebagai Out Interfacenya
Rule NTP Hanya Opsional. namun cukup bermanfaat supaya RB750 tanggalnya auto update.


untuk firewall



/ip firewall filter
add action=accept chain=forward comment="allow established connections" \
    connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \
    connection-state=related disabled=no
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no \
    dst-port=21 in-interface=Speedy-PPPoE1 protocol=tcp src-address-list=\
    FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" \
    disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList \
    address-list-timeout=1d chain=output comment="" content=\
    "530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH Brute Forcers" disabled=no \
    dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp src-address-list=\
    IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList \
    address-list-timeout=1d chain=input comment="" connection-state=new \
    disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
    src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
    src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp \
    src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22-23 in-interface=Speedy-PPPoE1 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no \
    in-interface=Speedy-PPPoE1 src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=12h chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=1d chain=input comment="" disabled=no in-interface=\
    Speedy-PPPoE1 protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment="Allow limited pings" disabled=no \
    in-interface=Speedy-PPPoE1 limit=50/5s,2 protocol=icmp
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" \
    disabled=no protocol=udp src-port=135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
    protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=udp src-port=\
    445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
    udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=\
    135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
    protocol=tcp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=\
    445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
    tcp
add action=drop chain=forward comment="" disabled=no dst-port=4691 protocol=\
    tcp
add action=drop chain=forward comment="" disabled=no dst-port=5933 protocol=\
    tcp
add action=drop chain=forward comment="Blok LLMNR" disabled=no dst-port=5355 \
    protocol=udp
add action=drop chain=forward comment="" disabled=no dst-port=4647 protocol=\
    udp
add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
    src-port=25
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=7777 protocol=\
    tcp
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid disabled=no



Firewall Untuk Pemula


ip firewall filter 

add chain=forward in-interface=Ether1 out-interface=Lan dst-address=192.168.0.0/16 action=accept comment="Allow semua akses internet to client" disabled=no

add chain=input in-interface=Ether1 protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no

add chain=input in-interface=Ether1 protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no

add chain=input in-interface=Ether1 protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no 

add chain=input in-interface=Ether1 connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no 

add chain=input in-interface=Ether1 action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no


Untuk transparent proxy



add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY disable this to bypass squid" disabled=nodst-address-list=!SELAIN_IP_PROXY dst-port=80,8080,3128 in-interface=Local protocol=tcp to-addresses=IP_Proxy_External to-ports=3128


ganti yang cetak tebal dengan iP -na Proxy


limit bandwith koneksi 2mb untuk 12 pc:


/ip firewall mangle
add action=mark-packet chain=forward comment=pc1 disabled=no dst-address=192.168.0.1 new-packet-mark=pc1 passthrough=no
add action=mark-packet chain=forward comment=pc2 disabled=no dst-address=192.168.0.2 new-packet-mark=pc2 passthrough=no
add action=mark-packet chain=forward comment=pc3 disabled=no dst-address=192.168.0.3 new-packet-mark=pc3 passthrough=no
add action=mark-packet chain=forward comment=pc4 disabled=no dst-address=192.168.0.4 new-packet-mark=pc4 passthrough=no
add action=mark-packet chain=forward comment=pc5 disabled=no dst-address=192.168.0.5 new-packet-mark=pc5 passthrough=no
add action=mark-packet chain=forward comment=pc6 disabled=no dst-address=192.168.0.6 new-packet-mark=pc6 passthrough=no
add action=mark-packet chain=forward comment=pc7 disabled=no dst-address=192.168.0.7 new-packet-mark=pc7 passthrough=no
add action=mark-packet chain=forward comment=pc8 disabled=no dst-address=192.168.0.8 new-packet-mark=pc8 passthrough=no
add action=mark-packet chain=forward comment=pc9 disabled=no dst-address=192.168.0.9 new-packet-mark=pc9 passthrough=no
add action=mark-packet chain=forward comment=pc10 disabled=no dst-address=192.168.0.10 new-packet-mark=pc10 passthrough=no
add action=mark-packet chain=forward comment=pc11 disabled=no dst-address=192.168.0.11 new-packet-mark=pc11 passthrough=no
add action=mark-packet chain=forward comment=pc12 disabled=no dst-address=192.168.0.12 new-packet-mark=pc12 passthrough=no
add action=mark-packet chain=forward comment=Billing disabled=no dst-address=192.168.0.20 new-packet-mark=Billing passthrough=no

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2000k name=parent parent=lokal priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer1 packet-mark=pc1 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer2 packet-mark=pc2 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer3 packet-mark=pc3 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer4 packet-mark=pc4 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer5 packet-mark=pc5 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer6 packet-mark=pc6 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer7 packet-mark=pc7 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer8 packet-mark=pc8 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer9 packet-mark=pc9 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer10 packet-mark=pc10 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer11 packet-mark=pc11 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer12 packet-mark=pc12 parent=parent priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=153k name=computer-bill packet-mark=Billing parent=parent priority=8 queue=default




Download video : http://www.4shared.com/get/GOLV7kaQ/Step_by_step_konfigurasi_Mikro.html


Source : http://www.forummikrotik.com/showthread.php?14424-First-Time-RB750-RB450-Step-By-Step-Instalation-Guide&highlight=dasar+rb750
Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)