- pilihlah paket – paket dibawah ini untuk install OS Microtik :
System, dhcp, Advance Tools, RouTing, Security, Web – Proxy.
- ganti nama system sesuai dengan selera anda :
[admin@microtik] > system identity set name=warnet
Selanjutnya promt shell akan berubah menjadi :
Seperti yg anda inginkan :[admin@warnet] >
- Ubahlah Password OS microtik anda dengan cara :
[admin@warnet] >user set admin password=………………………………
- aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :
[admin@warnet] >interface ethernet enable ether1
[admin@warnet] >interface ethernet enable ether2- Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :
[admin@warnet] >interface Ethernet set ether1 name=modem =====è Ethernet yg utk modem
[admin@warnet] >interface ethernet set ether2 name=local ===è Ethernet yg untuk ke HUB- Masukan IP pada kedua landcard :
[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) / netmask
[admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0- masukkan IP gateway yg di berikan dari ISP :
[admin@warnet] > ip route add gateway=10.11.1.1560
- SETTING DNS :
[admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2
setelah itu coba ping semua IP yang telah di setting di atas.
[b][font="]KONFIGURASI FIREWALL DAN NETWORK
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
[font="]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept
/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=acceptip firewall filter add chain=input action=drop
ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”" yahuu.net=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \max-ram-cache-size=unlimited
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ip firewall nat add in-interface=modem
dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24
================================================== ================
yang 3128 semuanya di ganti 8080 : caranya :
ip web-proxy set enable=yes
/ip web-proxy set port=3128/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )
/ip web-proxy set hostname=”proxy.prima”/ip web-proxy set allow-remote-requests=yes
/ip web-proxy set cache-administrator: “primanet.slawi@yahoo.com”================================================== ================================================== ========
FILTERING :http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections” add chain=input connection-state=established action=accept \comment=”Allow Established connections” add chain=input protocol=udp action=accept \ comment=”Allow UDP” add chain=input protocol=icmp action=accept \ comment=”Allow ICMP” add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router from known network” add chain=input action=drop comment=”Drop anything else”ANTI VIRUS UTK MICROTIK :
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”++++++++++++++++++++++++++++++++++++++++++++++++++ +++++add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else”================================================== =====
SECURITY ROUTER MICROTIK ANDA :
/ ip firewall filteradd chain=input connection-state=established comment=”Accept established connections”add chain=input connection-state=related comment=”Accept related connections”add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else”“http://wiki.mikrotik.com/wiki/Securing_your_router“================================================== ========================================SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :/ip firewall filteradd chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections”add chain=forward connection-state=invalid action=drop comment=”drop invalid connections” add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++#MatikanPort yang Biasa di pakai Spam :
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop/ip firewall filter add chain=forward dst-p
diatas di cek di websitenya lagi : http://www.mikrotik.com/documentation/manual_2.7/
lihat di system resource
dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print************************************************** ******************************************
Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X – disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export# oct/12/2005 09:51:23 by RouterOS 2.9.5# software id = 1TLC-xxx#/ tool graphingset store-every=5min/ tool graphing queueadd simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no/ tool graphing resourceadd allow-address=0.0.0.0/0 store-on-disk=yes disabled=no/ tool graphing interfaceadd interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=noadd interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=noadd interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no