Macam² Laptop

Sunday, June 19, 2011

STEP BY STEP MIKROTIK

STEP BY STEP MIKROTIK
Mikrotik Glance Mikrotik is now widely used by ISPs, hotspot providers, or by the owner of the cafe. Mikrotik OS router makes the computer into a reliable network that is equipped with various features and tools, for both wired and wireless networks. In this tutorial, the author presents a discussion and simple instructions and simple in configuring mikrotik for certain purposes and the public is typically collected in server / router cafe or other tissues, such konfirugasi for example, for server NAT, Bridging, BW management, and MRTG. Mikrotik version I use for this tutorial is a MikroTik RouterOS 2.9.27 Mirotik Access: 1. via console Mikrotik router board or PC can be accessed directly via the console / shell and remote access using putty (www.putty.nl) 2. via Winbox Mikrotik can also be accessed / remotely using software tools Winbox 3. via web Mikrotik can also be accessed via web / port 80 using a browser
Naming Mirotik

[ropix@IATG-SOLO] > system identity print
  name: "Mikrotik"
[ropix@IATG-SOLO] > system identity edit
value-name: name

typed into the editor for example I change the name IATG-SOLO:

IATG-SOLO
C-c quit C-o save&quit C-u undo C-k cut line C-y paste

Edit and press Cltr-o to save and exit the editor If using Winbox, it looks like this:
Changing the name of the interface:

[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
 #    NAME          TYPE             RX-RATE    TX-RATE    MTU
 0  R ether1        ether            0          0          1500
 1  R ether2        ether            0          0          1500
[ropix@IATG-SOLO] > /interface edit 0
value-name: name

The value 0 is the value ether1, if you want to replace ethet2 replaced with a value of 0. missal typed into the editor I replace it with local names:

local
C-c quit C-o save&quit C-u undo C-k cut line C-y paste

Edit and press Cltr-o to save and exit the editor Do the same for two ether interfaces, so that if seen again will appear like this:

[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
 #    NAME        TYPE             RX-RATE    TX-RATE    MTU
 0  R local       ether            0          0          1500
 1  R public      ether            0          0          1500

Via Winbox:
 
Select the menu interface, click the name of the interface who want to edit, so the window pops up the edit interface.
Setting IP Address:

[ropix@IATG-SOLO] > /ip address add
address: 192.168.1.1/24
interface: local
[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   192.168.0.254/24   192.168.0.0     192.168.0.255   local

Enter the IP address value in the column address and netmask, who wanted to enter the interface name given ip addressnya.Untuk-2 Interface to the public interface, the same way as above, so that if seen again will be 2 interfaces:

[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS             NETWORK         BROADCAST       INTERFACE
 0   192.168.0.254/24    192.168.0.0     192.168.0.255   local
 1   202.51.192.42/29    202.51.192.40   202.51.192.47   public

Via Winbox:


 As a NAT Mikrotik
Network Address Translation, or more commonly referred to as NAT is a method to connect more than one computer to the Internet network using a single IP address. Much use of this method due to the limited availability of IP addresses, security needs (security), and the ease and flexibility in network administration.
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of 4 bytes address means that there are 2 to the power 32 = 4,294,967,296 IP addresses available. This amount is theoretically the number of computers that can directly connect to the internet. Because of this limitation most of the ISPs (Internet Service Provider) will only allocate one address for one user and this address is dynamic, in the sense of a given IP address will be different each time a user connect to the internet. This would make it difficult for businesses to lower middle class. On the one hand they need a lot of computers that are connected to the internet, but on the other hand only one available IP address, which means there is only one computer that can connect to the internet. This can be overcome by the NAT method. With a NAT gateway running on one computer, an IP address can be shared with several other computers and they can connect to the internet simultaneously.

Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42 behind one IP address provided by ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading changes the data packets from the IP address and port from network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network. To use masquerading, source NAT rule with action 'masquerade' should be added to the firewall configuration:

[ropix@IATG-SOLO] > /ip firewall nat add chain=srcnat action=masquerade
out-interface=public

If using Winbox, would look like this: 
 
Transparent web proxy mikrotik as
One function is to store the proxy cache. If a LAN uses a proxy to connect to the Internet, it is done by the browser when a user accesses a web server url is taking the request on the proxy server. Whereas if the data has not been contained in the proxy server then get directly from the web proxy server. Then the request is stored in the proxy cache. Furthermore, if there are clients who make requests to the same url, it will be taken from the cache. This will make access to the Internet faster.
How to ensure that every user accessing the Internet through a web proxy that we have enabled? For this we can implement a transparent proxy. With the transparent proxy, every browser on a computer that use this gateway automatically go through a proxy.
All these features enable the web proxy in mikrotik:

[ropix@IATG-SOLO] > /ip proxy set enabled=yes
[ropix@IATG-SOLO] > /ip web-proxy set
cache-administrator= ropix.fauzi@infoasia.net
[ropix@IATG-SOLO] > /ip web-proxy print

enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "ropix.fauzi@infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB

Creating a rule for transparent proxy on the NAT firewall, rather there is masquerading under the rule for NAT:

[ropix@IATG-SOLO] > /ip firewall nat add  chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

[ropix@IATG-SOLO] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat out-interface=public action=masquerade
 1   chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

In Winbox:  
1. Enable web proxy on the menu IP> Proxy> Access> Settings (check box enabled) 


  2. Setting the parameters on the IP menu> Web Proxy> Access Settings> Genera
3. Creating a rule for transparent proxy on the menu IP> Firewall> NAT 
 
Transparent proxy with proxy servers separate / independent

MikroTik Web Proxy built in according to my observations, not so good compared to the squid proxy in linux, squid in linux more flexibility to be modified and diconfigure, eg for delay-pool feature and the ACL list of files, not in the mikrotik series 2.9.x. Usually most people prefer to make your own proxy server, and PC Linux / FreeBSD and just point all clients to the PC. PC proxy topology can be in a local network or using a public ip. Configuration is almost similar to the transparent proxy, the difference is in the NAT rule the action is as follows:
In the above example 192.168.0.100 is the IP proxy server port 808

 
Mikrotik as a bandwidth limiter 

Mikrotik can also be used for bandwidth limiter (queue). To control the data rate allocation mechanism. In general there are two types of bandwidth management on a Mikrotik, namely simple queue and queue trees. Please use either one alone.
The next tutorial mikrotik all settings using Winbox, because it is more user friendly and efficient. 


Simple queue: 

For example we will limit the bandwidth of the client with the ip 192.168.0.3 to 128kbps downstream and 64kbps upstream Queues Settings menu> Simple Queues 
Queue tree
Click the ip> firewall> magle 
 
  Create a rule (click the + red) with the following parameters:
  
On the General tab:
  
Chain = forward,
  
Src.address = 192.168.0.3 (or who want to limit ip)
  
On the Action tab:
  
Action = mark connection,
  
New connection-mark = con client3 (or the name of the mark that we make conection)
  
Click Apply and OK 

  Create another rule with the following parameters:
  
On the General tab: chain = forward,
  
Connection client3-mark = con (select from the dropdown menu)
  
On the Action tab:
  
Action = mark packet,
  
New pcket Mark = client3 (or the name of the packet marks that we make)
  
Click Apply and OK
Click the Queues menu> Queues Tree  

Create a rule (click the + red) with the following parameters:
  On the General tab:
  
Name = client3-in (eg),
  
Parent = public (who is the outgoing interface),
  
Package Mark = client3 (select from the dropdown, just that we create on magle),
  
Queue Type = default,
  
Priority = 8,
  
Max limit = 64K (for setting the max download bandwidth)
  
Aplly and click Ok

  
Create another rule with the following parameters:
  
On the General tab:
  
Name = client3-up (eg),
  
Parent = local (who is way into the interface),
  
Package Mark = client3 (select from the dropdown, just that we create on magle),
  
Queue Type = default,
  
Priority = 8,
  
Max limit = 64K (for setting max upload bandwidth)
  
Aplly and click Ok
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol itself. Packets are forwarded based on the ethernet address, not the IP address (like a router). Because the packet forwarding done at Layer 2, all protocols can be via a bridge. So the analogy is like this, you have a local network 192.168.0.0/24 gateway to an ADSL modem router with a reply as well as local ip 192.168.0.254 and public ip 222.124.21.26. You want to create a proxy server and Mikrotik as a BW management for all clients. Well want to put the location for the PC mikrotik? Among the hub / switch and the gateway / modem? Do not be like him as a NAT and we must add a block of private io again different from the gateway modem?
Mikrotik solution set as a bridging, so seolah2 he only bridge between UTP alone. Topology as follows: 


Internet----------Moderm/router-----------Mikrotik--------Switch/Hub-----Client
Setting bridging using Winbox 1. Adding the bridge interface Click the Interface menu and then click the + sign to add a red color interface, select Bridge




 give the name of the bridge interface, eg, we named bridge1 



2. adding ether and local public interface on the interface Click the IP menu> Bridge> Ports, then click the + sign to add a new rule: Create two rules, for local and public interfaces.

3. Give the IP address for the bridge interface Click the IP menu and then click the + sign to add an IP interface, eg, 192.168.0.100, select the interface bridge1 (or the name of the bridge interface that we created earlier)
 By giving the IP Address on the bridge interface, it can be in remote mikrotik either from the network who is connected to a local interface or the public.
Mikrotik as MRTG / Graphing Graphing is a tool to mokrotik enabled to monitor changes in these parameters at any time. Changes that change the form of graphs up to date and can be accessed using a browser. Graphing can display information such as:
    
* Resource usage (CPU, Memory and Disk usage)
    
* Traffic passing through the interfaces
    
* Traffic through simple queues
Activate graping Click the Tools menu> Graphing> Resource Rules Is to enable graphing for Mikrotik resource usage. Whereas allow IP address is anywhere to access the graphics tersebu,. 0.0.0.0 / 0 for all ip addresses.

Click the Tools menu> Graphing> Interface Rules Is to enable graphing for monitoring traffic passing through interface, please select the interface which is to be monitored, or select "all" for all.

Graphing consists of two parts, first gather information / data which both display it in Web format. To access the graphics, type in the URL with the format http:// [Router_IP_address] / graphs / and choose from the menus there, where you want to display graphics. Examples of graphs for traffic public interface: 
Similarly, the authors convey a little tutorial to share knowledge or just simplify to facilitate understanding of the tutorials are already available on the official site mikrotik.

No comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites

 
free counters