STEP BY STEP MIKROTIK
Naming Mirotik
[ropix@IATG-SOLO] > system identity print
name: "Mikrotik"
[ropix@IATG-SOLO] > system identity edit
value-name: name
typed into the editor for example I change the name IATG-SOLO:
IATG-SOLO
C-c quit C-o save&quit C-u undo C-k cut line C-y paste
Edit and press Cltr-o to save and exit the editor If using Winbox, it looks like this:
[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[ropix@IATG-SOLO] > /interface edit 0
value-name: name
The value 0 is the value ether1, if you want to replace ethet2 replaced with a value of 0. missal typed into the editor I replace it with local names:
local
C-c quit C-o save&quit C-u undo C-k cut line C-y paste
Edit and press Cltr-o to save and exit the editor Do the same for two ether interfaces, so that if seen again will appear like this:
[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R local ether 0 0 1500
1 R public ether 0 0 1500
Via Winbox:
Select the menu interface, click the name of the interface who want to edit, so the window pops up the edit interface.
Setting IP Address:
[ropix@IATG-SOLO] > /ip address add
address: 192.168.1.1/24
interface: local
[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Enter the IP address value in the column address and netmask, who wanted to enter the interface name given ip addressnya.Untuk-2 Interface to the public interface, the same way as above, so that if seen again will be 2 interfaces:
[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 202.51.192.42/29 202.51.192.40 202.51.192.47 public
Via Winbox:
Network Address Translation, or more commonly referred to as NAT is a method to connect more than one computer to the Internet network using a single IP address. Much use of this method due to the limited availability of IP addresses, security needs (security), and the ease and flexibility in network administration.
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of 4 bytes address means that there are 2 to the power 32 = 4,294,967,296 IP addresses available. This amount is theoretically the number of computers that can directly connect to the internet. Because of this limitation most of the ISPs (Internet Service Provider) will only allocate one address for one user and this address is dynamic, in the sense of a given IP address will be different each time a user connect to the internet. This would make it difficult for businesses to lower middle class. On the one hand they need a lot of computers that are connected to the internet, but on the other hand only one available IP address, which means there is only one computer that can connect to the internet. This can be overcome by the NAT method. With a NAT gateway running on one computer, an IP address can be shared with several other computers and they can connect to the internet simultaneously.
Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42 behind one IP address provided by ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading changes the data packets from the IP address and port from network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network. To use masquerading, source NAT rule with action 'masquerade' should be added to the firewall configuration:
[ropix@IATG-SOLO] > /ip firewall nat add chain=srcnat action=masquerade
out-interface=public
If using Winbox, would look like this:
One function is to store the proxy cache. If a LAN uses a proxy to connect to the Internet, it is done by the browser when a user accesses a web server url is taking the request on the proxy server. Whereas if the data has not been contained in the proxy server then get directly from the web proxy server. Then the request is stored in the proxy cache. Furthermore, if there are clients who make requests to the same url, it will be taken from the cache. This will make access to the Internet faster.
How to ensure that every user accessing the Internet through a web proxy that we have enabled? For this we can implement a transparent proxy. With the transparent proxy, every browser on a computer that use this gateway automatically go through a proxy.
All these features enable the web proxy in mikrotik:
[ropix@IATG-SOLO] > /ip proxy set enabled=yes
[ropix@IATG-SOLO] > /ip web-proxy set
cache-administrator= ropix.fauzi@infoasia.net
[ropix@IATG-SOLO] > /ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "ropix.fauzi@infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Creating a rule for transparent proxy on the NAT firewall, rather there is masquerading under the rule for NAT:
[ropix@IATG-SOLO] > /ip firewall nat add chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128
[ropix@IATG-SOLO] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=public action=masquerade
1 chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128
In Winbox:
1. Enable web proxy on the menu IP> Proxy> Access> Settings (check box enabled)
MikroTik Web Proxy built in according to my observations, not so good compared to the squid proxy in linux, squid in linux more flexibility to be modified and diconfigure, eg for delay-pool feature and the ACL list of files, not in the mikrotik series 2.9.x. Usually most people prefer to make your own proxy server, and PC Linux / FreeBSD and just point all clients to the PC. PC proxy topology can be in a local network or using a public ip. Configuration is almost similar to the transparent proxy, the difference is in the NAT rule the action is as follows:
Mikrotik as a bandwidth limiter
Mikrotik can also be used for bandwidth limiter (queue). To control the data rate allocation mechanism. In general there are two types of bandwidth management on a Mikrotik, namely simple queue and queue trees. Please use either one alone.
The next tutorial mikrotik all settings using Winbox, because it is more user friendly and efficient.
Simple queue:
For example we will limit the bandwidth of the client with the ip 192.168.0.3 to 128kbps downstream and 64kbps upstream Queues Settings menu> Simple Queues
Click the ip> firewall> magle
On the General tab:
Chain = forward,
Src.address = 192.168.0.3 (or who want to limit ip)
On the Action tab:
Action = mark connection,
New connection-mark = con client3 (or the name of the mark that we make conection)
Click Apply and OK
On the General tab: chain = forward,
Connection client3-mark = con (select from the dropdown menu)
On the Action tab:
Action = mark packet,
New pcket Mark = client3 (or the name of the packet marks that we make)
Click Apply and OK
Click the Queues menu> Queues Tree
Name = client3-in (eg),
Parent = public (who is the outgoing interface),
Package Mark = client3 (select from the dropdown, just that we create on magle),
Queue Type = default,
Priority = 8,
Max limit = 64K (for setting the max download bandwidth)
Aplly and click Ok
Create another rule with the following parameters:
On the General tab:
Name = client3-up (eg),
Parent = local (who is way into the interface),
Package Mark = client3 (select from the dropdown, just that we create on magle),
Queue Type = default,
Priority = 8,
Max limit = 64K (for setting max upload bandwidth)
Aplly and click Ok
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol itself. Packets are forwarded based on the ethernet address, not the IP address (like a router). Because the packet forwarding done at Layer 2, all protocols can be via a bridge. So the analogy is like this, you have a local network 192.168.0.0/24 gateway to an ADSL modem router with a reply as well as local ip 192.168.0.254 and public ip 222.124.21.26. You want to create a proxy server and Mikrotik as a BW management for all clients. Well want to put the location for the PC mikrotik? Among the hub / switch and the gateway / modem? Do not be like him as a NAT and we must add a block of private io again different from the gateway modem?
Mikrotik solution set as a bridging, so seolah2 he only bridge between UTP alone. Topology as follows:
Internet----------Moderm/router-----------Mikrotik--------Switch/Hub-----Client
Setting bridging using Winbox 1. Adding the bridge interface Click the Interface menu and then click the + sign to add a red color interface, select Bridge
2. adding ether and local public interface on the interface Click the IP menu> Bridge> Ports, then click the + sign to add a new rule: Create two rules, for local and public interfaces.
Mikrotik as MRTG / Graphing Graphing is a tool to mokrotik enabled to monitor changes in these parameters at any time. Changes that change the form of graphs up to date and can be accessed using a browser. Graphing can display information such as:
* Resource usage (CPU, Memory and Disk usage)
* Traffic passing through the interfaces
* Traffic through simple queues
Activate graping Click the Tools menu> Graphing> Resource Rules Is to enable graphing for Mikrotik resource usage. Whereas allow IP address is anywhere to access the graphics tersebu,. 0.0.0.0 / 0 for all ip addresses.
Graphing consists of two parts, first gather information / data which both display it in Web format. To access the graphics, type in the URL with the format http:// [Router_IP_address] / graphs / and choose from the menus there, where you want to display graphics. Examples of graphs for traffic public interface:
No comments:
Post a Comment