Mikrotik is now widely used by ISPs, hotspot providers, or by the owner of the cafe. Mikrotik OS router makes the computer into a reliable network that is equipped with various features and tools, for both wired and wireless networks.
In this tutorial, the author presents a discussion and simple instructions and simple in configuring mikrotik for certain purposes and the public is typically collected in server / router cafe or other tissues, such konfirugasi for example, for server NAT, Bridging, BW management, and MRTG.
Mikrotik version I use for this tutorial is a MikroTik RouterOS 2.9.27
In this tutorial, the author presents a discussion and simple instructions and simple in configuring mikrotik for certain purposes and the public is typically collected in server / router cafe or other tissues, such konfirugasi for example, for server NAT, Bridging, BW management, and MRTG.
Mikrotik version I use for this tutorial is a MikroTik RouterOS 2.9.27
Mirotik Access:
1. via console
Mikrotik router board or PC can be accessed directly via the console / shell and remote access using putty (www.putty.nl)
2. via Winbox
Mikrotik can also be accessed / remotely using software tools Winbox
3. via web
Mikrotik can also be accessed via web / port 80 using a browser
Naming Mikrotik
[mikrotik@ IATG-SOLO]> system identity print
name: "MikroTik"
[mikrotik @ IATG-SOLO]> system identity edit
value-name: name
typed into the editor for example I change the name IATG-SOLO:
IATG-SOLO
Cc quit Co save & quit Cu Ck undo the cut line Cy paste
Edit and press Cltr-o to save and exit the editor
Changing the name of the interface:
[mikrotik @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[mikrotik @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[mikrotik @ IATG-SOLO]> / interface edit 0
value-name: name
The value 0 is the value ether1, if you want to replace ethet2 replaced with a value of 0.
missal typed into the editor I replace it with local names:
local
Cc quit Co save & quit Cu Ck undo the cut line Cy paste
Edit and press Cltr-o to save and exit the editor
Do the same for two ether interfaces, so that if seen again will appear like this:
Cc quit Co save & quit Cu Ck undo the cut line Cy paste
Edit and press Cltr-o to save and exit the editor
Do the same for two ether interfaces, so that if seen again will appear like this:
[mikrotik @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
Select the menu interface, click the name of the interface who want to edit, so the window pops up the edit interface.
Setting IP Address:
[mikrotik @ IATG-SOLO]> / ip address add
address: 192.168.1.1/24
interface: local
[mikrotik @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Setting IP Address:
[mikrotik @ IATG-SOLO]> / ip address add
address: 192.168.1.1/24
interface: local
[mikrotik @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Enter the IP address value in the column address and netmask, who wanted to enter the interface name given ip addressnya.Untuk-2 Interface to the public interface, the same way as above, so that if seen again will be 2 interfaces:
[mikrotik @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 202.51.192.42/29 202.51.192.40 202.51.192.47 public
As a NAT MikrotikNetwork Address Translation, or more commonly referred to as NAT is a method to connect more than one computer to the Internet network using a single IP address. Much use of this method due to the limited availability of IP addresses, security needs (security), and the ease and flexibility in network administration.
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of 4 bytes address means that there are 2 to the power 32 = 4,294,967,296 IP addresses available. This amount is theoretically the number of computers that can directly connect to the internet. Because of this limitation most of the ISPs (Internet Service Provider) will only allocate one address for one user and this address is dynamic, in the sense of a given IP address will be different each time a user connect to the internet. This would make it difficult for businesses to lower middle class. On the one hand they need a lot of computers that are connected to the internet, but on the other hand only one available IP address, which means there is only one computer that can connect to the internet. This can be overcome by the NAT method. With a NAT gateway running on one computer, an IP address can be shared with several other computers and they can connect to the internet simultaneously.
Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42 behind one IP address provided by ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading changes the data packets from the IP address and port from network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network.To use masquerading, source NAT rule with action 'masquerade' should be added to the firewall configuration:[mikrotik@ IATG-SOLO]> / ip firewall nat add chain = srcnat action = masquerade out-interface = public
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of 4 bytes address means that there are 2 to the power 32 = 4,294,967,296 IP addresses available. This amount is theoretically the number of computers that can directly connect to the internet. Because of this limitation most of the ISPs (Internet Service Provider) will only allocate one address for one user and this address is dynamic, in the sense of a given IP address will be different each time a user connect to the internet. This would make it difficult for businesses to lower middle class. On the one hand they need a lot of computers that are connected to the internet, but on the other hand only one available IP address, which means there is only one computer that can connect to the internet. This can be overcome by the NAT method. With a NAT gateway running on one computer, an IP address can be shared with several other computers and they can connect to the internet simultaneously.
Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42 behind one IP address provided by ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading changes the data packets from the IP address and port from network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network.To use masquerading, source NAT rule with action 'masquerade' should be added to the firewall configuration:[mikrotik@ IATG-SOLO]> / ip firewall nat add chain = srcnat action = masquerade out-interface = public
Transparent web proxy mikrotik as
One function is to store the proxy cache. If a LAN uses a proxy to connect to the Internet, it is done by the browser when a user accesses a web server url is taking the request on the proxy server. Whereas if the data has not been contained in the proxy server then get directly from the web proxy server. Then the request is stored in the proxy cache. Furthermore, if there are clients who make requests to the same url, it will be taken from the cache. This will make access to the Internet faster.
How to ensure that every user accessing the Internet through a web proxy that we have enabled? For this we can implement a transparent proxy. With the transparent proxy, every browser on a computer that use this gateway automatically go through a proxy.
All these features enable the web proxy in mikrotik:
[mikrotik @ IATG-SOLO]> / ip proxy set enabled = yes
[mikrotik @ IATG-SOLO]> / ip web-proxy set
cache-administrator = ropix.fauzi @ infoasia.net
[mikrotik @ IATG-SOLO]> / ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "mikrotik.adii @ infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Creating a rule for transparent proxy on the NAT firewall, rather there is masquerading under the rule for NAT:
[mikrotik @ IATG-SOLO]> / ip firewall nat add chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
[mikrotik @ IATG-SOLO]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = Public action = masquerade
1 chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
One function is to store the proxy cache. If a LAN uses a proxy to connect to the Internet, it is done by the browser when a user accesses a web server url is taking the request on the proxy server. Whereas if the data has not been contained in the proxy server then get directly from the web proxy server. Then the request is stored in the proxy cache. Furthermore, if there are clients who make requests to the same url, it will be taken from the cache. This will make access to the Internet faster.
How to ensure that every user accessing the Internet through a web proxy that we have enabled? For this we can implement a transparent proxy. With the transparent proxy, every browser on a computer that use this gateway automatically go through a proxy.
All these features enable the web proxy in mikrotik:
[mikrotik @ IATG-SOLO]> / ip proxy set enabled = yes
[mikrotik @ IATG-SOLO]> / ip web-proxy set
cache-administrator = ropix.fauzi @ infoasia.net
[mikrotik @ IATG-SOLO]> / ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "mikrotik.adii @ infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Creating a rule for transparent proxy on the NAT firewall, rather there is masquerading under the rule for NAT:
[mikrotik @ IATG-SOLO]> / ip firewall nat add chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
[mikrotik @ IATG-SOLO]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = Public action = masquerade
1 chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
No comments:
Post a Comment