1. Monday, June 30, 2014 Slat Pertemua 11 JARINGAN KOMPUTER Dengan MikroTikOS Oleh: Kustanto E-mail:kus_sinus@yahoo.co.id Web site: kus2008.wordpress.com

2. Monday, June 30, 2014 Slat Pertemua 12 Membangun jaringan dengan MikroTikOS •Router & Proxy internet. •Server DHCP •BW Managemen. Ref: •Kustanto & Daniel, Membangun Server internet dengan MikroTikOS, Penerbit. Gava Media jogja. •WWW. Mikrotik.com

3. Monday, June 30, 2014 Slat Pertemua 13 Tanpa Strategi Proxy

4. Monday, June 30, 2014 Slat Pertemua 14 Dengan Strategi Proxy (Request dari client diteruskan ke real server dengan atasnama Proxy server)

5. Monday, June 30, 2014 Slat Pertemua 15 Pengalamatan IP pada Strategi Proxy

6. Monday, June 30, 2014 Slat Pertemua 16 Scaling Proxies

7. Monday, June 30, 2014 Slat Pertemua 17 Router Internet Interface bejo Address :192.168.0.1/24 Interface Public Address : 10.0.1.200 /8 Workstation Address :192.168.0.2 /24 Laptop Address :192.168.0.3/24 Local Network 192.168.0.0/24 Public Network 10.0.1.0 /8 Server 10.0.1.3 Internet Gateway 10.0.1.1

8. Monday, June 30, 2014 Slat Pertemua 18 Konfigurasi Router Internet

9. Monday, June 30, 2014 Slat Pertemua 19 Konfigurasi MikroTikOS Bisa dilakukan : •Via console Mikrotik router board ataupun PC dapat diakses langsung via console/ shell maupun remote akses menggunakan putty (www.putty.nl) •Via winbox Mikrotik bisa juga diakses/remote menggunakan software tool winbox •Via web MikroTik juga dapat diakses via web/port 80 dengan menggunakan browser. Dalam konfigurasi ini, mikrotik diakses via konsole dan tool WinBox.

10. Monday, June 30, 2014 Slat Pertemua 110 Langkah 1 •Mengaktifkan ethernet [admin@proxy]>/interface [admin@proxy]interface>enable 0 [admin@proxy]interface>enable 1 • Untuk Melihat kedua ethernet Card yang terpasang (apakah sudah komplit dua), ketikkan print atau pr : [admin@proxy]interface>print

11. Monday, June 30, 2014 Slat Pertemua 111 Langkah 2 •Identitas ethernet. •Untuk merubah nama ethernet yang terpasang pada mesin MikroTik, ketikkan : [admin@proxy]>/interface [admin@proxy]interface>ethernet set ether1 name=Lan [admin@proxy]interface>ethernet set ether2 name=Public Atau [admin@proxy]interface>Set 0 name Lan [admin@proxy]interface>Set 1 name Public

12. Monday, June 30, 2014 Slat Pertemua 112 Langkah 3 • Set Ip Address: [admin@proxy]ip address> add interface=lan address=192.168.0.1/24 [admin@proxy]ip address> add interface=Public address=10.0.1.200/8

13. Monday, June 30, 2014 Slat Pertemua 113 Langkah 4. Set gateway: [admin@proxy]>/ip route [admin@proxy]ip route>add gateway=10.0.1.1

14. Monday, June 30, 2014 Slat Pertemua 114 Langkah 5 •Seting DNS [admin@proxy]>/ip dns [admin@proxy]ip dns>set primary-dns=202.134.1.10 [admin@proxy]ip dns>set secondary-dns=202.134.0.155 Agar komputer Client dapat akses internet: [admin@proxy]ip dns>allow-remote-requests: yes

15. Monday, June 30, 2014 Slat Pertemua 115 Langkah 6 •Set NAT: [admin@proxy]>/ip firewall nat [admin@proxy]ip firewall nat> add chain=srcnat out-interface=public src-address=192.168.0.0/24 action=masquerade

16. Monday, June 30, 2014 Slat Pertemua 116 Proxy Internet

17. Monday, June 30, 2014 Slat Pertemua 117 Konfigurasi Proxy Set Proxy: [admin@proxy]ip web-proxy>set • enabled: yes • src-address: 0.0.0.0 • port: 8080 • hostname: " proxy.lab.ac.id " • transparent-proxy: yes • parent-proxy: 0.0.0.0:0 • cache-administrator: "webmaster" • max-object-size: 4096KiB • cache-drive: system • max-cache-size: unlimited • max-ram-cache-size: unlimited • status: running • reserved-for-cache: 4733952KiB • reserved-for-ram-cache: 2048KiB

18. Monday, June 30, 2014 Slat Pertemua 118 Transparant proxy • Set transparant proxy: [admin@proxy]ip firewall nat> Flags: X - disabled, I - invalid, D - dynamic 0 add chain=srcnat out-interface=public src-address=192.168.0.0/24 action=masquerade 1 add chain=dstnat in-interface=lan protocol=tcp dst-port=80 src-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 2 add chain=dstnat in-interface=lan protocol=tcp dst-port=3128 src-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 3 add chain=dstnat in-interface=lan protocol=tcp dst-port=8080 src-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 4add chain=dstnat protocol=tcp dst-port=80 action=accept 5add chain=dstnat protocol=tcp dst- port=3128 action=accept 6 add chain=dstnat protocol=tcp dst-port=8080 action=accept

19. Monday, June 30, 2014 Slat Pertemua 119 Firewall Filter 8. Protect situs: • Via URL: [admin@proxy]ip web-proxy access> add url=“http://www.sex.com” action denyhttp://www.sex.com add url=“http://www.playboy.com” action denyhttp://www.playboy.com • Via IP network: [admin@proxy]>/ip firewall filter [admin@proxy]ip firewall filter> add chain=forward src-address=82.0.0.0/8 action=drop

20. Monday, June 30, 2014 Slat Pertemua 120 DHCP

21. Monday, June 30, 2014 Slat Pertemua 121 Langkah 1 •Setting IP address [admin@proxy]>/ip address [admin@proxy]ip address> add interface=public address=176.0.1.2/24 [admin@proxy]ip address> add interface=lan address=192.168.0.1/24 [admin@proxy]ip address>pr

22. Monday, June 30, 2014 Slat Pertemua 122 Langkah 2 •Konfigurasi IP Gateway. Untuk mengkonfigurasi gateway pada router internet ini, ketikan : [admin@proxy]>/ip route [admin@proxy]ip route>add gateway=176.0.1.1

23. Monday, June 30, 2014 Slat Pertemua 123 Langkah 3 •Konfigurasi IP dns. Dalam mengisikan IP DNS, sesuaikan rekomendasi dari ISP Anda. misalkan : DNS1 : 202.134.1.10 DNS2 : 202.134.0.155 Maka untuk konfigurasinya, ketikan : [admin@proxy]>/ip dns [admin@proxy]ip dns>set primary-dns=202.134.1.10 [admin@proxy]ip dns> set secondary-dns=202.134.0.155 [admin@proxy]ip dns> set allow-remote-request=yes

24. Monday, June 30, 2014 Slat Pertemua 124 Langkah 4 •Setting address pool. [admin@Proxy]>/ip pool [admin@Proxy]ip pool> add name=dhcp-pool range=192.168.0.2- 192.168.0.150 [admin@Proxy]>/ip dhcp-server [admin@Proxy]ip dhcp-server>/network add address=192.168.0.0/24 gateway=192.168.0.1

25. Monday, June 30, 2014 Slat Pertemua 125 Langkag 5 •Menentukan interface lan dhcp dan mengaktifkan dhcp server. [admin@Proxy]ip dhcp-server> add interface=lan address-pool=dhcp-pool [admin@Proxy]ip dhcp-server>enable 0

26. Monday, June 30, 2014 Slat Pertemua 126 Langkah 6 •Setting IP firewall nat. [admin@proxy]>/ip firewall nat [admin@proxy]ip firewall nat> add chain=srcnat out-interface=public action=masquerade src- address=192.168.0.0/24

27. Monday, June 30, 2014 Slat Pertemua 127 Langkah 7 •Setting Komputer klien. Klik Start>Control Panel>Network Connections>Local Area Connection>Properties> Internet Protocol (TCP/IP)>IP address automatically>OK

28. Monday, June 30, 2014 Slat Pertemua 128

29. Monday, June 30, 2014 Slat Pertemua 129 Interface Local Address :192.168.0.1/24 Interface Public Address : 10.0.1.200/24 Internet Gateway 10.0.1.1 Manajemen bandwidth Gambar : Topologi bandwidth kontrol limiter.

30. Monday, June 30, 2014 Slat Pertemua 130 Manajemen bandwidth dalam MikrotikOS: •Queue Tree •Queue Simple

31. Monday, June 30, 2014 Slat Pertemua 131 a. IP firewall mangle. •[admin@proxy]>/ip firewall mangle •[admin@proxy]ip firewall mangle> add chain=prerouting src-address=192.168.0.3 action=mark-connection new-connection- mark=laptop-con •[admin@proxy]ip firewall mangle> add chain=prerouting connection-mark=laptop- con action=mark-packet new-packet- mark=laptop

32. Monday, June 30, 2014 Slat Pertemua 132 b. Konfigurasi Queue Tree •[admin@proxy]>/queue tree •[admin@Proxy] queue tree> add name="laptop-download" parent=lan packet- mark=laptop limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 burst- threshold=0 burst-time=0s •[admin@Proxy] queue tree> add name="laptop-upload" parent=public packet- mark=laptop limit-at=32000 queue=default priority=8 max-limit=64000burst-limit=0 burst- threshold=0 burst-time=0s

33. Monday, June 30, 2014 Slat Pertemua 133 Queue Simple •[admin@proxy]>/queue simple •[admin@Proxy]queue simple> add name=limit-lan interface=lan target-address=192.168.0.0/24 max- limit=64000/128000 •[admin@Proxy]queue simple> •add name=laptop target-addresses=192.168.0.4 interface=lan

34. Monday, June 30, 2014 Slat Pertemua 134 Thanks Terima Kasih