Install the Mikrotik OS Using a CD

8/8/2019 Install the Mikrotik OS Using a CD

http://slidepdf.com/reader/full/install-the-mikrotik-os-using-a-cd 1/22

Install the Mikrotik OS using a CD

To install the RouterOS using a CD you will need a CD-writer and a blank CD. Burn the CD-image (an .iso file) to a CD. The archive with image can be downloaded here.

Follow the instructions to install RouterOS using CD-Install:

1. After downloading the CD image from www.mikrotik.com you will have an ISO file onyour computer:

2. Open a CD Writing software, like Ahead NERO as in this example:

3. In the program, choose Burn Image entry from the Recorder menu (there should besimilary named option in all major CD burning programs):

http://mikrotik-id.blogspot.com/2007/06/install-mikrotik-os-using-cd.html

http://mt.lv/download.html#v2.php

http://www.mikrotik.com.php/

http://www.nero.com/


http://mt.lv/download.html#v2.php

http://www.mikrotik.com.php/


http://mikrotik-id.blogspot.com/2007/06/install-mikrotik-os-using-cd.html



4. Select the recently extracted ISO file and click Open:

5. Finally, click Burn button:



6. Set the first boot device to CDROM in router's BIOS.7. After booting from CD you will see a menu where to choose packages to install:

Welcome to MikroTik Router Software installation

Move around menu using 'p' and 'n' or arrow keys, select with

'spacebar'.

Select all with 'a', minimum with 'm'. Press 'i' to install locally or

'r' to

install remote router or 'q' to cancel and reboot.

[X] system [ ] isdn [ ] synchronous

[X] ppp [ ] lcd [ ] telephony

[X] dhcp [ ] ntp [ ] ups

[X] advanced-tools [ ] radiolan [ ] web-proxy

[ ] arlan [ ] routerboard [ ] wireless

[ ] gps [X] routing

[ ] hotspot [X] security

Follow the instructions, select needed packages, and press 'i' to install the software.

8. You will be asked for 2 questions:

Warning: all data on the disk will be erased!

Continue? [y/n]

Press [Y] to continue or [N] to abort the installation.



Do you want to keep old configuration? [y/n]:

You should choose whether you want to keep old configuration (press [Y]) or to erase theconfiguration permanently (press [N]) and continue without saving it. For a freshinstallation, press [N].

Creating partition...

Formatting disk...

The system will install selected packages. After that you will be prompted to press'Enter'. Before doing that, remove the CD from your CD-Drive:

Software installed.

Press ENTER to reboot

Note: ref www.mikrotik.com



Tutorial Mikrotik

Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang dikonfigurasikan untuk jaringan sederhana sebagai gateway server.

1. Langkah pertama adalah install Mikrotik RouterOS pada PC atau pasang DOM.

2. Login Pada Mikrotik Routers melalui console :MikroTik v2.9.7Login: admin <enter>Password: (kosongkan) <enter>

Sampai langkah ini kita sudah bisa masuk pada mesin Mikrotik. User default adalah admindan tanpa password, tinggal ketik admin kemudian tekan tombol enter.

3. Untuk keamanan ganti password default

[admin@Mikrotik] > passwordold password: *****new password: *****retype new password: *****[admin@ Mikrotik]] >

4. Mengganti nama Mikrotik Router, pada langkah ini nama server akan diganti menjadi“XAVIERO” (nama ini sih bebas2 aja mo diganti)[admin@Mikrotik] > system identity set name=XAVIERO[admin@XAVIERO] >

5. Melihat interface pada Mikrotik Router [admin@XAVIERO] > interface printFlags: X – disabled, D – dynamic, R – running# NAME TYPE RX-RATE TX-RATE MTU0 R ether1 ether 0 0 15001 R ether2 ether 0 0 1500[admin@XAVIERO] >

6. Memberikan IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.0.1 dan ether2 akan kita gunakan untuk network local kitadengan IP 172.16.0.1

[admin@XAVIERO] > ip address add address=192.168.0.1netmask=255.255.255.0 interface=ether1[admin@XAVIERO] > ip address add address=172.16.0.1netmask=255.255.255.0 interface=ether2

7. Melihat konfigurasi IP address yang sudah kita berikan[admin@XAVIERO] >ip address print

http://crypt0gr4phy.wordpress.com/2007/02/02/tutorial-mikrotik/





Flags: X – disabled, I – invalid, D – dynamic# ADDRESS NETWORK BROADCAST INTERFACE0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether11 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2[admin@XAVIERO] >

8. Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah192.168.0.254[admin@XAVIERO] > /ip route add gateway=192.168.0.254

9. Melihat Tabel routing pada Mikrotik Routers[admin@XAVIERO] > ip route printFlags: X – disabled, A – active, D – dynamic,C – connect, S – static, r – rip, b – bgp, o – ospf # DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE0 ADC 172.16.0.0/24 172.16.0.1 ether2

1 ADC 192.168.0.0/26 192.168.0.1 ether12 A S 0.0.0.0/0 r 192.168.0.254 ether1[admin@XAVIERO] >

10. Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar [admin@XAVIERO] > ping 192.168.0.254192.168.0.254 64 byte ping: ttl=64 time<1 ms192.168.0.254 64 byte ping: ttl=64 time<1 ms2 packets transmitted, 2 packets received, 0% packet lossround-trip min/avg/max = 0/0.0/0 ms[admin@XAVIERO] >

11. Setup DNS pada Mikrotik Routers[admin@XAVIERO] > ip dns set primary-dns=192.168.0.10 allow-remoterequests=no[admin@XAVIERO] > ip dns set secondary-dns=192.168.0.11 allow-remoterequests=no

12. Melihat konfigurasi DNS[admin@XAVIERO] > ip dns print primary-dns: 192.168.0.10secondary-dns: 192.168.0.11allow-remote-requests: nocache-size: 2048KiBcache-max-ttl: 1wcache-used: 16KiB[admin@XAVIERO] >

13. Tes untuk akses domain, misalnya dengan ping nama domain[admin@XAVIERO] > ping yahoo.com216.109.112.135 64 byte ping: ttl=48 time=250 ms10 packets transmitted, 10 packets received, 0% packet loss



round-trip min/avg/max = 571/571.0/571 ms[admin@XAVIERO] >

Jika sudah berhasil reply berarti seting DNS sudah benar.

14. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway server maka agar client computer pada network dapat terkoneksi ke internet perlu kita masquerading.[admin@XAVIERO]> ip firewall nat add action=masquerade outinterface=ether1 chain:srcnat[admin@XAVIERO] >

15. Melihat konfigurasi Masquerading[admin@XAVIERO]ip firewall nat printFlags: X – disabled, I – invalid, D – dynamic0 chain=srcnat out-interface=ether1 action=masquerade[admin@XAVIERO] >

Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local. Dan jika berhasil berarti kita sudah berhasil melakukan instalasi Mikrotik Router sebagai Gateway server.Setelah terkoneksi dengan jaringan Mikrotik dapat dimanage menggunakan WinBoxyang bisa di download dari Mikrotik.com atau dari server mikrotik kita.

Misal Ip address server mikrotik kita 192.168.0.1, via browser buka http://192.168.0.1 dan download WinBox dari situ.Jika kita menginginkan client mendapatkan IP address secara otomatis maka perlu kita setupdhcp server pada Mikrotik. Berikut langkah-langkahnya :

1.Buat IP address pool/ip pool add name=dhcp-pool ranges=172.16.0.10-172.16.0.20

2. Tambahkan DHCP Network dan gatewaynya yang akan didistribusikan ke client Pada contohini networknya adalah 172.16.0.0/24 dan gatewaynya 172.16.0.1/ip dhcp-server network add address=172.16.0.0/24 gateway=172.16.0.1

3. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada interface ether2 )/ip dhcp-server add interface=ether2 address-pool=dhcp-pool

4. Lihat status DHCP server

[admin@XAVIERO]> ip dhcp-server printFlags: X – disabled, I – invalid# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP0 X dhcp1 ether2Tanda X menyatakan bahwa DHCP server belum enable maka perlu dienablekan terlebih dahulu pada langkah 5.

http://192.168.0.1/

http://192.168.0.1/



5. Jangan Lupa dibuat enable dulu dhcp servernya/ip dhcp-server enable 0

kemudian cek kembali dhcp-server seperti langkah 4, jika tanda X sudah tidak ada berarti sudahaktif.

6. Tes Dari clientc:\>ping www.yahoo.com

untuk bandwith controller, bisa dengan sistem simple queue ataupun bisa dengan mangle[admin@XAVIERO] queue simple> add name=Komputer01interface=ether2 target-address=172.16.0.1/24 max-limit=65536/131072[admin@XAVIERO] queue simple> add name=Komputer02interface=ether2 target-address=172.16.0.2/24 max-limit=65536/131072dan seterusnya…

http://www.yahoo.com/

http://www.yahoo.com/



SETTING MICROTIK

http://crypt0gr4phy.wordpress.com/2007/02/02/setting-mikrotik/

• pilihlah paket – paket dibawah ini untuk install OS Microtik :

System, dhcp, Advance Tools, RouTing, Security, Web – Proxy.

• ganti nama system sesuai dengan selera anda :

[admin@microtik] > system identity set name=warnet

Selanjutnya promt shell akan berubah menjadi :Seperti yg anda inginkan :[admin@warnet] >

• Ubahlah Password OS microtik anda dengan cara :

[admin@warnet] >user set admin password=………………………………

• aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :

[admin@warnet] >interface ethernet enable ether1[admin@warnet] >interface ethernet enable ether2

• Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :

[admin@warnet] >interface Ethernet set ether1 name=modem ===== Ethernet yg utk modem

[admin@warnet] >interface ethernet set ether2 name=local === Ethernet yg untuk ke HUB

• Masukan IP pada kedua landcard :

[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) /

netmask [admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0

• masukkan IP gateway yg di berikan dari ISP :

[admin@warnet] > ip route add gateway=10.11.1.1560

• SETTING DNS :



[admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2

setelah itu coba ping semua IP yang telah di setting di atas.

[b][font="]KONFIGURASI FIREWALL DAN NETWORK

ip firewall nat add action=masquerade chain=srcnatip firewall filter add chain=input connection-state=invalid action=dropip firewall filter add chain=input protocol=udp action=acceptip firewall filter add chain=input protocol=icmp action=accept[font="]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept

ip firewall filter add chain=input action=drop

ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”" yahuu.net=yes parent-proxy=0.0.0.0:0 \

cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \max-ram-cache-size=unlimited

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ipfirewall nat add in-interface=modemdst-port=80 protocol=tcp action=redirectto-ports=3128 chain=dstnat dst-address=!192.168.0.1/24

================================================== ================

yang 3128 semuanya di ganti 8080 : caranya :

ip web-proxy set enable=yes/ip web-proxy set port=3128/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )/ip web-proxy set hostname=”proxy.prima”/ip web-proxy set allow-remote-requests=yes/ip web-proxy set cache-administrator: “[email protected]”==================================================================================================== ========FILTERING :

http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections”add chain=input connection-state=established action=accept \comment=”Allow Establishedconnections”add chain=input protocol=udp action=accept \ comment=”Allow UDP”add chain=input protocol=icmp action=accept \ comment=”Allow ICMP”add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router



from known network”add chain=input action=drop comment=”Drop anything else”

ANTI VIRUS UTK MICROTIK :

add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” ++++++

++++++++++++++++++++++++++++++++++++++++++++ +++++

add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udpcomment=”allow udp”add chain=forward action=drop comment=”drop everythingelse”================================================== =====

SECURITY ROUTER MICROTIK ANDA :

/ ip firewall filteradd chain=input connection-state=established comment=”Accept establishedconnections”add chain=input connection-state=related comment=”Accept relatedconnections”add chain=input connection-state=invalid action=drop comment=”Drop invalidconnections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add

chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst- port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=inputaction=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=inputaction=drop comment=”Drop everything else”“http://wiki.mikrotik.com/wiki/Securing_your_router “==================================================

========================================

SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :/ip firewall filteradd chain=forward connection-state=established comment=”allow establishedconnections” add chain=forward connection-state=related comment=”allow relatedconnections”add chain=forward connection-state=invalid action=drop comment=”drop invalidconnections”add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” addchain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcpdst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst- port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=dropcomment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=dropcomment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=dropcomment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle

http://wiki.mikrotik.com/wiki/Securing_your_router

http://wiki.mikrotik.com/wiki/Securing_your_router



Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” addchain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” addchain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” addchain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add

chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst- port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506action=drop comment=”Drop PhatBot, Agobot, Gaobot”

++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++

#MatikanPort yang Biasa di pakai Spam :

/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop/ip firewall filter add chain=forward dst-p

diatas di cek di websitenya lagi : http://www.mikrotik.com/documentation/manual_2.7/http://www.mikrotik.com/docs/ros/2.9/ip/webproxy

lihat di system resource

dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print

**************************************************

******************************************

Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> addinterface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] toolgraphing interface> printFlags: X – disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP

http://www.mikrotik.com/documentation/manual_2.7/

http://www.mikrotik.com/docs/ros/2.9/ip/webproxy

http://www.mikrotik.com/documentation/manual_2.7/

http://www.mikrotik.com/docs/ros/2.9/ip/webproxy



InWay] tool graphing> export

# oct/12/2005 09:51:23 by RouterOS 2.9.5# software id = 1TLC-xxx#/ tool graphing

set store-every=5min/ tool graphing queueadd simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yesdisabled=no/ tool graphing resourceadd allow-address=0.0.0.0/0 store-on-disk=yes disabled=no/ tool graphing interfaceadd interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=noadd interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=noadd interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no



Load-balancing & Fail-over di MikroTik

Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari

satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani

layanan upstream & downstream. Karena akan beda kasusnya apabila salah

satunya hanya dapat melayani downstream, contohnya jika menggunakan VSATDVB One-way.

Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan

akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio

pemakaian DSL:Wireless = 1:2 .

Yang akan dilakukan :

1. Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.

2. Menjadikan salah satunya sebagai back-up dengan teknik fail-over.

OK, mari saja kita mulai eksperimennya :

1. IP address untuk akses ke LAN :> /ip address add address=192.168.0.1/28 interface=LAN

IP address untuk akses ke jalur DSL :> /ip address add address=10.32.57.253/29 interface=DSL

IP address untuk akses ke jalur Wireless :> /ip address add address=10.9.8.2/29 interface=WIRELESS

Tentukan gateway dengan rasionya masing-masing :> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1

2. Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wirelessdengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui.Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakancommand ping.> /ip firewall mangle add chain=prerouting src-

address=192.168.0.0/28 action=mark-routing new-routing-

mark=SUBNET1-RM

> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-

gateway=ping

> /ip route add gateway=10.32.57.254

3. Good Luck!!

http://mikrotik-id.blogspot.com/2007/08/load-balancing-fail-over-di-mikrotik.html

http://mikrotik-id.blogspot.com/2007/08/load-balancing-fail-over-di-mikrotik.html



PCQ

Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth

yang ada secara merata untuk para pelahap-bandwidth™ -->saat jaringan pada

posisi peak.

Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria,

maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya

datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10

Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek

e-mail & blog--> .

OK, langsung saja ke caranya :

1. Asumsi : Network Address 192.168.169.0/28, interface yang mengarah kepengguna diberi nama LAN, dan interface yang mengarah ke upstreamprovider diberi nama INTERNET;

2. Ketikkan di console atau terminal :> /ip firewall mangle add chain=forward src-

address=192.168.169.0/28 action=mark-connection new-connection-

mark=NET1-CM

> /ip firewall mangle add connection-mark=NET1-CM action=mark-

packet new-packet-mark=NET1-PM chain=forward

> /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-

address

> /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-

address

> /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM

> /queue tree add parent=INTERNET queue=UPSTREAM packet-

mark=NET1-PM

3. Good Luck!!



Memanipulasi ToS ICMP & DNS di MikroTik

Tujuan :

• Memperkecil delay ping dari sisi klien ke arah Internet.

• Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

1. Memanipulasi Type of Service untuk ICMP Packet :> ip firewall mangle add chain=prerouting src-

address=10.10.10.0/28 protocol=icmp action=mark-connection new-

connection-mark=ICMP-CM passthrough=yes

> ip firewall mangle add chain=prerouting connection-mark=ICMP-CM

action=mark-packet new-packet-mark=ICMP-PM passthrough=yes

> ip firewall mangle add chain=prerouting packet-mark=ICMP-PM

action=change-tos new-tos=min-delay 2. Memanipulasi Type of Service untuk DNS Resolving :

> ip firewall mangle add chain=prerouting src-

address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-

connection new-connection-mark=DNS-CM passthrough=yes

> ip firewall mangle add chain=prerouting src-

address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-

connection new-connection-mark=DNS-CM passthrough=yes

> ip firewall mangle add chain=prerouting connection-mark=DNS-CM

action=mark-packet new-packet-mark=DNS-PM passthrough=yes

> ip firewall mangle add chain=prerouting packet-mark=DNS-PM

action=change-tos new-tos=min-delay

3. Menambahkan Queue Type :> queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64

4. Mengalokasikan Bandwidth untuk ICMP Packet :> queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM

priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

5. Mengalokasikan Bandwidth untuk DNS Resolving :> queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM

priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

6. Good Luck!!

Queue Tree with more than two interfaces

Basic Setup

This page will tak about how to make QUEUE TREE in RouterOS that with

Masquerading for more than two interfaces. It’s for sharing internet connection

among users on each interfacess. In manual this possibility isn’t writted.

First, let’s set the basic setting first. I’m using a machine with 3 or more network

interfaces:



[admin@instaler] > in pr

# NAME TYPE RX-RATE TX-RATE MTU

0 R public ether 0 0 1500

1 R wifi1 wlan 0 0 1500

2 R wifi2 wlan 0 0 1500

3 R wifi3 wlan 0 0 1500

And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 10.20.1.0/24 10.20.1.0 10.20.1.255 public

1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1

2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2

3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3

On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.

We need to mark our users. One connectoin for upload and second for download. In

this example I add mangle for one user. At the end I add mangle for local

transmission because I don’t QoS local trafic emong users. But for user I need to

separate upload and download.

[admin@instaler] ip firewall mangle> print

Flags: X - disabled, I - invalid, D - dynamic

disabled=no



0 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userU passthrough=yes comment=”” disabled=no

1 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userD passthrough=yes comment=”” disabled=no

2 chain=forward connection-mark=users-userU action=mark-packet

new-packet-mark=userU passthrough=yes comment=”” disabled=no

3 chain=forward connection-mark=users-userD action=mark-packet

new-packet-mark=userD passthrough=yes comment=”” disabled=no

98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16

action=mark-connection new-connection-mark=users-lokal passthrough=yes

99 chain=forward connection-mark=users-lokal action=mark-packet

new-packet-mark=lokalTrafic passthrough=yes

Queue Tree Setup

And now, the queue tree setting. We need one rule for downlink and one rule for

uplink. Be careful when choosing the parent. for downlink traffic, we use parent“global-out”, because we have two or more downloading interfaces. And for uplink,

we are using parent “public”, we want QoS uplink traffic. (I’m using pcq-up and

download from manual) This example is for 2Mb/1Mb

[admin@instaler] > queue tree pr

Flags: X - disabled, I - invalid

0 name=”Download” parent=global-out packet-mark=”” limit-at=0

queue=pcq-download priority=1 max-limit=2000000 burst-limit=0

burst-threshold=0 burst-time=0s

1 name=”Upload” parent=WGW packet-mark=”” limit-at=0 queue=pcq-upload

priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0



burst-time=0s

Now we add our user:

2 name=”user10D” parent=Download packet-mark=userD limit-at=0

queue=pcq-download priority=5 max-limit=0 burst-limit=0

burst-threshold=0 burst-time=0s

3 name=”user10U” parent=Upload packet-mark=userU limit-at=0

queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-

threshold=0

burst-time=0s

MAC Address + IP Address Linux

#!/bin/sh

iptables=/sbin/iptables

#definisikan default policy disini$iptables -F INPUT$iptables -F OUTPUT$iptables -P INPUT DROP

$iptables -P OUTPUT DROP #ingat nanti buka policy output yg perlu$iptables -F FORWARD$iptables -F -t nat$iptables -P FORWARD DROP

#definisi default policy dan bikin chain baru bernama maccheck di interface eth1$iptables -t mangle -F$iptables -t mangle -F maccheck $iptables -t mangle -X maccheck $iptables -t mangle -N maccheck $iptables -t mangle -I PREROUTING -i eth1 -p all -j maccheck

#self explanatory… ip address + mac$iptables -t mangle -A maccheck -s 192.168.0.1 -i eth1 -m mac -j RETURN –mac-source00:80:11:11:11:11$iptables -t mangle -A maccheck -s 192.168.0.2 -i eth1 -m mac -j RETURN –mac-source00:80:22:22:22:22



$iptables -t mangle -A maccheck -s 192.168.0.3 -i eth1 -m mac -j RETURN –mac-source00:80:33:33:33:33

#selain yg terdaftar baik ip maupun mac akan di mark untuk nanti di drop, isi

dengan salah satumac yg aktif yg mana saja#disini contohnya 00:80:11:11:11:11 yg sudah kita definisikan di atas$iptables -t mangle -A maccheck -s 0/0 -i eth1 -m mac -j MARK –mac-source !00:80:11:11:11:11 –set-mark 1$iptables -t mangle -A maccheck -s 0/0 -i eth1 -p all -j MARK –set-mark 1

#drop packet yg di mark $iptables -A INPUT -i eth1 -m mark –mark 1 -j DROP$iptables -A OUTPUT -o eth1 -m mark –mark 1 -j DROP

$iptables -A FORWARD -i eth1 -m mark –mark 1 -j DROP

#lanjutkan firewall script anda disini

source = primadonal.com



Limit Different Bandwidth In Day and Night

From MikroTik Wiki

Jump to: navigation, search

Limit Different Bandwidth In Day and Night.

There are lot many ways to limit bandwidth for day and Night, but personally I found this is theeasiest way, Here it is.

I have used Simple Queue, Script and Scheduler.

Suppose we have one network 192.168.1.0/24 and want to limit Bandwidth for day and NightTime.

Network 192.168.1.0/24Bandwidth = 06:00am – 18:00pm – 1Mbps. <Max-Limit>

Bandwidth = 18:00pm – 06:00am – 2Mbps. <Max-Limit>

Create two simple queues for the same network with different Bandwidth Limit.

/queue simple

#name=”Day” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0

interface=<ether-x> parent=none direction=both priority=8

queue=default-small/default-small limit-at=512k/512k

max-limit=1M/1M total-queue=default-small

#name=”Night” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0

interface=<ether-x> parent=none direction=both priority=8

queue=default-small/default-small limit-at=1M/1M

max-limit=2M/2M total-queue=default-small

Now, write scripts

/system script

#name=”Day” source=/queue simple enable Day; /queue simple disable Night

#name=”Night” source=/queue simple enable Night; /queue simple disable Day

Finally, Schedule it

/system scheduler

#name=”Day” on-event=Day start-date=oct/13/2007 start-time=06:00:00

interval=1d

#name=”Night” on-event=Night start-date=oct/13/2007 start-time=18:00:00

interval=1d

http://wiki.mikrotik.com/wiki/Limit_Different_Bandwidth_In_Day_and_Night#column-one

http://wiki.mikrotik.com/wiki/Limit_Different_Bandwidth_In_Day_and_Night#searchInput

http://wiki.mikrotik.com/wiki/Limit_Different_Bandwidth_In_Day_and_Night#column-one

http://wiki.mikrotik.com/wiki/Limit_Different_Bandwidth_In_Day_and_Night#searchInput



Documents

Install the Mikrotik OS Using a CD