Mikrotik Router in a

Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

1

CHAPTER I

INTRODUCTION

1.1 Background

MikroTik RouterOSTM

is an operating system that is used as network

router. By their mission “Routing The World”, this operating system becomes the

cheap and smart solution to build a router. This manner becomes the need which

will be implemented in Matrixatama Warnet Company.

Raise all of complete features, modern and also user friendly, all of it will

give the good services to the customer as well. And any matter that can’t be

separated in MikroTik RouterOSTM

about the easy implementation as router or as

gateway in the office, in this case, will implemented at the Matrixatama Warnet

Company. The other hands, that is so special in MikroTik RouterOSTM

is about

installable in the standar (PC) so that, it will not require high resource to operate it

continuously.

The writer try to configure the first configuration needed by MikroTik

RouterOSTM

to operate it well, such as everything connected to the network

configuration, configuration of server and client computer, configuration of

Winbox, configuration of local connection LAN and configuration of bandwidth

computer client.

1.2 Problem Formulation

1. What is the MikroTik RouterOSTM

?

2. How to configure the configuration inside?

3. How to configure computer server and client using Winbox?

4. How to configure LAN?

5. How to configure bandwidth in computer client?


2

1.3 Purpose

Many purposes that writer wants in this project one of them are:

1. Get easy to the customer of Matrixatama Warnet to access information in

fast and reliable.

2. To press the outcome of company because MikroTik RouterOSTM

cheaper

and efficient than other.

3. To give the alternative implementation of router technology except Cisco

Router.

1.4 Benefit

We can get some benefit for explaining this project, some of them are:

1. Give knowledge to the reader about how to configure MikroTik

RouterOSTM

.

2. Give knowledge to the reader about how to create router to build secure

and cheap system Client - Server.

3. This thesis can be useful as materials reference to other researcher that

enthusiastic to perform a research about similar theme.

1.5 Problem Boundaries

Problems which we discuss in this Project include:

1. Explanation at glance of MikroTik RouterOSTM

.

2. The configuration of IP Address.

3. The configuration of computer server and client with Winbox.

4. The configuration of configuration of LAN.

5. About the bandwidth allocation in the computer client.


3

1.6 Writing Systematic

This is the complete writing systematic:

CHAPTER I INTRODUCTION

This chapter explains about background, problem formulation, purpose

benefit, problem boundaries and writing systematic in creating Project

Documentation.

CHAPTER II THEORY

This chapter explains about the theoretical of MikroTik and Its

implementation and configuration, also generally the theory of Networking itself.

CHAPTER III ANALYSIS

This chapter consists of the Existing System and Envisioned System.

CHAPTER IV DESIGN SYSTEM

This chapter consist the Network Specification, Logical Design and

Physical Design, Subnetting and IP Allocation, Routing, Design Server, Security.

CHAPTER V IPLEMENTATION AND TESTING

This chapter consist the Software and Hardware Specification, Diagram

Network Schema, Cost Implementation, File Configuration Server, Testing

Result, and Result Testing Table.

CHAPTER VI CLOSING

This chapter explains about conclusion and suggestion.

BIBLIOGRAPHY


4

1.7 Time Schedule

Table 1.1 Time Schedule

No Activities May 2009

8 9 14 15 16 17 18 19 20 21 22

1

Looking of Data

2

Making Abstraction and

Preface

3

Make Chapter I – IV

4

Make Closing

6

Making Slide Show


5

CHAPTER II

THEORY

2.1 Description of MikroTik RouterOSTM

Generally, MikroTik RouterOSTM is operating system and

software that can be used to make the computer becomes the

router network, and also has many features for the LAN

Network or Wireless Network. Some of features are

Firewall & NAT, Routing, Hotspot, Point to Point

Tunneling Protocol, DNS server, DHCP server, Hotspot, and many more.

Based on http://linto.jmn.net.id MikroTik firstly is small company located

in Latvia that was founded by John Trully and Arnis Riekstins. John is American

that migrated in Latvia then he met Arnis a physic and mechanical Engineer near

in 1995. Then in 1996 they started “routing the world” using the Linux system

combined by MS DOS and Wireless LAN technology Aeronet 2Mbps in Molcova

near Latvia.

The main logical in MikroTik is about creating router program that can run

in every country, firstly they used Linux kernel 2.2 that improved by 5-15 their

staff R&D MikroTik and also out of R&D or volunteers help them in

improvisation. So that now we have it as solving problem in building the small

company or large that need internet as connectivity, already helped using

MikroTik.

The computer that will be used as router network is not need a high level,

just a middle specification such as CPU with Pentium III 800 MHz, RAM 512

MB and HDD 10 GB as server to give services to the for about 150 users, can run

properly.

Based on the manual book of MikroTik, MikroTik RouterOS™ v2.9.pdf,

MikroTik RouterOS allows user to use all its features without registration for

about 24 hours from the first run. During this period we must get a key, otherwise

we will need to reinstall the system. A purchased license key allows you to use

RouterOS features according to the chosen license level for unlimited time, and

http://linto.jmn.net.id/


6

gives you rights to freely upgrade and downgrade its Versions for the term of one

year since the key was purchased. A free registred License key that allows us to

use a restricted set of functions for unlimited period of time, but does not allows

upgrading and downgrading versions.

There are 6 licensing levels, each providing some additional features.

Level 0 means that there is nokey and all the features are enabled for one day.

Level 2 is a transitional license level from versions prior 2.8, that allows to use all

the features were allowed by your original license key for a previous version

Table of Service in MikroTik


7

2.2 Basic Examples of Matrixatama Network

Assume you need to configure the MikroTik router for the following

network setup:

In the current example we use two networks:

a. The local LAN with network address 192.168.10.0 and 28-bit netmask:

255.255.255.0. The router's address is 192.168.10.1 in this network

b. The ISP's network with address 192.168.1.0 and 24-bit netmask

255.255.255.0. The router's address is 192.168.1.1 in this network

The addresses can be added and viewed using the following commands:

[admin@MikroTik] ip address> add address 192.168.1.1/24 interface

Public

[admin@MikroTik] ip address> add address 192.168.10.1/28 interface

Local

[admin@MikroTik] ip address> print

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.1.1/24 192.168.1.0 192.168.1.255 Public

1 192.168.10.1/28 192.168.10.0 192.168.10.15 Local

[admin@MikroTik] ip address>

Here, the network mask has been specified in the value of the address

argument. Alternatively, the argument 'netmask' could have been used with the

value '255.255.255.0'. The network and broadcast addresses were not specified in

the input since they could be calculated automatically.

2.3 Viewing Routes

You can see two dynamic (D) and connected (C) routes, which have been

added automatically when the addresses were added in the example above:


8

These routes show that IP packets with destination to 192.168.1.0/24

would be sent through the interface Public, whereas IP packets with destination to

192.168.10.0/28 would be sent through the interface Local. However, you need to

specify where the router should forward packets, which have destination other

than networks connected directly to the router.

2.4 Adding Default Routes In the following example the default route (destination 0.0.0.0 (any),

netmask 0.0.0.0 (any)) will be added. In this case it is the ISP's gateway

192.168.1.1, which can be reached through the interface Public

[admin@MikroTik] ip route> add gateway=192.168.1.1

[admin@MikroTik] ip route> print

Flags: X - disabled, I - invalid, D - dynamic, J - rejected,

C - connect, S - static, R - rip, O - ospf, B - bgp

# DST-ADDRESS G GATEWAY DISTANCE INTERFACE

0 ADC 192.168.10.0/24 Local

1 ADC 192.168.1.0/24 Public

2 A S 0.0.0.0/0 r 192.168.1.1 0 Public

[admin@MikroTik] ip route>

Here, the default route is listed under #2. As we see, the gateway

192.168.1.1 can be reached through the interface 'Public'. If the gateway was

specified incorrectly, the value for the argument 'interface' would be unknown.

If you have added an unwanted static route accidentally, use the remove

command to delete the unneeded one. You will not be able to delete dynamic

(DC) routes. They are added automatically and represent routes to the networks

the router connected directly


9

2.5 Testing the Network Connectivity

From now on, the /ping command can be used to test the network

connectivity on both interfaces. You can reach any host on both connected

networks from the router. How the /ping command works. The workstation and

the laptop can reach (ping) the router at its local address 192.168.10.1, If the

router's address 192.168.10.1 is specified as the default gateway in the TCP/IP

configuration of both the workstation and the laptop, then you should be able to

ping the router:

Notes

You cannot access anything beyond the router (network 192.168.1.0/24 and the

Internet), unless you do the one of the following:

a. Use source network address translation (masquerading) on the MikroTik

router to 'hide' your private LAN 192.168.10.0/24 (see the information

below), or

b. Add a static route on the ISP's gateway 192.168.1.1, which specifies the

host 192.168.1.1 as the gateway to network 192.168.1.0/24.

Then all hosts on the ISP's network, including the server, will be able to

communicate with the hosts on the LAN to set up routing, it is required that you

have some knowledge of configuring TCP/IP networks. We strongly recommend

that you obtain more knowledge, if you have difficulties configuring your network

setup.


10

2.6 Masquerading

If you want to 'hide' the private LAN 192.168.1.0/24 'behind' one address

192.168.1.1 given to you by the ISP, you should use the source network address

translation (masquerading) feature of the MikroTik router. Masquerading is

useful, if you want to access the ISP's network and the Internet appearing as all

requests coming from the host 192.168.1.1 of the ISP's network. The

masquerading will change the source IP address and port of the packets originated

from the network 192.168.1.0/24 to the address 192.168.1.1 of the router when the

packet is routed through it.

Masquerading conserves the number of global IP addresses required and it

lets the whole network use a single IP address in its communication with the

world. To use masquerading, a source NAT rule with action 'masquerade' should

be added to the firewall configuration:

[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade

out-interface=Public

[admin@MikroTik] ip firewall nat> print


0 chain=srcnat out-interface=Public action=masquerade

2.7 NAT

Assume we have moved the server in our previous examples from the

public network to our local one:

The server's address is now 192.168.0.4, and we are running web server on

it that listens to the TCP port 80. We want to make it accessible from the Internet

at address:port 10.0.0.217:80. This can be done by means of Static Network

Address translation (NAT) at the MikroTik Router. The Public address:port

10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One

destination NAT rule is required for translating the destination address and port:

[admin@MikroTik] ip firewall nat> add chain=dstnat action=dst-nat

protocol=tcp

dst-address=192.168.1.1/24

dst-port=80 to-addresses=192.168.1.4

[admin@MikroTik] ip firewall nat> pr



11

0 chain=dstnat dst-address=192.168.1.1/24 protocol=tcp dst-port=80

action=dst-nat to-addresses=192.168.1.4 to-ports=0-65535

2.8 Bandwidth Management

Assume you want to limit the bandwidth to 128kbps on downloads and

64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by

applying queues for outgoing interfaces regarding the traffic flow. It is enough to

add a single queue at the MikroTik router:

Leave all other parameters as set by default. The limit is approximately

128kbps going to the LAN (download) and 64kbps leaving the client's LAN

(upload).

2.9 Packet Sniffer

Packet sniffer is a feature that catches all the data travelling over the

network, that it is able to get (when using switched network, a computer may

catch only the data addressed to it or is forwarded through it).

Running Packet Sniffer

Command name: /tool sniffer start, /tool sniffer stop, /tool sniffer save

The commands are used to control runtime operation of the packet sniffer.

The start command is used to start/reset sniffering, stop - stops sniffering. To

save currently sniffed packets in a specific file save command is used.


12

Example

In the following example the packet sniffer will be started and after some time -

stopped:

[admin@MikroTik] tool sniffer> start

[admin@MikroTik] tool sniffer> stop

Below the sniffed packets will be saved in the file named test: [admin@MikroTik] tool sniffer> save file-name=test

[admin@MikroTik] tool sniffer> /file print

# NAME TYPE SIZE CREATION-TIME

0 test unknown 1350 apr/07/2003 16:01:52


13

CHAPTER III

ANALYSIS

2.1 Current System of Matrixatama

At the time, the system of Matrixatama Warnet was very simple and not so

good speed and configuration. All the system use MikroTik as the router only in

the server that facilitates all clients without good management bandwidth. All

users can connect to the server easily but not have a good bandwidth as we say

before. In other that the bandwidth is not completely configured in fix condition,

so the user in any time gets the good speed, outside that user get bad speed also.

The MikroTik generally has many functions not only as the router; user

needs a system that allows good service and connection. But here, no action

implemented to build that, the connection still use the conventional way without

using ISP from speedy, so the speed connection depends on the weather and

climate, here using tower antenna to connect one warnet to another. No proxy

server to limit the connection or another connected to the unsecure website, porn

website or same as like that. And no monitoring phase in the server that

periodically monitors the client connected to the server.

2.2 Envisioned System of Matrixatama

Matrixatama as warnet designed in secure and simple configuration using

MikroTik, as a router and for the bandwidth management. So the implementation

of the warnet is secured, beside that here has a mechanism IP sniffer and IP

Firewalling. For the bandwidth management gives service to the VIP client and

general client is different for download and its bandwidth given, VIP is complete

and fast bandwidth is about 256 Mbps, and the general client just 64 Mbps.

Besides that IP sniffer monitor the client and its traffic followed there, so if there

is founded bad packet of sniffing process, system will blocked it immediately.


14

CHAPTER IV

SPECIFICATION REQUIREMENT AND DESIGN

3.1 Specification of Network

The network will be implemented in our system is about LAN in star

topology that centralized in one router and several switch in each classes, because

in Matrixatama has four rooms, admin, VIP Client, General Client and Print

Room.

Table 4.1 Technical Requirement

No. Technical Requirements

1. Hosts

Available:

VIP Client : 10 Host

General Client : 12 Host

Admin : 2 Host

Print Room: 3 Device

2. Servers Web Server

2. Topology

The network should be easy

to install and configuration

Setting minimize bandwidth

at network

3. Network Protocol

Provide connectivity across

computers running on

different operating system

and of different configuration

4. Transmission Media Cable UTP Cat 5e

6. Bandwidth Speedy Office/Unlimited

7. Network Operating System

Redhat Enterprise 4

Windows XP

MikroTik OS

9. Security Firewall in MikroTik


15

IP Sniffer

Chain IP

10. Router MikroTik OS 2.9

10. Cost Allocation for equipments Less Available

3.1.1 Network Components

Based on the technical requirement, the enterprise will use the following

network components:

1. Network Topology

The start topology meets the above-mentioned requirements because

switch used to connect nodes. So, start topology is the best option.

2. Network Cabling

Cat-5E UTP (Unshielded Twisted Pair) cabling with a 100-Mbps of

transmission speed meets the above-mentioned requirements, so Cat-5E

UTP should be used. Fiber optic cables are fast but expensive, because the

enterprise less available of cost allocation and co-axial cables has a

limitation of transmission speed, so CAT-5E UTP is the best option.

3. Network Operating System

On the Web Server using Redhat Enterprise 4 and on client using

Windows XP service pack 2 and also as router we used MikroTik OS.

4. Network Protocol

TCP/IP (Transmission Control Protocol/Internet Protocol) is the network

protocol that will be used in the enterprise network to connect all

computers in all department each other, because TCP/IP meets the above-

mentioned requirement and protocol addressing will be use IPv4.

3.2 Schema of Physical and Logical Network

This sub chapter describes about physical and logical network design in

Matrixatama, for details one please look at this about.


16

3.2.1 Logical Design

In the logical design explains about the design of the system in general

view. At this time, Matrixatama used the usual design, as can be shown bellow.

Internet -- ISP Speedy

Web Server,

Firewall,

Admin VIP ClientGeneral

Client

Printer

Room

Router

SwitchSwitchSwitch Switch

Picture 3.1 Logical Design Network of Matrixatama

3.2.2 Physical Design

The detail configuration of all devices about called the Physical Design

which represents the entire network device, so they are set into one good system

network used by Matrix Photo Studio. Here is the illustration of it.


17

INTERNET

Admin Print

Room

General Client

VIP Client

Switch 16 port

Firewall Enabled

Mikrotik Router

DNS, Web

Server

Switch 8 portSwitch 16 port

Picture 3.2 Physical Design Network of Matrixatama

3.3 Subneting and IP Allocation

3.3.1 Subnetting

Matrix Photo Studio make the subnetting for making a secure transmission

and privacy sharing from one host to another. We have five groups of subnetting,

Admin, VIP Client, General Client, Printer Room. It should be depends on host

for allocating the subnetting.

Maximum host = 12 Computer

So the formula, in 192.168.10.1/28

2n-2>=12 computer

N = 4

255.255.255.0


18

11111111.11111111.11111111.00000000

11111111.11111111.11111111.11110000

New Subnet Mask >> 255.255.255.240

Block Per Subnet = 256-240

= 16 Block

Address Range = 192.168.10.0 - 192.168.10.15

192.168.10.16 - 192.168.10.31

192.168.10.32 - 192.168.10.47

192.168.10.48 - 192.168.10.63

.……..

3.3.2 IP Allocation

In a real implementation, Matrixatama has IP Allocation according the

Server or Department to make easy in security settings and privacy, also for

development phase in the next time. Here is the allocation.

Table of IP Allocation

No. Department/Server IP Address/Network ID

1. Web Server 192.168.1.4

2. Public IP Address 192.168.1.1

3. Router 192.168.1.1

4. Admin 192.168.10.49

5. VIP Client 192.168.10.6

6. General Client 192.168.10.18

7. Print Server 192.168.10.49

3.4 Routing

These routes show that IP packets with destination to 192.168.1.0/24

would be sent through the interface Public, whereas IP packets with destination to

192.168.10.0/28 would be sent through the interface Local. However, you need to


19

specify where the router should forward packets, which have destination other

than networks connected directly to the router

3.5 Server Design

The server using Redhat Enterprise 4 for storing the web server, that gives

the service to the client assumed directed connect to the internet, so the simulation

of network schema.

No. Operating System Description

1. Redhat Enterprise 4 Assumed as the direct internet access from

server

2. Windows XP SP 2 As the client Operating System

3. MikroTik OS As the router, bandwidth management, and

security combined by winbox.exe

3.6 Security Network

1. IP Sniffing

It allows you to "sniff" packets going through the router and any other

traffic that gets to the router, when there is no switching in the network and also

view them using specific software.

In the following example the packet sniffer will be started and after some

time - stopped:

[admin@MikroTik] tool sniffer> start

[admin@MikroTik] tool sniffer> stop

Below the sniffed packets will be saved in the file named test:

[admin@MikroTik] tool sniffer> save file-name=test


20

[admin@MikroTik] tool sniffer> /file print

# NAME TYPE SIZE CREATION-TIME

0 test unknown 1350 apr/07/2003 16:01:52

[admin@MikroTik] tool sniffer>

2. Firewall Filter

Home menu level: /ip firewall filter

Network firewalls keep outside threats away from sensitive data available

inside the network. Whenever different networks are joined together, there is

always a threat that someone from outside of your network will break into your

LAN.

Such break-ins may result in private data being stolen and distributed,

valuable data being altered or destroyed, or entire hard drives being erased.

Firewalls are used as a means of preventing or minimizing the security risks

inherent in connecting to other networks. Properly configured firewall plays a key

role in efficient and secure network infrastructure deployment

3. Filter Chain

As mentioned before, the firewall filtering rules are grouped together in

chains. It allows a packet to be matched against one common criterion in one

chain, and then passed over for processing against some other common criteria to

another chain.

IP Filter is connected with chain properties; chain can be divided in three

types that is chain input, chain forward, chain output. The packet from network to

the router called chain input, example do the SSH/remote to the router. Packets

that cross the interface router from and to the network called chain forward and

packets that out to the router interface called chain output.

4. Protect your RouterOS router

To protect your router, you should not only change admin's password but

also set up packet filtering. All packets with destination to the router are processed

against the IP firewall input chain.


21

Note: that the input chain does not affect packets which are being

transferred through the router.

/ ip firewall filter

add chain=input connection-state=invalid action=drop \

comment="Drop Invalid connections"

add chain=input connection-state=established action=accept \

comment="Allow Established connections"

add chain=input protocol=udp action=accept \

comment="Allow UDP"

add chain=input protocol=icmp action=accept \

comment="Allow ICMP"

add chain=input src-address=192.168.0.0/24 action=accept \

comment="Allow access to router from known network"

add chain=input action=drop comment="Drop anything else"

5. Protecting the Customer's Network

To protect the customer's network, we should check all traffic which goes

through router and block unwanted. For ICMP, TCP, UDP traffic we will create

chains, where will be dropped all unwanted packets:

/ip firewall filter

add chain=forward protocol=tcp connection-state=invalid \

action=drop comment="drop invalid connections"

add chain=forward connection-state=established action=accept \

comment="allow already established connections"

add chain=forward connection-state=related action=accept \

comment="allow related connections"


22

CHAPTER V

IMPLEMENTATION AND TESTING

5.1 Software and Hardware Specification

A. Software Detail in the Server

Item Apache IIS

Point Reason Point Reason

Based on the

client - server

To the server Easy to

implement and

default system

in Redhat

Enterprise 4

To the client Easy to

implement and

default system

in Windows

XP

B. Operating System Offered

Specification Scoring

Redhat Enterprise 4 (Server) Windows XP (Client)

Implementation Not easy for beginner Easy

Troubleshooting Not easy for beginner Easy and familiar

Security Secure and not contained by

viruses

Easy to be infected by

viruses

C. Program Developer Utility

It is describing the software that is used in the Matrixatama warnet, this

one will be shown in table.

No. Software Used in Server Description

1. Firefox To display the web and its services

2. McAfee Internet

Security 2009

To prevent some attach by spyware, virus, and

other threats.

No. Software Used in Client Description

1. Firefox To display the web and its services

2. Microsoft Office 2007 To write something


23

3. Yahoo Messenger To chat over the internet

4. McAfee Free Antivirus

8.5i

To prevent viruses and friends

5. Footkit Reader To read pdf format by free software

6. Winrar To rar or zip file

D. Hardware Specification

No. Hardware Unit Minimal Specification

5.2 Diagram Design of Network System.


24

5.3 Cost Implementation

This one is describing the cost implementation in our warnet, is taken

from BEC’s cost in Rupiah. Here is the complete one see the draft:

Table of Cost Implementation

Product : Router Item Price Total Justification

License of

MikroTikOS

1 Rp. 400.000 Rp. 400.000 Because this

router have a

speed 100Mbps

Product :

Antivirus

Item Price Total Justification

McAfee Internet

Security 2009

1 Rp.500.000 Rp.500.000 We would to

use it because

of the security

are complete

Product : RJ 45 Item Price Total Justification

RJ 45 2 RP. 15000/box RP. 30000 connector from

switch

computer and

etc.

Product : Cable

UTP


UTP CAT 5e 50 m Rp. 4.000/meter Rp. 200.000 Because this

version can

handle of

transmission

data up to 100

Mbps so the

speed in

transmission is

fast.

Product :

Complete CPU


Complete CPU

AMD Atlon

Monitor 2nd

24 Rp 2.100.000 Rp 50.400.000 This computer is

enough for

requirements


25

5.4 File Server Configuration

5.4.1 Installation of MikroTik

Setting BIOS

You must to set the configuration in the VMWare to specified requirement,

prepare the source installation of MikroTik-2.9.27.iso. You should download

in a free of charge and already cracked version. Ok let’s begin the step as

follow me:

1. Enter the source of iso MikroTikOS into CDROM drive in VMWare.

2. After booting in VMWare will appears the packages installation as you

want to install, choose as the requirements.

3. To select all the service offered by MikroTikOS please press ―i‖ button

in keyboard. After that press ―y‖ button to start installation. And then

Product : Switch Item Price Total Justification

D-link DES-

1008D 8 port

D-link DES-

1008D 16 port

2

2

Rp. 175.000

Rp. 204.900

Rp. 350.000

Rp. 409.800

Because the

flexibly connect

to Ethernet and

have a speed

810/100 Mbps

Port

Product : Printer Item Price Total Justification

Canon IP 1980 i 2 Rp. 500.000 Rp. 1.000.000 Because the

printer is enough

for used in the

system and the

price is low.

Total Cost Implementation Total Justification

All needs above Rp. 69.998.000 It is enough for

serve all clients

in Warnet, in a

year we hope

invest can back

well.


26

press ―y” button again to real starting installation. Note: due to the

MikroTikOS will create auto partition; the all size of data in the drive

prepared will be erased absolutely.

4. After done the installation process, the system will require restart or

reboot computer, press Enter to restart.

5. If the installation had done well, it will appear the Login MikroTik. To

login, enter the username admin and you let the password blank, by

pressing twice Enter.

Picture of MikroTik Login

5.4.2 Service Configuration

The step for building the configuration as follow this schema that is LAN

—> MikroTik RouterOS —> Modem ADSL —> INTERNET

For the LAN, we use IP Address C Class, with the network ID

192.168.10.0/24. For the MikroTik RouterOS, we need two ethernet cards. For the

first Ethernet (ether1 (public) - 192.168.1.2/24) and that is connecting to the

Modem ADSL and the other hands, (ether2 (local)- 192.168.10.1/24) that is

connecting to the LAN. For the Modem ADSL, IP will be set as 192.168.1.1/24.

Before that we should to be root menu position by pressing ―/‖


27

1. Set IP for Each Ethernet Card

ip address add address=192.168.1.2/24 interface=ether1 (public)

ip address add address=192.168.10.1/24 interface=ether2 (local)

To show the result we just type the command:

ip address print

Then do the testing by trying ping to the gateway or to the computer stored

in the LAN. If the result completed successfully, so the configuration is correct.

ping 192.168.1.1

ping 192.168.10.10

1. Add the Routing Schema

Routing is used to ensure the address allocated in the true path and route,

so in this case, gateway as the place on 192.168.1.1. It’s means that every packet

will across first via gateway in this address.

ip route add gateway=192.168.1.1

2. Setting DNS

ip dns set primary-dns=192.168.1.3 allow-remote-requests=yes

ip dns set secondary-dns=192.168.1.4 allow-remote-requests=yes

Because we use the ISP from Speedy, so the DNS we use from Telkom,

but in this case we assume that the connection public IP 192.168.1. as the given

address by ISP.

Short for Domain Name System is an Internet service that translates

domain names into IP addresses. Because domain names are alphabetic, they are

easier to remember. The Internet however, is really based on IP addresses. Every

time you use a domain name, therefore, a DNS service must translate the name

into the corresponding IP address. For example, the domain name

www.yahoo.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't

know how to translate a particular domain name, it asks another one, and so on,

until the correct IP address is returned.


28

3. Source NAT (Network Address Translation) / Masquerading

To make all computers connected to LAN, we need to set NAT

(Masquerade) in MikroTik. Short for Network Address Translation, an Internet

standard that enables a local-area network (LAN) to use one set of IP addresses

for internal traffic and a second set of addresses for external traffic. A NAT box

located where the LAN meets the Internet makes all necessary IP address

translations.

This way used to set the NAT in our MikroTik. ip firewall nat add chain=srcnat action=masquerade out interface=public

4. Management Bandwidth

To all the computer clients in this LAN configuration is not taking

bandwidth each other, so we need the bandwidth management or bandwidth

control, so for simple configure we used simple queue in MikroTikOSTM:

queue simple add name=”VIP Client” target-address=192.168.10.6/32 dst-

address=0.0.0.0/0 interface=Local queue=default priority=8 limit-

at=16000/32000 max-limit=16000/64000

queue simple add name=”Client” target-addresses=192.168.10.2/32 dst-

address=0.0.0.0/0 interface=Local parent=Shaping priority=8

queue=default/default limit-at=0/8000 maxlimit=

0/256000 total-queue=default

5. Graphing

MikroTikOSTM has service of monitoring traffic as like MRTG. So we can

see how much packet aver the PC MikroTikOSTM.

tool graphing set store-every=5min

We will monitor the packets in the MikroTikOSTM of course in all interfaces

we have, local and public.

tool graphing interface add interface=all store-on-disk=yes

To test the result we just type http://192.168.10.1/graphs/ in browser so we

can see the picture as shown bellow:

http://192.168.10.1/graphs/


29


30

3.4 Result Server Testing

Result server testing describes the result of Matrixatama configuration

system, includes in MikroTik, server and all need of this networking. And will be

shown in the print screen.

1. Testing Download File From Web Server

Means that client at 192.168.10.6 (VIP Client) download the file from

server at 192.168.1.4 called www.matrix.com in very high speed

download is about 256 kbps

http://www.matrix.com/


31

2. Traffic Download Monitoring (Graphs)

3. Ping the local gateway from client


32

4. Ping the Server IP Address from client

3.5 Table of Testing Result

Table testing result describes about the result of configuration in whole

implementation at Matrixatama, and can be seen bellow.

Table of Testing Result

No. Testing Function Testing Method Result Real Condition Conclusion

1. Download file

from client

Via web server at

www.matrix.com

Success Downloaded

not so fast

Bandwidth

management

success

2. Download file

from VIP client

Via web server

www.matrix.com

Success Downloaded

so fast

Bandwidth

management

success

3. Graph interface

local

Via

http://192.168.10.1/

graphs/iface/local

Success Appears graph Graphing

success

4. Graph interface

public

Via

http://192.168.10.1/

graphs/iface/public

Success Appears graph Graphing

success

5. Ping gateway

local

Ping 192.168.10.1 Success Replay ping Gateway

local work

6. Ping gateway

public

Ping 192.168.1.1 Success Replay ping Gateway

public work



http://192.168.10.1/%20graphs

http://192.168.10.1/%20graphs

http://192.168.10.1/%20graphs

http://192.168.10.1/%20graphs


33

CHAPTER VI

CLOSING

3.1 Conclusion

After explaining about Matrixatama above, we can get some of the

conclusion for making sharpness in understanding the content and all about our

problem formulation. Here, one of them:

1. MikroTik RouterOSTM

is an operating system that is used as network router

and becomes the cheap and smart solution to build a router PC was

founded by John Trully and Arnis Riekstins in Latvia in 1996 that used

combination of MS DOS and Linux kernel 2.2 and Wireless LAN Aeronet

2Mbps technology inside.

2. To configure the MikroTik router we need to set the Ethernet becomes

public and local, then set the given IP in each Ethernet 192.168.10.1/28 for

local and 192.168.1.1 for public.

3. Then router must set the default gateway in each subnet, to eliminate the

attachment that is 192.168.10.1, 192.168.10.17, 192.168.10.33,

192.168.10.47. Because we have four room in different subnet.

4. In winbox.exe we can set the bandwidth management, the VIP client has

256 Kbps for download, 64 Kbps for Client and Print Room, and

Unlimited for admin in winbox > queues.

5. To configure LAN we need routing to follow up the route to the best path

according the given rule in winbox > IP > routing tab.

3.2 Suggestion

Here we suggest when wants to built the same service ensure that all

requirements, costs are planned well. Then on the next arrangement of paper we

suggest explain more detail of process of securing the service in MikroTik, about

the other service given in MikroTik, because we just explain the connection and

bandwidth management.


34

BIBLIOGRAPHY

[1] http://www.redhat.com/docs [January 19 2008]

[2] http://id.wikipedia.org/wiki/MikroTik [January 19 2008]

[3] http://id.wikipedia.org/wiki/Web Server [January 19 2008]

[4] [email protected] Guide Linux Networking and Security

Administration

[5] http://www.MikroTik.co.id/index.php

[6] http://www.mikrotik.co.id/artikel.php?kategori=2

[7] [email protected] Guide Implementing and Managing Security

[8] [email protected] and Reference reading guide

http://www.redhat.com/docs

http://id.wikipedia.org/wiki/Mikrotik

http://id.wikipedia.org/wiki/Web%20Server

http://www.mikrotik.co.id/index.php

http://www.mikrotik.co.id/artikel.php?kategori=2

mailto:[email protected]

Documents

Mikrotik Router in a