Overview Mikrotik
Mikrotik is now widely used by ISPs, hotspot providers, or by the cafe. Mikrotik OS router makes the computer into a powerful network that is equipped with various features and tools, for both wireless and wired network.
In this tutorial the author presents a discussion and guidelines in a simple and simple to configure Mikrotik needs a general and necessary to the normal server / router warnet and other networks, is konfirugasi for example, for server NAT, Bridging, BW management, and MRTG.
Mikrotik version of the author to use for this tutorial is routeros Mikrotik 2.9.27
Access mirotik:
1. via console
Mikrotik router or the PC board can be accessed directly via the console / shell and remote access using Putty (www.putty.nl)
2. via winbox
Mikrotik can also access / use the remote software tool winbox
3. via web
Mikrotik can also be accessed via the web / use port 80 with the browser
Name Mirotik
[ropix @ IATG-SOLO]> system identity print
name: "Mikrotik"
[ropix @ IATG-SOLO]> system identity edit
value-name: name
entrance to the editor type eg I change the name IATG-SOLO:
IATG-SOLO
Cc quit Co save & quit Cu undo CK cut line Cy paste
Edit and then press Cltr-o to save and exit from the editor
I use winbox, it looks like this:
Changing the name of the interface:
[ropix @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[ropix @ IATG-SOLO]> / interface edit 0
value-name: name
Value 0 is the value ether1, if you want to change the ethet2 value 0 replaced with 1.
entrance to the editor type missal I change the name of the local:
local
Cc quit Co save & quit Cu undo CK cut line Cy paste
Edit and then press Cltr-o to save and exit from the editor
Do the same thing for ether 2 interface, so that if seen again akan appear like this:
[ropix @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
Via winbox:
Select the menu interface, click the name of the interface you want to edit, edit window appears so that interface.
The IP Address:
[ropix @ IATG-SOLO]> / ip address add
address: 192.168.1.1/24
interface: local
[ropix @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK Broadcast Interface
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Enter the IP addres value in the column address and the netmask, enter the name of the interface you want to be addressnya.Untuk ip-2 Interface to the public interface, is the same as above, so that if seen to be more akan 2 interface:
[ropix @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK Broadcast Interface
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 202.51.192.42/29 202.51.192.40 202.51.192.47 public
Via winbox:
As NAT Mikrotik
Network Address Translation, or the more common is called NAT with a method to connect more than one computer to the Internet using one IP address. Too much use of this method is because the availability of the IP address of the limited, the need for security (security), and the ease and flexibility in network administration.
Currently, the IP protocol that is widely used IP version 4 (IPv4). With a long address 4 bytes means that there are 2 grade 32 = 4,294,967,296 IP addresses are available. This amount is theoretically the number of computers that can connect directly to the internet. This is because of the limitations of most of the ISP (Internet Service Provider) will only allocate one address to one user, and this address is dynamic, meaning that a given IP address will be different each time the user connect to the internet. This would complicate business for the middle to bottom. On the one hand, they require a lot of computers that are connected to the internet, but on the other hand only a single IP address, which means there is only one computer that can connect to the internet. This can be overcome with the NAT method. With the NAT gateway that runs on one computer, one IP address can be shared with several other computer and they can connect to the internet simultaneously.
For example we want to hide the local network / LAN 192.168.0.0/24 behind one IP address 202.51.192.42 is provided by the ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading akan modify data packets IP address and port of origin from the network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network.
To use masquerading, source NAT rule with action 'Masquerade' should be added to the firewall configuration:
[ropix @ IATG-SOLO]> / ip firewall nat add chain = srcnat action = Masquerade out-interface = public
I use winbox, will look like this:
Mikrotik as Transparent web proxy
One function is to save the proxy cache. If a LAN uses a proxy to connect to the Internet, then done by the browser when users access a web server url is taking requests at the proxy server. Meanwhile, if the data has not been found in the proxy server then proxies draw directly from the web server. Then the request is stored in the proxy cache. Then if you have a client that made request to the same url, akan diambilkan from the cache. This will make access to the Internet more quickly.
How to ensure every user's access to the Internet through a web proxy that have enable us? To this we can implement a transparent proxy. With the transparent proxy, every browser on the computer that use this gateway automatically go through a proxy.
Enabling web proxy fiture in Mikrotik:
[ropix @ IATG-SOLO]> / ip proxy set enabled = yes
[ropix @ IATG-SOLO]> / ip web-proxy set
cache-administrator = ropix.fauzi @ infoasia.net
[ropix @ IATG-SOLO]> / ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "ropix.fauzi @ infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Make a rule for transparent proxy on the NAT firewall, there is precisely the rule for NAT masquerading:
[ropix @ IATG-SOLO]> / ip firewall nat add chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
[ropix @ IATG-SOLO]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = Public action = Masquerade
1 chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
On winbox:
1. Enable web proxy on the IP> Proxy> Access> Settings (check box enable)
2. Setting the IP parameters on the> Web Proxy> Access Settings> General
3. Make a rule for transparent proxy on the IP> Firewall> NAT
Transparent proxy with proxy servers separate / independent
Web Proxy Mikrotik built in according to my observation that it is less than the squid proxy in linux, linux squid in the more liberal and diconfigure to be modified, eg for delay-pool feature and ACL list in the form of files, not in the series Mikrotik 2.9.x.
Usually, most people prefer to make your own proxy server, a PC with Linux / FreeBSD and lived to direct all client PC's.
PC proxy topology can be in the local network or using a public ip.
Configuration almost similar to the transparent proxy, the difference is in the NAT rule actionnya is as follows:
In the above example 192.168.0.100 is the IP proxy server port 8080
Mikrotik as a bandwidth limiter
Mikrotik can also be used for bandwidth limiter (queue). Allocation mechanism to control the data rate.
In general there are 2 types of bandwidth management on the Mikrotik, the simple queue and queue tree. Please use one of the course.
Tutorial Mikrotik following all the settings using winbox, because it is user friendly and efficient.
Simple queue:
For example we will limit the bandwidth of the client with the ip 192.168.0.3 to the Upstream 128kbps downstream and 64kbps
Queues on the Settings menu> Simple Queues
Queue tree
Click the ip> firewall> magle
Create a rule (click the + red) with the following parameters:
On the General tab:
Chain = forward,
Src.address = 192.168.0.3 (or the ip you want to limit)
On the Action tab:
Action = mark connection,
New connection-mark = con client3 (or the name of the mark do we make the conection)
Click Apply and OK
Create a rule with the following parameters:
On the General tab: = Chain forward,
Connection mark = con-client3 (select from the dropdown menu)
On the Action tab:
Action = mark packet,
New pcket Mark client3 = (packet or do we make the mark)
Click Apply and OK
Click the Queues> Queues Tree
Create a rule (click the + red) with the following parameters:
On the General tab:
Name = client3-in (eg),
Parent = public (interface is the direction I go out),
Package Mark client3 = (select from the dropdown, the same do we make the magle),
Type queue = default,
Priority = 8,
Max limit = 64k (max bandwidth settings to download)
Click Ok and aplly
Create a rule with the following parameters:
On the General tab:
Name = client3-up (eg),
Parent = local (I was way into the interface),
Package Mark client3 = (select from the dropdown, the same do we make the magle),
Type queue = default,
Priority = 8,
Max limit = 64k (for setting max upload bandwidth)
Click Ok and aplly
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol itself. Diforward packages based on ethernet address, not the IP address (such as a router). Because the packet forwarding implemented on Layer 2, all protocols can be via a bridge.
So analoginya like this, you have a local network 192.168.0.0/24 gateway to an ADSL modem router as I also with the local ip 192.168.0.254 and public ip 222.124.21.26.
You want to create a proxy server and Mikrotik as a BW management for all client. Nah dimanakan want to put a PC in Mikrotik? Between the hub / switch and the gateway / modem? Not later become of him as a NAT and we have to add 1 block io private again from a different gateway modem?
Mikrotik solution in the set as a bridging, so he only seolah2 bridge between UTP cable only. Topologinya as follows:
Internet----Moderm/router----Mikrotik---Switch/Hub--Client
Setting the bridging winbox
1. Adding interface bridge
Click the Interface menu and click the + sign to add the red interface, select the Bridge
bridge interface name, missal we give the name bridge1
2. add ether interface on the local and public interface
Click the IP> Bridge> Ports, and then click the + sign to add a new rule:
Create 2 rules, to local and public interface.
3. Giving IP address for the bridge interface
Click the IP and then click + sign to add an IP interface, missal 192.168.0.100, select bridge1 interface (or interface name of the bridge we made earlier)
By providing IP Address on the bridge interface, the remote Mikrotik can do both from the network interface connected to local or public.
Mikrotik as MRTG / Graphing
Graphing is a tool that enabled the mokrotik to monitor changes in the parameters each time. Changes changes in the form of graphs uptodate and can be accessed using a browser.
Graphing can display information such as:
* Resource usage (CPU, Memory and Disk usage)
* Traffic passing interfaces
* Traffic is passing through simple queues
Activate the graping
Click the Tools menu> Graphing> Resource Rules
Is to enable graphing resource usage Mikrotik. Sedangkana allow the IP address which can access the graphics tersebu,. 0.0.0.0 / 0 ip address for all.
Click the Tools menu> Graphing> Interface Rules
Is to enable graphing for monitoring traffic through the interface, please select which interface you want to be monitored, or select "all" for all.
Graphing made up of two parts, first to gather information / data in the second format menampilkanya web. To access the graphics, type the URL with the format http:// [Router_IP_address] / graphs / and choose from the menus that have, a graph where you want to show.
Sample results graph to public traffic interface:
However, a few tutorial writers submit to share their knowledge or just to make it easier to simplify the understanding of the tutorial is already available on the official site Mikrotik.
Mikrotik is now widely used by ISPs, hotspot providers, or by the cafe. Mikrotik OS router makes the computer into a powerful network that is equipped with various features and tools, for both wireless and wired network.
In this tutorial the author presents a discussion and guidelines in a simple and simple to configure Mikrotik needs a general and necessary to the normal server / router warnet and other networks, is konfirugasi for example, for server NAT, Bridging, BW management, and MRTG.
Mikrotik version of the author to use for this tutorial is routeros Mikrotik 2.9.27
Access mirotik:
1. via console
Mikrotik router or the PC board can be accessed directly via the console / shell and remote access using Putty (www.putty.nl)
2. via winbox
Mikrotik can also access / use the remote software tool winbox
3. via web
Mikrotik can also be accessed via the web / use port 80 with the browser
Name Mirotik
[ropix @ IATG-SOLO]> system identity print
name: "Mikrotik"
[ropix @ IATG-SOLO]> system identity edit
value-name: name
entrance to the editor type eg I change the name IATG-SOLO:
IATG-SOLO
Cc quit Co save & quit Cu undo CK cut line Cy paste
Edit and then press Cltr-o to save and exit from the editor
I use winbox, it looks like this:
Changing the name of the interface:
[ropix @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[ropix @ IATG-SOLO]> / interface edit 0
value-name: name
Value 0 is the value ether1, if you want to change the ethet2 value 0 replaced with 1.
entrance to the editor type missal I change the name of the local:
local
Cc quit Co save & quit Cu undo CK cut line Cy paste
Edit and then press Cltr-o to save and exit from the editor
Do the same thing for ether 2 interface, so that if seen again akan appear like this:
[ropix @ IATG-SOLO]> / interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
Via winbox:
Select the menu interface, click the name of the interface you want to edit, edit window appears so that interface.
The IP Address:
[ropix @ IATG-SOLO]> / ip address add
address: 192.168.1.1/24
interface: local
[ropix @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK Broadcast Interface
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Enter the IP addres value in the column address and the netmask, enter the name of the interface you want to be addressnya.Untuk ip-2 Interface to the public interface, is the same as above, so that if seen to be more akan 2 interface:
[ropix @ IATG-SOLO]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK Broadcast Interface
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 202.51.192.42/29 202.51.192.40 202.51.192.47 public
Via winbox:
As NAT Mikrotik
Network Address Translation, or the more common is called NAT with a method to connect more than one computer to the Internet using one IP address. Too much use of this method is because the availability of the IP address of the limited, the need for security (security), and the ease and flexibility in network administration.
Currently, the IP protocol that is widely used IP version 4 (IPv4). With a long address 4 bytes means that there are 2 grade 32 = 4,294,967,296 IP addresses are available. This amount is theoretically the number of computers that can connect directly to the internet. This is because of the limitations of most of the ISP (Internet Service Provider) will only allocate one address to one user, and this address is dynamic, meaning that a given IP address will be different each time the user connect to the internet. This would complicate business for the middle to bottom. On the one hand, they require a lot of computers that are connected to the internet, but on the other hand only a single IP address, which means there is only one computer that can connect to the internet. This can be overcome with the NAT method. With the NAT gateway that runs on one computer, one IP address can be shared with several other computer and they can connect to the internet simultaneously.
For example we want to hide the local network / LAN 192.168.0.0/24 behind one IP address 202.51.192.42 is provided by the ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading akan modify data packets IP address and port of origin from the network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network.
To use masquerading, source NAT rule with action 'Masquerade' should be added to the firewall configuration:
[ropix @ IATG-SOLO]> / ip firewall nat add chain = srcnat action = Masquerade out-interface = public
I use winbox, will look like this:
Mikrotik as Transparent web proxy
One function is to save the proxy cache. If a LAN uses a proxy to connect to the Internet, then done by the browser when users access a web server url is taking requests at the proxy server. Meanwhile, if the data has not been found in the proxy server then proxies draw directly from the web server. Then the request is stored in the proxy cache. Then if you have a client that made request to the same url, akan diambilkan from the cache. This will make access to the Internet more quickly.
How to ensure every user's access to the Internet through a web proxy that have enable us? To this we can implement a transparent proxy. With the transparent proxy, every browser on the computer that use this gateway automatically go through a proxy.
Enabling web proxy fiture in Mikrotik:
[ropix @ IATG-SOLO]> / ip proxy set enabled = yes
[ropix @ IATG-SOLO]> / ip web-proxy set
cache-administrator = ropix.fauzi @ infoasia.net
[ropix @ IATG-SOLO]> / ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "ropix.fauzi @ infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Make a rule for transparent proxy on the NAT firewall, there is precisely the rule for NAT masquerading:
[ropix @ IATG-SOLO]> / ip firewall nat add chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
[ropix @ IATG-SOLO]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = Public action = Masquerade
1 chain = dstnat in-interface = local src-address = 192.168.0.0/24 protocol = tcp dst-port = 80 action = redirect to-ports = 3128
On winbox:
1. Enable web proxy on the IP> Proxy> Access> Settings (check box enable)
2. Setting the IP parameters on the> Web Proxy> Access Settings> General
3. Make a rule for transparent proxy on the IP> Firewall> NAT
Transparent proxy with proxy servers separate / independent
Web Proxy Mikrotik built in according to my observation that it is less than the squid proxy in linux, linux squid in the more liberal and diconfigure to be modified, eg for delay-pool feature and ACL list in the form of files, not in the series Mikrotik 2.9.x.
Usually, most people prefer to make your own proxy server, a PC with Linux / FreeBSD and lived to direct all client PC's.
PC proxy topology can be in the local network or using a public ip.
Configuration almost similar to the transparent proxy, the difference is in the NAT rule actionnya is as follows:
In the above example 192.168.0.100 is the IP proxy server port 8080
Mikrotik as a bandwidth limiter
Mikrotik can also be used for bandwidth limiter (queue). Allocation mechanism to control the data rate.
In general there are 2 types of bandwidth management on the Mikrotik, the simple queue and queue tree. Please use one of the course.
Tutorial Mikrotik following all the settings using winbox, because it is user friendly and efficient.
Simple queue:
For example we will limit the bandwidth of the client with the ip 192.168.0.3 to the Upstream 128kbps downstream and 64kbps
Queues on the Settings menu> Simple Queues
Queue tree
Click the ip> firewall> magle
Create a rule (click the + red) with the following parameters:
On the General tab:
Chain = forward,
Src.address = 192.168.0.3 (or the ip you want to limit)
On the Action tab:
Action = mark connection,
New connection-mark = con client3 (or the name of the mark do we make the conection)
Click Apply and OK
Create a rule with the following parameters:
On the General tab: = Chain forward,
Connection mark = con-client3 (select from the dropdown menu)
On the Action tab:
Action = mark packet,
New pcket Mark client3 = (packet or do we make the mark)
Click Apply and OK
Click the Queues> Queues Tree
Create a rule (click the + red) with the following parameters:
On the General tab:
Name = client3-in (eg),
Parent = public (interface is the direction I go out),
Package Mark client3 = (select from the dropdown, the same do we make the magle),
Type queue = default,
Priority = 8,
Max limit = 64k (max bandwidth settings to download)
Click Ok and aplly
Create a rule with the following parameters:
On the General tab:
Name = client3-up (eg),
Parent = local (I was way into the interface),
Package Mark client3 = (select from the dropdown, the same do we make the magle),
Type queue = default,
Priority = 8,
Max limit = 64k (for setting max upload bandwidth)
Click Ok and aplly
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol itself. Diforward packages based on ethernet address, not the IP address (such as a router). Because the packet forwarding implemented on Layer 2, all protocols can be via a bridge.
So analoginya like this, you have a local network 192.168.0.0/24 gateway to an ADSL modem router as I also with the local ip 192.168.0.254 and public ip 222.124.21.26.
You want to create a proxy server and Mikrotik as a BW management for all client. Nah dimanakan want to put a PC in Mikrotik? Between the hub / switch and the gateway / modem? Not later become of him as a NAT and we have to add 1 block io private again from a different gateway modem?
Mikrotik solution in the set as a bridging, so he only seolah2 bridge between UTP cable only. Topologinya as follows:
Internet----Moderm/router----Mikrotik---Switch/Hub--Client
Setting the bridging winbox
1. Adding interface bridge
Click the Interface menu and click the + sign to add the red interface, select the Bridge
bridge interface name, missal we give the name bridge1
2. add ether interface on the local and public interface
Click the IP> Bridge> Ports, and then click the + sign to add a new rule:
Create 2 rules, to local and public interface.
3. Giving IP address for the bridge interface
Click the IP and then click + sign to add an IP interface, missal 192.168.0.100, select bridge1 interface (or interface name of the bridge we made earlier)
By providing IP Address on the bridge interface, the remote Mikrotik can do both from the network interface connected to local or public.
Mikrotik as MRTG / Graphing
Graphing is a tool that enabled the mokrotik to monitor changes in the parameters each time. Changes changes in the form of graphs uptodate and can be accessed using a browser.
Graphing can display information such as:
* Resource usage (CPU, Memory and Disk usage)
* Traffic passing interfaces
* Traffic is passing through simple queues
Activate the graping
Click the Tools menu> Graphing> Resource Rules
Is to enable graphing resource usage Mikrotik. Sedangkana allow the IP address which can access the graphics tersebu,. 0.0.0.0 / 0 ip address for all.
Click the Tools menu> Graphing> Interface Rules
Is to enable graphing for monitoring traffic through the interface, please select which interface you want to be monitored, or select "all" for all.
Graphing made up of two parts, first to gather information / data in the second format menampilkanya web. To access the graphics, type the URL with the format http:// [Router_IP_address] / graphs / and choose from the menus that have, a graph where you want to show.
Sample results graph to public traffic interface:
However, a few tutorial writers submit to share their knowledge or just to make it easier to simplify the understanding of the tutorial is already available on the official site Mikrotik.
No comments:
Post a Comment