Anda di halaman 1dari 7

Membuat warnet dengan speedy sebagai bridge dan mikrotik sebagai dial up engine,..

1. Setting modem adsl menjadi mode bridge


SETTING MODEM ADSL
Buka browser Anda, masukkan alamat modem (defaultnya adalah http://192.168.1.1)
Masukkan username dan password : admin/admin
Masuk ke menu Advanced Setup kemudian pilih WAN dan klik tombol Edit
Masukkan nilai PVC
Configuration : (masukkan nilainya sesuai wilayah TELKOM masing-masing daerah)
VPI = X (setting saya=8)
VCI = XX (setting saya=8)
informasi ini bisa didapatkan dari petugas Telkom atau teknisi yang melakukan instalasi.
Jika Anda masih belum yakin dengan setting yang tepat di lokasi Anda, silakan cek
konfigurasi dalam tulisan berikut:
Setting Modem Speedy dari Berbagai Daerah
Service Category = UBR Without PCR, kemudian klik Next
Connection type = Bridging
Encapsulation = LLC, kemudian klik tombol Next
Tandai check box pilihan Enable Bridge Service, Next dan akhiri dengan Save
Selanjutnya klik tombol Save/Reboot, tunggu beberapa saat +- 2 menit hingga proses
reboot modem selesai.
2. Setting router mikrotik
a. Setting Ethernet awal
Internet lewat jalur telpon 0.0.0.0->modem >router>switch>client
0.0.0.0 ->192.168.1.1->192.168.1.2//192.168.0.1->192.168.0.2-192.168.0.254
Set system name and password_________
system identity set name=warnet.beenet
user set admin password=sukasukalu
set Ethernet card___________
interface ethernet enable ether1
interface ethernet enable ether2
interface Ethernet set ether1 name= Speedy
interface Ethernet set ether2 name= LAN
b. set IP addres masing2 ethernet
ip address add address=192.168.1.2/24 interface=speedy
ip address add address=192.168.0.1/24 interface=LAN
c. setting PPPOE speedy dengan mikrotik
/interface pppoe-client add name=pppoe-user-speedy user=111xxxxxxxxx@telkom.net
password= (masukkan pasword speedy) interface=Speedy service-name=internet
disabled=no
/ip route add gateway= 125.163.244.1(dapat diketahui dengan command ipconfig pada
saat dial speedy via windows)
/ip route print
d. Setting DNS
/ip dns set primary-dns=202.134.0.61 allow-remote-request=yes
/ip dns set secondary-dns=202.134.0.155 allow-remote-request=yes
Untuk mengecek apakah set dns sudah benar,..lakukan ping ke yahoo.com
e. Setting masquerading ( NAT )
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.0.0/24 out-
interface=speedy
Tahap awal setting selesai..cek koneksi lan ke internet (setting ip masih static lo)klo mau
otomatic lanjut setting dhcp server
f. Setting DHCP Server
1. Buat IP address pool
/ip pool add name=dhcp-pool ranges=192.168.0.3-192.168.0.8
2. Tambahkan DHCP Network dan gatewaynya yang akan didistribusikan ke client Pada
contoh ini networknya adalah
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1
3. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada interface ether2 )
/ip dhcp-server add interface=lan address-pool=dhcp-pool
4. Lihat status DHCP server
[admin@r-WLI] > ip dhcp-server pr
5. Jangan Lupa dibuat enable dulu dhcp servernya
/ip dhcp-server enable 0
g. Firewall filter
/ ip firewall filter
add chain=forward connection-state=established action=accept comment=allow
established connections disabled=no
add chain=forward connection-state=related action=accept comment=allow related
connections disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop
Messenger Worm disabled=no
add chain=forward connection-state=invalid action=drop comment=drop invalid
connections disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop Blaster
Worm disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Worm
disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=Drop Blaster Worm
disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=Drop Blaster Worm
disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=________
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=________
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=Drop MyDoom
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=________
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requester
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm server
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafx
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=cichlid
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=Bagle Virus
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop Beagle
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=Drop Beagle.C-K
disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=Drop MyDoom
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=Drop Backdoor
OptixPro disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=Worm
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=Drop Sasser
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop Beagle.B
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=Drop Dabber.A-B
disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=Drop Dumaru.Y,
sebaiknya di didisable karena juga sering digunakan utk vpn atau webmin disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment=Drop MyDoom.B
disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=Drop NetBus
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=Drop Kuang2
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=Drop SubSeven
disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop PhatBot,
Agobot, Gaobot disabled=no
add chain=forward action=jump jump-target=virus comment=jump to the virus chain
disabled=no
add chain=input connection-state=established action=accept comment=Accept
established connections disabled=no
add chain=input connection-state=related action=accept comment=Accept related
connections disabled=no
add chain=input connection-state=invalid action=drop comment=Drop invalid
connections disabled=no
add chain=input protocol=udp action=accept comment=UDP disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=Allow limited
pings disabled=no
add chain=input protocol=icmp action=drop comment=Drop excess pings disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept
comment=FTP disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept
comment=SSH for secure shell disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept
comment=Telnet disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept
comment=Web disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept
comment=winbox disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment=pptp-server
disabled=no
add chain=input src-address-list=ournetwork action=accept comment=From Datautama
network disabled=no
add chain=input action=log log-prefix=DROP INPUT comment=Log everything else
disabled=no
add chain=input action=drop comment=Drop everything else disabled=no
h. Mengaktifkan web proxy pada mikrotik
/ip web proxy set enable=yes
set src-address=0.0.0.0
set port=8080/3128
set hostname=proxy-apaaja
set transparent-proxy=yes
set parent-proxy=0.0.0.0:0
set cache-administrator=silahkan.pannggil.operator
set max-object-size=4096KiB/131072KiB
set cache-drive=system
set max-cache-size=unlimited
set max-ram-cache-size=unlimited
maximal-client-connections: 600
maximal-server-connections: 600
max-fresh-time: 3d
serialize-connections: yes
cache-hit-dscp: 4
i. Membuat rule untuk proxy pada firewall NAT, tepatnya ada dibawah rule untuk NAT
masquerading
/ip firewall nat add chain=dstnat in-interface=local src-address=192.168.0.0/24
protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat in-interface=local src-address=192.168.0.0/24
protocol=tcp dst-port=3128 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat in-interface=local src-address=192.168.0.0/24
protocol=tcp dst-port=8000 action=redirect to-ports=8080
perintah diatas dimaksudkan, agar semua trafik yang menuju Port 80,3128,8000
dibelokkan menuju port 8080 yaitu portnya Web-Proxy.
/ip web-proxy print { untuk melihat hasil konfigurasi web-proxy}
/ip web-proxy monitor { untuk monitoring kerja web-proxy}