""'

http://ict.smkn1/embahmelintang.sch.id

M JKrO

ACADEMY

---.,
MJKrO

Certified Consultant

Pembahasan Soal Uji Kompetensi

TKJ PAKET 2- MIKROTIK FIREWALL, PROXY, SCHEDULE

Skenario
Dalam kegiatan uji kompetensi ini anda bertindak sebagai Teknisi Jaringan.Tugas anda sebagai seorang teknisi
Jaringan adalah merancang bangun dan mengkonfigurasi sebuah Wifi Router berfungsi sebagai Gateway
Internet, Webproxy,DHCP Server dan Firewall,kemudian internet tersebut dishare ke client melalui jalur kabel
dan
wireless.
WLAN 1 (WLAN Interface):

KONFIGURASI

10.1P WLAN 1

= 192.168.200.1/24

1. Sistem operasi

= Mikrotik RouterOS

11. SSID

= nama_peserta@Proxy

2. DNS

= Sesuai dengan DNS ISP

12. DHCP Pool

= 192.168.200.2-192.168.200.100

3. WebProxy

=Yes

13. Blocking Site

= http://www.linux.or.id

4. Cache Administrator

= nama_peserta@sekolah.sch.id

14. Blocking File

= .mp3,.mkv

Etherl:

5. IP Etherl

= Sesuai dengan ISP

Buat firewall yang memblokir akses internet melalui jalur wireless mulai pukul
19:00 (malam)- 07:00 (pagi).

6. Gateway

= Sesuai dengan ISP

Konfigurasi PC/Laptop Client (Yang tergubung Ether2 mela/ui Switch)

Ether2:

1. IP LAN

7. Terhubung dengan kabel ke switch dan PC

8. IP Ether2

= 192.168.100.1/24

9. DHCP Pool

= 192.168.100.2-192.168.100.100

= Dinamis

Konfigurasi PC/Laptop Client (Yang tergubung WLAN1 mela/ui wireless)

1. IP WLAN

= Dinamis

2. Sistem operasi

=Windows I Linux

0
"

http://ict.smkn1/embahmelintang.sch.id

Gambar Kerja
192.168.100.xxx/24

IP Menyesuaikan
ISP
Eth2

/::=;

Eth1

INTERNET

Bagian 1

: Konfigurasi Dasar Router

1.

Sambungkan router ke PC untuk konfigurasi dasar.

2.

Sudah memiliki aplikasi winbox ( remote gui) atau optional bisa menggunakan webfig

3.

Reset Router agar konfigurasi benar -benar dalam keadana fresh. Sebaiknya soft reset
/system reset-configuration no-defaults=yes

Konfigurasi Interface dan IP address

[

/interface print

/interface set etherlname=nama-interface

0 admm AC:SE:OC:B19: ()..{)f {Mi'uof it) WmB-ox v6.13on RB951-2n (mtpsbe)

")

jllll!edac..

-1. VArelesa

::fhjge

TI1TTT!l'YH

ppp

HMH lt'.XH MMK lII iOG< w.i< R.ii.RRRR

000000
1M! 1II 10000<
RRR RRR 000 000

"" s.<tcll

.l!!!
KXM
lMi

JfP

loX. IOOC

'

[?)

com:M (?1

JOO< !00< Rl\R

000

000000

1!1
1T1
lTT

1!!

http://ww.ru.rntu:.cw

G1.ves t.M !.1:n o!available ccmands

G1.Ve3 belp on th! ecamand ond l.Ht ot a ot:s

c :eecod [!abl

)( Tocio

RRR

000

Qivt!l l)O':Jible optioM

Move up to base. level

..

Move up one leve1

/co:r:r.a.nd

Dse ccnnan-d ao: t.e base level

l d:...i.r @M.lk':on.ti >

l.le!aROUTER

fla; s: D - dynanic, X - disabled, R - runn1n;, s - slave

t...> MhS..,oa.

e........
l&i!

(ad:cr.@!-! k:-aT:.k)
I

>

uo:er: cc p: ::

twl!l

0 R e:herl
1 R e rterl
Of
2
e<;h.e.r-3
3
et.her4
:t
etherS
5 X wl4Dl
(O<icr.l!.u:oTa)

T'lPE

>I

admin@MikroTi ] >interface set ether1name=ether1-internet

[admin@Mikro k] >interface set ether2 name=ether2-lan
[admin@Mikro k] >interface set wlan1name=wlan1-wifi
[admin@Mikro k] >interface print
Flags: D- dynam c, X- disabled, R - running, S - slave
# NAME
TYPE
MTU L2MTU MAX-L2MTU
0 R etherl-in

iliiiNewTomi1al

f)P-..

IC<K
100<
I11 iOO< KiGC
I1I 10000<
I It I<KK !GO<
I!I !00< iOO<

Ccmple es ttte cc:rtr.and}worcl.l!'the tn:put u amtllquous,

Ltab)

JD.!tadus

RRRRRR

MU'r:oru: RoutetOs c.1e (t) 1999-401:1

i - .NPLS

.C: &.tng

KXK I Il
lMi I II

mnnrm

Hl'lJ L2lfl'O

KAX-1.2MTO W.C-};!)DRESS

e er
ether

1500
1soo

1600
1$9e

4076 4C:S :0C:S1:90 0

202e 4C :St:OC:51:90

e::.h.er
e::.hu
ether

1500
1500
1500
150

1598
1S9S
1S9e
229{1

202e 4C:SE:OC:B1.:90 10

wh..fl

2024C:S:0C:Sl:90 11
202e 4C:SE:OC:81:90 12
4C:SE :OC:31:90 13

1 R ether2-lan
2 ether3
3 ether4
4 etherS
5 X wlanl-wifi

net

ether
1500 1600
4076
ether
1500 1598
2028
ether
1500 1598
2028
ether
1500 1598
2028
ether
1500 1598
2028
wlan
1500 2290

Konfigurasi I ndentitas dan Security Router

(

/system identity set name=ukktkj

MXY.

lOOi

Y-Y.MM
MMM MXMM MXM

MM
MMM

-MM
MMM
Y-MY-

KKK
TTTITTTTITT
KKK
TTTTTTTTTIT
KKK
KKK
III KKK KKK RRRRRR
000000
III KKK KKK
TTT
RRR RRR 000 coo
III KKKKK
TTT
III KKKKK
III KKK KKK RRRRRR
III KKK KKK
000 000
TTT
m
III KKK KKK RRR RRR 000000
III KKK KKK

MikroTik RouterOS 6.18 {c) 1999-2014

http://ww. mikrotik.com/

[? 1

Gives the list of available corr.mands

Gives help on the command and list of arguments

[Tab]

Completes the corr nd/word. If the input is

ambiguous, a second [Tab] gives possible options

corr.mand [ ? 1

Move up to base level

Move up one level
/corrmand
Use command at the base level
[admin@!HikroTilk] > s:astem identit set
naJr.e=ukktkj [admin@ukl kJ] > user set admin
password=tkj [admin@uilcktkJ ] >
I

Remote Mikrotik dengan Winbox

X

MikroTik \.YinBox Loader v2.2.18

Connect To: 4C:
5E:OC:B1:90:OF

Connect

IP Address

Versi...

MAC Address

4C:5E:OC:B1:9...
Password:

0.0.0.0

6.18

RB951-2n

MikroTik WinBox Loader v2.2.18

Note:

Connect To: 1 4C: 5E:OC:B1:90:0F

Iadmin
PassNord:

r
P'

Keep Password

Serure Mode

1'7 Load Previous Session

Note:

f ukktkj

Connect

Save
Remove
Tools...

Konfigurasi I P address
/ip address add address=192.168.1.x/24 interface=etherl

[admin@ kktkj] > P add=e33 add address=10.100.1.105 24 interface ether1internet [admin@ kktkj] > 1p addre33 add address=192.168.100.1 24
interface=ether2-lan [admin@ kktk]
] > P add eaa add address=192.168.200.1
24 interfacewlan1-wi=i [ad.min@.lkktk]] > P add::-e3.3 print
Flags: X - disabled, I - invalid, D - dynamic
i ADDRE SS
NE"n'.DRK
INTERFACE
0
10.100.1.105/24 10.100.1.0
ether1-internet
1
192.168.100.1/24 192.168.100.0 ether2-lan
2 I 192.168.200.1/24 192.168.200.0 wlan1-\i' =i
[adml.n@ kktk]J >

Routing dan DNS

(

/ip route add gateway=IP_gateway_ISP

/ip dns set servers=203.130.193.74,8.8.8.8 (DNS speedy)

COlriliiand

[Tab]

( ? )

Gives he p on

command and

isto:= arguments

Competes the command/word. If the input is

ambiguous, a second [Tab] gives possib e options

Move up to base eve

Move up one eve
/co=and
Use oo=and at the base eve
[admin@ukktkJ ] > ip route add qateway=10.100.1.1
[admin@ukktkj] > ip dns set servers=203.130.193.74,8.8.8.8
[admin@ukktk)] > ip route print
F ags: X - disab ed, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bqp, o - osp:=, m - Ir:Jne, B - b
ackhoe,
U - unreachab e, P - prohibit
/

DST-ADDRESS

PREF-SRC

GATEWAY

0 A S 0.0.0.0/0
10.100.1.1
1 ADC 10.100.1.0/24
10.100.1.105
ether1-internet
2 ADC 192.168.100.0/24
192.168.100.1
ether2- an
[admin@ukktkj] > ip
sprint
servers: 203.130.193.74,8.8.8.8
dynamic-servers:
a ow-remote-requests: no
max-udp-packet-size:
4096
query-server-timeout: 2s
query-tota-t::imeout::: 10s
cache-size: 2048KiB
cache-max-t::t:: : 1w
cache-used: 9KiB
[admin@ukllct::.k.-:J ] > I

DISTANC
1
E
0
0

DHCP Server 1

Untuk memberikan IP secara otomatis kepada Client yang tersambung ke Interface 2- LAN

li_p_d_h_c_p-_s_e_rv_e_r _se_t_u_p

Move up one
eve
/corr:mand
Use corr.mand at the base level
[admi@ukk kJ ] > ip dhcp-se Ter setup
Select inter=ace to run JHCP server on
dhcp server interface: ether2-lan
Selec
network =or 3HCP addresses
dhcp address space: 192.168.100.0 24
Select gateway =or given network
gateway for dhcp network: 192.168.100.1
Select pool o= ip addresses given out by 3HCP server
addresses to give out: 192.168.100.2-192.168.100.100
Select DNS servers
dns servers: 203.130.193.74,8.8.8.8
Select lease time
lease time: 3d
[admi@ukktkJ ] >

ikuti proses setup tersebut dan sesuaikan dengan kebutuhan soal

Firewall NAT

Firewall ini bertujuan agar client bisa mendapatkan akses internet dari public

/ip firewall nat add chain=srcnat out-interface=(interface-ke-internet) action=masquerade

KKM

MMMM
.KM
MMM

MMM

KY-M

KKK
KKK

III
III
.KM
III
MMM
MMM III

KKK KKK
KKKKK
KKK KKK
KKK KKK

Y-.ikroTik RouterOS
[?]

COir.mand (?
)

[Tab]
I

6.18

RRRRRR
RRR
RRR
RRRRRR
RRR
RRR

(c) 1999-2014

TTIIIITTTTT
TTIIIITTTTT
TTT
III
ooccco
TTT
III
000 ceo
III
000 000
TTT
000000
TTT
III

KKK
KKK
KKK

KKK
KKKKK

KKK KKK
KKK KKK

http://w'"WW. mikiX>tik.COm/

Gives the list o= available commands

Gives help on the co: r.mand and list o= arguments
Completes the command/word. I= the input is
ambiguous, a second [Tab] gives possible options
Move up to base level
Move up one level
Use coird at the base level
> ip =i=evall nat add chain=srcnat out-inter:=ace=ether1-internet action=masquerade

/command
[ad.min@uk1ctk
]]
[ad.min@ukktkJ ] > ip Ii=e all nat print
Flags: X - disabled, I - invalid, D - dynamic
0
chain=srcnat ac ion=masquerade ou -inter=ace=ether1-internet
[ad.min@uk!k:t!k:J ] >

Pengujian Pada Client

Pastikan client dan Router tersambung dan client mendapatkan akses internet dan IP
DHCP
N or" Conn ctions

1'
Organize
-

'tlt'f
'"

:drll

0
> Control Panel > Network and Internet > Network Connections

Disa ble this network device

Ethernet
Disa bl ed
Mi crosoft KM-TEST Loopback Ad...

l-

Diagnose this connection

1:$1'

Rename this connection

local Area Connection

Neork 4
lntei LRJ Ethernet Connect1on 1218-V

Wi reless Network Con l!lJ Local Area Connect1on Status

X
Unidentified network .------------------- - ---'-,
Realtek RTL8723BE Wir Network Connection Details
X
Network Comection Details:
Property

Value

Comection-specific ON...
Desaiption
lntei(R) Ethernet Connection 1218..V
Physical Ad<X-ess
S0.7B9D37EC2B DHCP Enabled Yes
1Pv4 Address
192.168.100.100
1Pv4 Subnel Mask
255.255.255.0
lel!se Obtained
Wednesdi!!)'.Februi!IY 03. 2016
12:15 lease Expires
Saturday. February 06.2016
12:15:22
1Pv4 Default Gateway
192.168.100.1
1Pv4 DHCP Server
192.168.100.1
1Pv4 DNS Servers
203.130.193.74
8.8.8.
8
1Pv4 WI NS Server
NetB IOS over Tcpip En... Yes
Unka11Pv6 Address le80::a8lb:Sd15:5d40:76d2"414
1Pv6 Defd Gateway

"

...

Search Network Connections

>>

;;: ... [J

Bagian 2 :

Konfigurasi Wifi

Mengaktifkan Interface WLAN 1

Secara default interface wlan 1disable. Untuk itu kita aktikan dengan command

/interface set wlanl-wifi disabled=no

-[admi@ukktk]]

> i te =ace print

Flags: D - dynamic, X - disabled, R - running,
S
#
0
1
2
3
4
5

R
R

NAl.fE

TYPE

ether1-internet
ether2-lan
ether3
ether4
etherS
wlan1-wi=i

ether
ether
ether
ether
ether
wlan

slave

l.fTU L2l.fTU
l.fAC.

1500
1SOO
1500
1SOO
1500
1500

1600
1S98
1598
1598
1598
2290

[ain@ukktkJ ] > i ter=ace set wlan1-wi=i

disabledo syntax error (line 1 column 35)
[admi@ukktk]] > i ter=ace set wlan1-wi=i disabled=no
[admin@ukk kJ] > inte =ace print
Flags: D - dynamic, X - disabled, R - slave
running, S
l.fTU L2l.fTU
l.fAC.
i
NAl-IE
TYPE

l.fAX-L2l.f'l"U

407
202
6
8
202
8
202
8
202
8

- ADDRESS

4C:5E:OC:B1:90:
0E
4C:SE:OC:B1:90:
0F
4C:5E:OC:B1:90:
10
4C:5E:OC:B1:90:
11
4C:5E:OC:B1:90:
12
4C:5E:OC:B1:90:
13

-ADDRESS
l.tAX-L2l.f'l"U

0
1
2
3
4

R
R

ether1-internet
ether2-lan
ether3
ether4
etherS
s
wlan1-wi:=i
[admin@ukk.-ck]] >

ether
ether
ether
ether
ether
wlan

1SOO
1500
1SOO
1500
1500
1SOO

1600
1598
1598
1598
1598
2290

407
6
202
202
8
8
202
8
202

4C:5E:OC:B1:90:
4C:5E:OC:B1:90:
0E
0F
4C:SE:OC:B1:90:
10
4C:5E:OC:B1:90:
11
4C:5E:OC:B1:90:
4C:5E:OC:B1:90:
13

Konfigurasi Wireless

Aktifkan interface dan setting security profile

admin@4C:5E:OC:B1:90:0F (u kktkj) - Wi nBoxv6.18 on RB951-2n (mipsbe)

[Saie Mode

G!J

Hide Passwords

EJ

Wireless Tabies

I
Dual
I +IB 0 [9"1 IT]
lnterfaoes

Nstreme

Access Ust

'

,..
,..
,..
,..

Regostrabon Comect Ust

Scamerj[Freq

Sec:u1ty Profies Ol!nlels

Usage I PJignment ] Wireless SnfferJ wre!ess Snooper

Type

, ,."''-'-'--'W
i""ir"e=less

RK

. AR9.

O!>.Qs.

Tx Packet 6>/s)

!I

RK Packet 6>/s)

MAC Address

0 4C:5E:OC:B

,_.,,,"'''--'='"'-'--= '-"- "-'"'-'"-

9QJ;.l

Aktifkan
ad min @4C: SE:OC:B1:90:0F (ukktkj)- Wi n Boxv6.18 on RB951-2n (m ipsbe)
[

Saf e

-------------------------------------------------------------------------------------------------------------------Interlaces

Nstreme Dual

k.cess Ust

Registration

Connect Ust

Security Profiles

Dlannels

PA2 Pre

General

RADIUS

I'

I'

EAP

Static Keys

Ipassword
Mode: Idynamic keys
Name:

I'
I'

E3

New Security Profde

Authentocation Types
WPAPSK

WPAEAP

WPA2 PSK

WPA2EAP

- llnicast Ciphers
tkip

aesccm

- Group Ophers

I'

tkip

aesccm
WPA Pre-Shared Key: l ukk2016
WPA2 Pre-Shared Key: !Ui<k2o161
Suppkanl ldentJty:

Group Key Update: l oo:OS:OO

I
10

OK
Cancel
Apply
Copy
Remove

Pengaturan dasar Wireless Wireless mode, SSID, Security, Channei-Widht, Freq,

admi n@4C:SE:OCB1:90:0F (uklct:kj) WinBox v6.18on RB951-2n
(mipsbe)

[3EJ I Safe Mode :

INstreme Dual Pccess Ust

[BB 0 [eJ ITJ
Interfaces

Jfype

Mode: hlridge

Wireless (Ptheros

l OMHz

Frequency: 2f324:24:"3'2-----:======;;:[:IM!,
SSID: (hiii"@Jdd.kj.net
Scan Ust lde1au
Wireless Protocol: [aiiL

C=an=cel

I[!)

]Hz

10

Comment

I[!]
[!]

Torch

Scan...

ll...!.__l,:==Freq=.
U=sa=g=e... default
Pi
Bridge Mode: m- ! !=-=
Sniff...
DelauAP Tx Rate: [._
Snooper...
_JI bps

Part ion
Make Supout.rif

MarM.Jal

bps

Defauft Oent Tx Rate:

Delauh PtJthenticate
Delauh Fo!Ward
0 Hide SSID

cket /sAddress ode

0 4C:SE:OC:B1:90:13 enabled station

Disable

Security Profae:d E>fa u

1 em out of 6 (1 selected)

IF.nd

OK

Band: j2GHis.
Channel Width:

Routing

1!1 i

R Interlace <Wian1 1fl>

'
General Wireless HT WDS Nstreme NV2 ...

Reset Configuration
Advanced Mode

t-ide PasS'II

lfhann. en... SSID

2GHz-B 20MHz 2412

Pengujian Koneksi Wireless

Pastikan DHCP Pool 2 sudah dibuat untuk wireless koneksi ya ..

admm C SE:OC Bl:=K>:OF Cukktlq)

RF

de
eMo

WmBoxv6.18 on RB9S1 2n (mpsbe)

CJ

[.J Hide Pe>SWOf'ds tB

-----------------------------------------------------------------------------------------------------------lnterfocClS '

General

NV2

Wi"eless

Frequency:

SSID:

.. .

] [I
!J

eiWoidt
r:
.....,.ann

Status

.,...-;:-----------,I
==========:1,.-,
C

.t..=..J

I[ MHz
===""-'-'"'---------'

III

Scan Ust:

en..,l v
-----------' 1

OK

==Ca=nc::e::l:==:
[';'=;;=" -:-;----,-;:o-....,.....-,--,--;--;-:---r.-;-: -:------;

=
I:

i'Wi

Disable

Co<TWnenl

Wirele$$ Protocol:

Torch

5ecLwtty Profile: password

Bridge Mod..: ]enabled

Scan...

]I:!]

FreQ.Usage...

Oef.oiAt AP Tx Rome: '--------'

bpo

bps

Oefai.At 01ent Tx Rate:

Defaul AuthentiCate
Oefaul: Forward

HideSSID

I
...,;gn ...
I I
Sniff...
I I
Snoope, ..
I
I Reset Confogu.-atle>n
["Mvanced

Verifikasi DHCP
[?]
command [?]

Gives the list of available commands

Gives help on the command and list of arguments

[Tab]

Completes the command/word. If the input is

ambiguous, a second [Tab] gives possible options

level

Move up to base
Move up one
level

/comand
Use cdo at the base
level
[admin@ulckt:l]c] > ip dhcp-server
setup
Select interface to run DHCP server
on

Paste

Home

X. Cut
) Copy

1..upboard

dhcp address space: 192.168.200.0 24

Select gateway for given network
gateway for dhcp network: 192.168.200.1
Select pool of ip addresses given out by DHCP
server

Vitw

a Crop

't
Organize

c9 Rtsat

..Rotate ..

-=

Image
[? )

ControlPanel

>

Connec:t To

> Network and Internet

>
NE(Work Connections

Disable this neM<ork de-Ji <e:

Ethernet
- ..

Diagnose this connec:tion

v 0

S.arch NeMork Connecbons

Rename this connection

))

I;

Local Aru Connection

Vi rtuaiBox HostOnly Nrk

NeM:ork cable unplugged

Orsab ed

Cl

Give:he li:lt of evo.ila

comand ( ?)

dhcp server interface: wlan1wifi

Select network for DHCP
addresses

':fJ Network Connect ons

!;I ") (" I

gil

Gives h:elp on th:e cotnr an

r - - -')=( -"-'--l n-t_ei_;

(_;R)E_t_h_er_ne_t_C_on_n_ect_on_1_2_18-_V

,drn

(7ab)

WirelessNetwortConl cd10 .Jrelc:uNetwotk(o ne otr

:: : 2 E\\iJ

NEt

ork

Connect1on

#,

Vi rtuaiBox Host-On ty

o-...------------X.. .

Nelwolk Ccrneeuon Oeta,s:

addresses to give
out:
192.168.200.2192.168.200.100
Select DNS servers

pool

b,

M
ov
e
up
o
b
as
e
le
v
el

Move up one level

Ico:r:mand

on

Ue command at he bo.: e (ad:ru..r.@:u.k'ktk) ) > 1p cL cp-server se up Select in terrace to tun oncP server

dhcp server int:ertace : wlanl-vitl

Select networ k !or DHCP ac!dre: : e:

ad.d.ress space: 192 .16e.2oo.o 24

Select oaevay for qiven nevork
d.h.cp

oa teway Cot d.h1> net work: 192 . 16e .200.l

Selec
of ip o.dd.re::es qiven ou

o.<td.re:.:es to o1ve out : 192.16e .200 .2-192

Property

Cornection-$J)ecfte ON..

Deoo'cl<;on

IP.4 D NS s..v.,..

Value

255.255255.0

1Pv4 WINS Server

Reotek RTl87238E
Wi"ele$$ WI 8(

W. februtrY 03. 2016 1.18:

s.tuday. februory 06. 2016 1:18.411
192.168.200.1
192.168.200.1
203.130.193.74

1'11ysiedAd<t=
DHCI' Enabled IP.4Ad<t= IP.4SubnetM!d< leo$e0btoined leo3e Expil'e$
1Pv4 OefaJt Gdew

18-4f32-5A-22-G5
Y..
192.168.200.100

1Pv4 OHCP Server

SelecDNS servers

Net BIOS over

l...i"k<locaiiPvSAddres.s
IPvG Oefa.ft Gateway

dn:server:: 203.130.193.74,. 8.8.8.8

dns servers:
203.130.193.74,8.8.8.8
Select lease time

Seleclease doe
lease tie: 3d

[adxtlr.@ uk l..:t:kJ )

>1

4 items

8.8.8.8

lcpip &\... Ye$

fe80::6814:9ceSJde:9f 1S

1 rtem selected

r---------

HomtGroup

l ntemet Options

lease time: 3d
[admin@ulcktlcJ]

lenovo Internet
Connection

>I

Win'Ciows Firewall

Mikrotik Web Proxy

adm;ne4c,se,oc,B19' 0'0F (uklctlcj) - WonBox w.18 on R89S1-Zn (mp; sbe)

SafeMode

....-Qockset

r---------------------------------------------...- Interfaces

.1:.

:c Bridge
Wreless

..::= ppp

Web Proxy Settrga

General

I Status

Lookup$

..-1

Swich
0

<: Mesh

_2 1P

Inserts

Rei........

Enobled

Src. Address:
t

Port: 3128

_j

I
I

OK
Cancel

"'"*'
o;.,Cach

I
I
I

[an@ukktkJ ) > P proxy

print
enabled:
yes
src-address:
pore: 3128
anonymous: no
parenc-proxy:
parent-proxy-port: 0
cache-a nistracor:
ilham@tkj.net max-cache-size:
unlimited
max-cache-object-size:
1024KiB
cache-on-disk: yes
max-client-conneccions:
600 max-serverconnections: 600
max-fresh-time:
3d serializeconnections: no alwaysfrom-cache: no
cache-hit-dscp: 4
cache-drive: system
[an@ukl<:tk] >
IQ]

MPlS

P....,nt l'n>xy:

.c
"' Ro.A,;,g
v s,...em
F'deo

0 P...-;on

I
I
I

KiB

Cache On Disk

Client Connec:liOns' 1600

_]

Max. Server Conneatons: 600

MakeS'-I>OUt.rif

MaJC:Fre&l Tme: ! 3d ()(}.00:00

...J

Serkalize Connections

) Hw8rs F""" <Acne

Ex l

M a nual
Cache H< OSCP (TOS): 4
Cache Drive:

"""ped

-em

Acceo.
Cache

I ocolo
I
I . Pott
I

I
[<Acne c-..-ciJ

KiB

Max Calche Object Size: 1024

Max

Reset HTML

MniniS:Rrtor:

Max.Cache Size: unllmled

-New Tent*'t81

\!9 MetoROUTER

I
J

l>m.nelCache

L og

)(' Tools

Anonymous

Parent Proxy Port:

au.u

--'

Connec::bOns

269_4 KiB
ln. Inter.

.lex.. Int... Bytes

ether1-i...
[);<={

Pack94-0

=.

Konfigurasi Access list

Menambahkan daftar uri dan ekstensi yang akan di filter pada proxy
--................

'18o-x v6.18 on R89S1 2n

(mipsbe)

S!otuo l.ooi<Lo> n.... ReiteR$

OK

.,

[]8 Clill
1 SIC.Addle..

>

,,

Sle.Addo=
o.t.Add....:

Osl Port

LocalPort:

Ho

Dilnux.ctl<l

P.th:c_

Method

Cl X

.
.I

c-

OK
Concel

.i
I
.I
I

""""'

.I

.I

c-

2
3

*. 3gp*

[admin@ulcktk] l

J.

Copy

I
Srcl'dote":L::

I
I

Ilaw Web Pnny Rule

, Re.e! C.untm l

_j
Cadle E:l1ve ,.,.,...,

stopped

OK

""""' I
J

edi'ect To Hts

enot>led

G7 Enabled

Hts: 0
Ollems

Geneo-al S!ou. Lookups '-1s Refreshes

Reset Count"'

led<ect To jH<

*.iso*

Coll'l'ltent

Remove

Redoect To

linux.or.i
d
Jcompas.com

C.ncel
I
;III
I
l I
""""'

Port:

PATH

l.fETHOD

ACTION

HITS

DST-HDST

" I &lebled
Src./i.ddle$3; ::

.... :J ..........__.

Flags: X - disabled
DST-PORT
II

IQJ
General

--... .. .....

@ulcktk]] > ip proxy acce3s print

[a

deny

deny
deny
deny

0
0
0

Hcs: 0

Hem

en.ebled

Aktifkan Transparent Proxy melalui Firewall NAT

stport=BO in-inter ace=w anl action=re irect to-

[admin@ukkCkJ ] > ip :irewall nac

kkck]] /ip firewall nat> add chain=dscnat
prococol=ccp dst-port=80 in-inter:ace=wlanl-wifi action=redirect to-ports=3128-port=80 in-interface=
[admin@ukkCkJ ] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnac accion=masquerade out-interface=echerl-incernet
1 chain=dscnac accion=redirecc co-ports=3128 protocol=tcp in-interface=wlanl-wifi dscport=80 [admin@ukktk]] /p firewall nac>

admin@4C:5:0C:B1:90:0F (ukktkj)- Win8ox v6.18 on RB951-2n (mipsbe)

admin@4C:5E:OC:B1:90:0f (ulclctlql- WinBox v6.18 on R8951 -2n (mipsb)

SafeMode

Safe Mode

Chain.

Src..Pdctess

6cp)

Protocol:
MPLS

Src. Port:

Routing

Ost. Port:

80

Arry. Port: 0 wfan1.Y.'i!i

ln. lntedace:

Aes

Out.Interlace:
T

,..

Packet Mark:
CoMec:tJon Mark:
RoW1g Mark:

RoW1o Table.
Make Supcx.t.rl

.Exi

Marual

Coonecbon Type:

k;mn

To Ports 3128

...

Ost. .Pdctess:

Genen!l Advanced Elc!n! Action StatJsbcs

stoat

...

MPLS

OK

CCancel

LPWI

...

!)sable

Lommert I

!'

LCopy =:J
C

...

CRemove J

I'
I'

I[ I ...

[?

...

Fles

...
...

co
[I

I'

...
...

...

[!) E:J

NAT F\Je <80>

lrterlaces

I
/C

Patbon
._.. Make .rf

.Elci

Marual

[a
d
(a

n
0

(a

I Reset Cou-ters ]
I Reset AI Cou-ters I

Dst.p
80

Pengujian Koneksi

iii C:\WI NDOWS\system32\cmd.exe

Menggunakan Koneksi Wireless

+-

..J

kompas.com

ERROR: Forbidden
\\bile trying to retne\"e the liRL hnp

komoas com :

Access Denied
Your cache admimstrator IS t lbamilaluf'Ghotmail com.

Generated Frz, OJ Jan 1970 01:27:16 G.\1T by 192.168.200.1 ( J1ikTotik HrtpProJ.:y)

+-

C D mi rror.poliwangi.ac.id/ubuntu-cd/14.04.3/ubuntu-14.04.3-desktop-amd64.iso

2J ii nux.or.id

ERROR: Forbidden

PEMBAHASAN UKK TKJ 2015/2016 PAKET 1

SMK a
W..S X I Saal n al<an drsbukkan <leogan ang namanya IJf
KornpetellSI Kealman (I)KK) yililll 5ydlal unwk lukls adalah SISNa me'lge)akar

2-. \\lule trying to retrie\"e the Llli. hnp mUTQr oohwang1 ac td ubunOI<d 1OJ ubunm-H.0 .3-des!qop-amdM 1so:

'oat ....-.

Access Denied

prdbhJin yang IelahdiSt.,ldonsa.< BNSP Soaltl!fSell<JI dapat <liuldlo" d s.ni

Ok. kaiJ n saya mau befbagl sedllo1 a.. alau panduan yang sebenamya son <una caoa
tJ_., .....
cot>a jaw.lb seal "1'1 selletum di snare ke saswa Ujoan UKK TKJ tal'lln n ada 3 pal<et l......

Your cache admuustrator ts tlhanulalu1thonncutcom.

yoll

JUST MY PERSONAL SITE

1 Pal<etml e nbaf>,jun serve< deogan ubuntu ..(ubU1tu to.. bukan dt<blan faQij

2 Ml<roeikfl;Pwall
3 MlkroeikHot'I>Ol
Nar tma kamo Jll,la al<an colla membuat pembahasan untul< paket ang tarnnya. Yang
<ayo hu.11 ko o rno rt" bog;rrmona mmbngun server (g>teway, OlliS, Web5e<VPr, CMS) dl
ubuntu Untuk pcrcobaan k.111 101 kam mcramunya dengan samulaSI Vlrtu;d semu

Anrna ada 2 OS dalam vtnualrsasa nya yairu ubunru 15.04 32 bit dan Windows 7
Pada d._ts._unya s1 wa SMK 1urusan TKJ pastJ bsa mcngcqakan m1 karcna matf'rl 101
&udah ser1nv drsarnparkan pada rnaten Sysadrnrn. JAdr nggak terlalu wall deh. Jildl

>t' CV$tom;ze

Genfllared Fn, 0] Jan

1970 01:28:44 GJ1T b_,
192.168.200.1 ( Jfikronk:
HrtpProxyJ

Pada d._ts._unya s1 wa SMK 1urusan TKJ pastJ bsa mcngcqakan m1 karcna matf'rl 101
&udah ser1nv drsarnparkan pada rnaten Sysadrnrn. JAdr nggak terlalu wall deh. Jildl

>t' CV$tom;ze

Pengujian Koneksi

Menggunakan Koneksi Kabel

fi lS) Facebook

+-

Kompas.com - Rayakan P

J\

Linux.or.id - G erbang Info

C [] www.linux.o r.id
.1-unuX.or.id

LINUX PE.MULA

KOMIX LINUX

!@I
Aparat De s a dilatih OS Linux & Membuat Blog
Ram tndrast1a Llnux susah?
Biasa aJa ah..

Pengujian Koneksi

Menggunakan Koneksi Kabel Download ISO

)C

f\

L 11ux.or.id - Gerbang lnf

j@

Tha nks for downloading

lw.ubuntu.com/download/desktop/thank-you?country= I D&version= 14.04.3&architecture=amd64

Ubutu

Commuty

UbUntUC9

Ask!

Develope-

Cloud

Des g n

Server

Dsco .. -se

Desktop

Hardware

Phone

lnsigh;:s

Tablet

Juju

loT

Oartners

Shop

Management

ubu ntu-14.04.3-desktop-amd64.iso

Download

Desktop

>

Tha

Download status Speed Umiter Options on completion http:1!

buaya.klas.or.id/iso/ubuntu/releases/14.04.3/t.Jbuntu-14.04.:H:tesktop-amd64.iso
Receiving data...
Status
Rle size
Downloaded
%)
Transfer rate
Time left
Resume capability

Thank yo
Ubuntu

0.982 GB
2.9&7 M B ( 0.29
456.916 KB/sec
45min 41 sec
Yes

l
<< Hide details

Pause

Your download should sta

N.

Downloaded

Info

617.304 KB

ReceMlg data...

Cancel

Bagian 3 Pembatasan Akses Berdasarkan waktu

Membatasi akses internet berdasarkan waktu,, pastinya
membutuhkan sinkron waktu terlebih dahulu.
MMM
MI004
MMM
MMM

MMM

MI004

100{
100{

MMM MMKH MMM III 100{ iOO{

MM MMM
III !0000{
MMM III 100{ 100{
MMM III 100{ 100{

HikroTik

Rout:erOS 6.18 (c) 1999-2014

[?]
corr.mand [? ]
[ Tab]

TTTTTTTTTTT
TTTTTTTTTTT
RRRRRR
000000
TTT
III
RRR RRR 000 000
TTT
III
RRRRRR
000 000
TTT
III
RRR RRR
000000
TTT
III

100{
100{
100{

Move up co base level

Move up one level
/command
Use command at: t:he base level
[admin@ukktkJ ] > system ntp client set enabled=yes prirrarynt:p=id.pool.nt:p.o

MMM

100{ 100{
100{

ht:t:p://www.mikrot:ik.com/

Gives t:he list: of available commands

Gives help on t:he corr.mand and list of a
ents
Complet:es t:he cor.mand/word. If the input is
ambiguous, a second [Tab] gives possible opt:ions

iOO{

!0000{

100{

[adm1@ukktkJ ] > 3j3tem ntp cl1ent

print enabled: yes
primary-ntp:
103.16.199. 21
mode: unica:st
poll-interval: 15m
active-s-erver: 103.16.199.21
last-update-ro:m:
103.16.199. 21 last-updateboer:e:
8m990ms
last-adjustment: -45ms987us
[admin@ukktlc]] >

OJ

admin 4C:5E:OC:B1:90:0f (ukktkj}- WinBoxv6.18 on RB951 2n

(mipsbe}

Mode

------------------------------------------------------------------------------------------------------H-id-e P-a-ssw-o-rd-s ----(-5

IQ]

OK

!i6 Enabled

I
I
WY I

Trne Manual Time Zone

Cancel

Mode: ru;c;st

OK

nme: !14:37:25

Cancel

Date _b/0312016

f'mlary NTP Setver:

[W3.1D.61=9=9.2=1======
Secondaoy NTP Setver: l o:.O::.O::.:O"-======:
Dynamic Servers:

Pol Interval:

LC

....J

J L:I:]
Jan/02/1970 01:33:54

memory
system.info
Jan/0211970 01:34:37 memory system.info
Jan/02/1970 01:35:09 memory system.info.accotrt
Last Update: [00:00:{)1 ago
Jan/0211970 01:35:23 memory system.info.accotrt
Jan/0211970 01:35:39 memory system.info
Last stment: !ij39 532 us
admin Jan/02/1970 01:35:40 memory
changed by admin
Last Bad Packet From:
Jan/0211970 01:35:41 memory system.info.accourt
Last Bad Packet:
Jan/0211970 01:41:38 memory system.info.accotrt
Last Bad Packet Reason: L....--------- l Jan/02/1970 01:41:39 memory system.info.accotrt
Jan/0211970 01:42:06 memory system.info.accotrt
Jan/02/1970 01:42:07 memory system.info.accotrt
Jan/02/1970 01:42:44 memory system.info.accourt
Jan/02/1970 01:42:46 memory system.info.accourt
Jan/0211970 01:43:19 memory system.info
Jan/02/1970 01:51:25 memory interface. info
duplex} Jan/0211970 01:51:27 memory
out via winbox Jan/02/1970 01:51:.27 memory
out via local
Jan/02/1970 01:51:27 memory wireless. info

:=========:;1

Make Supol.(Jif

Q Manual

.Exit

Trne Zone Name:A:s.I i.=:a::..:

a.::k;c:a::::r.t:.a::.
GMT Offset:
R::L.:..7.::0.::.0::.

[256"si========

P-drve Setver:
10.31:6::.:19.291=====;!
Last ate From:
@3.16.199.21

0Partition

0
the proxy access nJe added by admin
the proxy access nJe added by admin

user admin logged in via local

user admin logged out via local
http proxy settings changed by
system.info http proxy settings
user admin logged in via local
user admin logged out via local
user admin logged in via local
user admin logged out via local
user admin logged in via local
user admin logged out via local
user admin logged i1 via local
nat rule added by admin
ether2an ink up (speed 100M. hJ
system.info.accotrt user admin logged
system.info.accourt user admin logged

18:4F:32:5A:22:65@w1an1-wli:disconnected .
recerved disassoc:sendilg station leaving (8}
Jan/0211970 01:52:50 memory system.info.accotrt user admin logged in via winbox
Jan/02/1970 01:52:50 memory system.info.accotrt user admin logged in via local
Jan/0211970 02:00:30 memory system.info.accotrt user admin logged out via local
Jan/02/1970 02:01:05 memory
system.info
SNTP client codiguration changed by
adrrin Feb/0312016 07:35:38 memory
system.info
SNTP client coriiguration changed
by adrrin Feb/0312016 07:36:52 memory
system.info
system time zone settings

DST Active

JI
....J

changed
admi1

Feb/0312016 14:36:53 memory system.info

system time zone settings changed by admin

.La,:, ..-auJ u,:, \.111CUt.. . -..Jm,:, ::7 u t u,:,

[admin@ukktk]
] > 3:i'3tem 3Chedule.:=
print Flags: X - disabled
i NAt4E
START-DATE S'TAR'T-'Tll4E
0

;;; Untuk aktifkan wi:i

wifi hidup
feb/04/2016
07:00:00

admin@4C

ON-EVENT

;;; untuk matikan

wifi wifi mati
( admin@ukttk]
] >

feb/03/2016 19:00:10

RUN-COUNT

12h

/inter:ace set wlan1-wi...

12h

/inter:ace set wlan1-wi...

s=a==-------------------------------------------------------------------------------------- ----------JQii Evert

1

St&t Date

...

aktifk
Feb/0412016 07:00:00
;;;l.fltuk matikan wfi
wfi mali
Feb/0312016
19.00:10'----

wifi hidup

IFnd

12:00:00 ilrterface set ..

drrin

0 Feb/0412016...

12:00:00 !lrterface set ...

0 Feb/03/2016...

adnw'l

Schedule <YI"'' mali>

Ci

[QJ

Name: wiihidup
Start Date: I Feb/0412016

Start
Trne: :
=[70:70:0::=00========1:
::

I OK
I Cancel
I Disable
,Apply

I I

Interval: l 12:00:oo

Nl!
me:_[

OK

Start Date: [Feb/ii312016

Start lime: 1 19:00:10

Cancel

=:=J

Disable

===

Interval: [i_i:oo:oo

Apply

On Evert:

On Evert:
i':/Jrt"-'erf=.:,::::.ac""e-set """la--n-1:--wi-.::-di 7is..a..b,.l,e--d:-"tl0 -

,.

I Corrment
I Copy
I Remove

1nterface set wlan1..,..if i disabled.yes

Comment

Copy
Remove

Owner:
l.a::d:::m:;:i:n.;'--------'

Owner: adrrin

- Policy --------ftp read policy password sensitive

Policy -

F\Jn Count: 0

reboot wrte test sniff

ftp read policy password sensitive

reboot write
test srOff

R1.11 Co1.11t : 0

SCHEDULLAR
Membuat script dan ja

Nelli Run:
F/e03b1192160:0:010==
==

Script Schedule
Untuk menjalankan fungsi penjadwalan pada mikrotik kita perlu memasukkan script yang akan
di jalankan ketika waktu sudah tepat.
Mematikan wireless akses :

I interface set wlanl-wifi disabled=yes

Aktifkan kembali wireless

I interface set wlanl-wifi disabled=no

Pengujiannya bisa dilakukan dan disesuaikan dengan waktu tertentu

Selesai...Selamat mencoba