PEMBAHASAN UKK TKJ 2019 SMKN 5 BATAM

TAHUN AJARAN 2018/2019

1. Tahap Persiapan

interface ethernet set numbers=2 master-port=none

interface ethernet set numbers=3 master-port=none
interface ethernet set numbers=4 master-port=none

ip firewall nat remove numbers=0

ip firewall filter remove numbers=1,2,3,4,5,6,7

ip dhcp-server remove numbers=0

ip dhcp-server network remove numbers=0
ip pool remove numbers=0

( Kemudian ubah IP laptop/pc winbox ke 192.168.88.x/24 dan gateway 192.168.88.1 )

2. IP Address

ip address add address=192.168.100.1/24 interface=ether2 comment=LAN

ip address remove numbers=0

( Kemudian ubah IP laptop/pc winbox ke 192.168.100.x/24 dengan gateway

192.168.100.1 )

ip address add address=192.168.20.x/24 interface=ether1 comment=INTERNET

ip address add address=192.168.200.1/24 interface=ether3 comment=WIFI

3. Firewall NAT

ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

4. Routing

ip route add gateway=192.168.20.254

5. DNS

ip dns set servers=180.131.144.144,180.131.145.145 allow-remote-request=yes

6. DHCP Server
 ip dhcp-server setup

(Lalu ikuti isian berikut)

dhcp server interface: ether2

dhcp address space: 192.168.100.0/24
gateway for dhcp network: 192.168.100.1
addresses to give out: 192.168.100.2-192.168.100.100
dns servers: 180.131.144.144,180.131.145.145
lease time: 10m

ip dhcp server setup

(Lalu ikuti isian berikut)

dhcp server interface: ether3

dhcp address space: 192.168.200.0/24
gateway for dhcp network: 192.168.200.1
addresses to give out: 192.168.200.2-192.168.200.100
dns servers: 180.131.144.144,180.131.145.145
lease time: 10m

(Kemudian ganti setting IP PC/LAPTOP dari static ke DHCP)

7. NTP Client

ping id.ntp.pool.org

(lalu akan ada IP address di kiri nya. Misalkan X.X.X.X)

(Kemudian ctrl+c untuk menghentikan ping nya)

system ntp client set enabled=yes primary-ntp=X.X.X.X (IP yang tadi) secondary-
ntp=108.61.73.243

8. DNS Static

Ping bsnp-indonesia.org

(Lalu akan ada IP Address mis: X.X.X.X)

 (ctrl+c untuk menghentikan PING)

ip dns static add name=mikrotik.co.id address=X.X.X.X

ip dns static add name=*.mikrotik.co.id address=X.X.X.X
ip dns cache flush

(Lalu buka CMD pada PC/LAPTOP dan ketikkan perintah berikut)

ipconfig/flushdns

9. Firewall Blokir Ping

ip firewall filter add chain=input action=drop protocol=icmp src-

address=192.168.100.2-192.168.100.50 dst-address=192.168.20.x (ip ether1)

ip firewall filter add chain=input action=drop protocol=icmp src-

address=192.168.100.2-192.168.100.50 dst-address=192.168.100.1

ip firewall filter add chain=input action=drop protocol=icmp src-

address=192.168.100.2-192.168.100.50 dst-address=192.168.200.1

10. Firewall Logging Rule

ip firewall filter add chain=input log=yes log-prefix=login in-interface=ether2

action=accept

11. Mengijinkan hanya HTTP dan HTTPS ke internet dari CLIENT LAN

ip firewall filter add chain=forward action=drop in-interface=ether2 out-

interface=ether1 protocol=tcp dst-port=!80,443

12. Mengaktifkan WebProxy

ip proxy set enabled=yes port=8080 cache-

administrator=(nama_peserta)@smkn5batam.sch.id

13. Mengalihkan akses web WiFi ke Proxy

ip firewall nat add chain=dstnat in-interface=ether3 protocol=tcp dst-port=80

action=redirect to-port=8080

ip firewall nat add chain=dstnat in-interface=ether2 protocol=tcp dst-port=80

action=redirect to-port=8080
14. Blokir http://www.linux.or.id dari WiFi CLIENT

ip proxy access add dst-host=*.linux.or.id action=deny src-address=192.168.200.0/24

ip proxy access add dst-host=linux.or.id action=deny src-address=192.168.200.0/24

15. Redirect web mikrotik ke bsnp dari LAN

ip proxy access add dst-host=mikrotik.co.id action=deny src-address=192.168.100.0/24

redirect-to=bsnp-indonesia.org

ip proxy access add dst-host=*.mikrotik.co.id action=deny src-

address=192.168.100.0/24 redirect-to=bsnp-indonesia.org

16. Blokir file .mp3 dan .mkv dari WiFi

ip proxy access add path=*.mp3 action=deny src-address=192.168.200.0/24
ip proxy access add path=*.mkv action=deny src-address=192.168.200.0/24

17. Blokir content

ip firewall filter add chain=forward action=drop in-interface=ether3 out-

interface=ether1 content=mikrotik

ip firewall filter add chain=forward action=drop in-interface=ether3 out-

interface=ether1 content=mp3

ip firewall filter add chain=forward action=drop in-interface=ether3 out-

interface=ether1 content=mkv

18. Blokir internet di jam tertentu (soal diubah jadi blokir dari jam 10-11 pagi)

ip firewall filter add chain=forward in-interface=ether3 out-interface=ether1

action=drop time=10h-11h,sun,mon,tue,wed,thu,fri,sat

(Untuk sesi kedua dari jam 16-17 sore)

ip firewall filter add chain=forward in-interface=ether3 out-interface=ether1

action=drop time=16h-17h,sun,mon,tue,wed,thu,fri,sat

NP : Command nya yang di tebalkan+miring

Untuk lebih lengkap (Tutorial Versi Video Silahkan Kunjungi :

https://www.youtube.com/channel/UCne1J-3FZRyodRVxsKR8j9g/featured?
view_as=subscriber