Command Mikrotik

Berikut ini merupakan perintah perintah dasar Mikrotik yang umum
digunakan :
1. Perintah untuk shutdown dan restart computer , ketikkan :
[admin@MikroTik]>system shutdown (Untuk shutdown komputer )
[admin@MikroTik]>system reboot (Untuk restart computer )
[admin@MikroTik]>system reset (Untuk meret konfigurasi yang sudah dibuat sebelumnya).
Dan perlu diperhatikan bahwa perintah – perintah tersebut harus dilakukan pada direktori admin.
2. Perintah untuk merubah nama mesin Mikrotik , ketikkan :

[admin@MikroTik]>/system identity
[admin@MikroTik]>system identity > set name=proxy
Untuk melihat hasil konfigurasi , ketikkan “print” atau “pr”
Contok [admin@MikroTik]system indentity>pr name:”proxy”
Lalu console berubah menjadi [admin@proxy]
3. Perintah merubah password mesin MikroTik , ketikkan

[admin@proxy]>/ password
[admin@proxy]password>old password (jika sebelumnya anda belum mengeset password maka
ketikkan kosong)
[admin@proxy]password>new password :……(ketikkan password yang baru)
[admin@proxy]password>retype new password: ……..(masukkan sekali lagi passowrdnya)
Sebagai contoh :
Jika password lama kosong dan password baru ABCD, maka perintahnya adalah sebagai berikut :
[admin@proxy]>/password
[admin@proxy]password>old password
[admin@proxy]password>new password ABCD
[admin@proxy]password>retype new password ABCD
4. Perintah untuk melihat kondisi interface pada Mikrotik Router :

[admin@Mikrotik] > interface print
Flags: X – disabled, D – dynamic, R – running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
[admin@Mikrotik]>
Jika interfacenya ada tanda X (disabled) setelah nomor (0,1), maka periksa lagi
etherned cardnya, seharusnya R (running).
a. Mengganti nama interface
[admin@Mikrotik] > interface(enter)
b. Untuk mengganti nama Interface ether1 menjadi Public (atau tersenamanya),maka:
[admin@Mikrotik] interface> set 0 name=Public
c. Begitu juga untuk ether2, misalkan namanya diganti menjadi Local, maka
[admin@Mikrotik] interface> set 1 name=Local
d. atau langsung saja dari posisi root direktori, memakai tanda “/”, tanpa tanda kutip
[admin@Mikrotik] > /interface set 0 name=Public
e. Cek lagi apakah nama interface sudah diganti.
[admin@Mikrotik] > /interface print
Flags: X – disabled, D – dynamic, R – running
0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
5. Perintah untuk melihat paket sofwtware MikroTik OS :

[admin@proxy]>/system package
[admin@proxy]system package><ketikkan print atau pr>
Dengan perintah diatas maka akan tampil paket softwore yang ada dalam MikroTik Os Contoh :
[admin@MikroTik system package> pr
Flags : x – disabled
# Name VERSION SCHEDULED
0 X routing – test 2.9.27
1 dhcp 2.9.27
2 radiolan 2.9.27
3 user-menejer 2.9.27
4 X webproxy-test 2.9.27
5 arlan 2.9.27
6 isdn 2.9.27
7 hotspot-fix 2.9.27
8 ppp 2.9.27
9 wireless 2.9.27
10 web-proxy 2.9.27
11 hotspot 2.9.27
12 advanced-tools 2.9.27
13 security 2.9.27
14 Telephony 2.9.27
15 routing 2.9.27
16 synchronous 2.9.27
17 system 2.9.27
18 routerboard 2.9.27
19 rstp-bridge-test 2.9.27
20 X wireless-legecy 2.9.27
Untuk melihat lebih detailnya, ketikan :

[admin@proxy]system package > pr detail fl gs : x – disabled
0 x name=”routing-test” version=”2.9.27” build – time =jul/03/2006 10:57:53 scheduled
1 name =”system”version =”2.9.27” build – time=jul/03/2006 10 :56:37
schedule
2 name =”system”version =”2.9.27” build – time=jul/03/2006 10 :56: 44
schedule
3 name=”web-proxy” version=”2.9.27” build-time=jul/03/2006 10:`58 :03
schedule
4 name=”advanced –tools” version=”2.9.27” build –time=jul /03/2006 10:56
: 41 scheduled=””
5 name=”dhcp” version=”2.9.27” build-time=jul/03/2006 10:56:45
scheduled=””
6 name =”hotspot”version=”2.9.27”build-time=jul/03/2006 10:56:58
scheduled=””
7 x name=”webproxy-test” version=”2.9.27” build-time=jul / 03 /2006
10:57:52 scheduled
name=”routerboard” version =”2.9.27” build-time=jul / 03 / 2006 10: 57 : 8
] down ‫ ׀‬up ‫ ׀‬D dump ‫ ׀‬q quit[– 17
6. Perintah untuk mengupgrade paket software router :

[admin@Mikrotik] system upgade>
To upgrade chosen packages :
Download 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
7. Perintah mengaktifkan paket software yang ada dalam MikroTik OS :

[admin@Mikrotik]system page>
Enable <ketikkan paket yang dikehendaki>
Contoh :
[admin@proxy] system package> enable dhcp
8. Perintah merubah nama ethernet pada mesin MikroTik OS:

[admin@proxy]>/interface
[admin@proxy]interface>ethernet set etherl nama=public
Atau dengan menggunakan perintah
[admin@proxy]interface>set<ketikan number ethernet yang terpasang>
name=<nama ethernet yang baru >
contoh :
[admin@proxy]interface> set 0 name=public
[admin@proxy]interface>set 1 name=lan
Atau
[admin@proxy]interface>
set 0 name=public; set 1 name=lan
9. Perintah setting IP address pada mesin MikroTik OS :

[admin@proxy]> ip address
[admin@proxy]ip address>
Add interface=<nama interface>anddress=
(ketikkan IP address/subnet mask interface)
Contoh :
Jika nama interfacenya “lan” dan IP address yang dikehendaki : 192.168.01 dan subnet mask :
255.255.255.0, maka perintahnya sebagai berikut
[admin@proxy]>/ ip address
[admin@proxy]ip address >
Add interface=lan address = 192.168.0.1/24
10. Perintah setting IP DNS primaty dan Secondary :

[admin@proxy]./ip dns
[admin@proxy]ip dns>
Set nama-dns>=<Ip dns dari ISP>
Contoh :
Jika IP DNS primary ISP : 202.134.1.10 dan secondary:
202.134.0.0155, maka perintahnya adalah sebagai berikut :
[admin@proxy]./ip dns
Set primary-dns= 202.134.1.10
Set secondary-dns=202.134.0.155
11. Perintah setting IP Gateway pada mesin MikroTik OS

[admin@proxy]>/ip route
[admin@proxy]ip route >add gateway=<ip gatway
Contoh IP gateway dari ISP : 202.134.1.1, maka perintahnya :
[admin@proxy]>/ ip route
[admin@proxy] ip route>
add gateway=202.134.1.1
12. Perintah Network address Translate (NAT) pada mesin MikroTik OS

[admin@proxy]>/ip firewall nat
[admin@proxy]ip firewall nat>
add chain=srcnat out-interface=<etherface yang terhubung
dengan jaringan WAN> scr-address=
<network-id interface yang terhubung dengan LAN / subnet mask interface
LAN> action=masqurade
Contoh :
jika network-id interface LAN :”192.168.0.0” dan subnet
Mask :”255.255.255.0”. untuk interface mesin MikroTik OS yang terhubung ke jaringan
WAN : “pubilk”, maka perintahnya sebagai berikut :
[admin@proxy] >/ip firewall nat
[admin@proxy[ ip firewall nat>
Add chain=srcnat out-interface=public
Scr-address=192.168.0.0/24 action=masquerade
1. Memberi Nama Router
/system identity set name=RouterKu
2. Melihat Interface yang terpasang
/interface print
3. Memberi Nama pada Interface Ethernet
/interface ethernet set ether1 name=Public

/interface Ethernet set ether2 name=Local
atau
/interface set 0 name=Public
/interface set 1 name=Local
atau
/ interface set 0 name=Public; set 1 name=Local
4. Memberi IP Address pada interface Public dan Local
/ip address add address=192.168.67.100/24 interface=Public

/ip address add address=10.10.11.2/24 interface=Local
5.Mengganti IP Address pada Interface Local
/ip address remove 1

/ip address add address=172.16.10.100/24 interface=Local
6. Menambahkan DNS Resolver , Primary DNS dan Secondary DNS
/ip dns static add name=dnsku.com address=172.16.10.100

/ip dns set primary-dns=203.78.115.215 secondary-dns=203.78.115.222 allow-remote-request=yes
7. Menambahkan default gateway
/ ip route add dst-address=0.0.0.0/0 gateway=192.168.67.2 Atau

/ip route add gateway=192.168.67.2
* Misal IP gateway yang digunakan adalah 192.168.67.2
8. Menambahkan NAT Masquerade
/ip firewall nat add chain=srcnat src-address=172.168.10.0/24 out-interface=Public action=masquerade
9.Menambahkan DHCP Server
- Buat IP Pool
/ip pool add name = ippool1 ranges= 172.16.10.1-172.16.10.10
-Setup DHCP Server

/ip dhcp-server add interface=Local address=ippool1
- Setup Netwok; Gateway, DNS Server,..

/ip dhcp-server network add address=172.16.10.0/24 gateway=172.16.10.100 s=dns-server=203.78.115.222
10. Membuat Mark Connection yang nantinya di pakai untuk memilah Paket
/ip firewall mangle add chain=forward src-address=172.16.10.1 action=mark-connection new-connection-mark=billing

/ip firewall mangle add chain=forward src-address=172.16.10.2 action=mark-connection new-connection-mark=pc1
11. Membuat mark packet untuk Queue, yang didapat dari mark connection
/ip firewall mangle add chain=forward connection-mark=billing action=mark-packet new-packet-mark=billing

/ip firewall mangle add chain=forward connection-mark=pc1 action=mark-packetnew-packet-mark=pc1
12. Membuat Parent tertinggi Queue
/queue tree add name=E-Net parent=ether2 max-limit=10000000
13. Membuat Queue per terminal
/queue tree add name=pcbil packet-mark=billing parent=E-Net limit-at=64000max-limit=250000

/queue tree add name=pc1 packet-mark=pc1 parent=E-Net limit-at=64000 max-limit=250000
14. Firewall Basic
/ ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”

add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”
add chain=virus protocol=tcp dst- port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst- port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=tcp dst- port=593 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
add chain=virus protocol=tcp dst- port=1080 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst- port=1214 action=drop comment=”________”
add chain=virus protocol=tcp dst- port=1363 action=drop comment=”ndm requester”
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
add chain=virus protocol=tcp dst- port=1368 action=drop comment=”screen cast”
add chain=virus protocol=tcp dst- port=1373 action=drop comment=”hromgrafx”
add chain=virus protocol=tcp dst- port=1377 action=drop comment=”cichlid”
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
add chain=virus protocol=tcp dst- port=2745 action=drop comment=”Bagle Virus”
add chain=virus protocol=tcp dst- port=2283 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
add chain=virus protocol=tcp dst- port=2745 action=drop comment=”Drop Beagle.C-K”
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot,Gaobot”
add chain=forward action=accept protocol=tcp dst-port=80 comment=”Allow HTTP”
add chain=forward action=accept protocol=tcp dst-port=25 comment=”Allow SMTP”
add chain=forward protocol=tcp comment=”allow TCP”
add chain=forward protocol=icmp comment=”allow ping”
add chain=forward protocol=udp comment=”allow udp”
add chain=forward action=drop comment=”drop everything else”
add chain=input src-address-list=”port scanners” action=drop comment=”dropping portscanners” disabled=no
/ ip firewall filter add chain=virus protocol= udp dst-port=135 action=drop comment=”Confiker” disabled=no
/ ip firewall filter add chain=virus protocol= tcp dst-port=135 action=drop comment=”Confiker” disabled=no
15. Set jam Otomatis
system ntp client set primary-ntp=0.pool.ntp.org secondary-ntp=3.pool.ntp.org enabled=yes
16. Membackup System configuration
/system backup save name="Backup-versi1"
17. Restore System configuration
/system backup load name="Backup-versi1"

[admin@MikroTik] > ?
beep --
blink --
certificate -- Certificate management
delay -- does nothing for a while
do -- executes command
driver -- Driver management
environment -- list of all variables
error -- make error value
execute -- run script as separate console job
file -- Local router file storage.
find -- Find items by value
for -- executes command for a range of integer values
foreach -- executes command for every element in a list
global -- set value global variable
if -- executes command if condition is true
import --
interface --
ip -- IP options
led --
len -- return number of elements in value
local -- set value of local variable
log -- System logs
metarouter --
mpls --
nothing -- do nothing and return nothing
parse -- build command from text
password -- Change password
pick -- return range of string characters or array values
ping -- Send ICMP Echo packets
port -- Serial ports
ppp -- Point to Point Protocol
put -- prints argument on the screen
queue -- Bandwidth management
quit -- Quit console
radius -- Radius client settings
redo -- Redo previously undone action
resolve -- perform a dns lookup of domain name
routing --
set -- Change item properties
setup -- Do basic setup of system
snmp -- SNMP settings
special-login -- Special login users
store --
system -- System information and utilities
terminal -- commands related to terminal handling
time -- returns time taken by command to execute
toarray -- convert argument to array value
tobool -- convert argument to truth value
toid -- convert argument to internal number value
toip -- convert argument to IP address value
toip6 -- convert argument to IPv6 address value
tonum -- convert argument to integer number value
tool -- Diagnostics tools
tostr -- convert argument to string value
totime -- convert argument to time interval value
typeof -- return type of value
undo -- Undo previous action
user -- User management
while -- executes command while condition is true
export -- Print or save an export script that can be used to restore configuration
[admin@MikroTik] >
Lanjut......
1. Looking at the condition of the interface on Router Mikrotik
[Admin @ MikroTik]> interface print

Flags: X - disabled, D - dynamic, R - running
[Admin @ MikroTik]>
If there is an X interface (disabled) after the number (0.1), then check again etherned card, should
be R (running).
a. Renaming interface
[Admin @ MikroTik]> interface (enter)
b. To rename a Public Interface ether1 (or whatever his name), then

[Admin @ MikroTik] interface> set 0 name = Public
c. Likewise for ether2, say his name changed to Local, then

[Admin @ MikroTik] interface> set 1 name = Local
d. or just from the position of the root directory, use the sign "/", without quotes
[Admin @ MikroTik]> / interface set 0 name = Public
e. Check again if the interface name had been changed.

[Admin @ MikroTik]> / interface print
Flags: X - disabled, D - dynamic, R - running

0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
2. - Change the default password

To change the default password security
[Admin @ Mikrotik]> password
old password: *****
New password: *****
Retype new password: *****
[Admin @ Mikrotik]]>
3. - Renaming hostname
Renaming Mikrotik Router for easy configuration, in this step
server name will be changed to "myrouter"
[Admin @ MikroTik]> system identity set name = myrouter

[Admin @ myrouter]>
4. - Setting the IP Address, Gateway, and Name Server Masqureade
- [4.1] - IP Address
Order form configuration
ip address add address = {ip address / netmask} interfaces = {interface name}

a. Provides the IP address on the interface Mikrotik. Public suppose we will use to
connection to the Internet with IP 192.168.1.2 and the Local will be used for the LAN network
us with the IP 192.168.0.30 (See topology)
[Admin @ myrouter]> ip address add address = 192.168.1.2 \

netmask = 255.255.255.0 interface = Public comment = "IP to the Internet"
[Admin @ myrouter]> ip address add address = 192.168.0.30 \

netmask = 255 255 255 224 interface = Local comment = "IP to the LAN"
b. Viewing the IP address configuration we have given
[Admin @ myrouter]> ip address print

Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0;;; IP Address to the Internet
192.168.0.30/27 192.168.0.0 192.168.0.31 Local
1;;; IP Address to the LAN
192.168.1.2/24 192.168.0.0 192.168.1.255 Public
[Admin @ myrouter]>
- [4.2] - Gateway
Forms Configuration Commands
ip route add gateway = {ip gateway}
a. Providing default gateway, the gateway to the internet connection is assumed is

192.168.1.1
[Admin @ myrouter]> / ip route add gateway = 192.168.1.1
b. Viewing the routing table on MikroTik Routers
[Admin @ myrouter]> ip route print
Flags: X - disabled, A - active, D - dynamic,

C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE PREFSRC
0 ADC 192.168.0.0/24 192.168.0.30 Local
1 ADC 192.168.0.0/27 192.168.1.2 Public
2 A S 0.0.0.0 / 0 r 192.168.1.1 Public
[Admin @ myrouter]>
c. Ping test to the Gateway to ensure the configuration is correct
[Admin @ myrouter]> ping 192.168.1.1

192.168.1.1 64 byte ping: ttl = 64 time <1 ms 192.168.1.1 64 byte ping: ttl = 64 time <1 ms 2
packets transmitted, 2 packets received, 0% packet loss round-trip min / avg / max = 0/0.0/0 ms
[Admin @ myrouter]>
- [4.3] - NAT (Network Address Translation)
ip firewall nat add chain = srcnat action = masquerade out-inteface = {ethernet

are directly connected to the Internet or Public}
a. Setup Masquerading, if Mikrotik will we use as a gateway server so that

client computer on the network can connect to the internet we need to masquerading.
[Admin @ myrouter]> ip firewall nat add chain = scrnat out-interface = Public action = masquerade
[Admin @ myrouter]>
b. Look at the configuration Masquerading
[Admin @ myrouter] ip firewall nat print

Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = Public action = masquerade
[Admin @ myrouter]>
- [4.4] Name servers
ip dns set primary-dns = {primary} secondary-dns dns dns = {second}
a. Setup DNS on Mikrotik Routers, eg DNS with Ip Addressnya

Primary = 202.134.0.155, Secondary = 202.134.2.5
[Admin @ myrouter]> ip dns set primary-dns = 202.134.0.155 allow-remoterequests = yes

[Admin @ myrouter]> ip dns set secondary-dns = 202.134.2.5 allow-remoterequests = yes
b. Viewing the configuration control
[Admin @ myrouter]> ip dns print

primary-dns: 202.134.0.155
secondary-dns: 202.134.2.5
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[Admin @ myrouter]>
c. Tests for the access domain, for example with ping domain name
[Admin @ myrouter]> ping yahoo.com

216 109 112 135 64 byte ping: ttl = 48 time = 250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min / avg / max = 571/571.0/571 ms
[Admin @ myrouter]>
If you have successfully reply mean DNS settings are correct.
After this step can be done to check the connection from the local network. And if
means we have successfully managed to install Mikrotik Router as a Gateway
server. After connecting with Mikrotik network can be managed using the WinBox
can be downloaded from the server mikrotik Mikrotik.com or from us. Eg Ip address server
mikrotik we 192.168.0.30, via a browser open http://192.168.0.30. In the Browser will be displayed
in a web form with multiple menus, search and download text Download WinBox from there.
Save on the local hard drive. Winbox Run, enter the IP address, username and password.
5. - DHCP Server
DHCP stands for Dynamic Host Configuration Protocol, which is a program that
allows setting the IP Address on a network performed on a centralized server,
so the PC Client does not need to configure IP Address. DHCP allows an administrator
for addressing the ip address for the client.
Form of configuration commands
ip dhcp-server setup
dhcp server interfaces = {interface used}
dhcp server space = {network that will be in dhcp}
gateway for dhcp network = {ip gateway}
address to give out ip address = {range}
dns servers = {server name}
lease time = {} of the lease granted
If we want the client get IP address automatically then we need to setup

dhcp server on the Mikrotik. Here are the steps:
a. Add the IP address pool
/ Ip pool add name = dhcp-pool ranges = 192.168.0.1-192.168.0.30
b. Add a DHCP Network and gateway that will be distributed to the client.
In this example networknya gateway is 192.168.0.0/27 and 122.168.0.30
/ Ip dhcp-server network add address = 192.168.0.0/27 gateway = 192.168.0.30 dns-server =

192.168.0.30 \
comment = ""
c. Add a DHCP server (in this example applied to the Local interface dhcp)
/ Ip dhcp-server add interface = local address-pool = dhcp-pool
d. Check the status of the DHCP server

[Admin @ myrouter]> ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
Local 0dhcp1
X states that the DHCP server has not enabled it is necessary first dienablekan
previously in step e.
e. Do not Forget made first enable dhcp server
/ Ip dhcp-server enable 0
then check back to the dhcp-server such as step 4, if X has no meaning

already active
f. Tests From the client
For example:
D: \> ping www.yahoo.com
6.- Transparent Proxy Server
Proxy server is a program that can speed up access to a web
that have been accessed by another computer, because it was in the store in
caching proxy server.Transparent profitable in client management,
because system administrators do not need to setup a proxy in
each client computer's browser for the automatic redirection is performed on the
server.
Form of configuration commands:

a. Web proxy settings:
- Ip proxy set enabled = yes

port = {port that will be used}
maximal-client-connections = 1000
maximal-server-connections = 1000
- Ip proxy direct add src-address = {network that will be

NAT} action = allow
- Ip web-proxy set parent-proxy = {proxy parent / optional}

hostname = {hostname for the proxy / optional}
port = {port that will be used}
src-address = {address will be used for connection
to the parent proxy / default 0.0.0.0}
transparent-proxy = yes
max-object-size = {maximum size file to be saved
as a cache / default 4096 in Kilobytes}
max-cache-size = {maximum size hard drive that will
used as a storage cache file / unlimited
| None | 12 in megabytes}
cache-administrator = {email administrator that will be used
if a proxy error, the status will be sent
to email}
enable == yes
Sample configuration
-------
a. Web proxy settings
/ Ip web-proxy
set enabled = yes src-address = 0.0.0.0 port = 8080 \
hostname = "proxy.myrouter.com" transparent-proxy = yes \
parent-proxy = 0.0.0.0:0 cache-administrator = "support@myrouter.com" \
max-object-size = 131072KiB cache-drive = system max-cache-size = unlimited \
max-ram-cache-size = unlimited
Nat Redirect, the rule should be added to deflect REDIRECTING

HTTP traffic to the WEB-PROXY.
b. Setting for Transparant proxy firewall
ip firewall nat add chain = dstnat

protocol = tcp
dst-port = 80
action = redirect
to-ports = {proxy port}
The command:
---------------------------
/ Ip firewall nat
add chain = dstnat protocol = tcp dst-port = 80 action = redirect to-ports = 8080 \
comment = "" disabled = no
comment = "" disabled = no
---------------------------
above command is intended, so that all traffic to Port 80,3128,8000

deflected toward the port 8080 is a Web-Proxy port.
NOTE:
Command
/ Ip web-proxy print {to see the results of a web-proxy configuration}

/ Ip web-proxy monitor for monitoring the work {web-proxy}
7. - Bandwidth Management
QoS plays an important role in terms of providing services good on the client. For that we need the
bandwidth management for each data set is passed, so the division of bandwidth into fair. In this
case also includes a packet RouterOS software for memanagement bandwidth.
queue simple add name = {name}

target-addresses = {ip address of the destination}
interfaces = {interface used to pass data}
max-limit = {out / in}
Below there is a configuration of traffic shaping or bandwidth management with Simple Queue
method, as the name implies, this type of queue is simple, but has a weakness, sometimes leak
bandwidth or bandwidth is not real in the monitor. Usage for 10 clients, Queue type is not a
problem.
Client is assumed there are as many as 15 clients, and each client was given ration of 8kbps
minimum bandwidth, and a maximum of 48kbps. Whereas Total bandwidth of 192Kbps. For the
upstream is not given a rule, means each client can use the bandwidth uptream maximum. Note the
priority command, the range of priority in Mikrotik eight. Means from 1 to 8, priority 1 is highest
priority, while priority 8 is the lowest priority.
The following example kongirufasinya.

---------------------------
/ Queue simple
add name = "trafikshaping" target-addresses = 192.168.0.0/27 dst-address = 0.0.0.0 / 0 \
interface = all parent = none priority = 1 queue = default / default \
limit-at = 0 / 64 000 max-limit = 0 / 192 000 total-queue = default disabled = no
add name = "01" target-addresses = 192.168.0.1/32 dst-address = 0.0.0.0 / 0 \
interface = all parent = trafikshaping priority = 1 queue = default / default \
limit-at = 0 / 8000 max-limit = 0 / 48000 total-queue = default disabled = no
The command above because in the form of the command line, can also copy paste, then paste it
into the consol mikrotiknya. remember see first path or active directory. Please dipaste course, if the
position
direktorynya in Root.
-----------------------
Terminal vt102 detected, using multiline input mode
[Admin @ MikroTik]>
----------------------
Another option is the method of bandwidth management, if if wanted bandwidth is shared equally
by Mikrotik, such as bandwidth 256kbps downstream and 256kbps upstream. While the client will
access as many as 10 clients, each client automatically gets a small upstream and downstream
bandwidth of 256kbps divided by 10. So each one can be 25.6 kbps. If only 2 Client who access it
each can be 128kbps.
For that type used PCQ (Per Connection Queue), which can be automatically divide the traffic per
client. About the type of queue in mikrotik This can be read on the manual in
http://www.mikrotik.com/testdocs/
ros/2.9/root/queue.php.
Previously need to be made a rule in the mangle. Such as:
-----------------------
/ Ip firewall mangle add chain = forward src-address = 192.168.0.0/27 \
action = mark-connection new-connection-mark = users-con
/ Ip firewall mangle add connection-mark = users-con action = mark-packet \
new-packet-mark = users chain = forward
------------------------
Because type PCQ does not exist, then it needs to be added, there are two types of this PCQ. First
named pcq-download, which will regulate all traffic through the destination address / destination
address. Traffic is passing Local interface. So that all traffic download / downstream coming from
the network 192.168.0.0/27 will be shared automatically.
PCQ second type, called pcq-upload, to regulate all upstream traffic derived from the source
address / source address. Traffic is passing public interface. So that all traffic upload / upstream
originating from the network 192.168.0.0/27 will be shared automatically.
Command:
-------------------------
/ Queue type add name = pcq-download kind = pcq pcq-classifier = dst-address
/ Queue type add name = pcq-upload kind = pcq pcq-classifier = src-address
-------------------------
Once the rules for the PCQ and Mangle added, now for the rules traffic division. Queue Queue Tree
is used, ie:
-------------------------
/ Queue tree add parent = Local queue = pcq-download packet-mark = users
/ Queue tree add parent = Public queue = pcq-upload packet-mark = users
-------------------------
The command above assumes that if the bandwidth received from the provider Internet
berflukstuasi or changing. If we believe that the bandwidth received, for example can 256kbs
downstream, and 256kbps upstream, then No more rules, such as:
For downstream traffic:

------------------------
/ Queue tree add name = Download parent = Local max-limit = 256k
/ Queue tree add parent = Download queue = pcq-download packet-mark = users
-------------------------
And upstream traffic:

-------------------------
/ Queue tree add name = Upload parent = Public max-limit = 256k
/ Queue tree add parent = Upload queue = pcq-upload packet-mark = users
-------------------------
8. - MRTG Monitor via Web
This facility is necessary for monitoring traffic in the form of graphs, can viewed using a browser.
MRTG (The Multi Router Traffic Grapher) has dibuild such a way that allows us to use it. Already
available packaged basically.
Example configuration
-------------------------
/ Tool graphing
set store-every = 5min
/ Tool graphing interface
add interface = all allow-address = 0.0.0.0 / 0 store-on-disk = yes disabled = no
-------------------------
The above command will display a graph of the traffic that passes through the interface good
network of Public Interface and Local Interface, which rendered every 5 minutes. Addresses can
also be set anything that can access MRTG is, the allow-address parameter.
9. - Security in Mikrotik
After some configuration above has been prepared, of course not forgetting our consider the
security of this mikrotik gateway machine, there are few facilities used. In this case will be
discussed on the firewall. Facilities
The underlying this firewall is similar to IP TABLES on Gnu / Linux only some commands have
been simplified but efficient.
In Mikrotik firewall command is contained in IP mode, ie
[Admin @ myrouter]> / ip firewall
There are several packet filters like mangle, nat, and filters.
-------------------------
[Admin @ myrouter] ip firewall>?
Firewall allows IP packet filtering on per packet basis.
.. - Go up to the ip
mangle / - The packet marking management
nat / - Network Address Translation
connection / - Active Connections
filter / - Firewall filters
address-list / -
service-port / - Service port management
export -
-------------------------
For this time we will see the ip firewall filter configuration.
Because the breadth of the firewall filter parameters for the discussion of Firewall Filters can be
seen in the manual mikrotik, in http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php
Configuration below can block some of the Trojan, Virus, Backdoor which have been identified
previously used either Port Numbers and Protocols. It has also been configured to withstand the
flooding of the Network and Public Local network. As well as providing rules for access control in
order, Range only certain tissues that can perform remote or access the service Mikrotik specific to
our machine.
Sample Application filter

--------------------------
/ Ip firewall filter
add chain = input connection-state = invalid action = drop comment = "Drop Invalid \
connections "disabled = no
add chain = input src-address =! 192.168.0.0/27 protocol = tcp src-port = 1024-65535 \
dst-port = 8080 action = drop comment = "Block to Proxy" disabled = no
add chain = input protocol = udp dst-port = 12667 action = drop comment = "trinoo" \
disabled = no
disabled = no
disabled = no
disabled = no
disabled = no
disabled = no
add chain = input protocol = tcp dst-port = 27444 action = drop comment = "trinoo" \
disabled = no
disabled = no
disabled = no
disabled = no
disabled = no
disabled = no
add chain = input connection-state = established action = accept comment = "Allow \
Established connections "disabled = no
add chain = input protocol = udp action = accept comment = "Allow UDP" disabled = no
add chain = input protocol = icmp action = accept comment = "Allow ICMP" disabled = no
add chain = input src-address = 192.168.0.0/27 action = accept comment = "Allow access \
to router from known network "disabled = no
add chain = input action = drop comment = "Drop anything else" disabled = no
add chain = forward protocol = tcp connection-state = invalid action = drop \
comment = "drop invalid connections" disabled = no
add chain = forward connection-state = established action = accept comment = "allow \
already established connections "disabled = no
add chain = forward connection-state = related action = accept comment = "allow \
related connections "disabled = no
add chain = forward src-address = 0.0.0.0 / 8 action = drop comment = "" disabled = no
add chain = forward dst-address = 0.0.0.0 / 8 action = drop comment = "" disabled = no
add chain = forward protocol = tcp action = jump jump-target = tcp comment = "" \
disabled = no
add chain = forward protocol = udp action = jump jump-target = udp comment = "" \
disabled = no
add chain = forward protocol = icmp action = jump jump-target = icmp comment = "" \
disabled = no
add chain = tcp protocol = tcp dst-port = 69 action = drop comment = "deny TFTP" \
disabled = no
add chain = tcp protocol = tcp dst-port = 111 action = drop comment = "deny RPC \
portmapper "disabled = no
add chain = tcp protocol = tcp dst-port = 135 action = drop comment = "deny RPC \
add chain = tcp protocol = tcp dst-port = 137-139 action = drop comment = "deny NBT" \
disabled = no
add chain = tcp protocol = tcp dst-port = 445 action = drop comment = "deny cifs" \
disabled = no
add chain = tcp protocol = tcp dst-port = 2049 action = drop comment = "deny NFS" \
disabled = no
add chain = tcp protocol = tcp dst-port = 12345-12346 action = drop comment = "deny \
NetBus "disabled = no
add chain = tcp protocol = tcp dst-port = 20034 action = drop comment = "deny NetBus" \
disabled = no
add chain = tcp protocol = tcp dst-port = 3133 action = drop comment = "deny \
BackOriffice "disabled = no
add chain = tcp protocol = tcp dst-port = 67-68 action = drop comment = "deny DHCP" \
disabled = no
add chain = udp protocol = udp dst-port = 69 action = drop comment = "deny TFTP" \
disabled = no
add chain = udp protocol = udp dst-port = 111 action = drop comment = "deny PRC \
add chain = udp protocol = udp dst-port = 135 action = drop comment = "deny PRC \
add chain = udp protocol = udp dst-port = 137-139 action = drop comment = "deny NBT" \
disabled = no
add chain = udp protocol = udp dst-port = 2049 action = drop comment = "deny NFS" \
disabled = no
add chain = udp protocol = udp dst-port = 3133 action = drop comment = "deny \
BackOriffice "disabled = no
add chain = input protocol = tcp psd = 21.3 s, 3.1 action = add-src-to-address-list \
address-list = "port scanners" address-list-timeout = 2w comment = "Port \
scanners to list "disabled = no
add chain = input protocol = tcp tcp-flags = fin,! syn,! rst,! PSH,! ack,! URG \
action = add-src-to-address-list address-list = "port scanners" \
address-list-timeout = 2w comment = "NMAP FIN Stealth scan" disabled = no
add chain = input protocol = tcp tcp-flags = fin, syn action = add-src-to-address-list \
address-list = "port scanners" address-list-timeout = 2w comment = "SYN / FIN \
scan "disabled = no
add chain = input protocol = tcp tcp-flags = syn, rst action = add-src-to-address-list \
address-list = "port scanners" address-list-timeout = 2w comment = "SYN / RST \
scan "disabled = no
add chain = input protocol = tcp tcp-flags = FIN, PSH, URG,! syn,! rst,! ack \
address-list-timeout = 2w comment = "FIN / PSH / URG scan" disabled = no
add chain = input protocol = tcp tcp-flags = fin, syn, rst, PSH, ACK, URG \
address-list-timeout = 2w comment = "ALL / ALL scan" disabled = no
add chain = input protocol = tcp tcp-flags =! fin,! syn,! rst,! PSH,! ack,! URG \
address-list-timeout = 2w comment = "NMAP NULL scan" disabled = no
add chain = input src-address-list = "port scanners" action = drop comment = "dropping \
port scanners "disabled = no
add chain = icmp protocol = icmp icmp-options = 0:0 action = accept comment = "drop \
invalid connections "disabled = no
add chain = icmp protocol = icmp icmp-options = 3:0 action = accept comment = "allow \
established connections "disabled = no
already established connections "disabled = no
source quench "disabled = no
echo request "disabled = no
time exceed "disabled = no
parameter bad "disabled = no
add chain = icmp action = drop comment = "deny all other types" disabled = no
add chain = tcp protocol = tcp dst-port = 25 action = reject \
reject-with = icmp-network-unreachable comment = "smtp" disabled = no
add chain = tcp protocol = udp dst-port = 25 action = reject \
add chain = tcp protocol = tcp dst-port = 110 action = reject \
--------------------------
- [10/01] - Service and Viewing the Active Service with PortScanner
To ensure that any active service in Machine mikrotik, we need to scan to a specific port, if there
are services that are not needed, better off alone.
To disable and enable servise, the command is:
We verify what services are active
----------------------------
[Admin @ myrouter]> ip service
[Admin @ myrouter] ip service> print
# NAME PORT ADDRESS CERTIFICATE
X 0 telnet 23 0.0.0.0 / 0
1 ftp 21 0.0.0.0 / 0
2 www 80 0.0.0.0 / 0
3 ssh 22 0.0.0.0 / 0
4 www-ssl 443 0.0.0.0 / 0 none
[Admin @ myrouter]ip service>
----------------------------
Suppose the FTP service is disabled, ie in the above list is located at

number 1 (see Flags) then:
---------------------------
[Admin @ myrouter] ip service> set 1 disabled = yes
---------------------------
We need to check again,

---------------------------
[Admin @ myrouter] ip service> print
# NAME PORT ADDRESS CERTIFICATE
X 0 telnet 23 0.0.0.0 / 0
1 X ftp 21 0.0.0.0 / 0
2 www 80 0.0.0.0 / 0
3 ssh 22 0.0.0.0 / 0
4 www-ssl 443 0.0.0.0 / 0 none
[Admin@myrouter] ip service>
---------------------------
Now the FTP service has been disabled.
Using nmap tool we can check what ports are active on the machine
gateway has been configured.
Command: nmap-vv-sS-sV-P0 192.168.0.30
Results:
-----------------------------
Starting Nmap 4.20 (http://insecure.org) at 2007-04-04 19:55 SE Asia Standard Time
Initiating ARP Ping Scan at 19:55
Scanning 192.168.0.30 [1 port]
Completed ARP Ping Scan at 19:55, 0.31s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:55
Completed Parallel DNS resolution of 1 host. at 19:55, 0.05s elapsed
Initiating SYN Stealth Scan at 19:55
Scanning 192.168.0.30 [1697 ports]
Discovered open port 22/tcp on 192.168.0.30
Completed SYN Stealth Scan at 19:55, 7.42s elapsed (1697 total ports)
Initiating Service scan at 19:55
Scanning 8 services on 192.168.0.30
Completed Service scan at 19:57, 113.80s elapsed (8 services on 1 host)
Host 192.168.0.30 Appears to be up ... good.
Interesting ports on 192.168.0.30:
Not shown: 1689 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp MikroTik router ftpd 2.9.27
22/tcp open ssh OpenSSH 2.3.0 mikrotik 2.9.27 (protocol 1.99)
53/tcp open domain?
80/tcp open http MikroTik router http config
2000/tcp open callbook?
3128/tcp open http-proxy Squid webproxy 2.5.STABLE11
3986/tcp open mapper-ws_ethd?
8080/tcp open http-proxy Squid webproxy 2.5.STABLE11
2 services unrecognized despite returning data. If you know the service / version,
please submit the following fingerprints at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi:
============== NEXT SERVICE FINGERPRINT (SUBMIT Individually )==============

SF-Port53-TCP: V = 4.20% I = 7% D = 4 / 4% Time = 4613A03C% P = i686-pc-windows-
windows% r (D
SF: NSVersionBindReq, E, "\ x0c \ x06 \ x81 \ x84")% r (DNSStatusR
SF: equest, E, "\ x0c \ X90 \ x84");
============== NEXT SERVICE FINGERPRINT (SUBMIT Individually )==============
SF-Port2000-TCP: V = 4.20% I = 7% D = 4 / 4% Time = 4613A037% P = i686-pc-windows-
windows% r
SF: (NULL, 4, "\ x01")% r (GenericLines, 4, "\ x01")% r (GetRequest, 18, "\
SF: x01 \ x02d \? \ Xe4 {\ x9d \ x02 \ x1a \ xcc \ x8b \ xd1V \ xb2F \ xff9 \ xb0 ")% r (
SF: HTTPOptions, 18, "\ x01 \ x02d \? \ Xe4 {\ x9d \ x02 \ x1a \ xcc \ x8b \ xd1V \ x
SF: b2F \ xff9 \ xb0 ")% r (RTSPRequest, 18," \ x01 \ x02d \? \ Xe4 {\ x9d \ x02 \ x
SF: 1a \ xcc \ x8b \ xd1V \ xb2F \ xff9 \ xb0 ")% r (RPCCheck, 18," \ x01 \ x02d \? \
SF: xe4 {\ x9d \ x02 \ x1a \ xcc \ x8b \ xd1V \ xb2F \ xff9 \ xb0 ")% r (DNSVersionBindReq, 18," \
SF: x01 \ x02d \? \ Xe4 {\ x9d \ x02 \ x1a \ xcc \ x8b \ xd1V \ xb2F \ xff9 \ xb0 ")% r (
SF: DNSStatusRequest, 4, "\ x01")% r (Help, 4, "\ x01")% r (X11Probe, 4, "\
SF: x01 ")% r (FourOhFourRequest, 18," \ x01 \ x02 \ xb9 \ x15 & \ xf1A \
SF:] \ + \ x11 \ n \ xf6 \ x9b \ xa0, \ xb0 \ xe1 \ xa5 ")% r (LPDString, 4," \ x01 ")% r (LDAP
SF: BindReq, 4, "\ x01")% r (LANDesk-RC, 18, "\ x01 \ x02 \ xb9 \ x15 & \
SF: xf1A \] \ + \ x11 \ n \ xf6 \ x9b \ xa0, \ xb0 \ xe1 \ xa5 ")% r (TerminalServer, 4," \ x01 \
SF: 0 ")% r (NCP, 18," \ x01 \ x02 \ xb9 \ x15 & \ xf1A \] \ + \ x11 \ n \ xf6 \ x9b \ xa0,
SF: \ xb0 \ xe1 \ xa5 ")% r (NotesRPC, 18," \ x01 \ x02 \ xb9 \ x15 & \ xf1A \] \ + \ x1
SF: 1 \ n \ xf6 \ x9b \ xa0, \ xb0 \ xe1 \ xa5 ")% r (NessusTPv10, 4," \ x01 ");
MAC Address: 00:90:4 C: 91:77:02 (Epigram)
Service Info: Host: myrouter; Device: router
Service detection performed. Please report any incorrect results at

http://insecure.org/nmap/submit/.
Nmap finished: 1 IP address (1 host up) scanned in 123 031 seconds

Raw packets sent: 1706 (75.062KB) | rcvd: 1722 (79.450KB)
-------------------------
From the results of such scanning can we take the conclusion, that the service and active port is a
FTP version of the MikroTik router ftpd 2.9.27. To SSH with OpenSSH version 2.3.0 mikrotik
2.9.27 (protocol 1.99). And the Web use the Squid proxy in Squid version webproxy
2.5.STABLE11.
Of course, the vendor has to patch against mikrotik Hole or Vulnerabilities of the above Protocol
Version.
- [10/02] - Network Administration Tool
Practically speaking, there are some tools that can be utilized in mela do network troubleshooting,
such as tools ping, traceroute, ssh, etc.. Some tools are often used later in the day-to-day
administration
are:
o Telnet
o SSH
o Traceroute
o Sniffer
a. Telnet
Remote commands are almost the same machine with the use of the existing telnet
on Linux or Windows.
[Admin @myrouter]> system telnet?
Sekilias above command to see what parameters are there. For example
remote machine with IP address 192.168.0.21 and port 23. Then
[Admin @ myrouter]> system telnet 192.168.0.21
Use of telnet should be limited to certain conditions for reasons security, as we know, a packet of
data sent via telnet has not been encrypted. To be more safe we use SSH.
b. SSH
Together with the telnet command is also needed in the remote machine, and principle same
parameters with the command on Linux and Windows.
[Admin @myrouter]> system ssh 192.168.0.21
SSH parameters above, a slight difference with telnet. If you see helpnya
has an additional parameter of the user.
--------------------------
[Admin @ myrouter]> ssh system?
The SSH feature can be used with Various SSH Telnet clients to securely connect
to and administrate the router
-
user - User name
port - Port number
[Admin @ myrouter]>
--------------------------
Suppose we are going to be remotely on a machine with the system

Linux operation, which has the account, username and password Root
123 456 in the address 66.213.7.30. Then the command,
--------------------------
[Admin @ myrouter]> system 66.213.7.30 ssh user = root
root@66.213.7.30 's password:
--------------------------
c. Traceroute
Knowing what or router hops through which a packet until the packet
was sent to the destination, we usually use the traceroute. With this tool
can be routed anywhere in the analysis of the course packet.
Suppose want to know the path the packet to the server yahoo, then:
--------------------------
[Admin @ myrouter]> tool traceroute yahoo.com ADDRESS STATUS
1 63.219.6.nnn 00:00:00 00:00:00 00:00:00
2 222.124.4.nnn 00:00:00 00:00:00 00:00:00
3 192.168.34.41 00:00:00 00:00:00 00:00:00
4 61.94.1.253 00:00:00 00:00:00 00:00:00
5 203,208,143,173 00:00:00 00:00:00 00:00:00
6 203.208.182.5 00:00:00 00:00:00 00:00:00
7 203,208,182,114 00:00:00 00:00:00 00:00:00
8 203,208,168,118 00:00:00 00:00:00 00:00:00
9 203 208 168 134 timeout 00:00:00 00:00:00
Timeout timeout 10 00:00:00 216.115.101.34
11 216 115 101 129 0:00:00 timeout timeout
12 216.115.108.1 timeout timeout 00:00:00
13 216,109,120,249 00:00:00 00:00:00 00:00:00
14 216 109 112 135 0:00:00 timeout timeout
--------------------------
d. Sniffer
We can capture and packet-packet tap running in our network, this tool has been provided by
Mikrotik useful in analyzing the traffic.
--------------------------
[Admin @ myrouter]> sniffer tool
Packet sniffering
.. - Go up to tool
start - Start / reset sniffering
stop - Stop sniffering
save - Save currently sniffed packets
packet / - sniffed packets management
protocol / - Protocol management
host / - Host management
connection / - Connection management
print -
get - get value of property
set -
edit - edit the value of property
export -
--------------------------
To begin the process of sniffing can use the Start command, while
stop it can make use of the Stop command.
[Admin @ myrouter]> start sniffer tool

Command Mikrotik

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Command Mikrotik

Diunggah oleh

Hak Cipta:

Format Tersedia

Berikut ini merupakan perintah perintah dasar Mikrotik yang umum

2. Perintah untuk merubah nama mesin Mikrotik , ketikkan :

3. Perintah merubah password mesin MikroTik , ketikkan

4. Perintah untuk melihat kondisi interface pada Mikrotik Router :

5. Perintah untuk melihat paket sofwtware MikroTik OS :

Untuk melihat lebih detailnya, ketikan :

6. Perintah untuk mengupgrade paket software router :

7. Perintah mengaktifkan paket software yang ada dalam MikroTik OS :

8. Perintah merubah nama ethernet pada mesin MikroTik OS:

9. Perintah setting IP address pada mesin MikroTik OS :

10. Perintah setting IP DNS primaty dan Secondary :

11. Perintah setting IP Gateway pada mesin MikroTik OS

12. Perintah Network address Translate (NAT) pada mesin MikroTik OS

1. Memberi Nama Router

/system identity set name=RouterKu

2. Melihat Interface yang terpasang

3. Memberi Nama pada Interface Ethernet

/interface ethernet set ether1 name=Public

4. Memberi IP Address pada interface Public dan Local

/ip address add address=192.168.67.100/24 interface=Public

5.Mengganti IP Address pada Interface Local

/ip address remove 1

6. Menambahkan DNS Resolver , Primary DNS dan Secondary DNS

/ip dns static add name=dnsku.com address=172.16.10.100

7. Menambahkan default gateway

/ ip route add dst-address=0.0.0.0/0 gateway=192.168.67.2 Atau

8. Menambahkan NAT Masquerade

/ip firewall nat add chain=srcnat src-address=172.168.10.0/24 out-interface=Public action=masquerade

9.Menambahkan DHCP Server

-Setup DHCP Server

- Setup Netwok; Gateway, DNS Server,..

/ip firewall mangle add chain=forward src-address=172.16.10.1 action=mark-connection new-connection-mark=billing

/ip firewall mangle add chain=forward connection-mark=billing action=mark-packet new-packet-mark=billing

12. Membuat Parent tertinggi Queue

/queue tree add name=E-Net parent=ether2 max-limit=10000000

13. Membuat Queue per terminal

/queue tree add name=pcbil packet-mark=billing parent=E-Net limit-at=64000max-limit=250000

14. Firewall Basic

/ ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”

add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”

15. Set jam Otomatis

system ntp client set primary-ntp=0.pool.ntp.org secondary-ntp=3.pool.ntp.org enabled=yes

16. Membackup System configuration

/system backup save name="Backup-versi1"

17. Restore System configuration

/system backup load name="Backup-versi1"

[Admin @ MikroTik]> interface print

b. To rename a Public Interface ether1 (or whatever his name), then

c. Likewise for ether2, say his name changed to Local, then

e. Check again if the interface name had been changed.

Flags: X - disabled, D - dynamic, R - running

2. - Change the default password

[Admin @ MikroTik]> system identity set name = myrouter

4. - Setting the IP Address, Gateway, and Name Server Masqureade

Order form configuration

ip address add address = {ip address / netmask} interfaces = {interface name}

[Admin @ myrouter]> ip address add address = 192.168.1.2 \

[Admin @ myrouter]> ip address add address = 192.168.0.30 \

b. Viewing the IP address configuration we have given

[Admin @ myrouter]> ip address print

Forms Configuration Commands

ip route add gateway = {ip gateway}

a. Providing default gateway, the gateway to the internet connection is assumed is