Laporan Tugas Bootcamp Mikrotik ( IDN Bootcamp )

Nama : WILI MAULANA FIKRI

Judul Tugas : Tugas – WILI MAULANA FIKRI ( Static Route & Firewall )

LAB Static Route & Firewall

Addressing Table
Device Interface IP Address Subnetmask Keterangan
Router-
Ether1 10.10.10.2 255.255.255.252 To_ISP-A
Gateway
Ether2 20.20.20.2 255.255.255.252 To_ISP-B
Ether3 192.168.10.1 255.255.255.0 To_PC-A
Ether4 192.168.20.1 255.255.255.0 To_PC-B
ISP-A Ether1 111.1.1.2 255.255.255.252 To_Internet-GW-1
Ether2 10.10.10.1 255.255.255.0 To_Router-Gateway
ISP-B Ether1 222.2.2.2 255.255.255.252 To-Internet-GW-2
Ether2 20.20.20.1 255.255.255.252 To-Router-Gatewau
Internet-Gw-1 Ether1 DHCP DHCP Management(Cloud)
Ether2 111.1.1.1 255.255.255.252 To_ISP-A
Lo0 1.2.3.4 255.255.255.255 Loopback Interface
Internet-Gw-2 Ether1 DHCP DHCP Management(Cloud)
Ether2 222.2.2.1 255.255.255.252 To_ISP-B
Lo0 5.6.7.8 255.255.255.255 Loopback Interface
PC-A Ether1 DHCP DHCP Menerima DHCP
PC-B Ether1 DHCP DHCP Menerima DHCP

Tujuan !

1. Setting Static Route dan Firewall

2. Memastikan Firewall Berjalan Dengan Baik
3. Setting DHCP client pada Komputer

Konsep Dasar !

1. General in Filter Rule

a. Tehnologi untuk membentuk lebih dari satu network dalam satu jaringan.
2. Action in Filter Rule
a. Pada konfigurasi firewall mikrotik ada beberapa pilihan Action, diantaranya
: Accept : paket diterima dan tidak melanjutkan membaca baris berikutnya.
Drop : menolak paket secara diam-diam (tidak mengirimkan pesan
penolakan ICMP) Reject : menolak paket dan mengirimkan pesan penolakan
ICMP
3. Best-Path Election ( Network,Prifix,Distance)
a.
4. Routing Flags
a. DAS: Dynamic Active Static, suatu routing bersifat static yang dibuat secara dynamic
atau otomatis
DAC: Dynamic Active Connect, konfigurasi terhubung yang dibuat secara otomatis.
AS: Active Static, konfigurasi routing yang kita definisikan sendiri.
Konfigurasi di Mikrotik

Konfigurasi !

• Konfigurasi Static Route Pada Tiap-tiap Router

• Konfigurasi IP Address Pada tiap-tiap Router
• Konfigurasi Firewall di router-gateway

Konfigurasi di Endpoint

• Konfigurasi DHCP Di Interface

Goals

• PC-A bisa ping ke loopback Internet-GW-1, Tapi tidak bisa ping ke loopback Internet-GW-2
• PC-B Bisa ping ke loopback Internet-GW-2, Tapi tidak bisa ping ke loopback Internet-GW-1

Mikrotik-Gateway
Masukan Configurasi dengan cara .rsc ( CLI Only )

# feb/15/2023 22:32:44 by RouterOS 6.48.6

# software id =
#
#
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether4 name=dhcp2
/ip address
add address=20.20.20.2/30 disabled=yes interface=ether2
network=20.20.20.0
add address=10.10.10.2/30 disabled=yes interface=ether1
network=10.10.10.0
add address=192.168.10.1/24 interface=ether3 network=192.168.10.0
add address=192.168.20.1/24 interface=ether4 network=192.168.20.0
/ip dhcp-client
add disabled=no interface=ether1
add disabled=no interface=ether2
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=1.2.3.4/32 gateway=10.10.10.1
add distance=1 dst-address=5.6.7.8/32 gateway=20.20.20.1
add distance=1 dst-address=111.1.1.0/30 gateway=10.10.10.1
add distance=1 dst-address=192.168.138.144/32 gateway=20.20.20.1
add distance=1 dst-address=192.168.138.145/32 gateway=10.10.10.1
add distance=1 dst-address=222.2.2.0/30 gateway=20.20.20.1
/system identity
set name=" R GATEWAY "

Mikrotik-ISP-A
Masukan Configurasi dengan cara .rsc (CLI Only)

# feb/15/2023 22:31:55 by RouterOS 6.48.6

# software id =
#
#
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.10.10.2
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 name=dhcp1
/ip address
add address=111.1.1.2/30 disabled=yes interface=ether1 network=111.1.1.0
add address=10.10.10.1/30 interface=ether2 network=10.10.10.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=1.2.3.4/32 gateway=111.1.1.1
add distance=1 dst-address=5.6.7.8/31 gateway=10.10.10.2
add distance=1 dst-address=20.20.20.0/30 gateway=10.10.10.2
add check-gateway=arp distance=1 dst-address=192.168.10.0/24 gateway=\
10.10.10.2
add check-gateway=arp distance=1 dst-address=192.168.20.0/24 gateway=\
10.10.10.2
add distance=1 dst-address=192.168.138.144/32 gateway=10.10.10.2
add distance=1 dst-address=192.168.138.145/32 gateway=111.1.1.1
add distance=1 dst-address=222.2.2.0/30 gateway=10.10.10.2
/system identity
set name="R ISP A"

Mikrotik-ISP-B
Masukan Configurasi dengan cara .rsc (CLI Only)

# feb/15/2023 22:32:20 by RouterOS 6.48.6

# software id =
#
#
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=20.20.20.2
add name=dhcp_pool1 ranges=20.20.20.2
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/ip address
add address=222.2.2.2/30 disabled=yes interface=ether1 network=222.2.2.0
add address=20.20.20.1/30 interface=ether2 network=20.20.20.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,192.168.138.2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=5.6.7.8/32 gateway=222.2.2.1
add distance=1 dst-address=10.10.10.0/30 gateway=20.20.20.2
add distance=1 dst-address=111.1.1.0/30 gateway=20.20.20.2
add distance=1 dst-address=192.168.10.0/24 gateway=20.20.20.2
add distance=1 dst-address=192.168.20.0/24 gateway=20.20.20.2
add distance=1 dst-address=192.168.138.144/32 gateway=222.2.2.1
add distance=1 dst-address=192.168.138.145/32 gateway=20.20.20.2
/system identity
set name="R ISP B"

Mikrotik-Internet-GW-1
Masukan Configurasi dengan cara .rsc (CLI Only)

# feb/15/2023 22:31:29 by RouterOS 6.48.6

# software id =
#
#
#
/interface bridge
add name=lo0 protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=111.1.1.2
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 name=dhcp1
/ip address
add address=1.2.3.4 interface=lo0 network=1.2.3.4
add address=111.1.1.1/30 interface=ether2 network=111.1.1.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=5.6.7.8/32 gateway=111.1.1.2
add distance=1 dst-address=10.10.10.0/30 gateway=111.1.1.2
add distance=1 dst-address=20.20.20.0/30 gateway=111.1.1.2
add distance=1 dst-address=192.168.10.0/24 gateway=111.1.1.2
add distance=1 dst-address=192.168.20.0/24 gateway=111.1.1.2
add distance=1 dst-address=192.168.138.144/32 gateway=111.1.1.2
/system identity
set name="NET GATEWAY 1"

Mikrotik-Internet-GW-2
Masukan Configurasi dengan cara .rsc (CLI Only)

# feb/15/2023 22:30:59 by RouterOS 6.48.6

# software id =
#
#
#
/interface bridge
add name=lo0 protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=222.2.2.2
add name=dhcp_pool2 ranges=222.2.2.2
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether2 name=dhcp1
/ip address
add address=5.6.7.8 interface=lo0 network=5.6.7.8
add address=222.2.2.1/30 interface=ether2 network=222.2.2.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=222.2.2.0/30 gateway=222.2.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=10.10.10.0/30 gateway=222.2.2.2
add distance=1 dst-address=111.1.1.0/30 gateway=222.2.2.2
add distance=1 dst-address=192.168.10.0/24 gateway=222.2.2.2
 add distance=1 dst-address=192.168.20.0/24 gateway=222.2.2.2
add distance=1 dst-address=192.168.138.145/32 gateway=222.2.2.2
/system identity
set name="NET GATEWAY 2"

Verifikasi !

Setelah kita melakukan konfigurasi kita harus melakuakan verifikasi bahwa konfiguasi yang kita
lakukan benar dan sudah bisa digunakan.

Lampirkan Bukti Dengan Screen Shoot !

1. Ping dari PC kearah Gateway Internet yang aktif

2. Ping Dari PC-A Ke Loopback Internet-GW-2 , Apakah Bisa ? Jika tidak jelaskan!

3. Ping dari PC-B Ke Loopback Internet-GW-2, Apakah Bisa ? Jika tidak Jelaskan!
 4. Jika kita menggunakan chain=forward dst-address=(ip-gateway-router) action=drop, apa
yang terjadi pada user, apa mendapatkan internet ?

Tidak bisa mendapatkan internet karena network berada di gateway sedangkan actionnya di
drop
5. Jika kita menggunakan default-route pada mikrotik Router-Gateway, apa yang terjadi ?
6. Lampirkan Routing Table pada Router-Gateway
-GOOD LUCK-