Desc.: Public IP : 124.81.29.195/29
Local IP : 192.168.0.0/24
DNS : 202.155.0.10
202.155.0.20
Gateway IP : 124.81.29.193
Mikrotik Software Installation
Install Mikrotik with these standard packages above:
Welcome to MikroTik Router Software installation
Move around menu using ‘p’ and ‘n’ or arrow keys, select with ‘spacebar’.
Select all with ‘a’, minimum with ‘m’. Press ‘i’ to install locally or ‘r’ to
install remote router or ‘q’ to cancel and reboot.
[X] system [ ] isdn [ ] synchronous
[X] ppp [ ] lcd [ ] telephony
[X] dhcp [ ] ntp [ ] ups
[X] advanced-tools [ ] radiolan [x] web-proxy
[ ] arlan [ ] routerboard [x] wireless
[ ] gps [X] routing
[ ] hotspot [X] security
Follow the instructions, select needed packages, and press ‘i’ to install the software.
Change Interface Name
[admin@MikroTik] > interface set 0 name=Public
Set name interface of eth0 to Public
[admin@MikroTik] > interface set 1 name=Local
Set name interface of eth1 to Local
[admin@MikroTik] > interface print
Show all interface name that we’ve just made
Change Default Password
[admin@MikroTik] > password
old password: *****
new password: *****
retype new password: *****
Change the Host Name
[admin@MikroTik] > system identity set name=lif2k3
This will set host name from MikroTik (as default) to lif2k3
IP Address Configuration
Basic command:
ip address add address ={ip address/netmask} interface={interface name}
example :
[admin@lif2k3] > ip address add address=124.81.29 netmask=255.255.255.248 interface=Public
comment=”IP to Internet”
[admin@lif2k3] > ip address add address=192.168.0.30 netmask=255.255.255.224 interface=Local
comment = “IP to LAN”
[admin@lif2k3] > ip address print
Gateway Configuration
Basic command:
ip route add gateway={ip gateway}
example:
[admin@lif2k3] > ip route add gateway=124.81.29.193
[admin@lif2k3] > ip route print
Try ping to gateway ip:
[admin@lif2k3] > ping 124.81.29.193
If resolved, it means connected to gateway
NAT (Network Address Translation) Configuration
Basic command :
ip firewall nat add chain=srcnat action=masquerade out-inteface={ethernet that
connected directly to internet or public}
Firstly setup masquerading action, so the clients will be connected to internet through the router gateway:
[admin@lif2k3] > ip firewall nat add chain=srcnat action=masquerade out-inteface=Public
[admin@lif2k3] > ip firewall nat print
DNS Configuration
Basic command:
[admin@lif2k3] > ip dns set primary-dns={primary DNS ip} secondary-dns={Secondary DNS ip}
example:
[admin@lif2k3] > ip dns set primary-dns=202.155.0.10 secondary-dns=202.155.0.20
[admin@lif2k3] > ip dns print
Test ping to domain, ex:
[admin@lif2k3] > ping yahoo.com
If the IP resolved, it means successful
Setting Transparent Proxy Server
Set web proxy with these command parameters:
[admin@lif2k3] > ip proxy set enable=yes
port={ number of port that will be used }
maximal-client-connections=1000
maximal-server-connections=1000
[admin@lif2k3] > ip proxy direct add src-address={ network
that connected through NAT} action=allow
[admin@lif2k3] > ip web-proxy set parent-proxy={proxy parent/optional}
hostname={ proxy hostname/optional}
port={port that will be used}
src-address={ parent proxy address/default 0.0.0.0}
transparent-proxy=yes
max-object-size={ maximum cache file size
/default 4096 in Kilobytes}
max-cache-size= { maximum cache storage size on harddisk
/ set to unlimited as recommended }
cache-administrator={ usually administrator email }
enable==yes
Example:
Web proxy setting:
[admin@lif2k3] > ip web-proxy
set enabled=yes
src-address=0.0.0.0
port=8080
hostname=”proxy.routerku.co.id”
transparent-proxy=yes
parent-proxy=0.0.0.0:0
cache-administrator=”support@lif2k3.com”
max-object-size=131072KiB
cache-drive=system
max-cache-size=unlimited
max-ram-cache-size=unlimited
NAT redirect need to be added, that’s REDIRECT rule that used to redirect HTTP traffic through WEB-PROXY
Transparent Proxy NAT configuration
Basic command :
[admin@lif2k3] > ip firewall nat add chain=dstnat
protocol=tcp
dst-port=80
action=redirect
to-ports={ port proxy }
example :
——————————————————————————–
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=”” disabled=yes
ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=”” disabled=yes
ip firewall nat add chain=dstnat protocol=tcp dst-port=8000 action=redirect to-ports=8080 disabled=yes
————————————————————————–
These command above means that port 80,3128,8000 will be redirect to port 8080 (web-proxy port)
Look the configuration:
[admin@lif2k3] > ip web-proxy print
To show configuration result of web-proxy
[admin@lif2k3] > ip web-proxy monitor
To show and monitor web-proxy status
Bandwidth Management
With PCQ type
Firstly, we have to set rule in MANGLE:
[admin@lif2k3] > ip firewall mangle add chain=forward src-address=192.168.0.0/27 action=mark-connection new-connection-mark=users-con
[admin@lif2k3] > ip firewall mangle add connection-mark=users-con action=mark-packet new-packet-mark=users chain=forward
Then we have to make PCQ type rules:
[admin@lif2k3] > queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
[admin@lif2k3] > queue type add name=pcq-upload kind=pcq pcq-classifier=src-address
The queue parents of both interface must be set:
[admin@lif2k3] > queue tree add parent=Local queue=pcq-download packet-mark=users
[admin@lif2k3] > queue tree add parent=Public queue=pcq-upload packet-mark=users
If the bandwidth both the upstream and downstream is 256kbps:
For downstream traffic :
————————————————————————
queue tree add name=Download parent=Local max-limit=256k
queue tree add parent=Download queue=pcq-download packet-mark=users
————————————————————————-
And upstream traffic :
—————————————————————————
[admin@lif2k3] > queue tree add name=Upload parent=Public max-limit=256k
[admin@lif2k3] > queue tree add parent=Upload queue=pcq-upload packet-mark=users
—————————————————————————
Beside using PCQ Type, we can use Simple Queue which can set bandwidth per client and can’t be more flexible than using PCQ Type.
Monitor MRTG via Web
Example configuration:
————————————————————————-
[admin@lif2k3] > tool graphing set store-every=5min
[admin@lif2k3] > tool graphing interfaceadd interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
—————————————————————————
Blocking porn sites
[admin@lif2k3] > ip web-proxy access
[admin@lif2k3] > add url=”playboy.com” action=deny comment=”block playboy site” disabled=no
[admin@lif2k3] > add url=”dutch-sex.com” action=deny comment=”block dutch-sex” disabled=no
