Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.

Network setups with EoIP interfaces:

• Possibility to bridge LANs over the Internet
• Possibility to bridge LANs over encrypted tunnels
• Possibility to bridge LANs over 802.11b ‘ad-hoc‘ wireless networks

An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP. Specific Properties:

• Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same ‘Tunnel ID’.
• The EoIP interface appears as an Ethernet interface under the interface list.
• This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
• The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
• Maximal count of EoIP tunnels is 65536.

This is how to set up EoIP to bridge two (or more) Mikrotik routers for central PPPoE authentication

Using 2 routers called R1 and R2 that have an IP connection between them and R2 has 2 ethernet ports, i.e. you can ping rB from R1 and R1 from R2 where the R1 facing eth port is called eth1 and its other port is called eth2.

1. create a new EoIP tunnel on R1.
2. create a new EoIP tunnel on R2, where the tunnel ID is the same as the one on R1 but the MAC addreses are different.
4. create a new bridge on R1 and R2
3. add a PPPoE server to the Bridge on R1.
4. on R2 and add eth2 and the EoIP tunnel to the bridge.
5. put an IP address onto eth2 (any address seems to work, but it maybe better to use a different subnet for routing purposes).

Now you should be able to establish a PPPoE connection from a PC plugged into the eth2 port on router R2, this PPPoE connection will terminate on router R1.

This is not the most efficient method of using the available bandwidth on a network, but is perhaps easier than having a PPPoE A/C on every Mikrotik router and using RADIUS as you can just have PPP secrets setup on one router.

• pilihlah paket – paket dibawah ini untuk install OS Microtik :

System, dhcp, Advance Tools, RouTing, Security, Web – Proxy.

• ganti nama system sesuai dengan selera anda :

[admin@microtik] > system identity set name=warnet

Selanjutnya promt shell akan berubah menjadi :
Seperti yg anda inginkan :
[admin@warnet] >

• Ubahlah Password OS microtik anda dengan cara :

[admin@warnet] >user set admin password=………………………………

• aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :

[admin@warnet] >interface ethernet enable ether1
[admin@warnet] >interface ethernet enable ether2

• Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :

[admin@warnet] >interface Ethernet set ether1 name=modem =====è Ethernet yg utk modem
[admin@warnet] >interface ethernet set ether2 name=local ===è Ethernet yg untuk ke HUB

• Masukan IP pada kedua landcard :

[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) / netmask
[admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0

• masukkan IP gateway yg di berikan dari ISP :

[admin@warnet] > ip route add gateway=10.11.1.1560

• SETTING DNS :

[admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2

setelah itu coba ping semua IP yang telah di setting di atas.

[b][font=”]KONFIGURASI FIREWALL DAN NETWORK
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
[font=”]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept
/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept

ip firewall filter add chain=input action=drop

ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”” yahuu.net=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ip firewall nat add in-interface=modem
dst-port=80 protocol=tcp action=redirect
to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24

================================================== ================

yang 3128 semuanya di ganti 8080 : caranya :

ip web-proxy set enable=yes
/ip web-proxy set port=3128
/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )
/ip web-proxy set hostname=”proxy.prima”
/ip web-proxy set allow-remote-requests=yes
/ip web-proxy set cache-administrator: “primanet.slawi@yahoo.com”
================================================== ================================================== ========
FILTERING :
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter
add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections”
add chain=input connection-state=established action=accept \comment=”Allow Established connections”
add chain=input protocol=udp action=accept \ comment=”Allow UDP”
add chain=input protocol=icmp action=accept \ comment=”Allow ICMP”
add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router from known network”
add chain=input action=drop comment=”Drop anything else”

ANTI VIRUS UTK MICROTIK :
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++

add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else”================================================== =====

SECURITY ROUTER MICROTIK ANDA :
/ ip firewall filteradd chain=input connection-state=established comment=”Accept established connections”add chain=input connection-state=related comment=”Accept related connections”add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else”
“http://wiki.mikrotik.com/wiki/Securing_your_router“
================================================== ========================================
SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :
/ip firewall filteradd chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections”add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++

#MatikanPort yang Biasa di pakai Spam :
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-p

diatas di cek di websitenya lagi : http://www.mikrotik.com/documentation/manual_2.7/
http://www.mikrotik.com/docs/ros/2.9/ip/webproxy

lihat di system resource
dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print

************************************************** ******************************************
Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X – disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export
# oct/12/2005 09:51:23 by RouterOS 2.9.5
# software id = 1TLC-xxx
#
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no

1. Configuration position of ADSL connection
modem —Mikrotik—-Switch —– Client
|
Client

a. Modem IP –>> 192.168.1.1

b. Mikrotik Using 2 Interface – Ether1 —->> 192.168.1.2

- Ether1 —->> 192.168.0.254

c. Switch — Client ip 192.168.0.1-253

2. Configuration step router pc mikrotik

a. add ip address to interface 1

/ip address add interface=ether1 address = 192.168.1.1 netmask= 255.255.255.0

b. add ip address to interface2

/ip address add interface=ether2 address = 192.168.0.1 netmask= 255.255.255.0

c. to see input of interface

/interface print

d. Set Value name off interface

/inteface set 0 name=”Public” –>> For Modem
/inteface set 1 name=”Lan” –>> For Lan

e. set routing for net ( modem )

/ip route add gateway=192.168.0.1

f. set dns server ISP

/ip dns set primary-dns=203.130.193.74 secondary-dns=202.134.0.155

/ip dns set allow-remote-requests=yes

g. set of nat the router pc to sharing bw to lan

/ip firewall nat add chain=srcnat out-inteface=Public action=masquerade

1. first se t web proxy
/ ip web-proxy
set enabled=yes –>> to make ip web proxy enable
set src-address=0.0.0.0 –>> to make source address to access web proxy will allow
set port=8080 –>> to make port for web proxy
set hostname=”proxy.war.net.id” –>> setting for visble hostname web proxy
set transparent-proxy=yes –>> make transparant proxy enable
set parent-proxy=0.0.0.0:0–>> if we used parent proxy x
set cache-administrator=”support@somethink.org” –>> make set administrator info support
set max-object-size=4096KiB –>> maximal object can cacth with the proxy server
set cache-drive=system –>> where drive position that cache wil be saved
set max-cache-size=unlimited –>> maximal harddrive we used for cache
set max-ram-cache-size=unlimited –>> maximal ram we used for cache

2. add nat for redirect port for squid to make transparant

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 –>> setting can redirect port 80 to 8080 for proxy server
/ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 –>> setting can redirect port 3128 to 8080 for proxy server
/ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 –>> setting can redirect port 8080 to 8080 for proxy server

Good Luck

regard

Ada pun fitur2 nya sbb:

* Firewall and NAT – stateful packet filtering; Peer-to-Peer protocol filtering; source and destination NAT; classification by source MAC, IP addresses (networks or a list of networks) and address types, port range, IP protocols, protocol options (ICMP type, TCP flags and MSS), interfaces, internal packet and connection marks, ToS (DSCP) byte, content, matching sequence/frequency, packet size, time and more…

* Routing – Static routing; Equal cost multi-path routing; Policy based routing (classification done in firewall); RIP v1 / v2, OSPF v2, BGP v4

* Data Rate Management – Hierarchical HTB QoS system with bursts; per IP / protocol / subnet / port / firewall mark; PCQ, RED, SFQ, FIFO queue; CIR, MIR, contention ratios, dynamic client rate equalizing (PCQ), bursts, Peer-to-Peer protocol limitation

* HotSpot – HotSpot Gateway with RADIUS authentication and accounting; true Plug-and-Play access for network users; data rate limitation; differentiated firewall; traffic quota; real-time status information; walled-garden; customized HTML login pages; iPass support; SSL secure authentication; advertisement support

* Point-to-Point tunneling protocols – PPTP, PPPoE and L2TP Access Concentrators and clients; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; MPPE encryption; compression for PPPoE; data rate limitation; differentiated firewall; PPPoE dial on demand

* Simple tunnels – IPIP tunnels, EoIP (Ethernet over IP)

* IPsec – IP security AH and ESP protocols; MODP Diffie-Hellman groups 1,2,5; MD5 and SHA1 hashing algorithms; DES, 3DES, AES-128, AES-192, AES-256 encryption algorithms; Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5

* Proxy – FTP and HTTP caching proxy server; HTTPS proxy; transparent DNS and HTTP proxying; SOCKS protocol support; DNS static entries; support for caching on a separate drive; access control lists; caching lists; parent proxy support

* DHCP – DHCP server per interface; DHCP relay; DHCP client; multiple DHCP networks; static and dynamic DHCP leases; RADIUS support

* VRRP – VRRP protocol for high availability

* UPnP – Universal Plug-and-Play support

* NTP – Network Time Protocol server and client; synchronization with
GPS system

* Monitoring/Accounting – IP traffic accounting, firewall actions logging, statistics graphs accessible via HTTP

* SNMP – read-only access

* M3P – MikroTik Packet Packer Protocol for Wireless links and Ethernet

* MNDP – MikroTik Neighbor Discovery Protocol; also supports Cisco Discovery Protocol (CDP)

* Tools – ping; traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer; Dynamic DNS update tool

Layer 2 connectivity:

* Wireless – IEEE802.11a/b/g wireless client and access point (AP) modes; Nstreme and Nstreme2 proprietary protocols; Wireless Distribution System (WDS) support; virtual AP; 40 and 104 bit WEP; WPA pre-shared key authentication; access control list; authentication with RADIUS server; roaming (for wireless client); AP bridging

* Bridge – spanning tree protocol; multiple bridge interfaces; bridge firewalling, MAC

* VLAN – IEEE802.1q Virtual LAN support on Ethernet and wireless links; multiple VLANs; VLAN bridging

* Synchronous – V.35, V.24, E1/T1, X.21, DS3 (T3) media types; sync-PPP, Cisco HDLC, Frame Relay line protocols; ANSI-617d (ANDI or annex D) and Q933a (CCITT or annex A) Frame Relay LMI types

* Asynchronous – s*r*al PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; onboard s*r*al ports; modem pool with up to 128 ports; dial on demand

* ISDN – ISDN dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; 128K bundle support; Cisco HDLC, x75i, x75ui, x75bui line protocols; dial on demand

* SDSL – Single-line DSL support; line termination and network termination modes

Instalasi dapat dilakukan pada Standard computer PC yang akan dijadikan router dan tidak memerlukan resource yang cukup besar untuk penggunaan standard, misalnya hanya sebagai gateway.

Berikut spec_minimal nya :

* CPU dan motherboard – bisa dgn P1 ~ P4, AMD, cyrix asal yang bukan multi-prosesor

* RAM – minimum 32 MiB, maximum 1 GiB; 64 MiB atau lebih sangat dianjurkan, kalau mau sekalian dibuat proxy , dianjurkan 1GB… perbandingannya, 15MB di memori ada 1GB di proxy..

* HDD minimal 128MB parallel ATA atau Compact Flash, tidak dianjurkan menggunakan UFD, SCSI, apa lagi S-ATA (mungkin nanti Ver. 3.0)

* NIC 10/100 atau 100/1000

Untuk keperluan beban yang besar ( network yang kompleks, routing yang rumit dll) disarankan untuk mempertimbangkan pemilihan resource PC yang memadai.

Lebih lengkap bisa dilihat di www.mikrotik.com. Meskipun demikian Mikrotik bukanlah free software, artinya kita harus membeli licensi terhadap segala fasiltas yang disediakan. Free trial hanya untuk 24 jam saja.

Kita bisa membeli software MikroTik dalam bentuk “licence” di CITRAWEB, UFOAKSES, PC24 (atau download cracknya, he he he …) yang diinstall pada HardDisk yang sebelumnya download/dibuat MikroTik RouterOS ISO kekeping CD atau disk on module (DOM). Jika kita membeli DOM tidak perlu install tetapi tinggal pasang DOM pada slot IDE PC kita.

Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang dikonfigurasikan untuk jaringan
sederhana sebagai gateway server.

1. Langkah pertama adalah install Mikrotik RouterOS pada PC atau pasang DOM.

2. Login Pada Mikrotik Routers melalui console :

MikroTik v2.9.39

Login: admin

Password: (kosongkan)

Sampai langkah ini kita sudah bisa masuk pada mesin Mikrotik. User default adalah admin dan tanpa password, tinggal ketik admin kemudian tekan tombol enter.

3. Untuk keamanan ganti password default

[admin@Mikrotik] > password

old password: *****

new password: *****

retype new password: *****

[admin@ Mikrotik] >

4. Mengganti nama Mikrotik Router, pada langkah ini nama server akan kita ganti menjadi
“r-WLI” (bebas, disesuaikan dengan nama jaringan kita…)

[admin@Mikrotik] > system identity set name=r-WLI

[admin@r-WLI] >

5. Melihat interface pada Mikrotik Router

[admin@r-WLI] > interface print

Flags: X – disabled, D – dynamic, R – running

# NAME TYPE RX-RATE TX-RATE MTU

0 R ether1 ether 0 0 1500

1 R ether2 ether 0 0 1500

[admin@r-WLI] >

6. Memberikan IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.0.1 dan ether2 akan kita gunakan untuk network local kita dengan IP 172.16.0.1

[admin@r-WLI] > ip address add address=192.168.0.1 /

netmask=255.255.255.0 interface=ether1

[admin@r-WLI] > ip address add address=172.16.0.1 /

netmask=255.255.255.0 interface=ether2

7. Melihat konfigurasi IP address yang sudah kita berikan

[admin@r-WLI] >ip address print

Flags: X – disabled, I – invalid, D – dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether1

1 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2

[admin@r-WLI] >

8. Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah 192.168.0.254

[admin@r-WLI] > /ip route add gateway=192.168.0.254

9. Melihat Tabel routing pada Mikrotik Routers

[admin@r-WLI] > ip route print

Flags: X – disabled, A – active, D – dynamic,

C – connect, S – static, r – rip, b – bgp, o – ospf

# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 ADC 172.16.0.0/24 172.16.0.1 ether2

1 ADC 192.168.0.0/26 192.168.0.1 ether1

2 A S 0.0.0.0/0 r 192.168.0.254 ether1

[admin@r-WLI] >

10. Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar

[admin@r-WLI] > ping 192.168.0.254

192.168.0.254 64 byte ping: ttl=64 time

11. Setup DNS pada Mikrotik Routers

[admin@r-WLI] > ip dns set primary-dns=192.168.0.10 /

allow-remoterequests=no

[admin@r-WLI] > ip dns set secondary-dns=192.168.0.11 /

allow-remoterequests=no

12. Melihat konfigurasi DNS

[admin@r-WLI] ip dns> pr

primary-dns: 192.168.0.10

secondary-dns: 192.168.0.11

allow-remote-requests: no

cache-size: 2048KiB

cache-max-ttl: 1w

cache-used: 21KiB

[admin@r-WLI] ip dns>

13. Tes untuk akses domain, misalnya dengan ping nama domain

[admin@r-WLI] > ping yahoo.com

216.109.112.135 64 byte ping: ttl=48 time=250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 571/571.0/571 ms
[admin@r-WLI] >

Jika sudah berhasil reply berarti seting DNS sudah benar.

14. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway server maka agar client computer pada network dapat terkoneksi ke internet perlu kita masquerading.

[admin@r-WLI]> ip firewall nat add action=masquerade /

outinterface=ether1 chain:srcnat

[admin@r-WLI] >

15. Melihat konfigurasi Masquerading

[admin@r-WLI]ip firewall nat print

Flags: X – disabled, I – invalid, D – dynamic

0 chain=srcnat out-interface=ether1 action=masquerade

[admin@r-WLI] >

Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local. Dan jika berhasil berarti kita sudah berhasil melakukan instalasi MikroTik Router sebagai Gateway server. Setelah terkoneksi dengan jaringan Mikrotik dapat dimanage menggunakan WinBox yang bisa didownload dari MikroTik.com atau dari server mikrotik kita.

Misal Ip address server mikrotik kita 192.168.0.1, via browser buka http://192.168.0.1 dan download WinBox dari situ.
Jika kita menginginkan client mendapatkan IP address secara otomatis maka perlu kita setup dhcp server pada Mikrotik. Berikut langkah-langkahnya :

1. Buat IP address pool
/ip pool add name=dhcp-pool ranges=172.16.0.10-172.16.0.20

2. Tambahkan DHCP Network dan gatewaynya yang akan didistribusikan ke client Pada contoh ini networknya adalah 172.16.0.0/24 dan gatewaynya 172.16.0.1
/ip dhcp-server network add address=172.16.0.0/24 gateway=172.16.0.1

3. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada interface ether2 )
/ip dhcp-server add interface=ether2 address-pool=dhcp-pool

4. Lihat status DHCP server

[admin@r-WLI] > ip dhcp-server pr

Flags: X – disabled, I – invalid

# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP

x dhcp1 ether2 dhcp_pool1 4w2d yes

[admin@r-WLI] >

Tanda X menyatakan bahwa DHCP server belum enable maka perlu dienablekan terlebih dahulu pada langkah 5.

5. Jangan Lupa dibuat enable dulu dhcp servernya
/ip dhcp-server enable 0

Kemudian cek kembali dhcp-server seperti langkah 4, jika tanda X sudah tidak ada berarti sudah aktif.

6. Tes Dari client

Run dari Comman Prompt

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\EsDat>ping www.yahoo.com

Pinging www.yahoo-ht3.akadns.net [69.147.114.210] with 32 bytes of data:

Reply from 124.158.129.5: bytes=32 time=34ms TTL=59
Reply from 124.158.129.5: bytes=32 time=24ms TTL=59
Reply from 124.158.129.5: bytes=32 time=41ms TTL=59
Reply from 124.158.129.5: bytes=32 time=29ms TTL=59

Ping statistics for 69.147.114.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 41ms, Average = 32ms

7. Untuk bandwith controller, bisa dengan sistem simple queue ataupun bisa dengan mangle

[admin@r-WLI] queue simple> add name=Komputer01 /

interface=ether2 target-address=172.16.0.1/24 max-limit=65536/131072

[admin@r-WLI] queue simple> add name=Komputer02 /

interface=ether2 target-address=172.16.0.2/24 max-limit=65536/131072

dan seterusnya…

lengkap nya ada disini
www.mikrotik.com/docs/ros/2.9/root/queue
linux-ip.net/articles/Traffic…/overview.html
luxik.cdi.cz/~devik/qos/htb
www.docum.org/docum.org/docs

Referensi
www.mikrotik.com
www.mikrotik.com/docs/ros/2.9

software
Code:

http://rapidshare.de/files/30739630/mikrotik.router.os.2.9.6.ISO

Mikrotik iso crack juga dapat di download di server Indonesia, gigeupload.com silahkan klik Disini Download mikrotik crack bajakan Disni

Summary
PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server.
General applications of PPTP tunnels:
* For secure router-to-router tunnels over the Internet
* To link (bridge) local Intranets or LANs (when EoIP is also used)
* For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)
Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server.
Description
PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows).

PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.

MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.

PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.

PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information.
PPTP Client Setup
Submenu level : /interface pptp-client
Property Description
name (name; default: pptp-out1) – interface name for reference
mtu (integer; default: 1460) – Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) – Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets)
connect-to (IP address)- the IP address of the PPTP server to connect to
user (string)- user name to use when logging on to the remote server
password (string; default: “”)- user password to use when logging to the remote server
profile (name; default: default) – profile to use when connecting to the remote server
add-default-route (yes | no; default: no) – whether to use the server which this client is connected to as its default router (gateway)
Example
To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway:

[admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \
\… user=john add-default-route=yes password=john
[admin@MikroTik] interface pptp-client> print
Flags: X – disabled, R – running
0 X name=”test2″ mtu=1460 mru=1460 connect-to=10.1.1.12 user=”john”
password=”john” profile=default add-default-route=yes

[admin@MikroTik] interface pptp-client> enable 0

Monitoring PPTP Client
Command name : /interface pptp-client monitor
Property Description
Statistics:

uptime (time) – connection time displayed in days, hours, minutes, and seconds
encoding (string) – encryption and encoding (if asymmetric, separated with ‘/’) being used in this connection
status (string) – status of the client:
# Dialing – attempting to make a connection
# Verifying password… – connection has been established to the server, password verification in progress
# Connected – self-explanatory
# Terminated – interface is not enabled or the other side will not establish a connection

Example
Example of an established connection:

[admin@MikroTik] interface pptp-client> monitor test2
uptime: 4h35s
encoding: MPPE 128 bit, stateless
status: Connected
[admin@MikroTik] interface pptp-client>

PPTP Server Setup
Submenu level : /interface pptp-server server

[admin@MikroTik] interface pptp-server server> print
enabled: no
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>

Description
The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created.
Property Description
enabled (yes | no; default: no) – defines whether PPTP server is enabled or not
mtu (integer; default: 1460) – Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) – Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) – authentication algorithm
default-profile (name; default: default) – default profile to use
Example
To enable PPTP server:

[admin@MikroTik] interface pptp-server server> set enabled=yes
[admin@MikroTik] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>

PPTP Server Users
Submenu level : /interface pptp-server
Description
There are two types of items in PPTP server configuration – static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly.
Property Description
name – interface name
user – the name of the user that is configured statically or added dynamically

Statistics:

mtu – shows (cannot be set here) client’s MTU
client-address – shows (cannot be set here) the IP of the connected client
uptime – shows how long the client is connected
encoding (string) – encryption and encoding (if asymmetric, separated with ‘/’) being used in this connection
Example
To add a static entry for ex1 user:

[admin@MikroTik] interface pptp-server> add user=ex1
[admin@MikroTik] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 DR ex 1460 10.0.0.202 6m32s none
1 pptp-in1 ex1
[admin@MikroTik] interface pptp-server>

In this example an already connected user ex is shown besides the one we just added.
PPTP Router-to-Router Secure Tunnel Example
The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet.

There are two routers in this example:

* [HomeOffice]
Interface LocalHomeOffice 10.150.2.254/24
Interface ToInternet 192.168.80.1/24

* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface LocalRemoteOffice 10.150.1.254/24

Each router is connected to a different ISP. One router can access another router through the Internet.

On the PPTP server a user must be set up for the client:

[admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.0.103.1 remote-address=10.0.103.2
[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”” password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==””

[admin@HomeOffice] ppp secret>

Then the user should be added in the PPTP server list:

[admin@HomeOffice] interface pptp-server> add user=ex
[admin@HomeOffice] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 pptp-in1 ex
[admin@HomeOffice] interface pptp-server>

And finally, the server must be enabled:

[admin@HomeOffice] interface pptp-server server> set enabled=yes
[admin@HomeOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@HomeOffice] interface pptp-server server>

Add a PPTP client to the RemoteOffice router:

[admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \
\… password=lkjrht disabled=no
[admin@RemoteOffice] interface pptp-client> print
Flags: X – disabled, R – running
0 R name=”pptp-out1″ mtu=1460 mru=1460 connect-to=192.168.80.1 user=”ex”
password=”lkjrht” profile=default add-default-route=no

[admin@RemoteOffice] interface pptp-client>

Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables ‘direct’ communication between the routers over third party networks.

To route the local Intranets over the PPTP tunnel – add these routes:

[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2
[admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1

On the PPTP server it can alternatively be done using routes parameter of the user configuration:

[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”” password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==””

[admin@HomeOffice] ppp secret> set 0 routes=”10.150.1.0/24 10.0.103.2 1″
[admin@HomeOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”” password=”lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2
routes=”10.150.1.0/24 10.0.103.2 1″

[admin@HomeOffice] ppp secret>

Test the PPTP tunnel connection:

[admin@RemoteOffice]> /ping 10.0.103.1
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms

Test the connection through the PPTP tunnel to the LocalHomeOffice interface:

[admin@RemoteOffice]> /ping 10.150.2.254
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms

To bridge a LAN over this secure tunnel, please see the example in the ‘EoIP’ section of the manual. To set the maximum speed for traffic over this tunnel, please consult the ‘Queues’ section.

Connecting a Remote Client via PPTP Tunnel
The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels)

Please, consult the respective manual on how to set up a PPTP client with the software You are using.

The router in this example:

* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24

The client computer can access the router through the Internet.

On the PPTP server a user must be set up for the client:

[admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.150.1.254 remote-address=10.150.1.2
[admin@RemoteOffice] ppp secret> print detail
Flags: X – disabled
0 name=”ex” service=pptp caller-id=”” password=”lkjrht” profile=default
local-address=10.150.1.254 remote-address=10.150.1.2 routes==””

[admin@RemoteOffice] ppp secret>

Then the user should be added in the PPTP server list:

[admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex
[admin@RemoteOffice] interface pptp-server> print
Flags: X – disabled, D – dynamic, R – running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC…
0 FromLaptop ex
[admin@RemoteOffice] interface pptp-server>

And the server must be enabled:

[admin@RemoteOffice] interface pptp-server server> set enabled=yes
[admin@RemoteOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@RemoteOffice] interface pptp-server server>

Finally, the proxy APR must be enabled on the ‘Office’ interface:

[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] interface ethernet> print
Flags: X – disabled, R – running
# NAME MTU MAC-ADDRESS ARP
0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled
1 R Office 1500 00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>

ref: http://www.mikrotik.com/documentation//manual_2.7/Interface/PPTP.html

Mikrotik peer to peer traffic control

http://www.mikrotik.com/testdocs/ros/2.8/ip/peer2peer.pdf

Download manual mikrotik – ebook

Ada e book dari situsnya mikrotik yang berbasis web/html, jumlahnya ratusan halaman, saya menyajikannya dalam bentuk pdf.
berikut juga dilengkapi tutorial mikrotik berbasis video.

Tutorial lengkap manual Mikrotik lengkap dari nol, sudah saya upload ke rapidshare , silahkan di download.

Reference Manual of MikroTik RouterOS :
http://rapidshare.com/files/31639172/refman2.9.pdf

Video Tutorial of MikroTik RouterOS :
http://rapidshare.com/files/31372948/Mikrotic.rar

salam mikrotiker