Escolar Documentos
Profissional Documentos
Cultura Documentos
Show time! Mikrotik again, oke mari kita mulai... Kemaren berkunjung ke blog teman-teman,
Eee ternyata ada yang keren. Load balancing yang komplet deh full semua, Top markotop deh..
Tentunya dengan pengubahan seperlunya. Kali ini setting dengan 2 line speedy PPPOe,
lengkap dengan hotspotnya. Untuk 1 line speedy semua sudah pada bisa deh. Lagian untuk 1
line tinggal uprek-uprek scrip ini aja kok. Daripada muter-muter langsung aja ke TKP.
Kita Mulai,
/ interface ethernet
1 / 35
Setting Mikrotik 2 line untuk Warnet
2 / 35
Setting Mikrotik 2 line untuk Warnet
/ interface pppoe-client
add name="Speedy1" max-mtu=1480 max-mru=1480 interface=Modem1
user="1114xxxxxx@telkom.net" password="xxxxx" profile=default
service-name="" ac-name="" add-default-route=no dial-on-demand=no
use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
add name="Speedy2" max-mtu=1480 max-mru=1480 interface=Modem2
user="1114xxxxxx@telkom.net" password="xxxxxx" profile=default
service-name="" ac-name="" add-default-route=no dial-on-demand=no
use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
/ ip pool
add name="warnet" ranges=192.168.0.1-192.168.0.13
/ ip telephony region
3 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip telephony gatekeeper
set gatekeeper=none remote-id="" remote-address=0.0.0.0
/ ip telephony aaa
set use-radius-accounting=no interim-update=0s
/ ip telephony codec
move G.711-uLaw-64k/sw
move G.711-ALaw-64k/sw
move G.729A-8k/sw
move G.729-8k/sw
move G.723.1-6.3k/sw
move GSM-06.10-13.2k/sw
move LPC-10-2.5k/sw
/ ip accounting
set enabled=yes account-local-traffic=yes threshold=256
/ ip accounting web-access
set accessible-via-web=yes address=192.168.0.30/32
/ ip service
set telnet port=223 address=0.0.0.0/0 disabled=no
set ftp port=221 address=0.0.0.0/0 disabled=no
set www port=1981 address=0.0.0.0/0 disabled=no
set ssh port=222 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=Local type=internal disabled=no
add interface=Modem1 type=internal disabled=no
add type=internal disabled=no
add interface=Speedy1 type=internal disabled=no
add type=external disabled=no
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=85.255.112.195 secondary-dns=203.130.193.74
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
4 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip traffic-flow
set enabled=yes interfaces=Local cache-entries=4k active-flow-timeout=30m
inactive-flow-timeout=15s
/ ip address
add address=192.168.0.14/28 network=192.168.0.0 broadcast=192.168.0.15
interface=Local comment="IP LAN ROUTER" disabled=no
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255
interface=Modem1 comment="IP LAN KE MODEM1" disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255
interface=Modem2 comment="IP LAN KE MODEM2" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255
interface=Proxy comment="IP LAN KE PROXY" disabled=no
/ ip proxy
set enabled=yes port=8080 parent-proxy=0.0.0.0:1
maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no
add src-address=0.0.0.0 method="" dst-host="" dst-address=0.0.0.0
path=/www.duniasex.com action=allow comment="" disabled=no
/ ip neighbor discovery
set Local discover=yes
set Modem1 discover=yes
set Speedy1 discover=no
set Modem2 discover=yes
set Speedy2 discover=no
set Proxy discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=125.165.156.1 distance=1 scope=255
target-scope=10 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=125.162.88.1 distance=1 scope=255
target-scope=10 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=125.165.156.1,125.162.88.1 distance=1
scope=255 target-scope=10 comment="" disabled=no
/ ip firewall mangle
5 / 35
Setting Mikrotik 2 line untuk Warnet
6 / 35
Setting Mikrotik 2 line untuk Warnet
7 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip firewall nat
add chain=srcnat out-interface=Speedy2 action=masquerade comment="Nat PUBLIC
Tidak Pisah Trafik" disabled=no
8 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment="Block Bogus IP
Address" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist
action=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage3 action=add-src-to-address-list
address-list=ssh_blacklist address-list-timeout=1w3d comment=""
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage2 action=add-src-to-address-list
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage1 action=add-src-to-address-list
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
action=add-src-to-address-list address-list=ssh_stage1
9 / 35
Setting Mikrotik 2 line untuk Warnet
10 / 35
Setting Mikrotik 2 line untuk Warnet
Packet" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=""
disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept
comment="Limited Ping Flood" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept
comment="" disabled=no
add chain=icmp protocol=icmp action=drop comment="" disabled=no
add chain=input dst-address-type=broadcast action=accept comment="Allow
Broadcast Traffic" disabled=no
add chain=input connection-state=established action=accept comment="Connection
State" disabled=no
add chain=input connection-state=related action=accept comment="" disabled=no
add chain=input connection-state=invalid action=drop comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist
action=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage3 action=add-src-to-address-list
address-list=ssh_blacklist address-list-timeout=1w3d comment=""
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage2 action=add-src-to-address-list
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
src-address-list=ssh_stage1 action=add-src-to-address-list
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new
action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m comment="" disabled=no
/ ip firewall address-list
11 / 35
Setting Mikrotik 2 line untuk Warnet
12 / 35
Setting Mikrotik 2 line untuk Warnet
13 / 35
Setting Mikrotik 2 line untuk Warnet
14 / 35
Setting Mikrotik 2 line untuk Warnet
15 / 35
Setting Mikrotik 2 line untuk Warnet
16 / 35
Setting Mikrotik 2 line untuk Warnet
17 / 35
Setting Mikrotik 2 line untuk Warnet
18 / 35
Setting Mikrotik 2 line untuk Warnet
19 / 35
Setting Mikrotik 2 line untuk Warnet
20 / 35
Setting Mikrotik 2 line untuk Warnet
21 / 35
Setting Mikrotik 2 line untuk Warnet
22 / 35
Setting Mikrotik 2 line untuk Warnet
23 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip firewall service-port
set ftp ports=21 disabled=yes
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=no
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name=""
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
/ ip dhcp-client
add interface=Local add-default-route=yes use-peer-dns=yes use-peer-ntp=yes
comment="" disabled=no
/ ip dhcp-server
add name="dhcp1" interface=Local lease-time=3d address-pool=warnet
bootp-support=static add-arp=yes disabled=no
24 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.1 mac-address=00:01:6C:13:94:C7
client-id="1:0:1:6c:13:94:c7" server=dhcp1 comment="" disabled=no
add address=192.168.0.2 mac-address=00:19:21:2B:DB:15
client-id="1:0:19:21:2b:db:15" server=dhcp1 comment="" disabled=no
add address=192.168.0.3 mac-address=00:01:6C:13:94:CC
client-id="1:0:1:6c:13:94:cc" server=dhcp1 comment="" disabled=no
add address=192.168.0.4 mac-address=00:19:21:2B:D9:42
client-id="1:0:19:21:2b:d9:42" server=dhcp1 comment="" disabled=no
add address=192.168.0.5 mac-address=00:1B:B9:8F:6B:DF
client-id="1:0:1b:b9:8f:6b:df" server=dhcp1 comment="" disabled=no
add address=192.168.0.6 mac-address=00:01:6C:13:95:11
client-id="1:0:1:6c:13:95:11" server=dhcp1 comment="" disabled=no
add address=192.168.0.8 mac-address=DC:ED:DC:AD:DC:AD
client-id="1:dc:ed:dc:ad:dc:ad" server=dhcp1 comment="" disabled=no
add address=192.168.0.7 mac-address=00:19:21:2B:D5:CD
client-id="1:0:19:21:2b:d5:cd" server=dhcp1 comment="" disabled=no
/ ip dhcp-server network
add address=192.168.0.0/28 gateway=192.168.0.14
dns-server=85.255.112.195,203.130.193.74,202.134.0.155 comment=""
/ ip dhcp-server alert
add interface=Local alert-timeout=1h disabled=no
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=192.168.0.14 port=3128
hostname="proxy.godzam.com" transparent-proxy=yes
parent-proxy=0.0.0.0:0 cache-administrator="webmaster@godzam.com"
max-object-size=4096KiB cache-drive=system max-cache-size=1048576KiB
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no
add url="**suck***" action=deny comment="P O R N O" disabled=no
add url="*nude*" action=deny comment="" disabled=no
25 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip web-proxy cache
add url=":cgi-bin \?" action=deny comment="don't cache dynamic http pages"
disabled=no
add url=":cgi-bin \?" action=deny comment="don't cache dynamic http pages"
disabled=no
add url="\.exe$" action=allow comment="" disabled=no
add url="\.zip$" action=allow comment="" disabled=no
add url="\.mpeg$" action=allow comment="" disabled=no
add url="\.mp3$" action=allow comment="" disabled=no
add url="\.avi$" action=allow comment="" disabled=no
add url="\.pdf$" action=allow comment="" disabled=no
add url="\.rar$" action=allow comment="" disabled=no
add url="\.mov$" action=allow comment="" disabled=no
add url="\.mpg$" action=allow comment="" disabled=no
add url="\.dat$" action=allow comment="" disabled=no
add url="\.3gp$" action=allow comment="" disabled=no
add url="\.jpg$" action=allow comment="" disabled=no
add url="\.gif$" action=allow comment="" disabled=no
add action=allow comment="" disabled=no
add url="http*youtube*get_video*" action=allow comment="YouTube" disabled=no
add url="http*friendster.com" action=allow comment="Friendster" disabled=no
add url="http*pu.go.id" action=allow comment="PU" disabled=no
add url="http*detik*com" action=allow comment="Detik" disabled=no
add url="http*domai.com" action=allow comment="Domai" disabled=no
add url="http*nigmae.net" action=allow comment="Nigmae" disabled=no
add url="http*kompas.com" action=allow comment="Kompas" disabled=no
26 / 35
Setting Mikrotik 2 line untuk Warnet
/ ip web-proxy direct
add action=allow comment="" disabled=no
/ system logging
add topics=critical prefix="" action=disk disabled=no
add topics=debug prefix="" action=disk disabled=no
add topics=watchdog prefix="" action=disk disabled=no
add topics=firewall prefix="" action=disk disabled=no
27 / 35
Setting Mikrotik 2 line untuk Warnet
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes
no-ping-delay=5m automatic-supout=yes auto-send-supout=yes
send-email-to="arrimustika@gmail.com"
/ system console
add port=serial0 term="" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
/ system identity
set name="godzam.com"
/ system note
set show-at-login=yes note=""
/ system gps
set enabled=no set-system-time=yes
/ system lcd
28 / 35
Setting Mikrotik 2 line untuk Warnet
/ system health
set state-after-reboot=enabled
/ port
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=hardware
set serial1 name="serial1" baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=hardware
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
29 / 35
Setting Mikrotik 2 line untuk Warnet
/ queue simple
add name="NET STATION" target-addresses=192.168.0.0/27 dst-address=0.0.0.0/0
interface=Local parent=none direction=both priority=1
queue=ethernet-default/ethernet-default limit-at=0/0 max-limit=0/0
total-queue=ethernet-default disabled=no
add name="operator" target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0
interface=Local parent="NET STATION" direction=both priority=8
queue=ethernet-default/ethernet-default limit-at=64000/128000
30 / 35
Setting Mikrotik 2 line untuk Warnet
31 / 35
Setting Mikrotik 2 line untuk Warnet
/ queue tree
add name="ICMP" parent=global-in packet-mark=ICMP-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="DNS" parent=global-in packet-mark=DNS-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="downstream" parent=Local packet-mark=Turun limit-at=0
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="upstream" parent=global-in packet-mark=Naik limit-at=0
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="total_download_lokal" parent=Local packet-mark="" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="total_upload_lokal" parent=Modem1 packet-mark="" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="total_download_intl" parent=Local packet-mark="" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="total_upload_intl" parent=Modem1 packet-mark="" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name="queue_basic_down_lokal" parent=total_download_lokal
packet-mark=basic_packet_lokal limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="queue_basic_up_lokal" parent=total_upload_lokal
packet-mark=basic_packet_lokal limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="queue_basic_down_intl" parent=total_download_intl
packet-mark=basic_packet_intl limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="queue_basic_up_intl" parent=total_upload_intl
packet-mark=basic_packet_intl limit-at=0 queue=default priority=8
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="Priorization" parent=global-in packet-mark="" limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name="games" parent=Priorization packet-mark=spgames limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name="Net" parent=Priorization packet-mark=spnet limit-at=0 queue=default
priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=no
32 / 35
Setting Mikrotik 2 line untuk Warnet
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user"
disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f
tp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password
,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web
/ user aaa
set use-radius=yes accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=yes port=17000
/ snmp
set enabled=yes contact="admin" location="hikari"
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=Local only-headers=no memory-limit=10 file-name="" file-limit=10
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535
/ tool traffic-monitor
add name="tmon1" interface=Local traffic=transmitted trigger=above threshold=0
on-event="" comment="" disabled=no
/ tool graphing
set store-every=5min
33 / 35
Setting Mikrotik 2 line untuk Warnet
/ tool netwatch
add host=192.168.0.27 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.8 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.23 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.7 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.12 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.24 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.25 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
add host=192.168.0.26 timeout=1s interval=1m up-script="" down-script=""
comment="" disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no redistribute-bgp=no
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20
metric-bgp=20
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1
34 / 35
Setting Mikrotik 2 line untuk Warnet
35 / 35