Superlab5
Topologi..
Pertama adalah konfigurasi Router ISP agar terhubung dengan Internet
Pertama atur jam pada Router
Topologi..
Pertama adalah konfigurasi Router ISP agar terhubung dengan Internet
[admin@MikroTik] > system identity set name=ISP [admin@ISP] > ip address add address=19.19.19.10/16 interface=ether1 [admin@ISP] > ip address add address=11.11.11.1/24 interface=ether2 [admin@ISP] > ip address add address=22.22.22.1/24 interface=ether3 [admin@ISP] > ip route add gateway=19.19.19.4 [admin@ISP] > ip dns set servers=8.8.8.8 allow-remote-requests=yes [admin@ISP] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1Lalu konfigurasi ip address pada R1
[admin@MikroTik] > system identity set name=IDN-R1 [admin@IDN-R1] > ip address add address=11.11.11.2/24 interface=ether1 [admin@IDN-R1] > ip address add address=192.168.20.1/24 comment=to-R2 interface=ether2 [admin@IDN-R1] > ip address add address=192.168.100.1/24 comment=lan interface=ether3Aktifkan dhcp server pada Router ini :
[admin@IDN-R1] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether3 Select network for DHCP addresses dhcp address space: 192.168.100.0/24 Select gateway for given network gateway for dhcp network: 192.168.100.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.100.2-192.168.100.254 Select DNS servers dns servers: 192.168.100.1 Select lease time lease time: 10mLalu konfigurasi agar Router ini tehrubung ke internet
[admin@IDN-R1] > ip route add gateway=11.11.11.1 [admin@IDN-R1] > ip dns set servers=11.11.11.1 allow-remote-requests=yes [admin@IDN-R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1 [admin@IDN-R1] > ip route add dst-address=192.168.200.0/24 gateway=ether2Sekarang pada Router R2 konfigurasi IP Address dan bridge
[admin@MikroTik] > system identity set name=IDN-R2 [admin@IDN-R2] > ip address add address=192.168.20.2/24 interface=ether1 [admin@IDN-R2] > interface bridge add name=br_sw [admin@IDN-R2] > interface bridge port add interface=ether2 bridge=br_sw [admin@IDN-R2] > interface bridge port add interface=ether3 bridge=br_sw [admin@IDN-R2] > interface bridge port add interface=ether4 bridge=br_sw [admin@IDN-R2] > ip address add address=192.168.200.1/24 interface=br_swKonfigurasi DHCP Server pada R2
[admin@IDN-R2] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: br_sw Select network for DHCP addresses dhcp address space: 192.168.200.0/24 Select gateway for given network gateway for dhcp network: 192.168.200.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.200.2-192.168.200.254 Select DNS servers dns servers: 192.168.200.1 Select lease time lease time: 10mKonfigurasi pada R2 agar terhubung ke Internet
[admin@IDN-R2] > ip route add gateway=192.168.20.1 [admin@IDN-R2] > ip dns set servers=192.168.20.1 allow-remote-requests=yes [admin@IDN-R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1Lanjut pada R3 kita konfigurasi IP Address :
[admin@MikroTik] > system identity set name=IDN-R3 [admin@IDN-R3] > ip address add address=22.22.22.2/24 interface=ether1 [admin@IDN-R3] > ip address add address=192.168.30.1/24 interface=ether2Lalu konfigurasi agar terhubung ke Internet
[admin@IDN-R3] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether2 Select network for DHCP addresses dhcp address space: 192.168.30.0/24 Select gateway for given network gateway for dhcp network: 192.168.30.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.30.2-192.168.30.254 Select DNS servers dns servers: 192.168.30.1 Select lease time lease time: 10mSekarang adalah konfigurasi L2TP Server pada R1 aktifkan L2TP Server :
[admin@IDN-R1] > interface l2tp-server server set enabled=yes use-ipsec=yes ipsec-secret=123 [admin@IDN-R1] > ppp secret add name=coba password=123 local-address=172.13.56.1 remote-address=172.13.56.2 routes=192.168.30.0/24 service=l2tpLalu L2TP Client pada R3
[admin@IDN-R3] > interface l2tp-client add connect-to=11.11.11.2 disabled=no mrru=1600 name=l2tp-client password=123 user=cobaTambah static Routing untuk menuju network 192.168.100.0/24 pada R1
[admin@IDN-R3] > ip route add dst-address=192.168.100.0/24 gateway=l2tp-clientSelanjutnya saya akan mencoba memblokir situs facebook di jam tertentu dan di buka diwaktu tertentu, yaitu facebook di jam 8 akan diblokir dan jam 17 akan dibuka.
Pertama atur jam pada Router
[admin@IDN-R1] > system clock set time=08:00:00
[admin@IDN-R1] > system clock print
time: 08:00:10
date: jan/08/2017
time-zone-autodetect: yes
time-zone-name: manual
gmt-offset: +00:00
Berikut ini adalah konfigurasinya :
[admin@IDN-R1] > ip firewall filter add chain=forward content=facebook action=drop protocol=tcp comment=block-fb-http
[admin@IDN-R1] > ip firewall layer7-protocol add name=facebook regexp=^.+facebook.com.*
[admin@IDN-R1] > /system script add name=fb-allow-https policy=write,read,policy,test,sniff source={/ip firewall filter set disabled=yes [/ip firewall filter find comment="block-fb-https"]}
/system script add name=fb-allow-http policy=write,read,policy,test,sniff source={/ip firewall filter set disabled=yes [/ip firewall filter find comment="block-fb-http"]}
system script add name=fb-deny-https policy=write,read,policy,test,sniff source={/ip firewall filter set disabled=no [/ip firewall filter find comment="block-fb-https"]}
system script add name=fb-deny-http policy=write,read,policy,test,sniff source={/ip firewall filter set disabled=no [/ip firewall filter find comment="block-fb-http"]}
system scheduler add name=fb-http-deny start-time=08:00:00 on-event=fb-deny-http
system scheduler add name=fb-https-deny start-time=08:00:00 on-event=fb-deny-https
system scheduler add name=fb-http-allow start-time=17:00:00 on-event=fb-allow-http
system scheduler add name=fb-https-allow start-time=17:00:00 on-event=fb-allow-https
Komentar
Posting Komentar