Konfigurasi Mikrotik untuk SOHO

Jasa Setting Mikrotik – Pada tutorial kali ini, kita akan melakukan konfigurasi untuk SOHO (Small Office Home Office). Konfigurasi jaringan ini antara lain seperti berikut ini:
a. Laptop -> Access Point -> Mikrotik -> Modem ISP
b. Komputer -> Switch -> Mikrotik -> Modem  ISP
c. Laptop -> Access Point -> Switch -> Mikrotik -> Modem ISP

Pada tutorial kali ini, port 1 Mikrotik dihubungkan ke ISP Modem, port 2 Mikrotik dihubungkan ke LAN

Langkah-langkah konfigurasi adalah:

  1. Setting interface ke internet
    a. kalau pppoe
    interface pppoe-client add  user=user password=passwd interface=ether1 disabled=no add-default-route=yes

    b. kalau dapat ip static (misal 192.168.1.2 dengan ip modem 192.168.1.1)
    ip address add address=192.168.1.2/24 interface=ether1
    ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1

  2. setting interface ke jaringan LAN
    ip address add address=192.168.0.1/24 interface=ether2
  3. Seting NAT
    ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=ether1 action=masquerade

    kalau menggunakan pppoe
    ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=pppoe-out1 action=masquerade

  4. Setting DNS
    ip dns set servers=192.168.1.1 allow-remote-requests=yes
    Silahkan mengganti ipnya sesuai yang diberikan ISP anda
  5. Setting DHCP
  6. Manajemen bandwidth

Firewall
Mengenai firewall ada 2 pilihan

  1. firewall hanya berisi yang diblok, ini lebih sederhana misal
    ip firewall filter add chain=input src-address=192.168.0.196 protocol=tcp dst-port=53 action=drop
    ip firewall filter add chain=input src-address=192.168.0.196 protocol=udp dst-port=53 action=drop
    ip firewall filter add chain=forward src-address=192.168.0.196 action=drop
    ip firewall filter add chain=forward dst-address=192.168.0.196 action=drop
  2. firewall hanya berisi yang diperbolehkan, ini lebih mudah dikontrol:

    a. bagian atas berisi yang diperbolehkan misalnya
    ip firewall filter add chain=input src-address=192.168.0.196 protocol=tcp dst-port=53 action=accept
    ip firewall filter add chain=input src-address=192.168.0.196 protocol=udp dst-port=53 action=accept
    ip firewall filter add chain=forward src-address=192.168.0.196 action=accept
    ip firewall filter add chain=forward dst-address=192.168.0.196 action=accept

    b. Bagian paling bawah berisi blok
    ip firewall filter add chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=53 action=drop
    ip firewall filter add chain=input src-address=192.168.0.0/24 protocol=udp dst-port=53 action=drop
    ip firewall filter add chain=forward src-address=192.168.0.0/24 action=drop
    ip firewall filter add chain=forward dst-address=192.168.0.0/24 action=drop

You may also like...

Popular Posts

Leave a Reply

Your email address will not be published. Required fields are marked *