Perintah Dasar Pada Mikrotik Router

November 5, 2009

Artikel ini saya Copy Paste dari sini

 

Deteksi kartu jaringan
interface print
rubah nama kartu jaringan
interface set ether1 name= PUBLIC

interface set ether2 name= LOCAL
interface set ether3 name= PROXY
rubah hostname
system identity set name= ROUTER

Setting dasar
system identity set name=’ROUTER’
ip address add address=10.32.100.254
ip route add gateway=10.32.200.1
ip dns set primary=202.134.0.155 scondary=202.130.193.74
ip firewall nat add shain=srcnat action=masquerade out-interface=PUBLIC

ip firewall address-list
add list=ournetwork address=10.32.200.0/24 comment=”IP Junifer Jardiknas” disabled=no
add list=ournetwork address=192.168.0.0/24 comment=”IP LAN” disabled=no
add list=ournetwork address=192.168.1.0/30 comment=”IP VLAN” disabled=no
add list=ournetwork address=172.16.8.0/24 comment=”IP ICTC” disabled=no
add list=ournetwork address=172.16.6.0/24 comment=”IP RADIOICTC” disabled=no

Setting keamanan
Buat skrtip berikut menggunakan notepad kemudian copy-paste ke console mikrotik
Selanjutnya copy-paste skrip berikut pada console mikrotik

ip firewall filter
add chain=forward connection-state=established action=accept comment=”allow established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow related connections” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”_______” disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y, sebaiknya tidak didisable karena juga sering digunakan utk vpn atau webmin” disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” disabled=no
add chain=input connection-state=established action=accept comment=”Accept established connections” disabled=no
add chain=input connection-state=related action=accept comment=”Accept related connections” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” disabled=no
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=”Drop excess pings” disabled=no

add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH for secure shell” disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet” disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web” disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox” disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” disabled=no
add chain=input src-address-list=ournetwork action=accept comment=”From Datautama network” disabled=no
add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no

Efek dari skrip diatas adalah:
router mikrotik hanya dapat diakses FTP, SSH, Web dan Winbox dari IP yang didefinisikan dalam address-list “ournetwork” sehingga tidak bisa diakses dari sembarang tempat.
Port-port yang sering dimanfaatkan virus di blok sehingga traffic virus tidak dapat dilewatkan, tetapi perlu diperhatikan jika ada user yang kesulitan mengakses service tertentu harus dicek pada chain=”virus” apakah port yang dibutuhkan user tersebut terblok oleh firewall.
Packet ping dibatasi untuk menghindari excess ping.

kalo ada pertanyaan langsung ke situs sumbernya aja, soale aku tidak tahu apa-apa :)

Entry Filed under: Uncategorized. .

2 Comments Add your own

  • 1. Kuliahku  |  November 15, 2009 at 2:20 PM

    hai.. Aku punya situs Kuliahku. Isinya tentang Kuliah Mikrotik. Silahkan mampir ya kalo ada waktu.. :-)

    Reply

    • 2. ombong  |  November 19, 2009 at 2:34 PM

      segera ke tkp, dan terima kasih atas infonya :)

      Reply

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Categories

Recent Posts