This document provides a tutorial on configuring MikroTik routers for various purposes such as proxy servers, bandwidth management, NAT, bridging, and network monitoring. It discusses how to set up basic router configurations like naming interfaces and assigning IP addresses. It also explains how to configure MikroTik for functions like transparent proxy caching, bandwidth limiting using queues, network address translation (NAT), bridging multiple network segments, and network monitoring with MRTG graphs. The tutorial is intended to simplify MikroTik configurations for beginners.
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
In this practice you will be able:
-How to install and configure the iptables and proxy firewall when we want to block the packet.
-How to allow or deny the services or packet when the client access to the Internet.
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Asas Pelayaran Internet Oleh
Ahmad Faizar Jaafar Unit Web & Digital Komponen
Jabatan Pengurusan Sistem & Teknologi Maklumat
(JPSTM) PTAR, UiTM
http://faizar.atspace.com/courses.html
http://faizaronestop.blogspot.com/
http://faizar.multiply.com
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
In this practice you will be able:
-How to install and configure the iptables and proxy firewall when we want to block the packet.
-How to allow or deny the services or packet when the client access to the Internet.
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Asas Pelayaran Internet Oleh
Ahmad Faizar Jaafar Unit Web & Digital Komponen
Jabatan Pengurusan Sistem & Teknologi Maklumat
(JPSTM) PTAR, UiTM
http://faizar.atspace.com/courses.html
http://faizaronestop.blogspot.com/
http://faizar.multiply.com
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
This paper is part of course from gray hat | security (grayhat.in)
In order to hunt for web application bugs, you would always like to know technologies in detailed. This paper will helping you getting hands-on knowledge of HTTP/HTTPS, COOKIES, SOP, CORS and many references to other valuable topics to test for web applications.
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
Skenario soal latihan lengkap Lab 3.7.10 dari materi Cisco CCNA 1 v7. Untuk mengetahui kegunaan wireshark dalam mengcapture dan menganalisa traffic jaringan. Di skenario ini menggunakan protocol ICMP yang dipakai pada saat melakukan perintah Ping dari command line interface windows 10.
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
This paper is part of course from gray hat | security (grayhat.in)
In order to hunt for web application bugs, you would always like to know technologies in detailed. This paper will helping you getting hands-on knowledge of HTTP/HTTPS, COOKIES, SOP, CORS and many references to other valuable topics to test for web applications.
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
Skenario soal latihan lengkap Lab 3.7.10 dari materi Cisco CCNA 1 v7. Untuk mengetahui kegunaan wireshark dalam mengcapture dan menganalisa traffic jaringan. Di skenario ini menggunakan protocol ICMP yang dipakai pada saat melakukan perintah Ping dari command line interface windows 10.
How to manage internet clients of an ISP with PPPoE and MikroTik. For
centralized AAA (Authentication, Authorization and Accounting), freeRadius is used.
PRIVATE CLOUD SERVER IMPLEMENTATIONS FOR DATA STORAGEEditor IJCTER
In without internet connection. this paper we have implemented private cloud data
storage server in Microsoft windows server 2K12operating system which provides software as a
services with mailing system for private cloud consumers & clients, through private cloud server
services clients can access web services, centralized data storage services , software as services and can also send and receive mails in entire network without internet connectivity. This paper is the implementation of cloud software as service, centralized remote accessibility and private mails system.
Final ProjectFinal Project Details Description Given a spec.docxAKHIL969626
Final Project
Final Project Details:
Description: Given a specific scenario, create an appropriate IP addressing scheme, document a given network by creating a logical network diagram and create the appropriate access lists for use on the routers. Deliverables:
· Demonstrate the theory and practice of Cisco networking, routing, and switching strategies as outlined in the Cisco CCENT Certification exam
Prior to implementing any design we need to first write-up our proposed network design on paper. With that in mind, we begin by performing a network discovery. Once we have identified all the network devices and the needs of the organization, we can document the TCP/IP information that is needed for our design. In this exercise you will determine the subnet information for each department and assign IP addresses for the network devices.
You have been assigned as a networking tech for a new client, AAA Fabricating. The network is configured with a Class C network and the current allocation of IP addresses has been depleted. You have been tasked to reconfigure the network with a Class B address and assign a subnet to each of the 10 departments and the three routers.
Your network audit consists of the following information:
AAA Fabrication consists of 10 departments spread across three buildings.
Each building is connected using three Cisco 2800 Series routers. The three routers are located in the MIS wiring closet in Building 2.
Each department has its own Cisco 2950 switch.
There are at least two workstations in each department.
The company plans to use a class B address range starting at 172.16.0.0.
Each department must be assigned a subnet. Subnets should be designed to allow for the maximum number of hosts on each department subnet using classful subnetting.
The company also wants the three routers to communicate on the minimum quantity of IP addresses using three subnets.
Building 1
Subnet
Department
Subnet ID
Host ID Range
Broadcast Address
0
Warehouse
1
Receiving
2
shipping
3
Maintenance
Building 2
Subnet
Department
Subnet ID
Host ID Range
Broadcast Address
4
Accounting
5
Human Resources
6
Payroll
7
MIS
8
Employee Training
Building 3
Subnet
Department
Subnet ID
Host ID Range
Broadcast Address
9
R&D
10
Marketing
Routers
Building 1
Ethernet and Serial Interfaces
IP Address
Subnet Mask
Router
Fast Ethernet 0/0
Building 1
Serial 0/0
To Building 2
Serial 0/1
To Building 3
Building 2
Ethernet and Serial Interfaces
IP Address
Subnet Mask
Router
Fast Ethernet 0/0
Building 2
Serial 0/0
To Building 1
Serial 0/1
To building 3
Building 3
Ethernet and Serial Interfaces
IP Address
Subnet Mask
Router
Fast Ethernet 0/0
Building 3
Serial 0/0
To Building 1
Serial 0/1
To Building 2
Part 2
Create a logical Network Diagram
Logical Network topology represents a high level overview of the signal topology of the network. Every LAN has two different topologies, or the way that the devices on a networ ...
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
The number of embedded devices that are connected to the internet is growing each day. Nowadays, they are installed majorly using a wireless connection. They need mobile network coverage to be connected to the internet. Read our next blog which tells you about the various configurations to connect a device such as Colibri iMX6S with the Colibri Evaluation Board running Linux to the internet through the PPP (Point-to-Point Protocol) link. Read More: https://www.toradex.com/blog/how-to-use-gsm-3g-4g-in-embedded-linux-systems
Design an Implementation of A Messaging and Resource Sharing Softwarenilabarai
In this article it has been looked how to program using sockets by implementing an echo server along with a client that is used to send and receive string messages. It will start off by giving a quick introduction to TCP/IP fundamentals and then explain how sockets fit into the diagram. Most network application can be divided into two pieces: a client and a server. A client is the side that initiates the communication process, where as the server responds to incoming client requests. There would be contains three types of service from this software, that is Message Transfer service, Voice Transfer service and File Transfer service. All this sorts are the design issue of this software.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 6
Tutorial mikrotik step by step
1. 1
TUTORIAL MIKROTIK STEP BY STEP
By: Anung Muhandanu
MikroTik Overview
Mikrotik now widely used by ISPs, hotspot providers, or by the owner of the
cafe. Mikrotik OS router makes the computer into a reliable network that is equipped
with various features and tools, for both wired and wireless.
In this tutorial the author presents a discussion and a simple and simple
instructions on configuring the proxy for certain purposes and the public is typically
collected in server / router cafe as well as other tissues, such configuration for
example, for server NAT, Bridging, BW management, and MRTG.
Mikrotik version I use for this tutorial is MikroTik RouterOS 2.9.27
Access MikroTik:
1. via console
Mikrotik router board or PC can be accessed directly via the console / shell
and remote access using putty (www.putty.nl)
2. via Winbox
Mikrotik can also be accessed / remotely using software tools Winbox
3. via web
Mikrotik can also be accessed via web / port 80 by using a browser
• Naming MikroTik
[ropix@IATG-SOLO] > system identity print
name: "Mikrotik"
[ropix@IATG-SOLO] > system identity edit
value-name: name
Enter the editor type for example I change the name IATG-SOLO:
IATG-SOLO
C-c quit C-o save&quit C-u undo C-k cut line C-y paste
Edit and then press Clrl-O to save and exit the editor
w
w
w
.depiscesm
an.com
2. 2
If using Winbox, it looks like this:
• Changing the name of the interface:
[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[ropix@IATG-SOLO] > /interface edit 0
value-name: name
The value 0 is the value ether1, if you want to replace ethet2 value 0 replaced by 1.
Entrance to the editor, for example I replace it with name local:
local
C-c quit C-o save&quit C-u undo C-k cut line C-y paste
Edit and then press Cltr-o to save and exit the editor, Do the same for interfaces ether
2, so that if seen again will appear like this:
[ropix@IATG-SOLO] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R local ether 0 0 1500
1 R public ether 0 0 1500
w
w
w
.depiscesm
an.com
3. 3
Via Winbox:
Select the menu interface, click the name of the interface that wants to be edited, so it
appears the edit window interface.
• Setting IP Address:
[ropix@IATG-SOLO] > /ip address add
address: 192.168.1.1/24
interface: local
[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
Enter the IP address value in the column address and netmask, enter the name of the
interface that wants to be given an IP address. For public interface Interface 2,
namely, the same way as above, so that if seen again will be 2
interfaces:[ropix@IATG-SOLO] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 202.51.192.42/29 202.51.192.40 202.51.192.47 public
w
w
w
.depiscesm
an.com
4. 4
Via Winbox:
• Make Mikrotik NAT
Network Address Translation or more commonly referred to as NAT is a method to
connect more than one computer to the Internet network using a single IP address.
Number of use of this method due to limited availability of IP addresses, the need for
security , and the ease and flexibility in network administration.
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of the
address 4 bytes means that there are 2 to the power 32 = 4,294,967,296 IP addresses
available. This amount is theoretically the number of computers that can directly
connect to the internet. Because of this limitation most of the ISPs (Internet Service
Provider) will only allocate one address for one user and this address is dynamic,
meaning that a given IP address will be different every time the user connects to the
Internet. This will make it difficult for businesses to lower middle class. On the one
hand they need more computers are connected to the Internet, but on the other hand
only one IP address which means there is only one computer that can connect to the
internet. This can be overcome by using NAT. By NAT gateways that run on one
computer, one IP address can be shared with several other computer and they can
connect to the internet simultaneously.
Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42
behind one IP address provided by ISP, which we use is a feature of Mikrotik source
network address translation (masquerading). Masquerading changes the data packets
from the IP address and port from the network 192.168.0.0/24 to 202.51.192.42
henceforth be forwarded to the global Internet network.
w
w
w
.depiscesm
an.com
5. 5
To use masquerading, source NAT rule with action 'masquerade' should be added to
the firewall configuration:
[ropix@IATG-SOLO] > /ip firewall nat add chain=srcnat
action=masquerade out-interface=public
If using Winbox, will look like this:
• As a transparent web proxy mikrotik
One function is to store the proxy cache. If a LAN uses a proxy to connect to the
Internet, it is done by the browser when a user accesses a web server URL is to take
these requests on a proxy server. Whereas if the data is not contained in the proxy
server then proxies to pick up directly from the web server. Then the request is stored
w
w
w
.depiscesm
an.com
6. 6
in the cache proxy. Furthermore, if there are clients who make requests to the same
URL , it will be taken from the cache. This will make access to the Internet faster.
How to ensure that each user accessing the Internet through a web proxy that we have
enabled? To this we can apply the transparent proxy. With transparent proxy, every
browser on computers that use this gateway automatically goes through a proxy.
Enabling web proxy in mikrotik fiture:
[ropix@IATG-SOLO] > /ip proxy set enabled=yes
[ropix@IATG-SOLO] > /ip web-proxy set
cache-administrator= ropix.fauzi@infoasia.net
[ropix@IATG-SOLO] > /ip web-proxy print
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: "IATG-SOLO"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "ropix.fauzi@infoasia.net"
max-object-size: 8192KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB
reserved-for-ram-cache: 2048KiB
Make a rule for transparent proxy on the firewall NAT, precisely there masquerading
under the rule for NAT:
[ropix@IATG-SOLO] > /ip firewall nat add chain=dstnat in-
interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80
action=redirect to-ports=3128
[ropix@IATG-SOLO] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=public action=masquerade
1 chain=dstnat in-interface=local src-address=192.168.0.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128
In Winbox:
1. Enable web proxy on the menu IP> Proxy> Access> Settings (check box enabled)
w
w
w
.depiscesm
an.com
7. 7
2. Parameter settings on the IP menu> Web Proxy> Access Settings> General
w
w
w
.depiscesm
an.com
8. 8
3. Make a rule for transparent proxy on the menu IP> Firewall> NAT
• Transparent proxy with proxy servers separate / independent
MikroTik Web Proxy built in according to my observations not so good compared to
the squid proxy in Linux, squid in Linux has more flexibility to be modified and
diconfigure, eg for delay-pool feature and ACL lists that include files, not in the proxy
series 2.9.x.
Usually most people prefer to create their own proxy servers, with PC Linux /
FreeBSD and live directing all clients to the PC.
Topology PC proxy can be in a local network or using public ip.
Configuration almost similar to the transparent proxy, the difference is in the action
NAT rule is as follows:
w
w
w
.depiscesm
an.com
9. 9
In the above example 192.168.0.100 is the IP proxy server port 8080
• Mikrotik as a bandwidth limiter
Mikrotik can also be used for bandwidth limiter (queue). To control the data rate
allocation mechanism.
In general there are 2 types of bandwidth management at the proxy, the simple queue
and queue trees. Please use one only.
The next tutorial mikrotik all settings using Winbox, because it is more user friendly
and efficient.
Simple queue:
For example we will limit the bandwidth of the client with ip 192.168.0.3 that is for
upstream and downstream 128kbps 64kbps
Settings on the menu Queues> Simple Queues
Queue tree
Click the ip> firewall> magle
w
w
w
.depiscesm
an.com
10. 10
Make a rule (click the + red) with the following parameters:
On the General tab:
Chain = forward,
Src.address = 192.168.0.3 (or ip who want the limit)
On the Action tab:
Action = mark-connection,
New connection-mark = client3 con (or the name of the mark we created a
distinguished conection)
Click Apply and OK
w
w
w
.depiscesm
an.com
11. 11
Create another rule with the following parameters:
On the General tab: chain = forward,
Connection mark = client3-con (choose from dropdown menu)
On the Action tab:
Action = mark-packet,
New pcket Mark = client3 (or the name of the packet we created a distinguished
mark)
Click Apply and OK
Click the Queues> Queues Tree
w
w
w
.depiscesm
an.com
12. 12
Make a rule (click the + red) with the following parameters:
On the General tab:
Name = client3-in (eg),
Parent = public (which is the direction of outgoing interface),
Mark = client3 Package (choose from the dropdown, just that we make to magle)
Queue Type = default,
Priority = 8,
Max limit = 64k (for setting the bandwidth max download)
Click aplly and Ok
w
w
w
.depiscesm
an.com
13. 13
Create another rule with the following parameters:
On the General tab:
Name = client3-up (eg),
Parent = local (as an interface into which direction),
Mark = client3 Package (choose from the dropdown, just that we make to magle)
Queue Type = default,
Priority = 8,
Max limit = 64k (for setting max upload bandwidth)
Click aplly and Ok
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol
itself. Packages that are forwarded based on Ethernet addresses, not IP addresses
(such as routers). Because the packet forwarding done at Layer 2, all protocols can be
via a bridge.
So the analogy is like this, you have a local network 192.168.0.0/24 gateway to an
ADSL modem which also as a router with a local ip 192.168.0.254 and public ip
222.124.21.26.
You want to create a proxy server and proxy as a BW management for all clients.
Well want to put the location for the PC mikrotik? Among the hub / switch and
gateway / modem? Do not be like him as a NAT and we have to add 1 block io
private again different from the gateway modem?
The solution set as a bridging proxy, so seolah2 he only bridge between UTP cable
only. Topology as follows:
Internet----------Moderm/router-----------Mikrotik--------Switch/Hub-----Client
Setting bridging using Winbox
1. Add a bridge interface
Click the Interface menu and then click the + sign to add a red color interface, select
the Bridge
w
w
w
.depiscesm
an.com
14. 14
to name bridge interface, eg, we named bridge1
2. adding ether interface on the local and public interface
Click the IP> Bridge> Ports, then click the + sign to add a new rule:
Make 2 rules, to local and public interface.
3. Giving IP address to bridge interface
Click the IP menu and then click the + sign to add an interface IP, eg 192.168.0.100,
select bridge1 interface (or the name of the bridge interface that we created earlier)
w
w
w
.depiscesm
an.com
15. 15
By giving the IP address on bridge interface, the proxy can be either remote from the
network which is connected to a local interface or the public.
Mikrotik as MRTG / Graphing
Graphing is a tool in mokrotik enabled to monitor changes in the parameters at any
time. Changes that change the form of graphs uptodate and can be accessed using a
browser.
Graphing can display the information in the form:
* Resource usage (CPU, Memory and Disk usage)
* Traffic passing through the interfaces
* Traffic through simple queues
Activating the function grapping
Click the Tools menu> Graphing> Resource Rules
Is to enable graphing for Mikrotik resource usage. While allow address is anywhere
IP that can access these charts, 0.0.0.0 / 0 for all ip address.
Click the Tools menu> Graphing> Interface Rules
Is to enable graphing for monitoring traffic passing through the interface, please
select which interface you want monitored, or select "all" for all.
w
w
w
.depiscesm
an.com
16. 16
Graphing consists of two parts, first to collect information / data that both show in a
web format. To access the graphics, type the URL with the format http://
[Router_IP_address] / graphs / and choose from the menus there, where you want to
display graphics.
Sample results graph for traffic public interface:
Similarly, the authors convey a little tutorial for just sharing the knowledge or
simplify for easy understanding of the tutorials that are already available on the
official site mikrotik.
Warmest Regards,
Anung Muhandanu
w
w
w
.depiscesm
an.com