Posts Subscribe to Revolution ChurchComments

Senin, 15 Juni 2009

Konfigurasi Mik Warnet Eksperimen



Bagi para Blogging mania... yg pingin memjoba Konfigurasi Mik Warnet.... boleh lihat trik ini... intinya tekun dalam spiritual scrip...

oke kita lanjut aja....

Sumber Pendukung : http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode

[admin@SpeedNet] > export
# may/22/2007 19:06:31 by RouterOS 2.9.6
# software id = F49Y-4AT
#
/ interface ethernet
set Public name="Public" mtu=1500 mac-address=00:13:8F:4C:8B:A4 arp=enabled disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment="" disabled=no
set Lan name="Lan" mtu=1500 mac-address=00:10:4B:0D:CE:91 arp=enabled disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment="" disabled=no
/ interface bridge port
set Public bridge=none priority=128 path-cost=10
set Lan bridge=none priority=128 path-cost=10
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 \
default-profile=default-encryption
/ ip pool
add name="dhcp_pool1" ranges=192.168.1.2-192.168.1.15
/ ip accounting
set enabled=yes account-local-traffic=yes threshold=256
/ ip accounting web-access
set accessible-via-web=yes address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip arp
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add type=external disabled=no
add type=internal disabled=no
/ ip traffic-flow
set enabled=no interfaces=(unknown) cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip address
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Lan comment="" disabled=no
add address=192.168.0.2/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Public comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add method=CONNECT dst-port=443 action=allow comment="allow CONNECT only to SSL ports 443 \[https\] and 563 \[snews\]" \
disabled=no
add method=CONNECT dst-port=563 action=allow comment="allow CONNECT only to SSL ports 443 \[https\] and 563 \[snews\]" \
disabled=no
add method=CONNECT action=deny comment="allow CONNECT only to SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
/ ip neighbor discovery
set Public discover=yes
set Lan discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=255 target-scope=10 comment="" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection new-connection-mark=ym_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection new-connection-mark=cs_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=irc_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection new-connection-mark=mt_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection new-connection-mark=ssh_conn passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no comment="" \
disabled=no
add chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-mark=dns passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-mark=ym passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-mark=cs passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-mark=irc passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-mark=mt passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet new-packet-mark=email passthrough=no comment="" \
disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-mark=ssh passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop Invalid connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment="Allow access to router from known network" disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment="SSH for secure shell" disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="From Mikrotikls network" disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment="From our private LAN" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no
add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set mms disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-server
add name="dhcp1" interface=Lan lease-time=3d address-pool=dhcp_pool1 bootp-support=static add-arp=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.1.2 mac-address=00:90:27:A2:5C:A3 client-id="1:0:90:27:a2:5c:a3" server=dhcp1 comment="" disabled=no
/ ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1,203.130.193.74,202.134.0.155 comment=""
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname="proxy.speed.net" transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster.speed.net" max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add url="http*youtube*get_video*" action=allow comment="youtube" disabled=no
add url="http*yahoo*" action=allow comment="Yahoo.com" disabled=no
add url="http*friendster*com" action=allow comment="Friendster" disabled=no
add url="http*google*com" action=allow comment="Google" disabled=no
add url="http*detik*com" action=allow comment="Detik" disabled=no
add url="http*kaskus*us" action=allow comment="Kaskus" disabled=no
/ ip web-proxy cache
add action=allow comment="" disabled=no
/ ip web-proxy direct
add action=allow comment="" disabled=no
/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=echo disabled=no
add topics=critical prefix="" action=echo disabled=no
add topics=firewall prefix="" action=memory disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=
/ system clock dst
set dst-delta=+01:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970 00:00:00"
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term="" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="inux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
/ system console screen
set line-count=25
/ system identity
set name="SpeedNet"
/ system note
set show-at-login=yes note=""
/ port
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
set serial1 name="serial1" baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default use-encryption=default only-one=default \
change-tcp-mss=default comment=""
set default-encryption name="default-encryption" use-compression=default use-vj-compression=default use-encryption=yes \
only-one=default change-tcp-mss=default comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \
red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
add name="Download" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name="Upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
/ queue simple
add name="SpeedNet" dst-address=192.168.1.0/24 interface=Lan parent=none priority=8 queue=default/default \
limit-at=0/384000 max-limit=0/384000 total-queue=default disabled=no
add name="1" target-addresses=192.168.1.2/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="2" target-addresses=192.168.1.3/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="3" target-addresses=192.168.1.4/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="4" target-addresses=192.168.1.5/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="5" target-addresses=192.168.1.6/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="6" target-addresses=192.168.1.7/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="7" target-addresses=192.168.1.8/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="8" target-addresses=192.168.1.9/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="9" target-addresses=192.168.1.10/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="10" target-addresses=192.168.1.11/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="11" target-addresses=192.168.1.12/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="12" target-addresses=192.168.1.13/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="13" target-addresses=192.168.1.14/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="14" target-addresses=192.168.1.15/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
add name="15" target-addresses=192.168.1.16/32 dst-address=0.0.0.0/0 interface=Lan parent=SpeedNet priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/80000 total-queue=default disabled=no
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" disabled=no
add name="op" group=write address=0.0.0.0/0 comment="" disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius
add service="" called-id="" domain="" address=0.0.0.0 secret="" authentication-port=1812 accounting-port=1813 \
timeout=300ms accounting-backup=no realm="" comment="" disabled=no
/ radius incoming
set accept=yes port=1700
/ driver
/ snmp
set enabled=yes contact="admin" location="admin"
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=all only-headers=yes memory-limit=64 file-name="" file-limit=10 streaming-enabled=yes \
streaming-server=192.168.0.24 filter-stream=yes filter-protocol=all-frames filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes disabled=no
add simple-queue=SpeedNet allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool netwatch
add host=202.134.0.155 timeout=1s interval=1s up-script="Link Jakarta Up" down-script="Jakarta Down" comment="Link \
Jakarta" disabled=no
add host=202.134.2.5 timeout=1s interval=1s up-script="Link SurabayaUp" down-script="Link Surabaya Down" comment="Link \
Surabaya" disabled=no
[admin@SpeedNet] >

This entry was posted on Tuesday, Feb 22nd, 2009 at 7:09 pm and is filed under Mikrotik, Networking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


Semoga Bermanfaat


Salam...
Photobucket

Artikel yang berkaitan



Diposting oleh KOKODA

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)
 

Template by KOKODA