A.Setting Ap Bridge RB mikrotik.(sama aja dengan RB yang lain settingannya)
--Login Ke RBnya dengan Winbox
--Dwonload Winbox ((DISINI))
--Login admin,password kosongkan
--Pilih "Interface"
--Dimenu "Interface List", klik kanan "Wlan1" kemudian pilih "Enable"
--Kemudian Double klik "Wlan1" akan tampil seperti dibawah (Klik Gambar Untuk Memperjelas):
--lihat gambar di bawah(Klik Gambar Untuk Memperjelas):
--pilih "Wireless" yang di samping "General", tampilan seperti ini (Klik Gambar Untuk Memperjelas):
--untuk Band :2GHz-B
--Untuk Channel Width :20MHz
--Untuk Frequency cari Frequency yang kosong, jangan sampai Ap Bridge anda tabrakan dengan Ap Bridge orang lain,caranya:
---Dibawah "Ok" dan "Cancel" ada "Snooper",pilih "Snooper"
---Kemudian Pilih Start,lihat di bawah Frequency
---Di Sana ada Frequency yang telah digunakan
---Seperti 2412 dan 2437 lihat gambar dibawah (Klik Gambar Untuk Memperjelas):
--Saya dapat Frequency yang belum terpakai yaitu 2462
--Untuk Frequency :2462 MHz
--Untuk SSID :Terserah anda,saya bikin contoh citra4
--Untuk Radio Name :Terserah anda juga,saya buat contoh citra4
--Untuk Scanlist :kosongkan aja
--Wireless Protocol :unspecified
--Security Profil :default
--Frequency Mode :Manual txpower
--Country :no_country_set
--Antenna Mode :antenna a
--Antenna Gain :0
--DFS Mode :none
--Properietary Extension:post 2.9.25
--WMM Support :disabled
--Default Ap TX Rate :tidak di isi
--Default Client TX Rate:tidak di isi
--Default Authenticate (di centang)
--Default Forward (dicentang)
--Hide SSID (tidak Dicentang
--lihat gambar di bawah hasilnya (Klik Gambar Untuk Memperjelas)
--Kemudian Pilih "Bridge" Kemudian Klik Tanda plus warna merah kemudian Klik "OK" (Klik Gambar Untuk Memperjelas):
--Di samping "Bridge" ada "Port",klik tanda plus warna merah
--Sesuaikan dengan di bawah ini
--Interface :ether1
--Bridge :bridge1
--Prioriry :80
--Path Cost :10
--Horizon :tidak di isi
--Edge :auto
--Point to Point :auto
--External FDB :auto
--Kemudian Klik "OK"
--Klik tanda plus warna merah sekali lagi
--Sesuaikan dengan di bawah ini
--Interface :wlan1
--Bridge :bridge1
--Prioriry :80
--Path Cost :10
--Horizon :tidak di isi
--Edge :auto
--Point to Point :auto
--External FDB :auto
--Kemudian Klik OK
--kembali ke "Interface" di menu utama,Klik "Interface"
--kemdian Double Klik "wlan1"
--kemudian di samping "general" ada "wireless",di samping "Wireless" ada "Data Rate", di sampingnya lagi ada "WDS",di "WDS"... sesuaikan aja dengan gambar di bawah ini (Klik Gambar Untuk Memperjelas):
--klik "New Terminal", dan ketik perintah di bawah ini:
/ip address add address=192.168.1.1 interface=bridge1 netmask=255.255.255.0
--lihat gambar di bawah ini
--kemudian klik "Enter" (Klik Gambar Untuk Memperjelas)
/system identity set name=terserah anda namanya
--kemudian kita kasih password untuk RB nya,ketik perintah dibawah
/password
--old password:tidak di isi
--new password:terserah anda
--retype new password:ulangi password anda
--untuk keamanan RB anda dari hack atau cut ip maka copykan seluruk perintah di bawah ini,kemudian pastekan di new terminal
--Untuk Keamanan Filter Port Forces:
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop_SSH_brute_forces” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d comment=”Drop_SSH_brute_forces1” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces2” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces3” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new cation=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=” Drop_SSH_brute_forces4”
--Untuk Filter Port Scanning
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port_Scanners_To_List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=” Port_Scanners_To_List1” disabled=no
--Untuk Filter Port FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter_FTP_to_Box” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”Filter_port_FTP1” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”Filter_port_FTP1” disabled=no
--Untuk Separate Packet Flag
/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate_Protocol_into_Chains1” disabled=no
/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp comment=”Separate_Protocol_into_Chains2” disabled=no
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp comment=”Separate_Protocol_into_Chains3” disabled=no
--Untuk Blok UDP traffic Iblis
/ip firewall filter add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking_UDP_Packet1” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=111 action=drop comment=”Blocking_UDP_Packet2” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=135 action=drop comment=”Blocking_UDP_Packet3” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Blocking_UDP_Packet4” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=2049 action=drop comment=”Blocking_UDP_Packet5” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=3133 action=drop comment=”Blocking_UDP_Packet6” disabled=no
--Untuk Blok TCP traffic Iblis
/ip firewall filter add chain=tcp protocol=tcp dst-port=69 action=drop comment=”Bloking_TCP_Packet” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=111 action=drop comment=”Bloking_TCP_Packet1” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=119 action=drop comment=”Bloking_TCP_Packet2” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=135 action=drop comment=”Bloking_TCP_Packet3” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”Bloking_TCP_Packet4” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Bloking_TCP_Packet5” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”Bloking_TCP_Packet6” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”Bloking_TCP_Packet7” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”Bloking_TCP_Packet8” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”Bloking_TCP_Packet9” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”Bloking_TCP_Packet10” disabled=no
--Untuk Blocking Bukis Mail Traffic
/ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop comment=”Allow_SMTP” disabled=no
--Untuk Filter DOS
/ip firewall filter add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”Limited_Ping_Flood1” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”Limited_Ping_Flood2” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood3” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood4” disabled=no
/ip firewall filter add chain=icmp protocol=icmp action=drop comment=”Limited_Ping_Flood5” disabled=no
--Untuk Connection P2P
/ip firewall filter add chain=forward p2p=all-p2p action=accept comment=”trafik_P2P” disabled=no
--Untuk Filter Junk Dan Koneksi yang Benar
/ip firewall filter add chain=input connection-state=established action=accept comment=”Connection_State1” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”Connection_State2” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Connection_State3” disabled=no
--untuk Allow estabilished Connections
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow_Established_Connections”
--Untuk Related Connections
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow_Realted_connections”
--Untuk Drop Invalid Connections
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop_Invalid_Connections”
--Untuk Drop Virus
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop_invalid_connections”
/ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ ip firewall filter chain=virus protocol=udp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”__________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=” Drop¬_MyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”______”
/ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
/ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
/ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
/ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”BagleVirus”
/ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”DropDumaruY”
/ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”DropBeagle”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”DropBeagle_C-K”
/ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=”DropMyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”DropBackdoorOptixPro”
/ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm1”
/ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm2”
/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”DropSasser”
/ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”DropBeagleB”
/ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”DropDabber-A-B”
/ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”DropMyDoom-B”
chain=virus protocol=tcp dst-port=12345 action=drop comment=”DropNetBus”
/ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”DropKuang2”
/ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”DropSubSeven”
/ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”DropPhatBot,Agobot,Gaobot”
/ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
--Untuk Accept Estabilished Connections
/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept_established_connections”
--Terus kalo dah seperti ini Bentengnya hacker mau ngapain?wakkakaka...isep jari kali ya..
--Untuk Accept Related Connections
/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept_related_connections”
--Untuk Drop Invalid Connections
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
--Untuk UDP
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
--Untuk Allow Limited Ping
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
--Untuk Drop Excess Ping
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
--Untuk FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
--Huuhh capek juga..
--Bakar Rokok dulu,dan secangkir kopi jawa
--lanjut....
--Untuk SSH for Secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
--Untuk Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
--Untuk Web
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
--Untuk Winbox /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
--capek untuk mulu...di ganti dengan buat
--buat pptp-server
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
--Buat log Everything else
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
--Buat Anti netcut
/ip firewall filter add action=accept chain=input comment="Anti-Netcut1" disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut2" disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut3" disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut4" disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut5" disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut6" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut7" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut8" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut9" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
--Buat Mematikan Port yang digunakan SPAM
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
--Selesai....Konfigurasi AP Bridge Telah selesai..
B.Setting Station WDS RB 411R (sama aja dengan RB yang lain settingannya)
--Login Ke RB411R dengan Winbox:
--Pilih Interface
--Dimenu "Interface List", klik kanan "wlan1" kemudian pilih "enable"
--Kemudian klik dua kali "wlan1" akan tampil seperti dibawah (Klik Gambar Untuk Memperjelas):
--lihat gambar di bawah (Klik Gambar Untuk Memperjelas)
--untuk Mode :station wds
--untuk Band :2GHz-B
--Untuk Channel Width :20MHz
--Untuk Frequency,samakan dengan frequency Ap Bridge anda...saya tadi pake frequency 2462 untuk Ap,berarti untuk Station wds saya gunakan 2462
--Untuk SSID :Masukkan SSID Ap Bridge anda,SSID Ap bridge saya tadi Citra4 berarti SSID station wds saya citra4
--Untuk Radio Name :Terserah anda juga,saya buat contoh Client
--Untuk Scanlist :kosongkan aja
--Wireless Protocol :unspecified
--Security Profil :default
--Frequency Mode :Manual txpower
--Country :no_country_set
--Antenna Mode :antenna a
--Antenna Gain :0
--DFS Mode :none
--Properietary Extension:post 2.9.25
--WMM Support :disabled
--Default Ap TX Rate :tidak di isi
--Default Client TX Rate:tidak di isi
--Default Authenticate (di centang)
--Default Forward (dicentang)
--Hide SSID (tidak Dicentang
--lihat gambar di bawah hasilnya (Klik Gambar Untuk Memperjelas)
--Kemudian Pilih "Bridge" Kemudian Klik Tanda plus warna merah kemudian Klik OK:
--Masih di tampilan menu "Bridge"
--Di samping Bridge ada Port,klik tanda plus warna merah
--Sesuaikan dengan di bawah ini
--Interface :ether1
--Bridge :bridge1
--Prioriry :80
--Path Cost :10
--Horizon :tidak di isi
--Edge :auto
--Point to Point :auto
--External FDB :auto
--Kemudian Klik OK
--Klik tanda plus warna merah sekali lagi
--Sesuaikan dengan di bawah ini
--Interface :wlan1
--Bridge :bridge1
--Prioriry :80
--Path Cost :10
--Horizon :tidak di isi
--Edge :auto
--Point to Point :auto
--External FDB :auto
--Kemudian Klik "OK" (Klik Gambar Untuk Memperjelas)
--kemdian Double Klik "wlan1"
--kemudian di samping general ada wireless,di samping wireless ada Data rate, di sampingnya lagi ada "WDS",di "WDS" ... sesuaikan aja dengan gambar di bawah ini (Klik Gambar Untuk Memperjelas):
--klik "New Terminal", dan ketik perintah di bawah ini:
/ip address add address=192.168.1.2 interface=bridge1 netmask=255.255.255.0
--lihat gambar di bawah ini
--kemudian klik enter
/system identity set name=terserah anda namanya
--kemudian kita kasih password untuk RB nya,ketik perintah dibawah
/password
--old password:tidak di isi
--new password:terserah anda
--retype new password:ulangi password anda
--Copykan kemanan RB yang di atas, kemudian pastekan di new terminall
--Sekarang kita akan Hubungkan dengan AP Bridge Station WDS nya dengan cara:
--Dimenu winbox ada Interface kemudian di Interface double klik wlan1
--Dibawah tulisan OK ada Cancel,di bawahnya lagi ada Scan,klik scan
--Lihat gambar di awah ini (Klik Gambar Untuk Memperjelas):
--Untuk RB411U di Connectkan Dengan RB411R itu bisa jangkauan 15 KM..dengan catatan bebas hambatan tidak terhalang pepohonan..
--jika anda telah melakukan connect terhadap AP bridge lakukan ping terhadap AP bridge tersebut
--caranya klik new terminal ketik peintah di bawah ini
ping 192.168.1.1 jika reply berarti telah terhubung..lihat gambar di bawah ini (Klik Gambar Untuk Memperjelas):
--pilih wireless kemudian registration
--lihat di registration ada di terlihat SSID Station WDS anda..maka klik kanan kemudian Copy to Access list..lihat gambar di bawah ini (Klik Gambar Untuk Memperjelas):
--Konfigurasi AP bridge dan Station WDS telah selesai
0 komentar:
Posting Komentar