Mikrotik¶
beberapa materi ada di old wetofu
Lab 1¶
Tujuan¶
Static Routing
Router 1 (Mikrotik7.3.1-1)
- DHCP Client
- IP Address
- NAT Masquerade
- Port Forwarding
Router 2 (Mikrotik7.3.1-2)
- IP Address
- IP Route
- IP DNS
- DHCP Server
- NAT Masquerade
Konfigurasi Router¶
Konfigurasi R1¶
cek IP dhcp-client
[admin@R1] > ip dhcp-client print
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 ether1 yes yes bound 192.168.122.182/24
kita akan mencoba konfigurasi dari awal
[admin@R1] > ip dhcp-client remove 0
[admin@R1] > ip dhcp-client print
[admin@R1] > ip dhcp-client add interface=ether1 disable=no
[admin@R1] > ip dhcp-client print
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 ether1 yes yes bound 192.168.122.182/24
[admin@R1] > ping google.com
SEQ HOST SIZE TTL TIME STATUS
0 74.125.130.100 56 99 48ms936us
1 74.125.130.100 56 99 70ms536us
...
tambah IP Address tiap ethernet
[admin@R1] > ip address add address=10.10.11.1/30 interface=ether2
[admin@R1] > ip address add address=192.168.10.1/28 interface=ether3
[admin@R1] > ip address print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
0 D 192.168.122.182/24 192.168.122.0 ether1
1 10.10.11.1/30 10.10.11.0 ether2
2 192.168.10.1/28 192.168.10.0 ether3
menambahkan masquerade
dalam mikrotik, masquerade dilakukan agar IP Private dapat terhubung ke internet
Konfigurasi R2¶
buat ip pada ethernet
[admin@MikroTik] > ip address add address=10.10.11.2/30 interface=ether1
[admin@MikroTik] > ip address add address=192.168.11.1/27 interface=ether2
[admin@MikroTik] > ip address print
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
0 10.10.11.2/30 10.10.11.0 ether1
1 192.168.11.1/27 192.168.11.0 ether2
tambah ip route
[admin@MikroTik] > ip route add gateway=10.10.11.1
[admin@MikroTik] > ip route print
Flags: D - DYNAMIC; A - ACTIVE; c, s, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 10.10.11.1 1
DAc 10.10.11.0/30 ether1 0
DAc 192.168.11.0/27 ether2 0
set dns
[admin@MikroTik] > ip dns set servers=192.168.122.1
[admin@MikroTik] > ping 10.10.11.1
SEQ HOST SIZE TTL TIME STATUS
0 10.10.11.1 56 64 3ms881us
1 10.10.11.1 56 64 1ms246us
2 10.10.11.1 56 64 1ms147us
sent=3 received=3 packet-loss=0% min-rtt=1ms147us avg-rtt=2ms91us
max-rtt=3ms881us
[admin@MikroTik] > ping google.com
SEQ HOST SIZE TTL TIME STATUS
0 142.251.12.102 56 102 48ms581us
1 142.251.12.102 56 102 56ms366us
2 142.251.12.102 56 102 56ms191us
sent=3 received=3 packet-loss=0% min-rtt=48ms581us avg-rtt=53ms712us
max-rtt=56ms366us
[admin@MikroTik] >
set dhcp-server
[admin@MikroTik] > ip dhcp-server print
[admin@MikroTik] > ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether2
Select network for DHCP addresses
dhcp address space: 192.168.11.0/27
Select gateway for given network
gateway for dhcp network: 192.168.11.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.11.2-192.168.11.30
Select DNS servers
dns servers: 192.168.122.1
Select lease time
lease time: 10m
[admin@MikroTik] >
set nat masquerade
Konfigurasi PC¶
Konfigurasi PC1¶
penulisan ip <ip_address> <netmask> <gateway>
PC1> ip 192.168.10.2 255.255.255.240 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.240 gateway 192.168.10.1
PC1> show ip
NAME : PC1[1]
IP/MASK : 192.168.10.2/28
GATEWAY : 192.168.10.1
DNS :
MAC : 00:50:79:66:68:00
LPORT : 10032
RHOST:PORT : 127.0.0.1:10033
MTU : 1500
PC1> ping 192.168.10.1
84 bytes from 192.168.10.1 icmp_seq=1 ttl=64 time=0.821 ms
84 bytes from 192.168.10.1 icmp_seq=2 ttl=64 time=1.011 ms
^C
tambah dns, dalam praktikum lab ini akan menggunakan ip NAT1
dapat dicek melalui mikrotik
[admin@R1] > ip dns print
servers:
dynamic-servers: 192.168.122.1
use-doh-server:
verify-doh-cert: no
allow-remote-requests: no
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 26KiB
PC1> ip dns 192.168.122.1
PC1> ping facebook.com
facebook.com resolved to 157.240.208.35
84 bytes from 157.240.208.35 icmp_seq=1 ttl=44 time=49.252 ms
84 bytes from 157.240.208.35 icmp_seq=2 ttl=44 time=56.983 ms
^C
PC1> ping detik.com
detik.com resolved to 103.49.221.211
84 bytes from 103.49.221.211 icmp_seq=1 ttl=51 time=31.022 ms
84 bytes from 103.49.221.211 icmp_seq=2 ttl=51 time=39.996 ms
^C
Konfigurasi PC2 PC3 PC4¶
PC4> ip dhcp
DORA IP 192.168.11.30/27 GW 192.168.11.1
PC4> show ip
NAME : PC4[1]
IP/MASK : 192.168.11.30/27
GATEWAY : 192.168.11.1
DNS : 192.168.122.1
DHCP SERVER : 192.168.11.1
DHCP LEASE : 590, 600/300/525
MAC : 00:50:79:66:68:03
LPORT : 10050
RHOST:PORT : 127.0.0.1:10051
MTU : 1500
PC4>
Winbox¶
dalam hal ini router1 dapat terkoneksi dengan winbox dikarenakan IP Router (ether1) terletak pada satu network dengan NAT1
sedangkan agar bisa terhubung ke router2 perlu dikonfigurasi routing yang menuju router2
prosesnya dilakukan melalui router1, dengan dst-address adalah IP router1 (ether1), dst-port 8292 (port forwarding untuk mikrotik), to-addresses 10.10.11.2 (ip router2), to-ports 8291 (port forwarding untuk mikrotik)
[admin@R1] > ip firewall nat print
Flags: X - disabled, I - invalid; D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1
[admin@R1] >
[admin@R1] >
[admin@R1] > ip firewall nat add chain=dstnat dst-address=192.168.122.182 protocol=tcp dst-port=8292 action=dst-nat to-addresses=10.10.11.2 to-ports=8291
[admin@R1] >
[admin@R1] >
[admin@R1] > ip firewall nat print
Flags: X - disabled, I - invalid; D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1
1 chain=dstnat action=dst-nat to-addresses=10.10.11.2 to-ports=8291
protocol=tcp dst-address=192.168.11.1 dst-port=8292
login winbox dengan connect to 192.168.122.182:8292
Lab 2¶
Tujuan¶
Static Routing
Setiap PC dapat terhubung ke internet dan PC lain
Konfigurasi Router¶
Router 1¶
disini Router 1 telah mendapat IP DHCP, jika belum silahkan konfigurasi seperti pada LAB 1
[admin@MikroTik] > ip address add address=192.168.10.1/30 interface=ether2
[admin@MikroTik] > ip address add address=192.168.14.1/30 interface=ether3
[admin@MikroTik] >
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@MikroTik] >
[admin@MikroTik] > ip route add dst-address=172.20.10.0/30 gateway=192.168.10.2
[admin@MikroTik] > ip route add dst-address=192.168.11.0/30 gateway=192.168.10.2
[admin@MikroTik] > ip route add dst-address=172.20.11.0/30 gateway=192.168.10.2
[admin@MikroTik] > ip route add dst-address=172.20.12.0/30 gateway=192.168.14.2
[admin@MikroTik] > ip route add dst-address=192.168.15.0/30 gateway=192.168.14.2
[admin@MikroTik] > ip route add dst-address=172.20.13.0/29 gateway=192.168.14.2
Router 2¶
[admin@MikroTik] > ip address add address=192.168.10.2/30 interface=ether1
[admin@MikroTik] > ip address add address=192.168.11.1/30 interface=ether2
[admin@MikroTik] > ip address add address=172.20.10.1/30 interface=ether3
[admin@MikroTik] >
[admin@MikroTik] > ip dns set servers=192.168.122.1
[admin@MikroTik] >
[admin@MikroTik] > ip route add gateway=192.168.10.1
[admin@MikroTik] >
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@MikroTik] >
[admin@MikroTik] > ip route add dst-address=172.20.11.0/30 gateway=192.168.11.2
Router 3¶
[admin@MikroTik] > ip address add address=192.168.14.2/30 interface=ether1
[admin@MikroTik] > ip address add address=192.168.15.1/30 interface=ether2
[admin@MikroTik] > ip address add address=172.20.12.1/30 interface=ether3
[admin@MikroTik] >
[admin@MikroTik] > ip dns set servers=192.168.122.1
[admin@MikroTik] >
[admin@MikroTik] > ip route add gateway=192.168.14.1
[admin@MikroTik] >
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@MikroTik] >
[admin@MikroTik] > ip route add dst-address=172.20.13.0/29 gateway=192.168.15.2
Router 4¶
[admin@MikroTik] > ip address add address=192.168.11.2/30 interface=ether1
[admin@MikroTik] > ip address add address=172.20.11.1/30 interface=ether2
[admin@MikroTik] >
[admin@MikroTik] > ip dns set servers=192.168.122.1
[admin@MikroTik] >
[admin@MikroTik] > ip route add gateway=192.168.11.1
[admin@MikroTik] >
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@MikroTik] >
[admin@MikroTik] > ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether2
Select network for DHCP addresses
dhcp address space: 172.20.11.0/30
Select gateway for given network
gateway for dhcp network: 172.20.11.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 172.20.13.2
Select DNS servers
dns servers: 192.168.122.1
Select lease time
lease time: 10m
Router 5¶
[admin@MikroTik] > ip address add address=192.168.15.2/30 interface=ether1
[admin@MikroTik] > ip address add address=172.20.13.1/30 interface=ether2
[admin@MikroTik] >
[admin@MikroTik] > ip dns set servers=192.168.122.1
[admin@MikroTik] >
[admin@MikroTik] > ip route add gateway=192.168.15.1
[admin@MikroTik] >
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@MikroTik] >
[admin@MikroTik] > ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether2
Select network for DHCP addresses
dhcp address space: 172.20.13.0/30
Select gateway for given network
gateway for dhcp network: 172.20.13.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 172.20.13.2-172.20.13.6
Select DNS servers
dns servers: 192.168.122.1
Select lease time
lease time: 10m
Konfigurasi PC¶
Konfigurasi menggunakan cara yang sama seperti LAB 1