Studio Press

Just another Blogger Blog

ad

How to Setting Microtik

Label:
Setting MICROTIK :
• choose the package - the package below to install the OS Microtik:
System, dhcp, Advance Tools, Routing, Security, Web - Proxy.
• change the name of the system in accordance with your taste:
[admin @ microtik] system identity set name = cafe
Next promt shell akan changed to:
As you want:
[admin @ warnet]
• Change Password OS microtik your way:
[admin @ warnet] user set admin password = ... ... ... ... ... ... ... ... ... ... ... ...
• aktivkan second Ethernet on the PC that you install the OS Microtik:
[admin @ warnet] interface ethernet enable ether1
[admin @ warnet] interface ethernet enable ether2
• Give the name of the second ethernet for easy configuration:
[admin @ warnet] interface Ethernet set ether1 name = modem =====  Ethernet yg utk modem
[admin @ warnet] interface ethernet set ether2 name = local ===  Ethernet HUB to do to
• Enter the second IP landcard:
[admin @ warnet] ip address add interface = modem address = (optional IP address of the ISP) / netmask
[admin @ warnet] ip address add interface = local address = 192.168.0.1/255.255.255.0
• I enter the gateway IP given from the ISP:
[admin @ warnet] ip route add gateway = 10.11.1.1560
• Setting DNS:
[admin @ warnet] ip dns set primary-dns = 10.11.155.1secondary-dns = 10.11.155.2
after that try to ping all the IP that has been in the setting above.
[b] [font = "] Configuring firewall and NETWORK
ip firewall nat add action = Masquerade chain = srcnat
ip firewall filter add chain = input connection-state = invalid action = drop
ip firewall filter add chain = input protocol = UDP action = accept
ip firewall filter add chain = input protocol = ICMP action = accept
[font = "] / ip firewall filter add chain = input in-interface = (ethernet card to do lan) action = accept
/ ip firewall filter add chain = input in-interface = (ethernet card do to the Internet) action = accept
ip firewall filter add chain = input action = drop
ip web-proxy set enabled = yes src-address = 0.0.0.0. port = 8080 hostname = "" yahuu.net = yes parent-proxy = 0.0.0.0:0 \
cache-administrator = "webmaster" max-object-size = 4096KiB cache-drive = system max-cache-size = unlimited \
max-ram-cache-size = unlimited
ip firewall nat add chain = dstnat protocol = tcp dst-port = 80 action = redirect to-ports = 3128 / ip firewall nat add in-interface = modem
dst-port = 80 protocol = tcp action = redirect
to-ports = 3128 chain = dstnat dst-address =! 192.168.0.1/24
================================================== ================
3128 that all changed in 8080: how:
ip web-proxy set enable = yes
/ ip web-proxy set port = 3128
/ ip web-proxy set max-cache-size = 3145728 (3 times total ram)
/ ip web-proxy set hostname = "proxy.prima"
/ ip web-proxy set allow-remote-requests = yes
/ ip web-proxy set cache-administrator: "primanet.slawi @ yahoo.com"
================================================== ================================================== ========
Filtering:
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter
add chain = input connection-state = invalid action = drop \ comment = "Drop Invalid connections"
add chain = input connection-state = established action = accept \ comment = "Allow Established connections"
add chain = input protocol = UDP action = accept \ comment = "Allow UDP"
add chain = input protocol = ICMP action = accept \ comment = "Allow ICMP"
add chain = input src-address = 192.168.0.0/24 action = accept \ comment = "Allow access to router from known network"
add chain = input action = drop comment = "Drop anything else"
ANTI VIRUS uTK MICROTIK:
add chain = forward action = jump jump-target = virus comment = "jump to the virus chain" +++++++++++++++++++++++++++++ +++++ +++++++++++++++++++++
add chain = forward protocol = ICMP comment = "allow ping" add chain = forward protocol = UDP comment = "allow UDP" add chain = forward action = drop comment = "drop everything else "========== ======================================== =====
Router MICROTIK YOUR SECURITY:
/ Ip firewall filteradd chain = input connection-state = established comment = "Accept established connections" add chain = input connection-state = related comment = "Accept related connections" add chain = input connection-state = invalid action = drop comment = " Drop invalid connections "add chain = input protocol = UDP action = accept comment =" UDP "disabled = no add chain = input protocol = ICMP limit = 50/5s, 2 comment =" Allow limited pings "add chain = input protocol = ICMP action = drop comment = "Drop excess pings" add chain = input protocol = tcp dst-port = 22 comment = "SSH for secure shell" add chain = input protocol = tcp dst-port = 8291 comment = "winbox" # Edit these rules to reflect your actual IP addresses! # Add chain = input src-address = 159148172192/28 comment = "From Mikrotikls network" add chain = input src-address = 10.0.0.0 / 8 comment = "From our private LAN" # End of Edit # add chain = input action = log log-prefix = "DROP INPUT" comment = "Log everything else" add chain = input action = drop comment = "Drop everything else"
"Http://wiki.mikrotik.com/wiki/Securing_your_router"
================================================== ========================================
Setting SECURITY NETWORK ONLY FOR YOUR LOCAL AREA:
/ ip firewall filteradd chain = forward connection-state = established comment = "allow established connections" add chain = forward connection-state = related comment = "allow related connections" add chain = forward connection-state = invalid action = drop comment = " drop invalid connections "
add chain = virus protocol = tcp dst-port = 135-139 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = UDP dst-port = 135-139 action = drop comment = "Drop Messenger Worm" add chain = virus protocol = tcp dst-port = 445 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = UDP dst-port = 445 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = tcp dst -port = 593 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1024-1030 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1080 action = drop comment = "Drop MyDoom" add chain = virus protocol = tcp dst-port = 1214 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1363 action = drop comment = "ndm requester" add chain = virus protocol = tcp dst-port = 1364 action = drop comment = "ndm server" add chain = virus protocol = tcp dst-port = 1368 action = drop comment = "screen cast" add chain = virus protocol = tcp dst-port = 1373 action = drop comment = "hromgrafx" add chain = virus protocol = tcp dst-port = 1377 action = drop comment = "Cichlid" add chain = virus protocol = tcp dst-port = 1433-1434 action = drop comment = "Worm" add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Bagle Virus" add chain = virus protocol = tcp dst-port = 2283 action = drop comment = "Drop Dumaru.Y" add chain = virus protocol = tcp dst-port = 2535 action = drop comment = "Drop Beagle" add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Drop Beagle.CK" add chain = virus protocol = tcp dst-port = 3127 -3128 action = drop comment = "Drop MyDoom" add chain = virus protocol = tcp dst-port = 3410 action = drop comment = "Drop Backdoor OptixPro" add chain = virus protocol = tcp dst-port = 4444 action = drop comment = "Worm" add chain = virus protocol = UDP dst-port = 4444 action = drop comment = "Worm" add chain = virus protocol = tcp dst-port = 5554 action = drop comment = "Drop Sasser" add chain = virus protocol = tcp dst-port = 8866 action = drop comment = "Drop Beagle.B" add chain = virus protocol = tcp dst-port = 9898 action = drop comment = "Drop Dabber.AB" add chain = virus protocol = tcp dst-port = 10000 action = drop comment = "Drop Dumaru.Y" add chain = virus protocol = tcp dst-port = 10080 action = drop comment = "Drop MyDoom.B" add chain = virus protocol = tcp dst-port = 12345 action = drop comment = "Drop NetBus" add chain = virus protocol = tcp dst-port = 17300 action = drop comment = "Drop Kuang2" add chain = virus protocol = tcp dst-port = 27374 action = drop comment = "Drop SubSeven" add chain = virus protocol = tcp dst-port = 65506 action = drop comment = "Drop PhatBot, Agobot, Gaobot"
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++
# MatikanPort the Ordinary life in Spam:
/ ip firewall filter add chain = forward dst-port = 135-139 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 135-139 protocol = UDP action = drop
/ ip firewall filter add chain = forward dst-port = 445 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 445 protocol = UDP action = drop
/ ip firewall filter add chain = forward dst-port = 593 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 4444 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 5554 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 9996 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 995-999 protocol = UDP action = drop
/ ip firewall filter add chain = forward dst-port = 53 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-port = 55 protocol = tcp action = drop
/ ip firewall filter add chain = forward dst-p
above the check in the website again: http://www.mikrotik.com/documentation/manual_2.7/
http://www.mikrotik.com/docs/ros/2.9/ip/webproxy
see in the system resource
and 2 / 3 of system resources in use or in alokasikan for: system resource print
************************************************** ******************************************
Graphing / tool graphing set store-every = hour [admin @ Mikrotik] tool graphing print store-every: hour [admin @ Mikrotik] tool graphing [admin @ Mikrotik] tool graphing interface add interface = ether1 \ allow-address = 192.168.0.0 / 24 store-on-disk = yes [admin @ Mikrotik] tool graphing interface printFlags: X - disabled # ADDRESS Interface Allow-Store-ON-DISK 0 ether1 192.168.0.0/24 yes [admin @ Mikrotik] tool graphing interface [admin @ VLP InWay] tool graphing export
# Oct/12/2005 09:51:23 by RouterOS 2.9.5
# Software id = 1TLC-xxx
#
/ Graphing tool
set store-every = 5min
/ Tool graphing queue
add simple-queue = all allow-address = 10.8.2.99/32 store-on-disk = yes allow-target = yes disabled = no
/ Tool graphing resource
add allow-address = 0.0.0.0 / 0 store-on-disk = yes disabled = no
/ Tool graphing interface
add interface = Inway allow-address = 0.0.0.0 / 0 store-on-disk = yes disabled = no
add interface = LAN allow-address = 0.0.0.0 / 0 store-on-disk = yes disabled = no
add interface = DMZ allow-address = 0.0.0.0 / 0 store-on-disk = yes disabled = no
____________________
* Science is easily obtained if we want to find

0 Comment:

Post a Comment

Subscribe to: Post Comments (Atom)