Untuk mengkofigurasi Frame Relay seperti pada gambar tersebut dapat dilakukan dengan cara sebagai berikut ,
Be yourself, Be thankful, Be adaptable, Be balanced.
Showing posts with label Networking. Show all posts
Showing posts with label Networking. Show all posts
Sunday, September 16, 2012
Microtik Bandwidth Management
Bandwidth Management
Adalah proses pengukuran dan
mengontrol komunikasi (traffic, packet) pada link jaringan, guna menghindari
terjadinya kemacetan/kepadatan pada sebuah jaringan sehingga membuat kinerja
jaringan menjadi buruk
Traffic Identity …
Sebelum
melakukan limitasi sebuah traffic, traffic tersebut harus diidentifikasi
Salah
satu identitas traffic adalah protocol, port dan asal/tujuan traffic tersebut
Bagaimana
cara melakukan identifikasi ?
Torch …
MikroTik
memiliki tool untuk mengenali identitas semua traffic yang berlalu-lalang di
dalam router yang disebut “Torch”
Code :
> tool torch
ether2 src-address=192.168.1.0/24 port=any protocol=any
Wi-Fi Network Security 1
WPA (or Wi-Fi Protected Access) is today the security standard in wireless networking that
is rapidly replacing the older WEP (Wired Equivalency Privacy)
standard. WPA and its younger sibling WPA2 are newer standards based on
the IEEE 802.11i ratified amendment set out to improve some of the
disadvantages of WEP.
 |
This wireless security standard is playing today a vital role in the security of wireless networks.
This tutorial is a continuation from the first page: Wireless Wi-Fi network security tutorial 101 (part 1)
WPA Wi-Fi Protected Access (WPA & WPA2)
WPA
builds upon WEP, making it more secure by adding extra security
algorithms and mechanisms to fight intrusion. Perhaps
Wireless network security
Even though wireless or Wi-Fi network security is
the bread and butter of today's IT Wi-Fi infrastructure, many networking
specialists still fear wireless networks because of horror stories from
around the world. However, these horror stories happen only in
unprotected and unsecure wireless networks.
Protected and well managed wireless networks can be almost as reliable as physical wired networks, and we hope this wireless network security tutorial can help you to achieve your security goals.
Poorly
implemented wireless networks are just about the same thing as removing
locks from your office door. But the alternative some organizations
have chosen -- simply banning wireless networks from the premises -- is
not much better. Wireless security is achievable.
Password dan Network security
Ok, now I'll try to post related to network security. because I think it's the network security is very important in the world of global telecommunications and therefore now we will discuss a bit about network security.
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
Konfigurasi NAT 2
Konsep konfigurasi NAT
Cara Kerja NAT
Dalam salah satu referensi yang saya baca, ada kalanya NAT
disebut dengan Masquerading. Dalam
Konfigurasi NAT Juniper
Hello, guys ! how are you?? I hope you are in good shape.
Now I'll try to post about the JUNOS configuration nat, so lets go to configuration >>>
Source
NAT
Configure
Address Pools for Source NAT
This
section illustrates the configuration to create different types of source NAT
pools. The pools created in these
examples
will be used in the NAT rules of subsequent configuration examples. The entire
configuration is performed
under
the “security nat source” hierarchy of the Junos CLI. By default, all the
source IP pools will have PAT enabled.
Source
pools without PAT can be configured by disabling PAT on the IP pool. The IP
pools are not bound to interface.
Proxy
ARP must be configured for the device to respond to ARP for the addresses in
the IP pool.
1.
Configure a source pool with a range of addresses and port translation:
set
pool src-nat-pool-1 address 192.0.0.1 to 192.0.0.24
2.
Configure a source pool with a range of addresses and port translation
disabled:
set
pool src-nat-pool-2 address 192.0.0.100 to 192.0.0.249
set
pool src-nat-pool-2 port no-translation
3.
Configure a source pool with a range of addresses with port translation
disabled using overflow pool . Overflow pools
are
used as a fallback in the event that source pool without PAT runs out of free
IP addresses. Overflow pools can be
source
IP pools with PAT or interface:
set
pool src-nat-pool-2 address 192.0.0.100 to 192.0.0.249
set
pool src-nat-pool-2 port no-translation
set
pool src-nat-pool-2 overflow-pool interface
4.
Configure a source pool with a single address and port translation:
set
pool src-nat-pool-3 address 192.0.0.25/32
5.
Configure a source pool with a range for both IP address and port numbers:
set
pool src-nat-pool-4 address 192.0.0.50 to 192.0.0.59
set
pool src-nat-pool-4 port range 5000 to 6000
Configure
Source NAT using interface IP
In
this example, all traffic from the trust zone to the untrust zone is translated
to the egress interface, ge-0/0/2 interface IP
address.
Fig1:
source NAT using interface IP
[edit
security nat source]
set
rule-set rs1 from zone trust
set
rule-set rs1 to zone untrust
set
rule-set rs1 rule r1 match source-address 0.0.0.0/0
set
rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r1 then source-nat interface
[edit
security policies from-zone trust to-zone untrust]
set
policy internet-access match source-address any destination-address any
application
any
set
policy internet-access then permit
Configure
Source NAT using IP pool
In
this example, all traffic from the trust zone to the untrust zone is translated
to the source IP pool “src‐nat‐pool‐1”.
(The
source IP pool is defined on page 4.)
Fig2:
Source NAT using IP pool
[edit
security nat source]
set
rule-set rs1 from zone trust
set
rule-set rs1 to zone untrust
set
rule-set rs1 rule r1 match source-address 0.0.0.0/0
set
rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r1 then source-nat src-nat-pool-1
[edit
security nat]
set
proxy-arp interface ge-0/0/2.0 address 192.0.0.1 to 192.0.0.24
[edit
security policies from-zone trust to-zone untrust]
set
policy internet-access match source-address any destination-address any
application
any
set
policy internet-access then permit
Configure
Source NAT using Multiple Rules
This
example has the following requirements:
1.
Traffic from the subnet 10.1.1.0/24 and 10.1.2.0/24 is translated to pool
src-nat-pool-1.
2.
Traffic from subnet 192.168.1.0/24 is translated to pool src-nat-pool-2.
3.
Traffic from the host 192.168.1.250/24 is exempted from source NAT.
(The
source IP pools are defined on page 4.)
Fig
3: Source NAT using multiple rules
[edit
security nat source]
set
rule-set rs1 from zone trust
set
rule-set rs1 to zone untrust
set
rule-set rs1 rule r1 match source-address [10.1.1.0/24 10.1.2.0/24]
set
rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r1 then source-nat pool src-nat-pool-1
set
rule-set rs1 rule r2 match source-address 192.168.1.250/24
set
rule-set rs1 rule r2 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r2 then source-nat off
set
rule-set rs1 rule r3 match source-address 192.168.1.0/24
set
rule-set rs1 rule r3 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r3 then source-nat pool src-nat-pool-2
[edit
security nat]
set
proxy-arp interface ge-0/0/2.0 address 192.0.0.1 to 192.0.0.24
set
proxy-arp interface ge-0/0/2.0 address 192.0.0.100 to 192.0.0.249
[edit
security policies from-zone trust to-zone untrust]
set
policy internet-access match source-address any destination-address any
application
any
set
policy internet-access then permit
Destination
NAT
Many
to many translation
This
example has the following requirements:
1.
Traffic to destination 1.1.1.100 is translated to 192.168.1.100
2.
Traffic to destination 1.1.1.101 on port 80 is translated to 192.168.1.200 and
port 8000
The
real IP address and port numbers of the hosts are configured as the destination
IP pool. Proxy ARP must be
configured
for the device to respond to ARP for the addresses in the IP pool.
Fig
4: Destination NAT – Many to Many
Security
policies to permit traffic from untrust zone to trust zone must be created.
Since the destination NAT rule-sets are
evaluated
before a security policy, the addresses referred in the security policy must be
the real IP address of the end
host.
[edit
security]
set
zones security-zone trust address-book address server-1 192.168.1.100/32
set
zones security-zone trust address-book address server-2 192.168.1.200/32
[edit
security policies from-zone untrust to-zone trust]
set
policy server-access match source-address any destination-address [server-1
server-2]
application
any
set
policy server-access then permit
[edit
security nat destination]
set
pool dst-nat-pool-1 address 192.168.1.100
set
pool dst-nat-pool-2 address 192.168.1.200 port 8000
set
rule-set rs1 from zone untrust
set
rule-set rs1 rule r1 match destination-address 1.1.1.100
set
rule-set rs1 rule r1 then destination-nat pool dst-nat-pool-1
set
rule-set rs1 rule r2 match destination-address 1.1.1.101
set
rule-set rs1 rule r2 match destination-port 80
set
rule-set rs1 rule r2 then destination-nat pool dst-nat-pool-2
[edit
security nat]
set
proxy-arp interface ge-0/0/2.0 address 1.1.1.100 to 1.1.1.101
One
to many translation
This
example has the following requirements:
1.
Traffic to destination 1.1.1.100 on port 80 is translated to 192.168.1.100 and
port 80.
2.
Traffic to destination 1.1.1.100 on port 8000 is translated to 192.168.1.200
and port 8000.
Fig
5: Destination NAT – One to many
[edit
security nat destination]
set
pool dst-nat-pool-1 address 192.168.1.100 port 80
set
pool dst-nat-pool-2 address 192.168.1.200 port 8000
set
rule-set rs1 from zone untrust
set
rule-set rs1 rule r1 match destination-address 1.1.1.100
set
rule-set rs1 rule r1 match destination-port 80
set
rule-set rs1 rule r1 then destination-nat pool dst-nat-pool-1
set
rule-set rs1 rule r2 match destination-address 1.1.1.100
set
rule-set rs1 rule r2 match destination-port 8000
set
rule-set rs1 rule r2 then destination-nat pool dst-nat-pool-2
[edit
security nat]
set
proxy-arp interface ge-0/0/2.0 address 1.1.1.100
[edit
security]
set
zones security-zone trust address-book address server-1 192.168.1.100/32
set
zones security-zone trust address-book address server-2 192.168.1.200/32
[edit
security policies from-zone untrust to-zone trust]
set
policy server-access match source-address any destination-address [server-1
server-2]
application
any
set
policy server-access then permit
[edit
security]
set
zones security-zone trust address-book address server-1 192.168.1.100/32
set
zones security-zone trust address-book address server-2 192.168.1.200/32
[edit
security policies from-zone untrust to-zone trust]
set
policy server-access match source-address any destination-address [server-1
server-2]
application
any
set
policy server-access then permit
Double
NAT
Source
and destination translation
In
this example, the source and destination IP address of the packet is
translated. The destination host 10.1.1.100 is
accessed
by the source 192.168.1.3 using the IP address 1.1.1.100. As the packet
traverses the SRX device, both the
source
and destination IP addresses are translated.
(The
source IP pools are defined on page 4.)
[edit
security nat source]
set
pool src-nat-pool-1 address 1.1.1.10 to 1.1.1.14
set
rule-set rs1 from zone trust
set
rule-set rs1 to zone untrust
set
rule-set rs1 rule r1 match source-address 0.0.0.0/0
set
rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set
rule-set rs1 rule r1 then source-nat src-nat-pool-1
[edit
security nat destination]
set
pool dst-nat-pool-1 address 10.1.1.100
set
rule-set rs1 from zone trust
set
rule-set rs1 rule r1 match destination-address 1.1.1.100
set
rule-set rs1 rule r1 then destination-nat pool dst-nat-pool-1
[edit
security nat]
set
proxy-arp interface fe-0/0/7.0 address 1.1.1.10 to 1.1.1.14
[edit
security policies from-zone trust to-zone untrust]
set
policy permit-all match source-address any destination-address any application
any
set
policy permit-all then permit
The
security policy above allows all outbound access from trust zone to untrust
zone. As a result the server can be
accessed
either by its translated or untranslated address.
The
session table shown below confirms this:
The
security policy can be modified to allow access to the server only via the
translated address. The key word “dropuntranslated”
will
drop all traffic to the destination address of 10.1.1.100. This will limit the
access to the server using the
destination
address of 1.1.1.100.
[edit
security policies from-zone trust to-zone untrust]
set
policy permit-all match source-address any destination-address any application
any
set
policy permit-all then permit destination-address drop-untranslated
Static
NAT
In
this example, host 192.168.1.200 is assigned a static NAT mapping to IP address
1.1.1.200. Any traffic to the
destination
address of 1.1.1.200 will be translated to 192.168.1.200. Any new sessions
originating from host
192.168.1.200
will have the source IP of the packet translated to 1.1.1.200.
[edit
security nat static]
set
rule-set rs1 from zone untrust
set
rule-set rs1 rule r1 match destination-address 1.1.1.200/32
set
rule-set rs1 rule r1 then static-nat prefix 192.168.1.200/32
[edit
security nat]
set
proxy-arp interface fe-0/0/7.0 address 1.1.1.200
[edit
security]
set
zones security-zone trust address-book address server-1 192.168.1.200/32
[edit
security policies from-zone untrust to-zone trust]
set
policy server-access match source-address any destination-address
server-1application
any
set
policy server-access then permit
[edit
security policies from-zone trust to-zone untrust]
set
policy permit-all match source-address server-1 destination-address any
application
any
set
policy permit-all then permit
Sumber referensi :
Konfigurasi NAT 1
Hai guys, sekarang kita membahas bagaimana cara konfigurasi NAT dan VLAN, dengan konsep seperti ini:
ok, kita sekarang mulai mengkonfigurasi sesuai dengan gambar di atas " lets go" >>
Router>ena
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos
Router(config)#hostname ozog
ozog(config)#ip nat pool ozog 118.97.99.106 118.97.99.106 net
ozog(config)#ip nat pool ozog 118.97.99.106 118.97.99.106 netmask 255.255.255.248
ozog(config)#ac
ozog(config)#access-list 1 permit 192.168.10.0 0.0.0.255
ozog(config)#ip nat ins
ozog(config)#ip nat inside sour
ozog(config)#ip nat inside source list 1 pool ozog ov
ozog(config)#ip nat inside source list 1 pool ozog overload
ozog(config)#int fa0/0
ozog(config-if)#ip ad
ozog(config-if)#ip address 192.168.10.1 255.255.255.0
ozog(config-if)#ip na
ozog(config-if)#ip nat ins
ozog(config-if)#ip nat inside
ozog(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
ozog(config-if)#exit
ozog(config)#int fa0/1
ozog(config-if)#ip ad
ozog(config-if)#ip address 118.97.99.106 255.255.255.248
ozog(config-if)#ip na
ozog(config-if)#ip nat out
ozog(config-if)#ip nat outside
ozog(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
ozog(config-if)#exit
ozog(config)#exit
ozog#
%SYS-5-CONFIG_I: Configured from console by console
ozog#cop r sta
Destination filename [startup-config]?
Building configuration...
[OK]
Sumber :
Ozcorp@team
ok, kita sekarang mulai mengkonfigurasi sesuai dengan gambar di atas " lets go" >>
Router>ena
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos
Router(config)#hostname ozog
ozog(config)#ip nat pool ozog 118.97.99.106 118.97.99.106 net
ozog(config)#ip nat pool ozog 118.97.99.106 118.97.99.106 netmask 255.255.255.248
ozog(config)#ac
ozog(config)#access-list 1 permit 192.168.10.0 0.0.0.255
ozog(config)#ip nat ins
ozog(config)#ip nat inside sour
ozog(config)#ip nat inside source list 1 pool ozog ov
ozog(config)#ip nat inside source list 1 pool ozog overload
ozog(config)#int fa0/0
ozog(config-if)#ip ad
ozog(config-if)#ip address 192.168.10.1 255.255.255.0
ozog(config-if)#ip na
ozog(config-if)#ip nat ins
ozog(config-if)#ip nat inside
ozog(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
ozog(config-if)#exit
ozog(config)#int fa0/1
ozog(config-if)#ip ad
ozog(config-if)#ip address 118.97.99.106 255.255.255.248
ozog(config-if)#ip na
ozog(config-if)#ip nat out
ozog(config-if)#ip nat outside
ozog(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
ozog(config-if)#exit
ozog(config)#exit
ozog#
%SYS-5-CONFIG_I: Configured from console by console
ozog#cop r sta
Destination filename [startup-config]?
Building configuration...
[OK]
Sumber :
Ozcorp@team
Tutorial Microtik
Hallo,apa kabar semuanya?? sekarang saya akan coba posting sedikit mengenai mikrotik.
Mikrotik
sekarang ini banyak digunakan oleh ISP, provider hotspot, ataupun oleh pemilik
warnet. Mikrotik OS menjadikan computer menjadi router network yang handal yang
dilengkapi dengan berbagai fitur dan tool, baik untuk jaringan kabel maupun
wireless.
Dalam tutorial
kali ini penulis menyajikan pembahasan dan petunjuk sederhana dan simple dalam
mengkonfigurasi mikrotik untuk keperluan-keperluan tertentu dan umum yang biasa
dibutuhkan untuk server/router warnet maupun jaringan lainya, konfirugasi
tersebut misalnya, untuk NAT server, Bridging, BW manajemen, dan MRTG.
Versi mikrotik
yang penulis gunakan untuk tutorial ini adalah MikroTik routeros 2.9.27
Akses mirotik:
- via console
Mikrotik router board ataupun PC dapat diakses langsung via console/
shell maupun remote akses menggunakan putty (www.putty.nl)
- via winbox
Mikrotik bisa juga diakses/remote menggunakan software tool winbox
- via web
Mikrotik juga dapat diakses via web/port 80 dengan menggunakan
browser
Memberi nama Mirotik
[admin@ozcorp] > system
identity print
name: "Mikrotik"
[admin@ozcorp] > system
identity edit
value-name:
name
masuk
ke editor ketik misal saya ganti dengan nama ozcorp:
ozcorp
C-c quit C-o save&quit
C-u undo C-k cut line C-y paste
Mengganti nama interface:
[admin@ozcorp] > /interface
print
Flags: X - disabled, D -
dynamic, R - running
# NAME
TYPE RX-RATE TX-RATE
MTU
0 R ether1 ether 0 0 1500
1 R ether2
ether 0 0 1500
[admin@ozcorp] > /interface
edit 0
value-name:
name
Nilai
0 adalah nilai ether1, jika ingin mengganti ethet2 nilai 0 diganti dengan 1.
masuk
ke editor ketik missal saya ganti dengan nama local:
local
C-c
quit C-o save&quit C-u undo C-k cut line C-y paste
Edit kemudian tekan Cltr-o untuk menyimpan dan keluar
dari editor
Lakukan
hal yang sama untuk interface ether 2, sehingga jika dilihat lagi akan muncul
seperti ini:
[admin@ozcorp] > /interface
print
Flags:
X - disabled, D - dynamic, R - running
#
NAME TYPE RX-RATE TX-RATE
MTU
0 R local ether 0 0 1500
1 R speedy ether 0 0 1500
Seting IP Address :
[admin@ozcorp] > /ip
address add
address:
192.168.10.1/24
interface:
local
[admin@ozcorp] > /ip
address print
Flags:
X - disabled, I - invalid, D - dynamic
#
ADDRESS NETWORK BROADCAST
INTERFACE
0
192.168.0.254/24
192.168.0.0 192.168.0.255 local
[admin@ozcorp] > /ip
address add
address:
202.118.99.97/29
interface:
speedy
[admin@ozcorp]
> /ip address print
Flags: X - disabled, I -
invalid, D - dynamic
#
ADDRESS NETWORK
BROADCAST INTERFACE
0
192.168.0.254/24 192.168.0.0
192.168.0.255 local
1 202.118.99.97/29 202.118.99.95 202.118.99.102 speedy
Mikrotik Sebagai NAT
Network Address
Translation atau yang lebih biasa disebut dengan NAT adalah suatu metode untuk
menghubungkan lebih dari satu komputer ke jaringan internet dengan menggunakan
satu alamat IP. Banyaknya penggunaan metode ini disebabkan karena ketersediaan
alamat IP yang terbatas, kebutuhan akan keamanan (security), dan kemudahan
serta fleksibilitas dalam administrasi jaringan.
Saat ini,
protokol IP yang banyak digunakan adalah IP version 4 (IPv4). Dengan panjang
alamat 4 bytes berarti terdapat 2 pangkat 32 = 4.294.967.296 alamat IP yang
tersedia. Jumlah ini secara teoretis adalah jumlah komputer yang dapat langsung
koneksi ke internet. Karena keterbatasan inilah sebagian besar ISP (Internet
Service Provider) hanya akan mengalokasikan satu alamat untuk satu user dan
alamat ini bersifat dinamik, dalam arti alamat IP yang diberikan akan berbeda
setiap kali user melakukan koneksi ke internet. Hal ini akan menyulitkan untuk
bisnis golongan menengah ke bawah. Di satu sisi mereka membutuhkan banyak
komputer yang terkoneksi ke internet, akan tetapi di sisi lain hanya tersedia
satu alamat IP yang berarti hanya ada satu komputer yang bisa terkoneksi ke
internet. Hal ini bisa diatasi dengan metode NAT. Dengan NAT gateway yang
dijalankan di salah satu komputer, satu alamat IP tersebut dapat dishare dengan
beberapa komputer yang lain dan mereka bisa melakukan koneksi ke internet
secara bersamaan.
Misal kita ingin menyembunyikan jaringan local/LAN
192.168.0.0/24 dibelakang satu IP address 202.118.99.97 yang diberikan oleh
ISP, yang kita gunakan adalah fitur Mikrotik source network address translation
(masquerading) . Masquerading akan merubah paket-paket data IP address asal dan port dari network
192.168.0.0/24 ke 202.118.99.97 untuk selanjutnya diteruskan ke jaringan
internet global.
Untuk menggunakan masquerading, rule source NAT dengan
action 'masquerade' harus ditambahkan pada konfigurasi firewall:
[admin@ozcorp] > /ip firewall nat add chain=srcnat action=masquerade
out-interface=speedy
Mikrotik sebagai Transparent web proxy
Salah satu
fungsi proxy adalah untuk menyimpan cache. Apabila sebuah LAN menggunakan proxy
untuk berhubungan dengan Internet, maka yang dilakukan oleh browser ketika user
mengakses sebuah url web server adalah mengambil request tersebut di proxy
server. Sedangkan jika data belum terdapat di proxy server maka proxy
mengambilkan langsung dari web server. Kemudian request tersebut disimpan di
cache proxy. Selanjutnya jika ada client yang melakukan request ke url yang
sama, akan diambilkan dari cache tersebut. Ini akan membuat akses ke Internet
lebih cepat.
Bagaimana agar
setiap pengguna dipastikan mengakses Internet melalu web proxy yang telah kita
aktifkan? Untuk ini kita dapat menerapkan transparent proxy. Dengan transparent
proxy, setiap Browser pada komputer yang menggunakan gateway ini secara otomatis
melewati proxy.
Mengaktifkan fiture web proxy di mikrotik:
[admin@ozcorp] > /ip proxy
set enabled=yes
[admin@ozcorp] > /ip
web-proxy set
cache-administrator=
ozcorp@ozteacorporation.com
[admin@ozcorp] > /ip
web-proxy print
enabled:
yes
src-address:
0.0.0.0
port:
3128
hostname:
"ozcorp"
transparent-proxy:
yes
parent-proxy:
0.0.0.0:0
cache-administrator:
"ozcorp@ozteacorporation.com"
max-object-size:
8192KiB
cache-drive:
system
max-cache-size:
unlimited
max-ram-cache-size:
unlimited
status:
running
reserved-for-cache:
4733952KiB
reserved-for-ram-cache:
2048KiB
Membuat
rule untuk transparent proxy pada firewall NAT, tepatnya ada dibawah rule untuk
NAT masquerading:
[admin@ozcorp] > /ip
firewall nat add chain=dstnat
in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80
action=redirect to-ports=3128
[admin@ozcorp] > /ip
firewall nat print
Flags: X - disabled, I -
invalid, D - dynamic
0
chain=srcnat out-interface=speedy action=masquerade
1
chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp
dst-port=80 action=redirect to-ports=3128
Semoga bermanfaat
Sumber referensi:
ozcorp@team
Subscribe to:
Posts (Atom)