Belajar Jadi Admin Jaringan

Saya ingin berbagi ilmu dengan teman2 sekalian yang ingin belajar Networking dan Server

Banyak orang yang bertanya kepada saya apa sih yang harus dipelajari pertama kali ketika ingin belajar Networking??
Gimana sih caranya menjebol Situs Web??
Apa yang harus dipilih Linux atau Windows??
Bagaimana menahan Virus dan serangan ke komputer maupun Server??
....

Masih banyak lagi pertanyaan seperti itu..
Saya akan membantu Anda harus memulai darimana..

Yang harus Anda Kuasai Adalah:

1. Basic Hardware Networking = Kenapa mesti dipelajari?? Karena dari sinilah inti perjalanan packet yang akan dikirim dari komputer kita ke Server.
ApA itu Switch, Hub, Wireless..Taukah Anda bahwa switch lebih aman daripada WIFI??
Kapan saya menggunakan switch atau Wifi..Semua harus diperhitungkan dengan baik.
Darimana kita belajar..Banyak buku yang mempelajari hal tersebut

2. Basic IP dan Subnetting = Mungkin kalau saya bilang ini adalah yang sangaat penting dari semua-nya adalah IP dan subnetting..Hal ini akan sangat terasa
apabila Anda bekerja di ISP..Anda akan mempelajari cara efisiensi IP,apa itu gateway??
Bagaimana mengatur IP yang baik untuk mencegah terjadi Broadcasting..

3. Technology Switching dan Routing = Kalau Anda sudah melebihi 1 jaringan di kantor Anda harus bisa melakukan routing terhadap jaringan.
Tau tidak bahwa internet bisa terhubung ke mana-mana karena routing ini.
Untuk switching Anda perlu mempelajari Teknologi VLAN

4. Technology Server = Kalau yang satu ini Anda akan banyak berhubungan dengan Server LDAP, DHCP, DNS, Dll...Intinya adalah memberikan service yang
dibutuhkan untuk client. Untuk mencari informasi silahkan minta bantuan Google..Ketikkan service server yang ingin dipelajari

5. Security = Nah setelah terbentuk server dan infrastruktur yang baik barulah Anda memperhatikan Security mulai dari Server, Router, sampai Anda
membuat IDS untuk mendeteksi serangan

6. Monitoring = Monitoring ini mencangkup semua hal baik dari infrastruktur maupun dari sisi Server..Semakin baik monitoring maka Anda akan mudah..

7. Backup = Hal ini sering dilupakan oleh para Network Administrator..Lakukan Backup Deferensial maupun Full untuk mengantisipasi Crash...
Banyak teknologi yang dilakukan. Kalau saya lebih sering menggunakan RAID untuk Backup Harddisk dan Rsync untuk FIle

Darimana saya bisa mempelajari hal-hal tersebut:
1. Dari Google yang pasti nya
2. Buku atau Ebook
3. DVD Tutorial
4. Forum
5. Pengalaman dan TroubleShooting terhadap suatu masalah

Read More

DNS Server yang umum digunakan

Ada bermacam-macam DNS Server yang umum digunakan dan terbukti kecepatan dan keamanannya, berikut daftarnya:
DNS Server di Indonesia
Server DNS indosat.net.id termasuk DNS Indosat IM2

Code:

202.155.0.10
202.155.0.15
202.155.0.20
202.155.0.25
202.155.46.66
202.155.46.77
202.155.30.227

DNS Telkom.net.id Telkom Speedy

Code:

202.134.2.5
203.130.196.5
202.134.0.155
202.134.1.10
202.134.0.62
202.159.32.2
202.159.33.2
202.155.30.227

DNS AWARI (Asosiasi Warnet Indonesia)

Code:

203.34.118.10
203.34.118.12

DNS sat.net.id

Code:

202.149.82.25
202.149.82.29

DNS cbn.net.id

Code:

202.158.40.1
202.158.20.1
202.158.3.7
202.158.3.6

Singnet Singapore

Code:

165.21.100.88
165.21.83.88

DNS indo.net.id

Code:

202.159.32.2
202.159.33.2

DNS itb.ac.id

Code:

202.249.24.65
167.205.23.1
167.205.22.123
167.205.30.114

DNS ukdw.ac.id

Code:

222.124.22.18

Nawala Project - sangat di sarankan karena akan memblokir situs tidak baik & cukup stabil.

Code:

180.131.144.144 (primary)
180.131.145.145 (secondary)

Daftar DNS Luar indonesia

DNS Open DNS

Code:

208.67.222.222
208.67.220.220

DNS ScrubIt

Code:

67.138.54.100
207.225.209.66

DNS DNSadvantage

Code:

156.154.70.1
156.154.71.1

DNS vnsc-pri.sys.gtei.net

Code:

4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Verizon (Reston, VA, US)

Code:

151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43

GTE (Irving, TX, US)

Code:

192.76.85.133
206.124.64.1

One Connect IP (Albuquerque, NM, US)

Code:

67.138.54.100

OpenDNS (San Francisco, CA, US)

Code:

208.67.222.222
208.67.220.220

Exetel (Sydney, AU)

Code:

220.233.167.31

VRx Network Services (New York, NY, US)

Code:

199.166.31.3

SpeakEasy (Seattle, WA, US)

Code:

66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2

Sprintlink (Overland Park, KS, US)

Code:

199.2.252.10
204.97.212.10
204.117.214.10

Cisco (San Jose, CA, US)

Code:

64.102.255.44
128.107.241.185

Catatan : Beberapa DNS tidak bisa digunakan untuk akses FTP dan Website tertentu diblokir oleh Server DNS tersebut..

Read More

Macam-macam port dalam jaringan

Port merupakan suatu celah atau pintu gerbang pada suatu sistem komputer sebagai jalur transfer data.
Jenis-jenis port dalam jaringan yang harus diketahui adalah sebagai berikut;

• Port 22 merupakan SSH Secure Shell
Port ini digunakan untuk port SSH.

• Port 21 merupakan FTP Server
Ketika seseorang mengakses FTP server, maka ftp client secara default akan melakukan koneksi melalui port 21 dengan ftp server.

• Port 23 merupakan Telnet
Jika anda menjalankan server telnet maka port ini digunakan client telnet untuk hubungan dengan server telnet.

• Port 80 merupakan Web Server
Port ini biasanya digunakan untuk web server, jadi ketika user mengetikan alamat IP atau hostname di web browser maka web browser akan melihat IP tersebut pada port 80.

• Port 81 merupakan Web Server Alternatif
Ketika port 80 diblok maka port 81 akan digunakan sebagai port altenatif hosting website.

• Port 25 merupakan SMTP(Simple Mail Transport Protokol)
Ketika seseorang mengirim email ke server SMTP anda, maka port yang digunakan adalah port 25.

• Port 2525 merupakan SMTP Alternate Server
Port 2525 adalah port alternatifi aktif dari TZO untuk menservice forwarding email. Port ini bukan standard port, namun dapat digunakan apabila port smtp terkena blok.

• Port 3389 merupakan Remote Desktop
Port ini adalah untuk remote desktop di WinXP.

• Port 110 merupakan POP Server
Jika anda menggunakan Mail server, user jika log ke dalam mesin tersebut via POP3 (Post Office Protokol) atau IMAP4 (Internet Message Access Protocol) untuk menerima emailnya, POP3 merupakan protokol untuk mengakses mail box.

Read More

Cara setting Usermanager

1. Pastikan package user-manager udah terinstall di mikrotik, caranya di winbox klik klik system --> package diliat di situ ada apa ga user-manager, kalo ga ada ya diinstall dulu tinggal download package user-man sesuai versi mikrotik, trus kalo udah dapet drag aja ke file list di winbox.. reboot mikrotiknya ntar nginstall sendiri...

2. dengan catatan hotspot sudah berjalan normal ya bro... dengan nama profile hsprof1`

3. bikin server radius
    /radius add service=hotspot address=127.0.0.1 secret=123456

4. seting profile hsprof1 supaya menggunakan Radius Server
    /ip hotspot profile set hsprof1 use-radius=yes

5. Membuat customer (nantinya buat login di user manager web page)
    /tool user-manager customer add login=nama password=terserah permissions=owner

6. menambahkan router kita supaya berhubungan dengan user manager
    /tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=123456

7. insya Alloh jadi bro...
    tinggal buka browser kita trus ketikkan http:\\ip-mikrotik\userman

Read More

Script MikroTik RB750 di SMART Education

[anuku@SMART Education] > export
nov/28/2011 07:25:22 by RouterOS 5.8

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \
    mac-address=00:0C:42:7D:90:75 mtu=1500 name=ether1-PUBLIK speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:76 \
    master-port=none mtu=1500 name=ether2-LAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:77 \
    master-port=none mtu=1500 name=ether3-PROXY speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:78 \
    master-port=none mtu=1500 name=HOTSPOT speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:79 \
    master-port=none mtu=1500 name=ether5-aco speed=100Mbps

/interface pptp-server
add disabled=no name=pptp-in1 user=""

/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1

/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
    group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key="" mode=none name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
    wpa2-pre-shared-key=""

/ip firewall layer7-protocol
add name="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~\
    ]*(x-cache: hit)" regexp=""

/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
add dns-name=www.smarteducation.net hotspot-address=192.168.4.1 \
    html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,http-pap \
    name=hsprof1 nas-port-type=wireless-802.11 radius-accounting=yes \
    radius-default-domain="" radius-interim-update=received \
    radius-location-id="" radius-location-name="" radius-mac-format=\
    XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=yes

/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
    name=default pfs-group=modp1024

/ip pool
add name=hs-pool-4 ranges=192.168.4.2-192.168.4.254
add name=vpn-smart ranges=192.168.1.10-192.168.1.30

/ip dhcp-server
add address-pool=hs-pool-4 address-pool6="" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=HOTSPOT lease-time=1h name=\
    dhcp1

/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m \
    interface=HOTSPOT keepalive-timeout=none name=hotspot1 profile=hsprof1

/ip hotspot user profile
set MahasiswaD3 address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m \
    name=MahasiswaD3 shared-users=1 status-autorefresh=1m transparent-proxy=\
    no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    MahasiswaD1 shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    PELANGGAN shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=DOSEN \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=STAFF \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\
    FRIENDS shared-users=1 status-autorefresh=1m transparent-proxy=no

/ppp profile
set default change-tcp-mss=yes name=default only-one=default \
    remote-ipv6-prefix-pool=none use-compression=default use-encryption=\
    default use-ipv6=yes use-mpls=default use-vj-compression=default
add change-tcp-mss=default local-address=192.168.1.1 name=VPS-SMART only-one=\
    default remote-address=vpn-smart remote-ipv6-prefix-pool=none \
    use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
    default use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=\
    default remote-ipv6-prefix-pool=none use-compression=default \
    use-encryption=yes use-ipv6=yes use-mpls=default use-vj-compression=\
    default

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
    dial-on-demand=no disabled=no interface=ether1-PUBLIK max-mru=1480 \
    max-mtu=1480 mrru=disabled name=pppoe-out1 password=xxxxxxxxxxxxxxxxxxxxxx profile=\
    default service-name="" use-peer-dns=no user=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@telkom.net

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="down and browsing lokal" parent=ether2-LAN priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="down and browsing hotspot" parent=HOTSPOT priority=8

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
add kind=pcq name=pcq-browsing pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=400k \
    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=200
add kind=pcq name="PCQ download hotspot" pcq-burst-rate=0 \
    pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
    pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=\
    250k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=\
    2000
add kind=pcq name="PCQ download lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=250k \
    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload hotspot" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
    multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=browsing packet-mark=browsing-packet parent=\
    "down and browsing lokal" priority=8 queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name=download packet-mark=download-packet parent=\
    "down and browsing lokal" priority=8 queue="PCQ download lokal"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PB+POKER packet-mark="PB + Poker" parent=global-total \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=facebook packet-mark=facebook parent=global-total \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Squid-hit-HTTP packet-mark=hit_pkt parent=global-out \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=128k name=Upload parent=global-out priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="browsing hotspot" packet-mark=\
    "browsing-packet hotspot" parent="down and browsing hotspot" priority=8 \
    queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name="download hotspot" packet-mark=\
    "download-packet hotspot" parent="down and browsing hotspot" priority=8 \
    queue="PCQ download hotspot"

/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""

/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
    auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=0.0.0.0

/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
    default

/routing ospf-v3 instance
set default disabled=no distribute-default=never metric-bgp=auto \
    metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
    metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
    no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0

/routing ospf-v3 area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
    default

/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1

/snmp community
set public address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no

/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 \
    src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=\
    remote

/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no silent-boot=no

/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

/interface ethernet switch port
set ether2-LAN vlan-header=leave-as-is vlan-mode=fallback
set ether3-PROXY vlan-header=leave-as-is vlan-mode=fallback
set HOTSPOT vlan-header=leave-as-is vlan-mode=fallback
set ether5-aco vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback

/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled

/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:98:26:35:02:C9 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no

/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=VPS-SMART \
    enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled

/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no

/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
    frames-per-second=25 receive-all=no ssid-all=no

/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
    no streaming-max-rate=0 streaming-server=0.0.0.0

/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no

/ip accounting
set account-local-traffic=no enabled=no threshold=256

/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0

/ip address
add address=192.168.10.1/24 disabled=no interface=ether1-PUBLIK network=\
    192.168.10.0
add address=192.168.1.1/24 disabled=no interface=ether2-LAN network=\
    192.168.1.0
add address=192.168.2.1/24 disabled=no interface=ether3-PROXY network=\
    192.168.2.0
add address=192.168.4.1/24 comment="hotspot network" disabled=no interface=\
    HOTSPOT network=192.168.4.0
add address=192.168.5.1/24 disabled=no network=192.168.5.0

/ip dhcp-server config
set store-leases-disk=5m

/ip dhcp-server network
add address=192.168.4.0/24 comment="hotspot network" gateway=192.168.4.1

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=125.160.2.162,202.134.1.10

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes

/ip firewall mangle
add action=mark-packet chain=postrouting comment=Proxy-hit disabled=no dscp=\
    12 new-packet-mark=hit_pkt passthrough=no
add action=mark-connection chain=prerouting comment="POKER + POINT BLANK" \
    disabled=no dst-address-list="Poker + PB" dst-port=49100 \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=39190 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address=\
    203.89.146.0/23 dst-address-list="Poker + PB" dst-port=40000-40010 \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=9339 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=843 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-list=\
    "Poker + PB" dst-port=80 new-connection-mark="Trafik PB + POKER" \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="poker lan" content=\
    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=ether2-LAN \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \
    disabled=no new-packet-mark="PB + Poker" passthrough=no
add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \
    new-packet-mark=facebook passthrough=no
add action=mark-connection chain=prerouting comment="poker hotspot" content=\
    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=HOTSPOT \
    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \
    disabled=no new-packet-mark="PB + Poker" passthrough=no
add action=mark-connection chain=prerouting comment="facebook lan" content=\
    http://www.facebook.com disabled=no dst-port=80 in-interface=ether2-LAN \
    new-connection-mark=facebook passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \
    new-packet-mark=facebook passthrough=no
add action=mark-connection chain=prerouting comment="facebook hotspot" \
    content=facebook disabled=no dst-address=0.0.0.0 dst-port=80 \
    in-interface=HOTSPOT new-connection-mark=facebook passthrough=yes \
    protocol=tcp
add action=mark-packet chain=forward comment=\
    "koneksi Upload  ===========================" disabled=yes in-interface=\
    ether2-LAN new-packet-mark=paket-upload passthrough=no src-address=\
    192.168.1.0/24
add action=mark-connection chain=postrouting comment=\
    "koneksi download klien lokal" disabled=no new-connection-mark=\
    koneksi-klien out-interface=ether2-LAN passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment=\
    "PACKET-BROWSING client lokal" connection-bytes=1-175000 connection-mark=\
    koneksi-klien disabled=no dscp=!12 new-packet-mark=browsing-packet \
    out-interface=ether2-LAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=\
    "PACKET-DOWNLOAD client lokal" connection-bytes=175001-0 connection-mark=\
    koneksi-klien disabled=no dscp=!12 new-packet-mark=download-packet \
    out-interface=ether2-LAN packet-mark="!PB + Poker" passthrough=no \
    protocol=tcp
add action=mark-connection chain=postrouting comment="koneksi  klien hotspot" \
    disabled=no new-connection-mark="koneksi-klien hotspot" out-interface=\
    HOTSPOT passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="koneksi browsing hotspot" \
    connection-bytes=1-175000 connection-mark="koneksi-klien hotspot" \
    disabled=no dscp=!12 new-packet-mark="browsing-packet hotspot" \
    out-interface=HOTSPOT passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="koneksi download hotspot" \
    connection-bytes=175001-0 connection-mark="koneksi-klien hotspot" \
    disabled=no dscp=!12 new-packet-mark="download-packet hotspot" \
    out-interface=HOTSPOT packet-mark="!PB + Poker" passthrough=no protocol=\
    tcp

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=yes \
    dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=ether2-LAN \
    protocol=tcp src-address=!192.168.2.2 to-addresses=192.168.2.2 to-ports=\
    3128
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
    ether2-LAN protocol=udp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
    ether2-LAN protocol=tcp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=80,81,8080,3128 \
    in-interface=HOTSPOT protocol=tcp src-address=!192.168.2.2 to-addresses=\
    192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \
    protocol=udp src-address=!192.168.2.2 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \
    protocol=tcp src-address=!192.168.2.2 to-ports=53
add action=redirect chain=dstnat comment="DNS RESOLVER LOKAL" disabled=no \
    dst-port=53 in-interface=ether2-LAN protocol=udp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=\
    ether2-LAN protocol=tcp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \
    protocol=udp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \
    protocol=tcp to-ports=53
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.4.0/24

/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061 sip-direct-media=yes
set pptp disabled=yes
/ip hotspot service-port
set ftp disabled=no ports=21

/ip hotspot user
add disabled=no mac-address=CC:AF:78:74:08:A2 name=anggi password=anggi \
    profile=MahasiswaD3 server=hotspot1

/ip neighbor discovery
set ether1-PUBLIK disabled=no
set ether2-LAN disabled=no
set ether3-PROXY disabled=no
set HOTSPOT disabled=no
set ether5-aco disabled=no
set pppoe-out1 disabled=yes
set pptp-in1 disabled=yes

/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0

/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291

/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080

/ip ssh
set forwarding-enabled=no

/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all

/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes

/ipv6 nd
add advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=\
    unspecified interface=all managed-address-configuration=no mtu=\
    unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
    unspecified

/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes

/mpls interface
add disabled=no interface=all mpls-mtu=1508

/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no

/port firmware
set directory=firmware

/ppp aaa
set accounting=yes interim-update=0s use-radius=no

/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=smart \
    password=fikri profile=VPS-SMART routes="" service=pptp

/queue interface
set ether1-PUBLIK queue=ethernet-default
set ether2-LAN queue=ethernet-default
set ether3-PROXY queue=ethernet-default
set HOTSPOT queue=ethernet-default
set ether5-aco queue=ethernet-default

/radius
add accounting-backup=no accounting-port=1813 address=172.0.0.1 \
    authentication-port=1812 called-id="" disabled=no domain="" realm="" \
    secret=12345 service=login,hotspot timeout=300ms

/radius incoming
set accept=no port=3799

/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5

/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no

/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50

/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s

/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s

/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    timeout-timer=3m update-timer=30s

/store
add disabled=no disk=system name=user-manager1 type=user-manager
add disabled=no disk=system name=web-proxy1 type=web-proxy

/system clock
set time-zone-name=manual

/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00

/system console
add disabled=no term=vt102

/system gps
set channel=0 enabled=no set-system-time=no

/system health
set

/system identity
set name="SMART Education"

/system lcd
set contrast=0 enabled=no port=parallel type=24x4

/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pptp-in1 disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set ether5-aco disabled=yes display-time=5s
set HOTSPOT disabled=yes display-time=5s
set ether3-PROXY disabled=yes display-time=5s
set ether2-LAN disabled=yes display-time=5s
set ether1-PUBLIK disabled=yes display-time=5s

/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical

/system note
set note="" show-at-login=yes

/system ntp client
set enabled=yes mode=unicast primary-ntp=203.160.128.2 secondary-ntp=\
    120.88.47.10

/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no

/system resource irq
set 0 cpu=auto
set 1 cpu=auto

/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""

/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes

/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100

/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""

/tool graphing
set page-refresh=300 store-every=5min

/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes

/tool mac-server
set (unknown) disabled=no interface=all

/tool mac-server ping
set enabled=yes

/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""

/tool sniffer
set file-limit=10KiB file-name="" filter-mac-protocol=!ip filter-stream=yes \
    interface=HOTSPOT memory-limit=10KiB memory-scroll=no only-headers=no \
    streaming-enabled=no streaming-server=0.0.0.0

/tool traffic-generator
set latency-distribution-scale=10 test-id=0

/tool user-manager customer
add backup-allowed=yes disabled=no login=XXXXXXX parent=MikroTik password=\
    fikri paypal-accept-pending=no paypal-allowed=no paypal-secure-response=\
    no permissions=owner signup-allowed=no time-zone=-00:00

/tool user-manager router
add coa-port=1700 customer=MikroTik disabled=no ip-address=192.168.4.1 log=\
    auth-fail name=router1 shared-secret=12345

/tool user-manager user
add customer=MikroTik disabled=no name=tes password=set shared-users=1 \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[anuku@SMART Education] >      

Read More