Home / Mikrotik
Showing posts with label Mikrotik. Show all posts
Showing posts with label Mikrotik. Show all posts

Block Porn Sites and Facebook With Mikrotik

3 Comments

The challenge for the admin in the office to block sites that have nothing to do with work. Alias porn sites and social networking sites, which disturb the performance. We were asked to Block Porn Sites and Facebook during office hours. I immediately thought to use Mikrotik just that simple.

I might as well share it here aja mikrotik tutorials, to the steps I am not starting from scratch due to installing and setting as a gateway proxy, as well as transparent proxy can be found here.

The assumption mikrotik already can walk, and also used as a web proxy. Following steps:

• Block up, porn sites, youtube and sites that contain those words. Enter the following script in a terminal proxy:
ip web-proxy access
add dst-port=80 url="facebook.com" action=deny comment="satu" disabled=no
add dst-port=80 url="*.facebook.com" action=deny comment="dua" disabled=no
add dst-port=80 url="*porn*.com" action=deny comment="tiga" disabled=no
add dst-port=80 url="*sex*.com" action=deny comment="empat" disabled=no
add dst-port=80 url="*tube*.com" action=deny comment="lima" disabled=no
add dst-port=80 url="*porn*" action=deny comment="enam" disabled=no
add dst-port=80 url="*sex*" action=deny comment="tujuh" disabled=no

• Creating a Scheduler at 08.00 - 15.00. (HOURS OF WORK)
/ system script
add name=jam-allow policy=policy=ftp,reboot,read,write,policy,test,winbox,password source={
/ip web-proxy access set [/ip web-proxy access find comment=satu] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=dua] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=tiga] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=empat] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=lima] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=enam] disable=yes
/ip web-proxy access set [/ip web-proxy access find comment=tujuh] disable=yes}
/ system scheduler
add name="schedule-jam-allow" on-event=jam-allow start-date=jan/01/1970 start-time=16:00:00 interval=1d comment="" disabled=no

• Creating a Scheduler in hours 15:00 to 08:00
/ system script
add name=jam-deny policy=policy=ftp,reboot,read,write,policy,test,winbox,password source={
/ip web-proxy access set [/ip web-proxy access find comment=satu] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=dua] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=tiga] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=empat] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=lima] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=enam] disable=no
/ip web-proxy access set [/ip web-proxy access find comment=tujuh] disable=no}

/ system scheduler
add name="schedule-jam-allow" on-event=jam-deny start-date=jan/01/1970 start-time=08:00:00 interval=1d comment="" disabled=no

So little tricks on how to Block Porn Site and up Wear Mikrotik. Hope can help to reduce access to porn sites and the corruption of time.

Limited Youtube on Mikrotik

1 Comment
from :http://www.facebook.com/home.php#!/notes/heru-van-danoe/melimit-youtube-di-mt/191341640898286?notif_t=note_reply

Step 1
We input rule in the firewall to get an IP from download servers and enter the IP into the address list ...

/ip firewall filter add chain=forward \ src-address=192.168.5.0/24 protocol=tcp content=.flv \ action=add-dst-to-address-list address-list=downloads \ address-list-timeout=01:00:00

Rule above will capture all traffic to the content. flv originating from the LAN IP blocks and put it into the address list of downloads for 1 hour.
Variable above can be changed according to the topology and the needs of your own.

Step 2
We do mangle for marking packets originating from address lists that we can from Step 1
/ip firewall mangle add chain=forward protocol=tcp src-address-list=downloads \ action=mark-packet new-packet-mark=download-paket

Mangle is we need to label the package so that the simple queue can capture traffic from an IP that has been found on the address list "downloads"

Step 3
The last step we enter the simple queue of packets that have marks we got from step 2

/queue simple add name=download-files \max-limit=64000/64000 packet-marks=download-paket

Put the queue at the top in order to be read first by MikroTik

That's it ..

We've managed to allocate bandwidth to traffic download file2 we want, and keep current browsing .. even if browsing to a server that already in the address list to be slow due to go into limit

How to Block Facebook with Mikrotik

4 Comments
How to Block Facebook with Mikrotik, Please follow my tutorial

1. Login via winbox

2. Create filter rules as below :

/ip firewall filter add chain=forward content="facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="www.facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="apps.facebook.com" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="facebook" action=drop comment="Drop Facebook"
/ip firewall filter add chain=forward content="facebook.*" action=drop comment="Drop Facebook"

via terminal:


then a result like this


Finis My Tutorial.
Thanks.


User Manager Mikrotik

Add Comment

Mikrotik User Manager is a management system that can be used to manage users as follows:

1. HotSpot users
2. PPP (PPTP / PPPoE) users
3. DHCP users
4. Wireless users
5. RouterOS users.

This paper reviewed some of the User Manager for hotspot users. Previous hotspot and dhcp server package should have installed / enabled and configured prior to Mikrotik RouterOS. The assumption in this paper consists of a WLAN RouterOS and 1 ether. Ether as an interface that is connected to the internet while the wlan as an interface that connects to a hotspot client.Ip 192.168.0.40 ether and wlan 1 with ip 172.16.0.1/24. The steps are as follows:

1. Set the DHCP server on interface wlan1 (Set DHCP server on the previous posts).
2. Set Hostpot
/ Ip hotspot profile set hsprof1 use-radius = yes
3. Set the Radius Client for the User Manager to handle hotspots
/ Radius add service = hotspot address = 172.16.0.1 secret = 123 456
For the record first authenticate hotspot users will read on the database / ip hotspot user print. Remove the data in this directory for authentication on radius.

4. Install the User Manager

- Open system Winbox or packages from terminal

/ System / packages / print
- If no user package manager to install first. Because the user-manager is a separate package from the router os MT. Make sure the outer version of the same OS user version of the package manager. For example if we os router 2.9.50 then user-manager package should also be 2.9.50.
Download from http://www.mikrotik.com/download.html, select one user-manager package from the package zip-2.9.x.npk
- Upload via FTP program to Mikrotik Server
- Reboot Mikrotik Server
- Check system, packages such as No. 1, if the user's active managers have not turned on first and then reboot. If you have active
- Open http://192.168.0.40/userman
- If it can open the user manager login page, it means the user manager is already active.

5. Create a User Manager On behalf of Subscriber
/ Tool user-manager customer add login = "admin" password = 123 permissions = owner
6. Create Hotspot Router
/ Tool user-manager router add subscriber = admin ip-address = 172.16.0.1 shared-secret = 123 456
7. Create a User to Hotspot
/ Tool user-manager user add username = rio password = 123 dawn subscriber = admin

Please try to conn hotspot with a laptop and User Manager can be accessed via http://192.168.0.40/userman. The menus contained there in, among others, login status, add users, delete users, log and others. Such complete http://wiki.mikrotik.com/wiki/User_Manager/Customer_page

Mikrotik Bandwith control on ADSL link

Mikrotik Bandwith control on ADSL link

Add Comment
I used the MikroTik / RouterOS as my gateway to the Internet. It servers as a PPPoE-client (as my ISP uses PPPoE over ASDL), a router and AP. It does the job perfectly, but with a range of different clients connected, some more "important" that other, and a relatively slow internet connection, I want to shape and prioritize the the traffic going to and from the internet.

Since the ADSL modem has a small buffer and a tendency to slow everything down when it's full, the MikroTik must never send more than about 95% of the up- and download-speed of my line. After some bandwidth-test I figured out I had a real speed of 5660/563. Using that, I started with the challenge of limiting the data-traffic.

Download artikel here
Mikrotik Hotspot Introduction

Mikrotik Hotspot Introduction

Add Comment
HotSpot is a way to authorize users to access some network resources, but does not provide traffic encryption. To log in, users may use almost any web browser (either HTTP or HTTPS protocol), so they are not required to install additional software. The gateway is accounting the uptime and amount of traffic each client have used, and also can send this information to a RADIUS server. The HotSpot system may limit each particular user's bitrate, total amount of traffic, uptime and some other parameters mentioned further in this document.

The HotSpot system is targeted to provide authentication within a local network (for the local network users to access the Internet), but may as well be used to authorize access from outer networks to access local resources (like an authentication gateway for the outside world to access your network). It is possible to allow users to access some web pages without authentication using Walled Garden feature.

Download Manual Mikrotik Hotspot Introduction

Mikrotik Hotspot Setup

Add Comment

The MikroTik HotSpot Gateway provides authentication for clients before access to public networks .

HotSpot Gateway Setup:
- different authentication methods of clients using local client database on the router, or remote RADIUS server;
- users accounting in local database on the router, or on remote RADIUS server;
-walled-garden system, access to some web pages without authorization;
-login page modification, where you can put information about the company;
-automatic and transparent change any IP address of a client to a valid addres.

Download

HotSpot Profile
Hotspot server profiles. There may be various different HotSpot systems, defined as HotSpot Server Profiles, on the same gateway machine. One or more interfaces can be grouped into one server profile. There are very few settings for the servers on particular interfaces - most of the configuration is set in the server profiles. For example, it is possible to make completely different set of servlet pages for each server profile, and define different RADIUS servers for authentication.
Download

HotSpot User
This is tutorial, where client's user/password information is actually added, additional configuration options for HotSpot users are configured here as well.
Download


HotSpot Walled Garden
This is tutorial, where client's user/password information is actually added, additional configuration options for HotSpot users are configured here as well.
Download

Create Dota in Mikrotik

Add Comment

DOTA is one of the Warcraft games for the online version. gamenet games on this is the best-selling games in addition to other online-games games like ragnarok, sealonline, pangya, deco and much more. in addition to these games for free, aka nda pake pocer, also very fun dimaenkan. Here I am trying to write about how to create DOTA in mikrotik machine.

Follow these steps:


-ip firewall nat add chain=srcnat action=masquerade out-interface=Public

-ip address add address=202.xxx.xxx.xxx/32 interface=Public (xxx filled according to your public IP)

-ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.xxx action=dst-nat to-addresses=192.168.***.*** (*** completed according to the local IP who want to create games)

-ip firewall nat add chain=srcnat src-address=192.168.***.*** action=src-nat to-addresses=202.xxx.xxx.xxx

In order for a client who joined in a LAN or a single network can play together add the command:

-ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.1-202.xxx.xxx.254 action=netmap to-addresses=192.168.***.1-192.168.***.254

-ip firewall nat add chain=srcnat src-address=192.168.***.1-192.168.***.254 action=netmap to-addresses=202.xxx.xxx.1-202.xxx.xxx.254

Until this has been successful, but in fact there is a problem I faced, which can not be my proxy machine or remote access from outside the network and other problems, SNMP port ketutup bandwagon, so to display the traffic cacti so blank ... anyone can help

Fix Dota Mik

Previously I've written about Dota Create Rules in Mikrotik, but there are constraints as rules enabled then routerbox not be in a remote, diping can not even display the graph MRTG / Cacti.

After a few times to try and find literature from google finally see the rules that are suitable for a remote interest from outside the network, can ping and of course I could see a graph bandwidth usage via MRTG / Cacti.

Rules like this:

ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=tcp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113

ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=udp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=tcp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=udp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x -192.168. x . x action=netmap to-address=202. x . x . x -202. x . x . x to-ports=0-65535

Probably already know a lot about the rules above, I hope the above rules can be used anyone who needs it, because from experience that there is indeed difficult to find literature or googling about the rules create dota in mikrotik.
hopefully help.

taken from http://harrychanputra.wordpress.com
Mikrotik as Bridge

Mikrotik as Bridge

Add Comment
Mikrotik as Bridge is intended that the interface that leads to the Internet functioned as a Bridge (Bridge) for internet connection. With the Bridge is the traffict BW from Interface (ether1 or have your name change) will miss the Bridge. Based on the author's experience, by setting this Bridge to be more stable internet connection .. Here's how its settings ..




Open Winbox, Click Menu Bridge, click the + sign, apply, OK














Click the Port menu, Double Clik ether1, arrow down, select Bridge 1, Apply and OK











Results and Traffict BW Bridge configuration that is being used ...
keep try...

Setup Mikrotik RB450, RB750

Add Comment
First of all to be able to configure Mikrotik RB 450, RB 750, etc. This, of course you need to login first  ...
we begin to ya ...

Topology:





For LAN: class C

LAN : x.x.x.x/24.
Modem : y.y.y.y/24





root menu by typing "/"IP settings for each ethernet card 
- Ip address add address = yyyy/24 interface = ether1 
- Ip address add address = xxxx/24 interface = ether2 
- Ip address print
 
Setting the IP routing 
- Ip route add gateway = y.y.y.1
Setting DNS
- Ip dns set primary-dns = pppp allow-remote-requests = yes 
- Ip dns set secondary-dns = nnnn allow-remote-requests = yes
 
Source NAT (Network Address Translation) / MasqueradingFor all existing computers on the LAN can connect to the internet as well.
- Ip firewall nat add chain = srcnat action = masquerade out-interface = ether1
 
DHCP (DynamicHost Configuration Protocol)
Creating an IP Address Pool
- Ip pool add name = dhcp-pool ranges = xxx2-xxx254
 
Add a DHCP Network
- Ip dhcp-server network add address = xx0.0/24 xx0.1 gateway = dns-server = pppp, nnnn
 
Adding a DHCP Server
- Ip dhcp-server add name = DHCP_LAN disabled = no interface = ether2 address-pool = dhcp-pool
 
Until here all computers should already be connected to the Internet. For that we need in the test with: ping to your gateway, pinging your dns and ping to yahoo.com.
 
Bandwidth ControlSpeedy Connection Speed 384/64 Kbps (Download / Upload)The number of client computers 10 pieces.

hopefully can help ..
Subscribe to: Posts (Atom)