TUTORIAL MIKROTIK VPN: Point to Point Tunnel Protocol (PPTP)

PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server.

General applications of PPTP tunnels:

* For secure router-to-router tunnels over the Internet
* To link (bridge) local Intranets or LANs (when EoIP is also used)
* For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)

Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server.
Description
PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows).

PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.

MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.

PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.

PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information.
PPTP Client Setup
Submenu level : /interface pptp-client
Property Description
name (name; default: pptp-out1) - interface name for reference
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets)
connect-to (IP address)- the IP address of the PPTP server to connect to
user (string)- user name to use when logging on to the remote server
password (string; default: "")- user password to use when logging to the remote server
profile (name; default: default) - profile to use when connecting to the remote server
add-default-route (yes | no; default: no) - whether to use the server which this client is connected to as its default router (gateway)
Example
To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway:

[admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \
\... user=john add-default-route=yes password=john
[admin@MikroTik] interface pptp-client> print
Flags: X - disabled, R - running
0 X name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john"
password="john" profile=default add-default-route=yes


[admin@MikroTik] interface pptp-client> enable 0

Monitoring PPTP Client
Command name : /interface pptp-client monitor
Property Description
Statistics:

uptime (time) - connection time displayed in days, hours, minutes, and seconds
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection
status (string) - status of the client:
# Dialing – attempting to make a connection
# Verifying password... - connection has been established to the server, password verification in progress
# Connected – self-explanatory
# Terminated – interface is not enabled or the other side will not establish a connection

Example
Example of an established connection:

[admin@MikroTik] interface pptp-client> monitor test2
uptime: 4h35s
encoding: MPPE 128 bit, stateless
status: Connected
[admin@MikroTik] interface pptp-client>

PPTP Server Setup
Submenu level : /interface pptp-server server

[admin@MikroTik] interface pptp-server server> print
enabled: no
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>

Description
The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created.
Property Description
enabled (yes | no; default: no) - defines whether PPTP server is enabled or not
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) - authentication algorithm
default-profile (name; default: default) - default profile to use
Example
To enable PPTP server:

[admin@MikroTik] interface pptp-server server> set enabled=yes
[admin@MikroTik] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>

PPTP Server Users
Submenu level : /interface pptp-server
Description
There are two types of items in PPTP server configuration - static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly.
Property Description
name - interface name
user - the name of the user that is configured statically or added dynamically

Statistics:

mtu - shows (cannot be set here) client's MTU
client-address - shows (cannot be set here) the IP of the connected client
uptime - shows how long the client is connected
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection
Example
To add a static entry for ex1 user:

[admin@MikroTik] interface pptp-server> add user=ex1
[admin@MikroTik] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 DR ex 1460 10.0.0.202 6m32s none
1 pptp-in1 ex1
[admin@MikroTik] interface pptp-server>

In this example an already connected user ex is shown besides the one we just added.
PPTP Router-to-Router Secure Tunnel Example
The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet.

There are two routers in this example:

* [HomeOffice]
Interface LocalHomeOffice 10.150.2.254/24
Interface ToInternet 192.168.80.1/24

* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface LocalRemoteOffice 10.150.1.254/24

Each router is connected to a different ISP. One router can access another router through the Internet.

On the PPTP server a user must be set up for the client:

[admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.0.103.1 remote-address=10.0.103.2
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==""

[admin@HomeOffice] ppp secret>

Then the user should be added in the PPTP server list:

[admin@HomeOffice] interface pptp-server> add user=ex
[admin@HomeOffice] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 pptp-in1 ex
[admin@HomeOffice] interface pptp-server>

And finally, the server must be enabled:

[admin@HomeOffice] interface pptp-server server> set enabled=yes
[admin@HomeOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@HomeOffice] interface pptp-server server>

Add a PPTP client to the RemoteOffice router:

[admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \
\... password=lkjrht disabled=no
[admin@RemoteOffice] interface pptp-client> print
Flags: X - disabled, R - running
0 R name="pptp-out1" mtu=1460 mru=1460 connect-to=192.168.80.1 user="ex"
password="lkjrht" profile=default add-default-route=no


[admin@RemoteOffice] interface pptp-client>

Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables 'direct' communication between the routers over third party networks.

To route the local Intranets over the PPTP tunnel – add these routes:

[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2
[admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1

On the PPTP server it can alternatively be done using routes parameter of the user configuration:

[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==""

[admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1"
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2
routes="10.150.1.0/24 10.0.103.2 1"

[admin@HomeOffice] ppp secret>

Test the PPTP tunnel connection:

[admin@RemoteOffice]> /ping 10.0.103.1
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms

Test the connection through the PPTP tunnel to the LocalHomeOffice interface:

[admin@RemoteOffice]> /ping 10.150.2.254
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms

To bridge a LAN over this secure tunnel, please see the example in the 'EoIP' section of the manual. To set the maximum speed for traffic over this tunnel, please consult the 'Queues' section.

Connecting a Remote Client via PPTP Tunnel
The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels)

Please, consult the respective manual on how to set up a PPTP client with the software You are using.

The router in this example:

* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24

The client computer can access the router through the Internet.

On the PPTP server a user must be set up for the client:

[admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.150.1.254 remote-address=10.150.1.2
[admin@RemoteOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.150.1.254 remote-address=10.150.1.2 routes==""

[admin@RemoteOffice] ppp secret>

Then the user should be added in the PPTP server list:

[admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex
[admin@RemoteOffice] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 FromLaptop ex
[admin@RemoteOffice] interface pptp-server>

And the server must be enabled:

[admin@RemoteOffice] interface pptp-server server> set enabled=yes
[admin@RemoteOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@RemoteOffice] interface pptp-server server>

Finally, the proxy APR must be enabled on the 'Office' interface:

[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled
1 R Office 1500 00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>

Tutorial Mikrotik VPN: EOIP

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.

Network setups with EoIP interfaces:

• Possibility to bridge LANs over the Internet
• Possibility to bridge LANs over encrypted tunnels
• Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks

An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.

Specific Properties:

• Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
• The EoIP interface appears as an Ethernet interface under the interface list.
• This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
• The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
• Maximal count of EoIP tunnels is 65536.

This is how to set up EoIP to bridge two (or more) Mikrotik routers for central PPPoE authentication

Using 2 routers called R1 and R2 that have an IP connection between them and R2 has 2 ethernet ports, i.e. you can ping rB from R1 and R1 from R2 where the R1 facing eth port is called eth1 and its other port is called eth2.

1. create a new EoIP tunnel on R1.
2. create a new EoIP tunnel on R2, where the tunnel ID is the same as the one on R1 but the MAC addreses are different.
4. create a new bridge on R1 and R2
3. add a PPPoE server to the Bridge on R1.
4. on R2 and add eth2 and the EoIP tunnel to the bridge.
5. put an IP address onto eth2 (any address seems to work, but it maybe better to use a different subnet for routing purposes).

Now you should be able to establish a PPPoE connection from a PC plugged into the eth2 port on router R2, this PPPoE connection will terminate on router R1.

This is not the most efficient method of using the available bandwidth on a network, but is perhaps easier than having a PPPoE A/C on every Mikrotik router and using RADIUS as you can just have PPP secrets setup on one router.

Mikrotik for Online Game

CREATE DOT A di MIKROTIK

DOTA merupakan salah satu games Warcraft untuk versi online. pada gamenet games ini merupakan games terlaris selain games-games online lain seperti ragnarok, sealonline, pangya, deco dan masih banyak lagi. selain games ini gratis alias nda pake pocer, juga sangat asyik dimaenkan. disini saya coba menulis tentang bagaimana create DOTA di mesin mikrotik.

Ikuti langkah-langkah berikut :

[admin@mendem] >ip firewall nat add chain=srcnat action=masquerade out-interface=Public

[admin@mendem] >ip address add address=202.xxx.xxx.xxx/32 interface=Public (xxx diisi sesuai IP public kamu)

[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.xxx action=dst-nat to-addresses=192.168.***.*** (*** diisi sesuai dengan IP lokal yang ingin bisa create game)

[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.*** action=src-nat to-addresses=202.xxx.xxx.xxx

Agar client yg tergabung dalam LAN atau yang satu network bisa bermain bersama tambahkan perintah :

[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.1-202.xxx.xxx.254 action=netmap to-addresses=192.168.***.1-192.168.***.254

[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.1-192.168.***.254 action=netmap to-addresses=202.xxx.xxx.1-202.xxx.xxx.254

Sampai disini sudah berhasil , namun ternyata ada masalah yang saya hadapi, yaitu mesin mikrotik tidak dapat saya akses atau remote dari luar jaringan dan masalah lain, port SNMP ikut-ikutan ketutup sehingga untuk menampilkan traffic cacti jadi blank …ada yang bisa membantu

Fix Dota Mik

Sebelumnya saya pernah menulis tentang Rules Create Dota di Mikrotik, namun ada kendala saat rules diaktifkan maka routerbox tidak dapat di remote, diping bahkan tidak bisa menampilkan grafik MRTG/Cacti.

Setelah beberapa kali mencoba dan mencari literatur dari mbah google akhirnya ketemu rules yang cocok untuk kepentingan remote dari luar jaringan, bisa di ping dan tentunya saya bisa melihat grafik pemakaian bandwitdh lewat MRTG/Cacti.

Rules nya seperti ini :

ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=tcp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113

ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=udp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=tcp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=udp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113

ip firewall nat add chain=srcnat src-address=192.168. x . x -192.168. x . x action=netmap to-address=202. x . x . x -202. x . x . x to-ports=0-65535

Mungkin sudah banyak yang tahu tentang rules diatas, harapan saya rules diatas bisa dipakai siapa saja yang memerlukannya, karena dari pengalaman yang ada sungguh sulit mencari literatur atau googling tentang rules create dota di mikrotik.

semoga membantu .

Mikrotik Hacking

MRTG DARI GRAPHING MIKROTIK

MRTG adalah suatu aplikasi yg dibuat untuk melihat besarnya traffic yang terjadi pada saat pemakaian internet. Itu digambarkan dalam bentuk grafik.

Mikrotik memiliki fasilitas tersebut namanya tool graphing, idealnya MRTG mikrotik di batesi agar tidak bisa dilihat sembarang orang. Mungkin bisa di tambahkan rule allow acces IP mana saja yang diijinkan untuk melihatnya.

Kita dapat menemukan dengan mudah MRTG dari graphing mikrotik yang tidak di filter, caranya:

buka www.google.co.id
ketikkan key word = "mikrotik intitle:graphing"
pilih seach the web untuk semua web/IP yang ingin dicari
atau page from Indonesia untuk hanya web/IP indonesia saja

Mikrotik DHCP Server

Mikrotik DHCP Server

Untuk membuat DHCP Server diperlukan langkah-langkah sebagai berikut :

1. Membuat address pool dan menentukan IP Range
2. Mengaktifkan DHCP server.
Sedangkan untuk membuat Internet Gateway Server, inti langkahnya adalah melakukan masquerading yang akan melewatkan paket-paket data ke user.

Berikut ini adalah gambaran dari network dan servernya :

1. Mikrotik di install pada CPU dengan 2 ethernet card, 1 interface utk koneksi ke internet, 1 interface utk konek ke lokal.

2. IP address :
- gateway (mis: ADSL modem) : 192.168.100.100
- DNS : 192.168.100.110
- interface utk internet : 192.168.100.1
- interface utk lokal : 192.168.0.1

Untuk memulainya, kita lihat interface yang ada pada Mikrotik Router

[admin@Mikrotik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500[admin@Mikrotik] >

kemudian set IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.100.1 dan ether2 akan kita gunakan untuk network local kita dengan IP 192.168.0.1

[admin@mikrotik] > ip address add address=192.168.100.1 netmask=255.255.255.0 interface=ether1

[admin@mikrotik] > ip address add address=192.168.0.1 netmask=255.255.255.0 interface=ether2

[admin@mikrotik] >ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.100.1/24 192.168.100.0 192.168.100.255 ether1
1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether2
[admin@mikrotik] >

Setelah selesai Barulah kita bisa melakukan setup DHCP server pada Mikrotik.

1. Membuat address pool

/ip pool add name=dhcp-pool ranges=192.168.0.2-192.168.0.100
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1
2. Tentukan interface yang dipergunakan dan aktifkan DHCP Server.

/ip dhcp-server add interface=ether2 address-pool=dhcp-pool enable 0

[admin@mikrotik] > ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 dhcp1 ether2
sampai tahap ini, DHCP server telah selesai untuk dipergunakan dan sudah bisa di test dari user.

Langkah Selanjutnya adalah membuat internet gateway, Misalnya IP ADSL Modem sebagai gateway untuk koneksi internet adalah 192.168.100.100 dan DNS Servernya 192.168.100.110, maka lakukan setting default gateway dengan perintah berikut :

[admin@mikrotik] > /ip route add gateway=192.168.100.100

3. Melihat Tabel routing pada Mikrotik Routers

[admin@mikrotik] > ip route print

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.0.0/24 192.168.0.1 ether2
1 ADC 192.168.100.0/24 192.168.100.1 ether1
2 A S 0.0.0.0/0 r 192.168.100.100 ether1
[admin@mikrotik] >

Lanjutkan dengan Setup DNS

[admin@mikrotik] > ip dns set primary-dns=192.168.100.110 allow-remoterequests=no

[admin@mikrotik] > ip dns print
primary-dns: 192.168.100.110
secondary-dns: 0.0.0.0
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@mikrotik] >

4. Tes untuk akses domain, misalnya dengan ping nama domain

[admin@mikrotik] > ping yahoo.com

216.109.112.135 64 byte ping: ttl=48 time=250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 571/571.0/571 ms

[admin@mikrotik] >

Jika sudah berhasil reply berarti seting DNS sudah benar.

5. Setup Masquerading, ini adalah langkah utama untuk menjadikan Mikrotik sebagai gateway server

[admin@mikrotik] > ip firewall nat add action=masquerade outinterface=ether1chain: srcnat

[admin@mikrotik] >

[admin@mikrotik] ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether1 action=masquerade
[admin@mikrotik] >
Selesai, tinggal test koneksi dari user. seharusnya dengan cara ini user sudah bisa terhubung ke internet.

Cara ini memang cara yang paling mudah untuk membuat user dapat terhubung ke internet, namun tingkat keamanannya masih rendah dan diperlukan pengaturan firewall. Mudah-mudahan saya bisa membahasnya dilain waktu.

Mikrotik Bandwidth Test

Mikrotik Bandwidth Test

Overview

The Bandwidth Tester can be used to monitor the throughput only to a remote MikroTik router (either wired or wireless) and thereby help to discover network ‘bottlenecks’.

The TCP test uses the standard TCP protocol with acknowledgments and follows the TCP algorithm on how many packets to send according to latency, dropped packets, and other features in the TCP algorithm. Please review the TCP protocol for details on its internal speed settings and how to analyze its behavior. Statistics for throughput are calculated using the entire size of the TCP packet. As acknowledgments are an internal working of TCP, their size and usage of the link are not included in the throughput statistics. Therefore this statistic is not as reliable as the UDP statistic when estimating throughput.

The UDP tester sends 110% or more packets than currently reported as received on the other side of the link. To see the maximum throughput of a link, the packet size should be set for the maximum MTU allowed by the links – usually this is 1500 bytes. There is no acknowledgment required by UDP; this implementation means that the closest approximation of the throughput can be seen.

Installation

The Bandwidth Test feature is included in the 'system' package. No installation is needed for this feature

Hardware Resource Usage

!Caution! Bandwidth Test uses all available bandwidth (by default) and may impact network usability.

There is no other significant resource usage.

Bandwidth Test Description

Bandwidth Test Server Configuration

[admin@MikroTik] tool> bandwidth-server
Configure network bandwidth tester service. Use authentication for disabling
unwanted bandwidth wasting. Note that remote router must be MikroTik router in
order to run the test.

session
print
 get  get value of property
 set
export
[admin@MikroTik] tool> bandwidth-server print
  enabled: yes
    authenticate: no
allocate-udp-ports-from: 2000
    max-sessions: 10
[admin@MikroTik] tool>

Setting description:

enable - enable client connections for bandwidth test
authenticate - communicate only with authenticated (by valid username and password) clients
allocate-udp-ports-from - allocate UDP ports from
max-sessions - maximal number of bandwidth-test clients

The list of current connections can be get in session submenu:

[admin@MikroTik] tool> bandwidth-server session

print  print values of item properties
remove  remove item
[admin@MikroTik] tool> bandwidth-server session print
# FROM     PROTOCOL DIRECTION USER
0 10.0.0.202     tcp      send
[admin@MikroTik] tool>

Bandwidth Test Client Configuration

Bandwidth Test uses TCP or UDP protocol for test. The test tries to use maximum or partial amount of bandwidth to test link speed. Be aware that default test uses all available bandwidth and may impact network usability.

[admin@MikroTik] tool> bandwidth-test
Run TCP or UDP bandwidth test. Tries to use maximum or partial amount of
bandwidth to test link speed. Note that remote router must be MikroTik router
in order to run the test. Be aware that default test uses all available
bandwidth and may impact network usability.


assume-lost-time
direction  Direction of data flow
do
duration
interval
local-tx-speed
   once  print statistics once and quit
password  Password for remote user
protocol  Protocol to use for test
remote-tx-speed
   size  UDP packet size or TCP segment size
   user
[admin@MikroTik] tool> bandwidth-test

Descriptions of arguments:

address - IP address of destination host
assume-lost-time - If Bandwidth Server is not responding for that time, assume that connection is lost
direction - specify the direction of the test (receive, transmit, both, default is transmit)
do - Script source
duration - Duration of the test
interval - Delay between messages (in seconds). Default is 1 second. Can be 20ms...5s
local-tx-speed - Transfer test maximum speed (given in bits per second)
password - Password for remote user
protocol - Type of protocol to use (UDP or TCP, default TCP)
remote-tx-speed - Receive test maximum speed (given in bits per second)
size - Packet size in bytes (50..1500, default 512). Works only with UDP protocol
user - Remote user

Bandwidth Test Example

[admin@MikroTik] tool> bandwidth-test 10.0.0.202 user=admin direction=both protocol=udp \
\... size=1500 duration=14s
status: done testing
   tx-current: 11.49Mbps
tx-10-second-average: 10.05Mbps
tx-total-average: 7.96Mbps
   rx-current: 12.55Mbps
rx-10-second-average: 10.33Mbps
rx-total-average: 8.14Mbps

Load-balancing & Fail-over

Load-balancing & Fail-over di MikroTik

Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.
Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .

Yang akan dilakukan :

1. Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
2. Menjadikan salah satunya sebagai back-up dengan teknik fail-over.

OK, mari saja kita mulai eksperimennya :

1. IP address untuk akses ke LAN :
   > /ip address add address=192.168.0.1/28 interface=LAN
   IP address untuk akses ke jalur DSL :
   > /ip address add address=10.32.57.253/29 interface=DSL
   IP address untuk akses ke jalur Wireless :
   > /ip address add address=10.9.8.2/29 interface=WIRELESS
   Tentukan gateway dengan rasionya masing-masing :
   > /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
2. Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.
   > /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM
   > /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping
   > /ip route add gateway=10.32.57.254
3. Good Luck!!

PCQ

Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth yang ada secara merata untuk para pelahap-bandwidth™ saat jaringan pada posisi peak.

Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria, maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10 Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek e-mail & blog .

OK, langsung saja ke caranya :

1. Asumsi : Network Address 192.168.169.0/28, interface yang mengarah ke pengguna diberi nama LAN, dan interface yang mengarah ke upstream provider diberi nama INTERNET;
2. Ketikkan di console atau terminal :
   > /ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
   > /ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
   > /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
   > /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
   > /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
   > /queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM
3. Good Luck!!

Memanipulasi ToS ICMP & DNS di MikroTik

Tujuan :

• Memperkecil delay ping dari sisi klien ke arah Internet.
• Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

1. Memanipulasi Type of Service untuk ICMP Packet :
   > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
   > ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
   > ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
2. Memanipulasi Type of Service untuk DNS Resolving :
   > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
   > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
   > ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
   > ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
3. Menambahkan Queue Type :
   > queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
4. Mengalokasikan Bandwidth untuk ICMP Packet :
   > queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
5. Mengalokasikan Bandwidth untuk DNS Resolving :
   > queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
6. Good Luck!!

Queue Tree with more than two interfaces

Basic Setup

This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It’s for sharing internet connection among users on each interfacess. In manual this possibility isn’t writted.

First, let’s set the basic setting first. I’m using a machine with 3 or more network interfaces:

[admin@instaler] > in pr

# NAME TYPE RX-RATE TX-RATE MTU

0 R public ether 0 0 1500

1 R wifi1 wlan 0 0 1500

2 R wifi2 wlan 0 0 1500

3 R wifi3 wlan 0 0 1500

And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 10.20.1.0/24 10.20.1.0 10.20.1.255 public

1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1

2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2

3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3

On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.

We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don’t QoS local trafic emong users. But for user I need to separate upload and download.

[admin@instaler] ip firewall mangle> print

Flags: X - disabled, I - invalid, D - dynamic

disabled=no

0 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userU passthrough=yes comment=”” disabled=no

1 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userD passthrough=yes comment=”” disabled=no

2 chain=forward connection-mark=users-userU action=mark-packet

new-packet-mark=userU passthrough=yes comment=”” disabled=no

3 chain=forward connection-mark=users-userD action=mark-packet

new-packet-mark=userD passthrough=yes comment=”” disabled=no

98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16

action=mark-connection new-connection-mark=users-lokal passthrough=yes

99 chain=forward connection-mark=users-lokal action=mark-packet

new-packet-mark=lokalTrafic passthrough=yes

Queue Tree Setup

And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent “global-out”, because we have two or more downloading interfaces. And for uplink, we are using parent “public”, we want QoS uplink traffic. (I’m using pcq-up and download from manual) This example is for 2Mb/1Mb

[admin@instaler] > queue tree pr

Flags: X - disabled, I - invalid

0 name=”Download” parent=global-out packet-mark=”” limit-at=0

queue=pcq-download priority=1 max-limit=2000000 burst-limit=0

burst-threshold=0 burst-time=0s

1 name=”Upload” parent=WGW packet-mark=”” limit-at=0 queue=pcq-upload

priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0

burst-time=0s

Now we add our user:

2 name=”user10D” parent=Download packet-mark=userD limit-at=0

queue=pcq-download priority=5 max-limit=0 burst-limit=0

burst-threshold=0 burst-time=0s

3 name=”user10U” parent=Upload packet-mark=userU limit-at=0

queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0

burst-time=0s

MAC Address + IP Address Linux

#!/bin/sh

iptables=/sbin/iptables

#definisikan default policy disini
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP #ingat nanti buka policy output yg perlu
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP

#definisi default policy dan bikin chain baru bernama maccheck di interface eth1
$iptables -t mangle -F
$iptables -t mangle -F maccheck
$iptables -t mangle -X maccheck
$iptables -t mangle -N maccheck
$iptables -t mangle -I PREROUTING -i eth1 -p all -j maccheck

#self explanatory… ip address + mac
$iptables -t mangle -A maccheck -s 192.168.0.1 -i eth1 -m mac -j RETURN
–mac-source
00:80:11:11:11:11
$iptables -t mangle -A maccheck -s 192.168.0.2 -i eth1 -m mac -j RETURN
–mac-source
00:80:22:22:22:22
$iptables -t mangle -A maccheck -s 192.168.0.3 -i eth1 -m mac -j RETURN
–mac-source
00:80:33:33:33:33

#selain yg terdaftar baik ip maupun mac akan di mark untuk nanti di drop, isi
dengan salah satu
mac yg aktif yg mana saja
#disini contohnya 00:80:11:11:11:11 yg sudah kita definisikan di atas
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -m mac -j MARK –mac-source !
00:80:11:11:11:11
–set-mark 1
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -p all -j MARK –set-mark 1

#drop packet yg di mark
$iptables -A INPUT -i eth1 -m mark –mark 1 -j DROP
$iptables -A OUTPUT -o eth1 -m mark –mark 1 -j DROP
$iptables -A FORWARD -i eth1 -m mark –mark 1 -j DROP

#lanjutkan firewall script anda disini

source = primadonal.com

Hotspot Mikrotik

Mikrotik version 2.8beta6 used as a wireless Hotspot server/authenticator

rel 10/10/03-rev v

What we are trying to do:

The Mikrotik Router OS system is software designed to run on an "IBM type" Personal Computer. It has many capabilities including operating as a Wireless HotSpot controller, router, firewall, PPPoE controller, among many other capabilities. This router basically can be used to operate a small ISP. In our example, we are setting up a three port system which is designed to have one port going to the internet, a second to provide HotSpot services via an external access point and a third port to serve the user's local LAN. Separation and firewall protection is provided to prevent intrusion from the internet and from the HotSpot port into the user's local LAN. Be sure to verify the firewall protection for yourself. Advantages/Limitations of the Mikrotik Hotspot System as seen by the author can be viewed HERE.

The basic features that I need in this Home Hotspot installation are:

• Provide isolation of computers on my home LAN from internet traffic and users on the WIRELESS HotSpot Access Point. This needed to be done without the use of encription on the wireless link so "anyone" could easily log in without first getting permission.
• Allow my normal household internet traffic to/from the internet to use the same connection as traffic from my wireless HotSpot
• Allow traffic on the Internet to access my mail server and any other servers on my Home LAN.
• Provide "Casual" users of the Home HotSpot to "log in" and access their WebMail and normal Internet while limiting their bandwidth usage.
• Allow "Trusted" users of the Home Hotspot to "log in" to access whatever ports and services may be allowed for them on an individual basis.
• Allow "Me" to access anything I want to over the Wireless Hotspot connection to the local LAN or to the Internet.
  
• Provide the capability to have a direct PPPoE connection to a DSL/Cable modem or alternatively a direct connection to a router LAN port.
  

I have concluded that the Mikrotik system provides all these features and many more. The basic configuration topology I wanted to develop is the three ethernet port shown below.

LAN access OR ether1 ether2 HotSpot RF Equipment |Remote
Internet <..> Cable/DSL modem <..> MikroTik Router <...>Wireless Access Point<~~> |Wireless
(ports 192.168.168.x) ether3 (Ports 10.5.50.x) |Computers
(in example below) | (in example below)
|
LOCAL
LAN
USERS
(ports 192.168.2.x)
(in example below)
The basic configuration:

The following definitions and configuration conditions apply to the Mikrotik Hotspot/Router OS installation described below.
1) The "public" (Internet) connection for the router (Router IP address = 192.168.168.28) is via an external (to the Mikrotik unit) hardware router with gateway IP address 192.168.168.1. This gateway is accessed via the "ether1" port on the Mikrotik unit.
2) The "Hotspot IP address pool" is used for contact with an external HotSpot client. The "universal client" allows for a user with "any" fixed IP address to make initial contact for user LOGIN. When the user then puts in "any" URL (e.g., http://www.yahoo.com) the DHCP server initially assigns an address from this pool (or uses the IP address already existing on a client) to clients and this connection is used to bring up the initial login screen. In the following example, this "hotspot IP address pool range" is 10.5.50.1 through 10.5.50.199. This service uses the ether2 hardware port on the Mikrotik unit. This IP pool is used by all hotspot clients for access.
3) The simple router configuration provides NO protection for OTHER devices which may be connected on the 192.168.168.X/24 (ether1) LAN from being accessed (perhaps maliciously) from the ether2 (hotspot) port. Suitable routing filters can be installed if this is a problem. See Mikrotik manual.
4) Before starting the entry of the following command sequence: a) connect the ether1 port to a LAN which has internet services available on a gateway address (192.168.168.1 in the example). b) connect a suitable Wireless Access Point (Dlink DWL-900AP+ or the 200mw Senao AP used by author) to the ether2 NIC port. Configure this AP with a suitable SSID, note it's MAC address for future reference, set the unit to Access Point Mode, set the AP unit to be a DHCP Client. c) Perform ALL the following commands from the Mikrotik Command Line Interface unless noted otherwise. I find the Winbox interface to be very useful for checking configurations and making changes after the system is initially setup. However, I had problems when I tried to input the initial setup in via the WinBox Interface. d) AS SOON AS the basic system works (and at intervals during initial setup if you wish), make a backup file of the operational system. "Simple" changes can screw up the programming and in many cases you will not immediately see how to recover. The availability of a backup file will prevent your having to type everything in again by hand. e) Before you begin, make any IP address modifications to a printout of the following sequence and then follow that modified instruction list precisely.
5) The ether3 port will be used for a LOCAL LAN port. Web-Proxy filters will be used to isolate the local LAN on 192.168.2.X/24 from the HotSpot ether2 port on 10.5.50.X/24 and from the internet on ether1. Note: If you are going to use a third ether3 port, be sure and install all three (or more as needed) NIC cards before you begin programming. The computer will not be confused, but the programmer might be if the LAN port numbers move around in the computer chassis as a result of installing a new NIC (LAN card) after programming has begun.
6) The computer for your router can be "most any" Pentium PC if you are just serving the three ethernet ports. The three NIC cards can be most any late model 10/100 card. The supported list is in the Mikrotik manual. 64megs of RAM are needed and at least a 100meg hard drive or a 64meg Flash Drive will work fine. A floppy will be necessary for initially loading the system if you use a hard drive. A CDROM drive is optional and really not required. No floppy or CDROM is necessary if the Mikrotik FLASH DRIVE (with Hotspot and system software)option for US$125 from http://www.fament.com is used as the system is supplied ready loaded with the latest Mikrotik software. Mikrotik provides several initial install modes. I used the "make up 9 floppies and boot them in in sequence to get the system loaded" option when loading a hard drive. See Mikrotik manual for more detailed install instructions.

Generally:
The ether1 interface is connected to 192.168.168.X/24 network (public network). Connection to the internet is provided through the gateway of the local LAN router at 192.168.168.1.

Then on ether2 interface we create a 10.5.50.1/24 network port with universal client, transparent proxy and other features. The SMTP server has to be setup as well as the dns server. We'll use the LAN gateway address 192.168.168.1 since our external "public" router connected to the internet provides DNS service and internet connectivity on this address. (Note: If your router allows it, you can use your ISP's DNS server IP address(es). If not, you may HAVE to use your local router's DNS services as the author did.)

Then on ether3 interface, we create a 192.168.2.1/24 network port for connection to your local (or household) LAN. Web-Proxy filters will then be used to isolate ether2 from ether3 and ether1 from access to either ether2 or ether3 for protection from hacking.

In the programming guide below: a) instructions and comments are in BLACK. b) What the computer prints on the monitor screen are in GREEN. c) What you type into the keyboard in response is in RED.

Step by Step Programming Procedure:

The following procedure assumes that you have already installed the BASIC MIKROTIK ROUTER OPERATING SYSTEM. If you need to do this basic install, proceed FIRST to http://www.gpsinformation.org/hotspot/installmikrotikfloppies.html to do the basic router software installation BEFORE continuing on the procedure on this page. DEMO LICENSE USERS NOTE CAREFULLY!> Demo Licensed Mikrotik software MUST be version 2.8beta5 or later and you must answer NO to the universal client and web-proxy questions in the Hotspot setup or your installation will fail.

At the beginning of this setup process, the 'system reset' command at the Mikrotik command line is used to initialize the Mikrotik router. The key is pressed after each RED command is entered. Proceed exactly as follows. Note: ALL spaces and punctuation marks are ESSENTIAL when inputing commands in RED below. If a command (such as /ip) has a slash in front, be sure to put it in. [Brackets] are NOT the same as (parenthesis). You must be VERY careful when inputing the commands. You can make a simple typographical error and the system may accept it and then your system may not work at all.

A few "getting around" commands for the Command Line Interface are: 1) commands are always followed by pressing ENTER. 2) / forward slash gets you back to the root directory. 3) hold shift then ? key gives you the command list for the command folder you are in. 4) .. takes you back one directory. 5) entering < /ip address> from "any command directory" takes you to the ip address directory. 6) the default system user ID is admin with a blank (just hit enter) password. 7) To save your work at any time, enter /system backup save name= (without the <>) at the command prompt. 8) To go from one directory to another on the tree branch, just enter the name. For instance, if you are at >ip and want to go to the system directory, just enter , then ENTER.

Programming the basic two port Hotspot system

The default user ID for the Mikrotik Router is and the password is blank (just press ENTER). As SOON as you do the system reset and login, you will change your password. When the router initially boots up, you will see:

Mikrotik 2.7.10 (You might have a later version and that is OK. Note that Mikrotik version 2.7.3 thru 2.7.10 and 2.9beta1 thru 2.8beta4 cannot be used to generate a working Hotspot using the free DEMOnstration license key. They work fine with the paid license key. However 2.8beta5 and later produce a working Hotspot with the DEMO license key using the proceedure below.)
(You type in what is in RED and then press ENTER.)
1) Mikrotik Login: admin (BE SURE to use lower case letters. It does matter.)
2) Password: (The default password is so just press ENTER.)
You will see Mikrotik's text logo and then: After you are logged in to the router from the command terminal, you will get the [admin@MikroTik] prompt as below. Then enter what is in RED and press ENTER.
3) [admin@MikroTik] > system reset
4) Dangerous! Reset anyway? (y/N): y
The system reset command will clear out any old configuration data and reboot. After reboot, login again as before and start entering the commands as follows when you have logged in successfully.
5) [admin@MikroTik] > password (This will let you change your password to something besides .
6) old password: (Since your old password was just press ENTER.)
7) new password: mynewpassword (Select YOUR choice of password to enter here and write it down.)
8) retype new password: mynewpassword (Asks second time just to be sure.)
Then:
9) [admin@MikroTik] > interface
10) [admin@MikroTik] interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 X ether1 ether 1500
1 X ether2 ether 1500
2 X ether3 ether 1500
There are three NICs installed in the system and initially all three are disabled (X).
11) [admin@MikroTik] interface> set 0,1 disabled=no (This enables both of the ethernet ports ether1, ether2, and leaves ether3 off for now.)
12) [admin@MikroTik] interface> /ip
(Note: The address 192.168.168.28 (below) represents the PUBLIC INTERNET side IP address of the Mikrotik Router. Change to your own suitable address as may be required.)
(All commands must be all in one continuous string (no carriage returns) when input and followed at the end by a carriage return. Be careful to look for parts of commands on second and even third lines in the listings below. The /24 after the IP address is equivalent to stating that the mask is 255.255.255.0)

Note: In this option (starting with step #13), we are going to use DHCP for automatic configuration of the ether1 NIC IP address, for the Gateway IP address, and for DNS Server resolution. If you would prefer to use FIXED IP addresses for these, use the alternative procedure HERE. To use DHCP for IP resolution on ether1 NIC port, proceed as directed below. Make sure your ether1 NIC port is connected to a router with DHCP SERVICES and then proceed to step #13

13) [admin@MikroTik] interface> /ip dhcp-client
14) [admin@MikroTik] ip dhcp-client> set enabled=yes interface=ether1
Now to check the dhcp setup we just did:
15) [admin@MikroTik] ip dhcp-client> print
enabled: yes
interface: ether1
host-name: **
client-id: **
add-default-route: yes
use-peer-DNS: yes
To show the dhcp leases that should have been obtained assuming your ether1 port is connected to a router with DHCP Services:
16) [admin@MikroTik] ip dhcp-client> lease print
address: 128.1.1.120/24
expires: sept/25/2003 09:43:00
gateway: 128.1.1.1
primary-dns: 207.69.188.186 (yours will likely be different)
secondary-dns: 192.195.1.2 (if your DHCP server provides a second DNS server. Yours will differ.)
[admin@MikroTik] ip dhcp-client> /ip
17) [admin@MikroTik] ip> hot (This abbreviation moves you to folder "hotspot". The first 2 or 3 letters of commands will usually work.)

(Now we run the Mikrotik Hotspot Setup Wizard.)
18) [admin@MikroTik] ip hotspot> setup
Select interface on which to run HotSpot
19) hotspot interface: ether2 (You enter the which is the port used by the external access point for HotSpot Access.)

Enable universal client configuration? (Note: This feature permits a roaming hotspot client (user) to have ANY IP ADDRESS and GATEWAY ADDRESS set into his computer networking setup and still operate the Hotspot. This feature is NOT AVAILABLE to demo hotspot licenses.)
NOTE! For the FREE DEMO LICENSE, you MUST answer NO to this question.
20) enable universal client: yes (paid license users erase the default and enter yes. Note: If you enable the Universal Client, you WILL NOT be able to use the DWL-900AP+ in REPEATER mode. The IP "mangle" that Universal Client uses to allow a user with "any" IP address to login to the HotSpot confuses simple repeaters such as the DWL-900AP+.

Now we setup the HotSpot address for the Access Point interface on ether2. This is your selected hotspot gateway IP address for your Hotspot Access Point. It must be in the range of your Hotspot Pool selected below.
21) Local address of hotspot network gateway: 10.5.50.1/24 (Just press ENTER if the default is OK, otherwise enter your own gateway IP address for your HOTSPOT system. Don’t change this unless you understand what you are doing.)

22) masquerade hotspot network: yes

Now we set up the pool for HotSpot IP addresses. This is your assigned range for DHCP generated Hotspot IP addresses. 10.5.50.1 is reserved for the hotspot gateway IP address.
23) Address pool of hotspot network will be: 10.5.50.2-10.5.50.254 (If you want to put some fixed IP addresses inside this DHCP pool range, they will operate just fine. (Note: If you are tempted to set the upper bound to some other number such as 200 to allow space for FIXED IP addresses for some devices, this is NOT a good idea This is because if later you use Universal Client mode, then for the fixed IP addresses outside the HotSpot's DHCP range, the UC will double assign a second IP address to the "out of range" MAC addresses and this can cause strange results such as timeout timers not working properly. Note also: Due to a bug in the hotspot setup wizard in current Mikrotik software, you cannot have a range of 10.5.50.50-10.5.50.254 and leave the range 2 through 49 open. If you fail to follow this guidance, you will find that multiple users cannot reliably login to the hotspot. Just use the default and be happy! )

Now setup so the router can access your SMTP server. Select SMTP server IP address of your mail server's SMTP server:) 207.69.188.15 (You have to put in YOUR SMTP server's IP address for outbound email. This can be your ISP's SMTP server or a local server. If you do not have an SMTP server, enter some unused IP address in the IP range used by ether1. (DEMO users will not get this option.)
24) ip address of smtp server: 207.69.188.15

Use local DNS cache?
25) use local dns cache: yes (You get to pick if you want the HotSpot to use the dns cache or go outside to your external DNS server for each DNS request.)

Now we setup the DNS configuration. Enter YOUR router gateway IP or your ISP's recommended DNS server IP address here. It may be that only your router gateway IP will work here if your router provides DNS services. Using your ISP's DNS server will usually be faster if your router permits this or if you plan to use PPPoE on ether1 connected directly to a DSL or Cable modem.
Setup DNS Configuration
26) dns servers: 192.168.168.1 Should be the same as your other DNS server entries.

Now we create the first local hotspot user. It is easy to create additional hotspot users using WinBox at a later time. Using WinBox, you can set up a profile which allows multiple logons without password and other profiles (such as the default) that allow only one login per name. In addition, this same profile can set the Tx and Rx baud rates allowed for each separate user profile. Each user ID can be set up with the same or different password or no password at all.

27) Name of local hotspot user: admin (This is the hotspot administrator's user ID. You can change if you wish. WRITE THIS AND THE PASSWORD DOWN! This is NOT the same as the Mikrotik Router's User ID and PASSWORD.)
28) password for the user: admin (This is administrator's password. Change as you see fit.)
Note: Setting up additional users is easy to do using WinBox. There is no provision for HotSpot users to self-register their own user names and passwords for "free hotspot" use. In fact, there is no real need on a “free hotspot". However, you can, for instance, set up "guest" as a user name with no password and set up a “guests” profile in WinBox USER PROFILES. Then add a note on the html login screen that "GUEST users may login as with no password for low speed internet access" or similar if you wish to offer universal low speed access to transient guests as well as offering "known users" high speed access. This change of speed requires additional entries for guest baud rates in the hotspot user profiles. I suggest having multiple entries in the user table for “guest” including guest, GUEST, Guest, and to try to cover all combinations a user is likely to enter in the login window. See Mikrotik HotSpot manual for more information on how to setup the WinBox software and enter additional users and passwords.

Select another port for (www) service.
port 80 is (normally) used by www service, select some other port for this service.
29) another port for service: 8081
Normally port 80 is used for (www) service. But on the Hotspot ether2 port, port 80 is used by the Hotspot Services and login html page. This means that if you wish to be able to access the winbox, then you will have to use port 8081 to access the router from the WINBOX interface. The Hotspot system demands use of port 80.
Use transparent web proxy for hotspot clients?
A "web proxy" is a cache used to store webpages, images, etc so that repeated accesses to such items do not have to go all the way to the destination sever when users go to the same webpage (such as http://www.yahoo.com) repeatedly over a short time. Such proxy servers typically have a short lifetime to avoid furnishing "stale" data to users.
NOTE! For the FREE DEMO LICENSE, this feature is NOT AVAILABLE and you MUST answer NO to this question.
30) use transparent web proxy: yes (Answer "yes" for paid license users.)

Now, let's see if we are communicating with the external Access Point and user. Note that unless you actually have a computer or access point connected to and powered up and linked to the ether2 port this entire printout (Flags:X .....) will be BLANK. If you wait to plug in your computer or access point until AFTER you execute this command and then execute it again (up arrow brings up prior command(s)), it can be 30+ seconds after you plug in the cable before you get the printout. Make SURE you have a "connected" light on both ends of your ether2 to computer/AP cable. The actual IP addresses may differ.
31) [admin@MikroTik] ip hotspot> universal client print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# MAC-ADDRESS ADDRESS TO-ADDRESS INTERFACE IDLE-TIME
0 D 00:05:5D:5F:4E:34 10.5.50.100 10.5.50.100 ether2 10s

See item 32a) below for proper syntax for version 2.7.x and earlier revisions.
32) [admin@MikroTik] ip hotspot> /ip hotspot profile set default shared-users=1 (versions 2.8.x and higher)

32a) [admin@MikroTik] ip hotspot> /ip hotspot profile set default only-one=yes (versions BELOW 2.8)
This command sets the hotspot to accept SINGLE logins from the default user group. You will need to setup a user profile with the "only-one" parameter "unchecked" in the winbox IP>HOTSPOT>USER>PROFILE settings. We need this on our Hotspot system so multiple simultaneous logins can occur. To install and enter the WINBOX program, proceed as follows: a) connect either to your local LAN router/hub that is feeding the ether1 (public) port or b) connect to the hotspot port, and login to the hotspot as the admin with password. Once connected one of these two ways, you can install and enter WinBox by calling up your browser and entering the PUBLIC IP address of your Mikrotik router as the URL with port 8081 as: http://192.168.168.28:8081. Then click on the WinBox icon on the upper left of the browser window and download to a suitable directory on your computer. Then execute the file winbox.exe load WinBox. (You can use Windows Explorer to send an icon to your desktop if you wish.) Then Click the WinBox icon on your desktop to go to winbox.) To set up the user profiles and user listings, click on IP>Hotspot. You will see users, user profiles, DHCP, Active, etc tabs. Click on profiles and add your user groups with their restrictions. For instance, Give your "guest" groups ONLY web privileges. Now click on USERS and add all the names you need and assign them to whichever group you wish. Then go to the IP>HOTSPOT> and you will see your users listed. Double click on thePROFILE line “guests” and view the popup window. You should see the profile name “guests”, mark-flow should be “hs-auth”, and the ONLY-ONE should be UNchecked (or "shared users" should be set to maybe 50), and login method should be “enabled-address”. All else blank for now. This screen will allow multiple simultaneous logins to the guest group. Here in this window you can also set up timeouts, bandwidth allowances, and other variables. Consult your Mikrotik manual for more details.

==========================================
At this point, the basic hotspot setup is completed and you should be able to enter any normal URL into the browser of a computer connected by wireless to the Wireless Access Point (may need to use a crossover cable if AP is directly connected to the ether2 NIC) and see the login screen. Enter your user ID and password (admin, admin) and you should be connected through to the internet. You should also be able to connect a Windows computer NIC directly to the ether2 port using a crossover cable if you want to try out the system operation without using the wireless link initially. You may want to edit the Login.html, trouble.html and other login-related pages using FrontPage, Dreamweaver or similar to customize these for your particular installation. Don't try and edit using Netscape Composer or it will likely fail to work with Mikrotik. (Mine did.)

Here is my list of "Gotchas" that will hopefully keep you from having some of the problems I did in getting started in further applications
==========================================

ADDING A THIRD NIC PORT TO SERVE YOUR LOCAL LAN.
If you add a THIRD port to the router, you can isolate your Hotspot from your local LAN and prevent Hotspot users from having any access to your local LAN which is using a common DSL or Cable internet line. Add the third ethernet card as ether3 and enter the following programming to activate the ether3 port. With this arrangement and programming, Hotspot users connected on ether2 and any local LAN users connected via ether3 will have full internet access via ether1, but will be isolated from each other.

Note: Demo software users have only 4 total NAT entries allowed and other limitations which will not permit all of the following to be entered. No harm in seeing how far you can get for your own configuration. Remember that the "web-proxy" commands are inoperative in the DEMO licensed software.

The IP address range of the third port will be 192.168.2.1 to 192.168.2.254. The gateway address of the third port will be 192.168.2.1. When the third LAN card is added to the computer, it will show up in the interface print list as ether3 and it will be "X" which means out of service. Note that which port is designated as ether1, ether2, and ether3 (by the computer) may change if the third LAN card is added AFTER the above Hotspot programming.
36) [admin@MikroTik] > /interface
37) [admin@MikroTik] > print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 X ether3 ether 1500
(Note: To enable ether3, in case it is disabled (X), proceed as follows.
38) [admin@MikroTik] interface> enable ether3
39) [admin@MikroTik] interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
(Note: The R above shows that all three ports are now "Running". Note that the ether1 card is known as #0 in the list ID.)
40) [admin@MikroTik] interface> /ip
41) [admin@MikroTik] ip> ad
42) [admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.168.28/24 192.168.168.0 192.168.168.255 ether1
1 ;;; hotspot network
10.5.50.1/24 10.5.50.0 10.5.50.255 ether2

43) [admin@MikroTik] ip address> add address=192.168.2.1/24 comment="Home network" interface=ether3
44) [admin@MikroTik] ip address> .. ( The .. means drop back one directory level.)
45) [admin@MikroTik] ip> /ip pool add name=home_dhcp_pool ranges=192.168.2.2-192.168.2.199
(Note: Adds new DHCP pool name to list. Leaves IP addresses 192.168.2.200 through 192.168.2.254 for use by fixed IP address devices.)
46) [admin@MikroTik] ip> /ip dhcp-server add name="home_dhcp_server" interface=ether3 lease-time=24h \ address-pool=home_dhcp_pool netmask=24 gateway=192.168.2.1 \ disabled=no
Note: The above sets up the new DHCP server for ether3 port so users can get IP addresses in the range. Also sets up the gateway as address 192.168.2.1.
47) [admin@MikroTik] ip> firewall src-nat add src-address=192.168.2.0/24 action=masquerade
(Note: Sets up to masquerade all of the IPs on ether3 so they can access the internet via ether1 using the gateway 192.168.2.1.)
At this point, if ether1 is connected to a LAN port with IP=192.168.168.1 (or YOUR router's gateway address) you SHOULD be able to connect to ether3 and make an immediate connection to the internet.
==================================================================
The following (optional) commands are grouped so you can pick and choose which services you may want to block/add.
====
Now for additional Added features, firewall filters, PPPoE, and etc.
48) [admin@MikroTik]ip> /ip firewall dst-nat add dst-address=0.0.0.0/0:53 protocol=udp \ action=nat to-dst-address=192.168.168.1 \ comment="intercept all DNS requests" This commands that all DNS requests will be grabbed and repointed to your local router at 192.168.168.1. This is already done automatically for the Hotspot (ether2) interface. If you want to add this for ether3 but NOT all interfaces (in case you have more than 3 ports) you would add to the line above.
Note the [BRACKETS] in the command below.
49) [admin@MikroTik] ip> /ip firewall dst-nat set [find comment="intercept all DNS requests”] \ to-dst-address=192.168.168.1 action=nat
The above finds the comment "intercept all DNS requests" and sends all related DNS requests to 192.168.168.1.
Note: As an ALTERNATIVE to the above you could use: \ to-dst-address=10.5.50.1> However, sending the DNS calls DIRECTLY to the DNS server is saves router processing time and is preferred.)
50) [admin@MikroTik] ip> address print (This shows how your network is setup.)
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; Public Internet Network
192.168.168.28/24 192.168.168.0 192.168.168.255 ether1
1 ;;; hotspot network
10.5.50.1/24 10.5.50.2 10.5.50.255 ether2
2 ;;; Home Network
192.168.2.1/24 192.168.2.0 192.168.2.255 ether3
====
Now we put in blocking filters to prevent ANY access to ether2 and ether3 from the internet ether1.
51) [admin@MikroTik] ip>/ip web-proxy access add src-address=192.168.2.0/24 (This for future use by port ether3. Putting it in now assures it is installed in the correct sequence later when you finish installing ether3.)
52) [admin@MikroTik] ip>/ip web-proxy access add src-address=10.5.50.0/24 (This for use by the HotSpot on ether2)
53) [admin@MikroTik] ip>/ip web-proxy access add action=deny (This denys access from all other ports such as ether1.)
(Note: The three commands above protect your ether2 and ether3 users from access from the internet. This will allow ONLY local clients on your local LAN and on your HotSpot to access the web-proxy. If you are running your Mikrotik box behind a NAT/firewall and already on a local LAN, this is not essential, but it can't hurt. Failure to put in this protection will leave you "wide open" if you are connected directly to the internet via PPPoE or LAN without benefit of other firewall protection.
====
Now we add commands to allow Winbox, our mail server, and other local servers connected to ether2 to operate.
First we open up the four ports so Winbox and its associated FTP client can operate from all ports to the Mikrotik Router.
54) [admin@MikroTik] ip> /ip firewall rule input add dst-address=0.0.0.0/0:3987 protocol=tcp \ comment="accept winbox-tls"
55) [admin@MikroTik] ip> /ip firewall rule input add dst-address=0.0.0.0/0:8081 protocol=tcp \ comment="accept winbox"
56) [admin@MikroTik] ip> /ip firewall rule input add dst-address=0.0.0.0/0:20-21 protocol=tcp \ comment="accept ftp"

At this point, Winbox can connect to the router through any of the three ether(x) ports.  However you might want to limit who can connect either by having a src-address=xxx.xxx.xxx.xxx/32 (/32 single ip) or set WHO can connect to the service under /ip service.
====
At this point, you should be able to connect a Windows computer with NIC (with crossover cable) into the ether3 port and access the internet via
the ether1 connection to the internet as well as have the ether2 port operating as a Hotspot controller.  As of this point, no inbound traffic from the
public port ether1 to ether2 or ether3 is permitted.  Ether 1 must be connected to a LAN router interface to the internet with DHCP service on
gateway address 192.168.168.1.
====
Now we add filters to allow outside users on the internet to access our mail server.  Most ISPs block access to port 25 but you can insert any port you wish for the xxx below.
57) [admin@MikroTik] ip> /ip firewall rule input add dst-address=0.0.0.0/0:25 protocol=tcp \ comment="accept incoming SMTP"
 Now we add a filter to allow access to port 110 so mail server users can collect their mail
58) [admin@MikroTik] ip> /ip firewall rule input add dst-address=0.0.0.0/0:110 protocol=tcp \ comment="allow POP3 mail pickup"
You can add additional filters as needed.  We also need to add filters to direct incoming mail traffic to our mail server which happens to be on IP address 192.168.2.66.
====
THESE FILTERS are a "work in progress"  Check back and I am working on PPPoE and more filters and will add them when they are checked out and working.
=======================================================
OPTIONAL ADDITIONAL FEATURES:
You may wish to have some computers arranged so that they automatically login and so no manual LOGON sequence is required.  There are two ways to do this.  One way is to use the remote client's MAC address as the password and the other is to use "cookies".
 a) To Automatically LOGIN the computer with MAC=00:80:C8:AC:EE:34, enter the following commands:
59) [admin@MikroTik] /ip hotspot set auth-mac=yes auth-mac-password=yes
    [admin@MikroTik]  /ip hotspot user add name=00:80:C8:AC:EE:34 \  password=00:80:C8:AC:EE:34
      [admin@MikroTik]  /ip hotspot user add name=00:80:A4:CC:EF:84 \  password=00:80:A4:CC:EF:84
Following these commands, the particular computers with the two selected MAC addresses will immediately login (automatically) and connect whenever browser access  to a URL is attempted.  You can add any number of automatic logins by this approach.  In addition,  Cookies can be used for automatic login.  See the Mikrotik Manual for details.
------------------------
You may want to allow users to access certain websites WITHOUT having to login to the Hotspot.  For instance, you might wish to allow them to access the Atlanta Free Net website at http://www.atlantafreenet.org before they login.  What you do is to include firewall rules in the hotspot-temp chain to allow access to particular IP addresses PRIOR to the firewall rule which rejects all other traffic from temporary addresses.  This new rule MUST be placed BEFORE the "redirect to hotspot service rule.  To do this you enter the following commands:

60a)  [admin@MikroTik] /ip firewall  dst-nat add dst-address=x.x.x.x:32 dst-port=80 protocol=tcp \ action=accept
60b)  [admin@MikroTik] /ip firewall rule hotspot-temp add dst-address=x.x.x.x/32 dst-port=80 protocol=tcp \ action=return
Again: You must place these rules BEFORE the final REJECT rules.  Note that you MUST use an IP address.  A URL cannot be used.  Note that Mikrotik will soon have a version allowing URLs instead of IP addresses in this mode.  

-------------------------
You may wish to add a rule to allow all users to use your mailserver port 25 REGARDLESS of what their mail server settings happen to be. You will need to be careful to setup your mail server to avoid becoming a spam relay! Here is how you set up the Mikrotik to direct any/all port 25 traffic to YOUR mailserver's port 25. The following assumes 192.168.168.66 is your mailserver.
61) [admin@MikroTik] /ip firewall dst-nat add src-address=10.5.50.0/24 dst-port=25 protocol=tcp \ to-dst-address=192.168.168.66 action=nat \ comment="Translate all SMTP TCP port 25 traffic to our mail server"

----------------------
Hotspot users must access the Hotspot by use of a browser with JAVA support. This currently includes IE5/6, Netscape 4/6/7 and Mozilla 1.4 among many others.

======================================================
I want to express my appreciation for the able assistance of Eje Gustafsson of the The Family Entertainment Network  http://www.fament.com  for his able assistance in finishing up this design and in particular for the firewall filter design and other special features.  Mr. Gustafsson is a design consultant on the Mikrotik and Star OS Hotspot Routers and I am impressed with his expertise.  FEN also sells Mikrotik software licenses and "solid state FLASH disk drives" for use with the Mikrotik software.  With this flash drive, a router can be built with no floppy/CDROM/Hard Drive for reliability.

The instructions in this article are copyrighted (c) by Joe Mehaffey 2003.  These directions may be freely copied for individual use PROVIDED the article is not changed/edited or used commercially  without the written approval of the author.

TK2 - Tika Tiwi AFI ( OK!! )

Track List + Download link (klik aja langsung) T2 (Tika Tiwi AFI) - OK!! T2 (Tika Tiwi AFI) - Lelaki Cadangan T2 (Tika Tiwi AFI) - Bronies T2 (Tika Tiwi AFI) - Perjalanan T2 (Tika Tiwi AFI) - Tua Tua Keladi T2 (Tika Tiwi AFI) - Jangan Ganggu Aku T2 (Tika Tiwi AFI) - Yang Terindah T2 (Tika Tiwi AFI) - Masa Lalu T2 (Tika Tiwi AFI) - Surat Cinta T2 (Tika Tiwi AFI) - Karena Aku Yang Memilih

Pandawa - Prasasti Hati (2007)

Tracklist + Download link (klik aja langsung)

1. PERCUMA
2. BATIN DAN RAGAKU
3. DIAM
4. BILA TANPA CINTA
5. TIGA TAHUN
6. CANTIK
7. KESETIAAN CINTA
8. KEKASIH HATI
9. HIKAYAT CINTA
10. SAYONARA

SHE - tersenyum lagi

Traclist + Download link (langsung klik aja):

1. Slow Down Baby
2. Selingkuh Sekali Saja
3. Abrakadabra
4. Temani Aku
5. Mencoba Mencintaimu
6. Mana Tahan
7. Please Tinggalkan Aku
8. Jatuh
9. Aku Tersenyum Lagi
10. Tercipta Untukmu – Feat. Rio Febrian

Install the Mikrotik OS using a CD

Install the Mikrotik OS using a CD

To install the RouterOS using a CD you will need a CD-writer and a blank CD. Burn the CD-image (an .iso file) to a CD. The archive with image can be downloaded here.

Follow the instructions to install RouterOS using CD-Install:

1. After downloading the CD image from www.mikrotik.com you will have an ISO file on your computer:

   

2. Open a CD Writing software, like Ahead NERO as in this example:

   

3. In the program, choose Burn Image entry from the Recorder menu (there should be similary named option in all major CD burning programs):

   

4. Select the recently extracted ISO file and click Open:

   

5. Finally, click Burn button:

   

6. Set the first boot device to CDROM in router's BIOS.

7. After booting from CD you will see a menu where to choose packages to install:

                   Welcome to MikroTik Router Software installation
           
   Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'.
   Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to
   install remote router or 'q' to cancel and reboot.
   
   [X] system               [ ] isdn                  [ ] synchronous
   [X] ppp                  [ ] lcd                   [ ] telephony
   [X] dhcp                 [ ] ntp                   [ ] ups
   [X] advanced-tools       [ ] radiolan              [ ] web-proxy
   [ ] arlan                [ ] routerboard           [ ] wireless
   [ ] gps                  [X] routing
   [ ] hotspot              [X] security
     

   Follow the instructions, select needed packages, and press 'i' to install the software.

8. You will be asked for 2 questions:

   Warning: all data on the disk will be erased!
   
   Continue? [y/n]
     

   Press [Y] to continue or [N] to abort the installation.

   Do you want to keep old configuration? [y/n]:

   You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it. For a fresh installation, press [N].

   Creating partition...
   Formatting disk...

   The system will install selected packages. After that you will be prompted to press 'Enter'. Before doing that, remove the CD from your CD-Drive:

   Software installed.
   Press ENTER to reboot

Berbagai Tipe Interface Mikrotik (Ethernet dan Wireless)

Berbagai Tipe Interface Mikrotik (Ethernet dan Wireless)

Ethernet Interfaces
IN/E44 RouterBOARD 44 PCI 4-port Ethernet adapter

Wireless Interfaces
R52 802.11a+b+g 65 mW Wireless miniPCI Card
SR5 Super Range 5 400mW 802.11a 5.8GHz MiniPCI card
SR2 Super Range 2 400mW 802.11b/g 2.4GHz MiniPCI card
AC/UFL U.fl-HIROSE'S Nfemale pigtail cable
AC/SWI 2.4-5.8 GHz Omnidirectional Swivel Antenna with cable and U.fl connector
IA/MP1 RouterBOARD 11 miniPCI Adapter
IA/MP1R RouterBOARD 11 MiniPCI Adapter with bracket for RPTNC
IA/MP4 RouterBOARD 14 Four-Slot miniPCI Adapter
IA/MP4R RouterBOARD 14 Four-Slot miniPCI Adapter with bracket for RPTNC
IA/MP8 RouterBOARD 18 Eight-Slot miniPCI Adapter (Extreme)

Download Manual Mikrotik

E-book Lengkap

Download manual mikrotik - ebook

Ada e book dari situsnya mikrotik yang berbasis web/html, jumlahnya ratusan halaman, saya menyajikannya dalam bentuk pdf.
berikut juga dilengkapi tutorial mikrotik berbasis video.

Tutorial lengkap manual Mikrotik lengkap dari nol, sudah saya upload ke rapidshare , silahkan di download.

Reference Manual of MikroTik RouterOS :
>>download<<

Video Tutorial of MikroTik RouterOS :
>>download<<

Router Software

ROUTER SOFTWARE

Major features:

• Best wireless performance
• Improved Nstreme performance
• Powerful QoS control
• P2P traffic filtering
• High availability with VRRP
• Bonding of Interfaces
• Improved interface
• Smaller and Less resource-hungry
• Tons of other new features
• Advanced Quality of Service
• Stateful firewall, tunnels
• STP bridging with filtering
• High speed 802.11a/b/g wireless with WEP/WPA
• WDS and Virtual AP
• HotSpot for Plug-and-Play access
• RIP, OSPF, BGP routing
• remote WinBox GUI and Web admin
• telnet/mac-telnet/ssh/console admin
• real-time configuration and monitoring

Link Download Mikrotik + Crack v2.9.27:

>>download<<

Download + Installation
FaultBill Brontoseno


File yang di butuhkan:

download link:
1.screnn.tar.gz
2.fbc-0.10sp-i686.tgz.tgz
3.lib.tar.bz2
4.source.tar.bz2
5.configure


Server dan Client

1. Postgres client  (di install di Client dan server)
2. Postgres server (khusus hanya di install di server aja)
3. Postgres Lib    (di install di client dan server)

library yang di butuhkan

libgdk-pixbuf
libgtk-1.2
libgdk-1.2
libgmodule-1.2

untuk pengguna keluarga Slackware download postgresql server dan client jadi satu paket
disini kita menggunakan postgres 8.1

Perhatikan
$ adalah user
# adalah root (super User)
Langkah Pertama
Setelah postgres server di install..
masuk ke user postgres
$ su root
# su postgres

**** POINT I
Install Postgresql untuk server atau client

**** POINT II
untuk menggunakan zencafe ambil file /usr/local/share/doc/faultbill/rc.postgresql
copy ke /etc/rc.d/
gunakan superuser(root)
lalu
# chmod 754 rc.postgresql

Bikin database
Createdb faultbill <--- (nama faultbill bebas mau di ganti dengan sesuka hati) Createuser (nama usernya)  setelah db sudah di buat dan user sudah di buat lalu lakukan langkah di bawah ini pemasukkan tabel ke dalam faultbill  $ psql -d faulbill -U nama usernya -P (bila pake password) < /usr/local/share/doc/faultbill/faultbill.sql  sekarang login pake ROOT masuk ke data edit file pg_hba.conf  vi pg_hba.conf  tambahkan di bawah ini # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD Host    all         all         ip client     Trust   (dan seterusnya)  contoh ip client dari 192.168.1.2 - 192.168.1.20 maka cukup masukkan seperti # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD   HOST    ALL        ALL   127.0.0.1/32  trust   HOST    ALL        ALL         192.168.1.0/24        trust  lalu edit file postgresql.conf file postgresql.conf bisa terdapat di folder /etc/postgresql atau /var/lib/pgsql/  buang tanda # dari listen_addresses = 'localhost' lalu ganti 'localhost' menjadi '*'  listen_addresses = '*'  <--- '*' untuk all network  save file postgresql.conf restart sql  #/etc/rc.d/rc.postgresql stop #/etc/rc.d/rc.postgresql start  setelah langkah di atas di lakukan maka setingan untuk server database selesai. untuk client POINT II tidak perlu dijalankan karna cuman di gunakan untuk remote host saja  ***** POINT III  Setting ubah di file faultbill.cfg HOST=192.168.0.1    <--- masukkan ip server tempat database berada USERNAME=postgres <--- masukkan user yang kita bikin di dalam database di langkah                          pertama atau bisa juga menggunakan postgres (default user dari postgres) PASSWORD=    DATABASE=faultbill    <--- database masukkan dengan nama database yg di bikin di langkah pertama  PORT= PC=1      <-- sesuaikan dengan pc client yang di inginkan (1...Unlimited)  bila langkah di atas di lakukan berarti langkah kedua selesai sekarang tinggal jalankan program billing dari xwindows.  Password client "a" <-- tanpa tanda kutip huruf kecil  Password Server "gerr" <-- tanpa tanda kutip huruf kecil  **** POINT IV Server Jalankan  $ brontoserver atau bikin run di desktop isi dengan brontoserver > /dev/null 2>&1

Client Jalankan
$ brontoclient
atau bikin run di desktop isi dengan brontoclient > /dev/null 2>&1

bila masih juga ngak jalan
bikin direktory
$ mkdir .brontoseno
untuk server file yang di copy
$ cp /usr/local/share/doc/faultbill/faultbill.cfg .brontoseno
$ cp /usr/local/share/doc/faultbill/uqba.lrf .brontoseno
untuk client
$ cp /usr/local/share/doc/faultbill/faultbill.cfg .brontoseno
$ cp /usr/local/share/doc/faultbill/stt.ndr .brontoseno

**** POINT V
untuk block application yang tidak di inginkan untk di jalankan di user
isi di file stt.ndr
contoh
Terminal
gksu


**** TIPS & TRIKS
untuk yang menggunakan zencafe
download lib.tar.bz2 di esnips.com/web/brontoseno
gunakan user Root copy ke /usr/lib
lalu ketik
# ldconfig


Selamat Mencoba

Contact kaafin@gmail.com
    kauniyah@gmail.com
    PM segmentfault awali.org
    chat dalnet #awali segmentfault

Thank for my friend

Anjar
Bastian
Surya
Novan
Heru <--- karna dia gue buru2 bikinnya hehhe ;) jadi kalo ada kesalahan omelin dia yaa Rommy   

SHARING Printer dengan CUPS (Common UNIX Printing System)

download link CUPS all printer:

>>download<<

Untuk menggunakan printer sharing di GNU/Linux sebenarnya caranya sangat mudah sekali, pada tulisan ini
distro yang digunakan adalah Zencafe 1.0 dan akan dibagi menjadi 2 bagian yaitu :
1. Konfigurasi Server CUPS
2. Konfigurasi Client

Note:
- Konfigurasi pada tulisan ini harusnya bisa digunakan oleh semua distro yang menggunakan CUPS sebagai
sarana konfigurasi printernya

1. Konfigurasi Server CUPS

Supaya printer yang telah terpasang pada komputer server dapat digunakan oleh komputer yang lain, ada beberapa
konfigurasi tambahan yang harus dilakukan pada server CUPS yaitu :

Buka konfigurasi CUPS dengan cara mengetikkan localhost:631 pada address bar, kemudian pilihlah menu “Manage Server” seperti gambar dibawah ini:

Setelah tampilan konfigurasi Server CUPS muncul, berilah centang pada opsi:
- Share published printers connected to this system dan
- Allow users to cancel any job (not just their own)

seperti gambar dibawah ini:

Setelah melakukan konfigurasi seperti diatas, tekanlah tombol Change Settings untuk menyimpan konfigurasi yang telah dilakukan. Jika setelah menekan tombol Change Settings muncul kotak dialog box yang meminta username
dan password masukkan username root dan password root yang terdapat pada sistem anda.

Konfigurasi server CUPS telah selesai dilakukan, sekarang konfigurasilah client yang ingin menggunakan
printer yang terdapat pada server seperti langkah-langkah pada bagian ke dua.

2. Konfigurasi Client

Agar dapat menggunakan printer yang telah dikonfigurasi pada server, pada komputer client service CUPS harus sudah berjalan.

Untuk mengaktifkan service cups caranya sangat mudah sekali yaitu sebagai berikut :
1. Masuk ke terminal kemudian ketikkan su seperti gambar dibawah ini:

operatore[~]$ su
Password:
root[operatore]#

2. Setelah mendapatkan akses root, berikan akses eksekusi pada file /etc/rc.d/rc.cups dengan cara sebagai berikut :

root[operatore]# chmod +x /etc/rc.d/rc.cups

3. Setelah file /etc/rc.d/rc.cups mempunyai akses execute, sekarang jalankan service cupsnya dengan cara sebagai berikut :

root[operatore]# /etc/rc.d/rc.cups start
cups: started scheduler.
root[operatore]#

Setelah service cups berjalan, sekarang coba bukalah OpenOffice kemudian ketik sembarang kata untuk mencoba
mencetak ke printer yang terdapat pada server, kemudian lakukan test untuk printernya dengan cara pilih
File -> Print pada OpenOffice. Jika langkah-langkah yang dilakukan sudah benar, maka pada tampilan Print Dialog
yang terdapat pada OpenOffice akan muncul Nama Printer yang terdapat pada komputer server seperti gambar dibawah
ini:

Sharing dengan gFTP

gFTP dapat ditemui pada menu > network > gFTP

untuk memudahkan transaksi file antar client, terutama bila
pada network anda terdapat banyak client, mungkin cara dibawa ini
dapat mempermudahnya, tentunya buka gFTP anda
dan pilih menu bookmarks
akan tampak seperti seperti dibawah ini :

lalu pilih edit bookmarks

lalu pada menu file pilih new item maka akan keluar sebagai berikut :

lalu isikan dengan nama client atau nama urutan sesuai selera anda
untuk menandai koneksi pada komputer client tertentu,
contoh diatas menggunakan nama komputer1 karena
digunakan untuk koneksi ke komputer nomor 1, lalu tekan add
kemudian klik kanan sambil ditahan, pilih properties

yang perlu anda isikan adalah sebagai berikut:
hostname: isikan dengan IP yang sesuai dengan komputer yang anda inginkan
protocol: pilih SSH2
remote directory: isikan dengan folder pada client yang ingin anda jumpai pada saat pertama tersambung (nanti nya dapat diganti)
local directory: isikan dengan folder pada server yang ingin anda jumpai pada saat tersambung (dapat diganti, atau isikan dengan folder penyimpanan data khusus client yang terdapat di server)
username: isikan dengan root
password: isikan dengan password root pada client
lalu tekan apply, save
untuk lebih jelasnya, kita lihat contoh berikut :

anda dapat melakukan hal yang sama seperti diatas
untuk menambahkan koneksi ke komputer client yang lain

perhatikan: apabila anda sebelumnya pernah melakukan koneksi ssh dengan client dan misal client baru saja di install ulang, maka anda perlu melakukan kedua langkah di bawah ini. namun, apabila tidak, kedua langkah dibawah ini tidak perlu dilakukan

sekarang buka root terminal:
1. ketik mcedit /home/user_name/.ssh/known_hosts dan hapus semua tulisan di dalamnya, setelah itu tekan ctrl+1+0 > pilih save
2. ketik mcedit /root/.ssh/known_hosts dan lakukan seperti nomor satu.

akhirnya, untuk membuka koneksi ke komputer yang anda tuju tersebut
anda tinggal meng-klik menu bookmarks dan pilih nama komputer yang dituju
akan tampak sebagai berikut:

sekarang anda dapat melakukan transaksi file dengan komputer yang anda tuju
untuk memindahkan filenya, anda tinggal mengklik file yang ada di kolom kanan (kolom client) lalu meng-klik panah ke arah kiri yang berada di tengah2 window, maka file akan berpindah ke kolom sebelah kiri (kolom server), begitu pula sebaliknya.

untuk pindah koneksi ke komputer yang lain, anda tinggal mengklik bookmarks dan memilih komputer yang dituju

perhatikan: sistem koneksi diatas khusus diperuntukkan bagi server, demi kemudahan dalam mengatur file server dan client, jangan melakukan ini pada komputer client karena akibatnya semua user akan bisa mengakses file

CCLFOX

Billing For Linux

tested under :
Linux Vector SOHO v5
gcc v3.3.4 glib2
——————–
Download di :
http://sourceforge.net/project/showfiles.php?group_id=112779

———————-

## Client Side ###
cclcfox-0.7.0.tar.bz2
libcclc-0.7.0.tar.bz2

## Server Side ##
cclfox-0.7.0.tar.bz2
libccls-0.7.0.tar.bz2

## Server & client Side ###
http://www.sqlite.org/
http://www.sqlite.org/sqlite-3.2.2.tar.gz

http://www.fox-toolkit.org/
http://www.fox-toolkit.org/ftp/fox-1.4.16.tar.gz

### Personal need ###
a Cup 0f coffe

$tar zxvf sqlite-3.2.2.tar.gz
.. proses ekstrak ….
$cd sqlite-3.2.2/
$./configure
$make
#make install

$cd ..

$tar zxvf fox-1.4.16.tar.gz
.. proses ekstrak ….
$cd ..fox-1.4.16
$./configure –prefix=/usr –exec-prefix=/usr
$make
#make install

## SERVER SIDE ###
$tar xjvf libccls-0.7.0.tar.bz2
.. proses ekstrak ….
$cd libccls-0.7.0
$./configure
$make
#make install

$cd ..

$tar xjvf cclfox-0.7.0.tar.bz2
.. proses ekstrak ….
$cd cclfox-0.7.0
$./configure
$make
#make install

#### end server side ####

## CLIENT SIDE ####

$tar xjvf libcclc-0.7.0.tar.bz2
.. proses ekstrak ….
$cd libcclc-0.7.0
$./configure
$make
#make install

$cd ..

$tar xjvf cclcfox-0.7.0.tar.bz2
.. proses ekstrak ….
$./configure
$make
#make install

### end client side ####

setelah semua instalasi selesai
pastikan di /etc/ld.so.conf
terdapat tulisan diantaranya adalah :
/usr/lib
/usr/local/lib

untuk memastikan librari dari ccl berada didaftar cari direktori lib
ketik command

#/sbin/ldconfig

OK sekarang tinggal jalanin program billing nya

###Server ###
$/usr/local/bin/cclfox -nossl

###
$/usr/local/bin/cclcfox -host -name -nossl

%%% eof %%%%

G-net
netcafe
Jl KH Wahid Hasyim Keputran IV no 9
Pekalongan
cp :
Arifin
Ryo Sakazaki
gnet.co.id@gmail.com
http:// underconstrucktion // :))
————–
note :
dalam pemberian perintah ( command ) dipakai penandaan yang menunjukan level user nya
# <– level user root $ <– level user biasa ——————————

billing di linux coba http://sourceforge.net/project/showfiles.php?group_id=112779
untuk yg pakai zenwalk atau vektor linux tinggal tambahin cclcfox & foxtoolkit untuk client dan cclfox % sqlite untuk server tgznya ada di http://zencafe.vip.net.id/pub/i486/zencafe-1.0

distro yg lumayan bisa di coba buat client bisa pclinuxos, ubuntu, vektorlinux, atau zenwalk
kalau pakai zencafe billingnya udah ada tinggal waktu install piulih jadi server billing atau client

buat yang mau instal biling linux (CCLFOX - billingnya pake bahasa inggris) (petunjuk instalasi bisa dibaca di artikelnya mas glinux) - http://linux.or.id/node/193 - siap siap aja ga tidur. untuk ngompile librari fox (librari ini bertanggung jawab untuk mengatur tampilan GUI, mungkin kayak GTK ya… imho) perlu waktu lama (banget) (kemarin lusa mpe ga tidur, tenang ngompilenya ga nyampe 48 jam kok, fuih..). hehe.. jadi pastikan waktu mau instal pada jam jam sepi ato subuh sekalian saja.

mo nambahin aja dari artikel mas glinux:

pastikan jangan lupa jalanin /sbin/ldconfig sebagai root

$ /sbin/ldconfig
/sbin/ldconfig: Can’t link /usr/local/include/fox-1.4/libccls.so.0 to libccls.so.0.7.0
—> ini akibat kalo jalanin ldconfig dalam mode user biasa

kalo sebagai root harusnya tidak muncul display / pesan apapun.

$ cclfox
cclfox: error while loading shared libraries: libccls.so.0: cannot open shared object file: No such file or directory

—> ini pesen muncul kalo kamu belum jalanin /sbin/ldconfig (pastiin di file /etc/ld.so.conf ada baris
1. /usr/local/lib dan
2. /usr/local/include/fox-1.4

contoh:
$ less /etc/ld.so.conf
include ld.so.conf.d/*.conf
/usr/X11R6/lib
/usr/lib/mysql
/usr/local/lib <— penting /opt/redstone/mainlib /usr/local/include/fox-1.4/ kalo keluar seperti diatas itu karena cclfox dijalanin dalam mode default = memakain fasilitas ssl. untuk nonaktifin ikutin saran mas glinux dengan nambahin opsi -nossl

$ cclfox -nossl

daftar file yang diperlukan untuk instalasi billing cclfox:

billing-warnet]$ ls
- libccls-0.7.0.tar.bz2
- cclcfox-0.7.0.tar.bz2
- cclfox-0.7.0.tar.bz2
- sqlite-3.2.1.so.gz –> tidak dipake, percuma jangan didownload
- fox-1.4.16.tar.gz
- sqlite-3.2.2.tar.gz –> ini yg penting, soalnya isi header
- libcclc-0.7.0.tar.bz2
- sqlite3-3.2.1.bin.gz –> tdak dipake, jangan didownlod

CARA SINGKAT INSTALASI ZENCAFE 1.2

CARA SINGKAT INSTALASI ZENCAFE 1.2

urutan cara install ZENCAFE 1.2 secara singkat dapat anda baca dalam versi pdf yang ditulis langsung oleh A. HARDIENA si pembuat distro, silahkan!!

download link sibawah ini:

>>download<<

download ZENCAFE 1.0 silahkan

DOWNLOAD ZENCAFE 1.0

Md5: 86a66f87c4c217768b26fd2111101124

International Mirror

Pinto (Sjafri)
[download] [download]

Megaupload
[download]

Indonesian Mirror

Slackware Indonesia (Ozzie)
[download] [md5]

ZENCAFE distro paling cocok buat warnet LINUX

Zencafe Distro untuk Warnet

Zencafe GNU/Linux atau singkatnya Zencafe merupakan salah satu keluarga distro Zenwalk (sebelumnya MiniSlack). Zencafe dikembangkan di Indonesia merupakan penjelmaan dari distro LiGOS yaitu kernel yang dikembangkan programmer relawan dari seluruh dunia dibawah koordinasi Linus Torvalds. Kendati kernel merupakan jantung dari sebuah sistem operasi, ia belum dapat berfungsi secara terpisah. Sumbangan aplikasi dasar termasuk packages dari GNU Projects, memungkinkan terbentuk sebuah sistem operasi dengan fitur penuh dan diberi nama GNU/Linux.’,Linux adalah kernel yang dikembangkan programmer relawan dari seluruh dunia dibawah koordinasi Linus Torvalds. Kendati kernel merupakan jantung dari sebuah sistem operasi, ia belum dapat berfungsi secara terpisah. Sumbangan aplikasi dasar termasuk packages dari GNU Projects, memungkinkan terbentuk sebuah sistem operasi dengan fitur penuh dan diberi nama GNU/Linux.’,

Linux for Indonesia Goes Open Source. Zencafe yang dikhususkan untuk kebutuhan warnet telah menjadi pionir distro Internet Cafe yang berkiprah Internasional.

Gambar 1.1 Zencafe Desktop

Seperti Zenwalk, Zencafe adalah turunan distro Slackware yang diidisain se ringan mungkin agar dapat jalan di komputer generasi lampau.

Spesifikasi hardware paling minimal disebutkan yang penah dicoba pengembangnya adalah AMD K6-2 300 dengan memori 64MB. Mulai nyaman digunakan pada komputer kelas Pentium3 dengan memori 128.

Gambar 1.2 Zencafe Billing

Versi 1.0 dari Zencafe dirilis 9 April 2007 mengemas kernel yang dikembangkan programmer relawan dari seluruh dunia dibawah koordinasi Linus Torvalds. Kendati kernel merupakan jantung dari sebuah sistem operasi, ia belum dapat berfungsi secara terpisah. Sumbangan aplikasi dasar termasuk packages dari GNU Projects, memungkinkan terbentuk sebuah sistem operasi dengan fitur penuh dan diberi nama GNU/Linux.’, (’Linux adalah kernel yang dikembangkan programmer relawan dari seluruh dunia dibawah koordinasi Linus Torvalds. Kendati kernel merupakan jantung dari sebuah sistem operasi, ia belum dapat berfungsi secara terpisah. Sumbangan aplikasi dasar termasuk packages dari GNU Projects, memungkinkan terbentuk sebuah sistem operasi dengan fitur penuh dan diberi nama GNU/Linux.’, Linux kernel 2.6.20, gyachenhanced (yahoo messenger with cam), CCL billing warnet, program Autorecovery (deepfreeze) dan banyak lagi aplikasi lainnya.

Gambar 1.3 Tampilan-3: Zencafe Office

Zencafe pada prinsipnya siap dan mendukung Linux Terminal Server Project (LTSP) adalah paket add-on untuk Linux yang memungkinkan banyak terminal atau PC yang serentak memanfaatkan sebuah komputer server yang sama. Aplikasi di server dijalankan via terminal thin client yang menangani urusan input dan output. Kelompok thin clients tersebut juga dikenal sebagai X Terminals yang umumnya dapat dibangun menggunakan komputer usang jaman baheula tanpa hard disk.
Teknologi LTSP sangat popular diterapkan, - termasuk di Indonesia, - untuk komputerisasi di sekolahan dengan biaya rendah. Distrubusi Linux yang mengadopsi LTSP termasuk K12LTSP (Red Hat/Fedora), Skolelinux, AbulEdu, Edubuntu dan Deworks. Proyek LTSP didirikan dan diketuai oleh Jim McQuillan.’, (’Linux Terminal Server Project (LTSP) adalah paket add-on untuk Linux yang memungkinkan banyak terminal atau PC yang serentak memanfaatkan sebuah komputer server yang sama. Aplikasi di server dijalankan via terminal thin client yang menangani urusan input dan output. Kelompok thin clients tersebut juga dikenal sebagai X Terminals yang umumnya dapat dibangun menggunakan komputer usang jaman baheula tanpa hard disk.
Teknologi LTSP sangat popular diterapkan, - termasuk di Indonesia, - untuk komputerisasi di sekolahan dengan biaya rendah. Distrubusi Linux yang mengadopsi LTSP termasuk K12LTSP (Red Hat/Fedora), Skolelinux, AbulEdu, Edubuntu dan Deworks. Proyek LTSP didirikan dan diketuai oleh Jim McQuillan. LTSP. Di versi 1.0 belum disertakan by default dan direncanakan pada versi berikutnya seirama dengan induknya Zenwalk

Tutorial bisa dilihat langsung di >> http://manual.zenwalk.org/