Mac-Address authentication Hotspot MikroTik

Setting Hotspot

ip hotspot setup
hotspot interface: ether3
local address of network: 192.168.16.1/24
masquerade network: yes
address pool of network: 192.168.16.10-192.168.16.200
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 202.134.0.155
dns name:
name of local hotspot user: admin
password for the user: tanyakanadmindeh

Setting Hotspot Profile agar dapat login menggunakan mac dan enablekan radius pada hotspot

/ip hotspot profile set hsprof1 login-by=mac use-radius=yes

ip hotspot profile set hsprof1 use-radius=yes

Setting Radius. Karena di sini menggunakkan radius lokal MikroTik IP Addres menggunakan IP = 127.0.0.1

radius add service=dhcp,hotspot address=127.0.0.1 secret=1234

*address Dan secret harus di ingat untuk setting selanjutnya(userman)

Kenapa di service menggunakan dhcp dan hotspot. Ini penjelasannya :

• hotspot - HotSpot authentication service : digunakan untuk autentifikasi
• dhcp - DHCP protocol client authentication (client's MAC address is sent as User-Name) : digunakan untuk mengirim mac address sebagai username login

Setting User Manager dengan menambahkan router dan subcriber

tool user-manager router add ip-address=127.0.0.1 shared-secret=1234 subscriber=admin

*addres dan shared-secret harus sama dengan radius di atas

ip hotspot user remove 0

tool user-manager customer add login=admin password=tanyakanadmindeh

Sampai di sini setting login hotspot menggunakan mac address sudah selesai, tinggal menambahkan user. Dengan cara :

tool user-manager user add subscriber=admin username="mac-addres"

Format mac-addresnya 00:1C:BF:4E:FD:1D

Sumber Referensi  Manual MikroTik

More

Limit Download Indowebster

Setelah memantau trafik dari Fakultas-Fakultas yang menggunakan Bandwith penuh tapi sering terjadi komplain koneksi lambat..
Akhirnya ditemukan peyebabnya, ternyata client banyak menghabiskan bandwith untuk download di Indowebster  yang menyebab klien lain terasa lambat, akhir aq putuskan buat limitasi bandwith ke Indowebster.
Bukan maksud kejam tapi bandwith harus di bagi rata ke klien lain yang juga memerlukannya :D.

Tambahkan IP-IP indowebster ke addreslist

ip firewall address-list add list=indowebster-down address=119.110.76.19

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.21

ip firewall address-list add list=indowebster-down address=119.110.77.115

ip firewall address-list add list=indowebster-down address=119.110.77.104

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.120

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.117

ip firewall address-list add list=indowebster-down address=119.110.77.117

ip firewall address-list add list=indowebster-down address=119.110.77.115

ip firewall address-list add list=indowebster-down address=119.110.77.117

ip firewall address-list add list=indowebster-down address=119.110.77.115

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.110

ip firewall address-list add list=indowebster-down address=119.110.77.110

ip firewall address-list add list=indowebster-down address=119.110.77.110

ip firewall address-list add list=indowebster-down address=119.110.77.110

ip firewall address-list add list=indowebster-down address=119.110.77.110

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.112

ip firewall address-list add list=indowebster-down address=119.110.77.112

ip firewall address-list add list=indowebster-down address=119.110.77.114

ip firewall address-list add list=indowebster-down address=119.110.77.114

ip firewall address-list add list=indowebster-down address=119.110.77.120

ip firewall address-list add list=indowebster-down address=119.110.77.115

ip firewall address-list add list=indowebster-down address=119.110.77.116

ip firewall address-list add list=indowebster-down address=119.110.77.117

ip firewall address-list add list=indowebster-down address=119.110.77.118

ip firewall address-list add list=indowebster-down address=119.110.77.119

ip firewall address-list add list=indowebster-down address=119.110.77.120

ip firewall address-list add list=indowebster-down address=119.110.77.121

ip firewall address-list add list=indowebster-down address=119.110.77.122

ip firewall address-list add list=indowebster-down address=119.110.77.114

ip firewall address-list add list=indowebster-down address=119.110.77.123

ip firewall address-list add list=indowebster-down address=119.110.77.124

ip firewall address-list add list=indowebster-down address=119.110.77.125

ip firewall address-list add list=indowebster-down address=119.110.77.126

ip firewall address-list add list=indowebster-down address=119.110.77.127

ip firewall address-list add list=indowebster-down address=119.110.77.128

ip firewall address-list add list=indowebster-down address=119.110.77.129

ip firewall address-list add list=indowebster-down address=119.110.77.130

ip firewall address-list add list=indowebster-down address=119.110.76.81

ip firewall address-list add list=indowebster-down address=119.110.77.169

ip firewall address-list add list=indowebster-down address=119.110.77.230

ip firewall address-list add list=indowebster-down address=119.110.77.230

ip firewall address-list add list=indowebster-down address=119.110.77.120

ip firewall address-list add list=indowebster-down address=119.110.77.123

ip firewall address-list add list=indowebster-down address=119.110.77.129

ip firewall address-list add list=indowebster-down address=119.110.77.131

ip firewall address-list add list=indowebster-down address=119.110.77.132

ip firewall address-list add list=indowebster-down address=119.110.77.130

ip firewall address-list add list=indowebster-down address=119.110.77.118

ip firewall address-list add list=indowebster-down address=119.110.77.131

Tandai Koneksi dari Indowebster

ip firewall mangle add chain=forward action=mark-connection new-connection-mark=”IDWS” passthrough=yes dst-address-list=indowebster-down disable=no comment=”Conn IDWS”

Tandai Paket dari Indowebster

ip firewall mangle add chain=forward action=mark-packet new-packet-mark=”Paket IDWS” passthrough=no connection-mark=IDWS disable=no comment=””

Buat Queue untuk limit Indowebster

queue simple add name="LIMIT IDWS" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=”Paket IDWS” direction=both priority=8 queue=default-small/default-small  limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

Bandwith dapat di atur sesuai kehendak,.


Thanks Segitu aj dulu :D

More

Mirroring Repositori Ubuntu + Script

Mirroring atau bercermin sebuah cara untuk meyebarkan repositori secara luas agar dapat di akses cepat.

Untuk mirroring.
Pertama : Login ke server yang akan menjadi mirror kemudian install debmirror

apt-get install debmirror

Kedua : Buat Script

----------------------dari sini-----------------------
#!/bin/bash
debmirror -v -passive \
--host=dl2.foss-id.web.id \
--root=ubuntu --method=http \
--progress --dist=lucid,lucid-backports,lucid-proposed,lucid-security,lucid-updates \
--section=main,restricted,universe,multiverse \
--arch=i386 --ignore-release-gpg \
--nocleanup \
--no-source -pdiff=none \
/home/mirror/public_html/ubuntu/
---------------------sampai sini --------------------

Penjelasan:

--host= -----------> tempat kita melakukan mirror (cari mirror terdekat)
/home/mirror/public_html/ubuntu/ --------> tempat menyimpan hasil mirroring

simpan script tersebut dengan nama "ubuntu104.sh" pada debmirror

Ketiga : Jalan script tersebut

sh ubuntu104.sh

(jangan lupa mengubah chmod)

tunggu hingga selesai, waktu selesainya tergantung kecepatan internet. Biasanya sempat di pake buat weekend untuk nunggu sampai selesai :D.

More

Simple Firewall Mikrotik

Setelah browsing mencari bahan untuk meramu firewall akhirnya selesai juga, firewall yang sederhana masih banyak kekurangan. ini firewallnya :

/ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop invalid packets” disabled=no
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow Established Connections” disabled=no
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow Related Connections” disabled=no
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop Invalid Connections” disabled=no
/ip firewall address-list add list=trusted-network address=192.168.0.0/24 comment=”Trusted Network” disabled=no
/ip firewall address-list add list=trusted-network address=10.10.1.0/24 comment=”Trusted Network” disabled=no
/ip firewall filter add chain=input dst-address-type=broadcast,multicast action=accept comment=”Allow Broadcast Traffic” disabled=no
/ip firewall filter add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access to router from known network” disabled=no
/ip firewall filter add chain=input src-address=10.10.1.0/24 action=accept comment=”” disabled=no
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP” disabled=no
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow Limited Pings” disabled=no
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop Excess Pings” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=trusted-network action=accept comment=”FTP” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=trusted-network action=accept comment=”SSH for Secure Shell” disabled=n
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=trusted-network action=accept comment=”Telnet” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=trusted-network action=accept comment=”Web” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=trusted-network action=accept comment=”Winbox” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” disabled=no
/ip firewall filter add chain=input src-address-list=trusted-network action=accept comment=”From Trusted Network” disabled=no
/ip firewall filter add chain=input action=log log-prefix=”DROP INPUT” comment=”Log Everything Else” disabled=no
/ip firewall filter add chain=input action=drop comment=”Drop Everything Else” disabled=no
/ip firewall filter add chain=output dst-port=5678 protocol=udp action=drop comment="Blok Scan Winbox"

More

Load Balancing 2 ISP dan User Manager on RB433

Pertama adalah setting IP pada RB-433

Ether1 : 192.168.0.1/24

Ether2 : 192.168.1.1/28(ISP1)

Ether3 : 192.168.2.1/28(ISP2)

Setelah itu Mangle
IP --> Firewall --> Mangle
Buat Mark Connections masing-masing ISP

chain=prerouting action=mark-connection new-connection-mark=lb_1 passthrough=yes connection-state=new in-interface=ether1 nth=2,1

chain=prerouting action=mark-connection new-connection-mark=lb_2 passthrough=yes connection-state=new in-interface=ether1 nth=2,2

Buat Mark Routing masing-masing ISP

chain=prerouting action=mark-routing new-routing-mark=route_lb_1 passthrough=no in-interface=ether1 connection-mark=lb_1

chain=prerouting action=mark-routing new-routing-mark=route_lb_2 passthrough=no in-interface=ether1 connection-mark=lb_2

Kemudian NAT

chain=srcnat action=masquerade out-interface=ether2
chain=srcnat action=masquerade out-interface=ether3

Setelah itu buat Routing
Pertama Routing untuk segmen network 192.168.0.0/0 ke 192.168.1.1

Dst. Address : 192.168.0.0/24
Gateway : 192.168.1.1
Routing Mark : lb_1

Pertama Routing untuk segmen network 192.168.0.0/0 ke 192.168.2.1

Dst. Address : 192.168.0.0/24
Gateway : 192.168.2.1
Routing Mark : lb_1

Terakhir Routing 0.0.0.0/0 ke masing-masing ISP

Dst. Address : 0.0.0.0/0
Gateway : 192.168.1.1

Dst. Address : 0.0.0.0/0
Gateway : 192.168.1.1

Setting DHCP
Buat Pool
# NAME                                         RANGES                        
 0 pool1                                        192.168.0.2-192.168.0.200     

Buat DHCP Server + Network Gateway
#   NAME     INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   dhcp-... local                         pool1            3d       

 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN  
 0 192.168.0.0/24     192.168.0.1   

Selanjutnya Setting Hotspot + User Man (Tidak dijelaskan di sini, sudah ada di postingan sebelumnya)

Tambahan Setingg User Man

/tool user-manager customer add login=admin password=qwerty permission=owner
/tool user-manager router add subscriber=admin ip-address=127.0.0.1 shared-secret=1234

Di User Man kita bisa mengatur Bandwith user yang ad

Isi RX + TX sesuai bandwith yang di inginkan.

More

Mengganti Favicon Blogspot

Untuk merubah icon tersebut, caranya yaitu :

    * Login ke blogger..

    * Masuk ke menu "LAYOUT"--->"Edit HTML"

    * jangan lupa centang kotak “Expands Widget Template”

kemudian "Ctrl+F"
pertama yang kudu km lakuin yaitu cari kode script di bawah ini (di menu "Edit html" y) :

<head>
<link href='http://img412.imageshack.us/img412/3808/image11pc0.gif' rel='shortcut icon'/>
<b:include data='blog' name='all-head-content'/>

letaknya ada di paling atas kq...

klo udah..link yang berwarna biru itu kamu pindahkan tempatnya tepat sebelum tag </head>atau setelah tag ]]></b:skin>

klo diliat, jadinya kaya di bawah ini :

]]></b:skin>

<link href='http://img412.imageshack.us/img412/3808/image11pc0.gif' rel='shortcut icon'/>

</head>

klo udah, tinggal di "Save Setting" deh...
dah bisa kan sekarang....

More

Video Setting FreeBSD (Install - Proxy Server)

Setelah ubek-ubek internet cari tutorial buat Installasi FreeBSD akhirnya ketemu juga videonya, malas baca jadi liat video aja lebih mudah di mengerti...

Ne beberapa videonya:

Video Installasi FreeBSD

Video Free BSD Routing Config

Video FreeBSD DNS Server Setup

Video FreeBSD Proxy Server Instalation

Sumber: http://harrychanputra.web.id/?cat=35

More