Documente Academic
Documente Profesional
Documente Cultură
/interface ethernet
set 0 comment="Public Interface" name=Public
set 1 comment="Local Interface" name=Local
set 2 comment="Proxy Interface" name=Proxy
/ip address
add address=X.X.X.X/XX broadcast=X.X.X.X
interface=Local network=X.X.X.X
add address=X.X.X.X/XX broadcast=X.X.X.X
interface=Proxy network=X.X.X.X
add address=X.X.X.X./XX broadcast=X.X.X.X
interface=Public network=X.X.X.X
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=XXXXKiB \
max-udp-packet-size=XXX servers="X.X.X.X,X.X.X.X.X"
/ip route
add gateway=X.X.X.X disabled=no
/ip service
set telnet address=X.X.X.X/X disabled=yes port=XX
set ftp address=X.X.X.X/X disabled=yes port=XX
set www address=X.X.X.X/X disabled=no port=XX
set ssh address=X.X.X.X/X disabled=yes port=XX
set www-ssl address=X.X.X.X/X certificate=none disabled=yes port=XXX
set api address=X.X.X.X/X disabled=yes port=XXXX
set winbox address=X.X.X.X/X disabled=no port=XXXX
Penjelasan :
- Transparent DNS digunakan agar client tidak akan bisa gunakan NS selain yang dipasang di
mikrotik
/ip firewall mangle
add action=mark-packet chain=forward comment="PROXY-HIT-DSCP XX" \
dscp=XXnew-packet-mark=proxy-hit passthrough=no
Menandai paket proxy-hit dari external proxy gunanya rule queue bebas tanpa limit
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
add advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=\
unspecified interface=all managed-address-configuration=no mtu=\
unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
unspecified
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=smart \
password=fikri profile=VPS-SMART routes="" service=pptp
/queue interface
set ether1-PUBLIK queue=ethernet-default
set ether2-LAN queue=ethernet-default
set ether3-PROXY queue=ethernet-default
set HOTSPOT queue=ethernet-default
set ether5-aco queue=ethernet-default
/radius
add accounting-backup=no accounting-port=1813 address=172.0.0.1 \
authentication-port=1812 called-id="" disabled=no domain="" realm="" \
secret=12345 service=login,hotspot timeout=300ms
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=user-manager1 type=user-manager
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system console
add disabled=no term=vt102
/system gps
set channel=0 enabled=no set-system-time=no
/system health
set
/system identity
set name="SMART Education"
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set (unknown) disabled=no interface=all
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10KiB file-name="" filter-mac-protocol=!ip filter-stream=yes \
interface=HOTSPOT memory-limit=10KiB memory-scroll=no only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[User@Fily.net] >
/interface pptp-server
add disabled=no name=pptp-in1 user=""
/ip pool
add name=hs-pool-4 ranges=192.168.4.2-192.168.4.254
add name=vpn-smart ranges=192.168.1.10-192.168.1.30
/ip dhcp-server
add address-pool=hs-pool-4 address-pool6="" authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=HOTSPOT lease-time=1h name=\
dhcp1
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m \
interface=HOTSPOT keepalive-timeout=none name=hotspot1 profile=hsprof1
/ppp profile
set default change-tcp-mss=yes name=default only-one=default \
remote-ipv6-prefix-pool=none use-compression=default use-encryption=\
default use-ipv6=yes use-mpls=default use-vj-compression=default
add change-tcp-mss=default local-address=192.168.1.1 name=VPS-SMART only-one=\
default remote-address=vpn-smart remote-ipv6-prefix-pool=none \
use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
default use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=\
default remote-ipv6-prefix-pool=none use-compression=default \
use-encryption=yes use-ipv6=yes use-mpls=default use-vj-compression=\
default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether1-PUBLIK max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe-out1 password=xxxxxxxxxxxxxxxxxxxxxx
profile=\
default service-name="" use-peer-dns=no
user=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@telkom.net
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="down and browsing lokal" parent=ether2-LAN priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="down and browsing hotspot" parent=HOTSPOT priority=8
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=pcq-browsing pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=400k \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=200
add kind=pcq name="PCQ download hotspot" pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=\
250k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=\
2000
add kind=pcq name="PCQ download lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=250k \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload hotspot" pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name="pcq-upload lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\
32 pcq-src-address6-mask=128 pcq-total-limit=2000
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=browsing packet-mark=browsing-packet parent=\
"down and browsing lokal" priority=8 queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name=download packet-mark=download-packet parent=\
"down and browsing lokal" priority=8 queue="PCQ download lokal"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PB+POKER packet-mark="PB + Poker" parent=global-total \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=facebook packet-mark=facebook parent=global-total \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Squid-hit-HTTP packet-mark=hit_pkt parent=global-out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=128k name=Upload parent=global-out priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="browsing hotspot" packet-mark=\
"browsing-packet hotspot" parent="down and browsing hotspot" priority=8 \
queue=pcq-browsing
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name="download hotspot" packet-mark=\
"download-packet hotspot" parent="down and browsing hotspot" priority=8 \
queue="PCQ download hotspot"
/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/ip accounting
set account-local-traffic=no enabled=no threshold=256