Tuesday, August 19, 2008
Wawancara dengan CTO Mikrotik
Untuk negara berkembang, solusi Mikrotik sangat membantu ISP atau perusahaan-perusahaan kecil yang ingin bergabung dengan Internet. Walaupun sudah banyak tersedia perangkat router mini sejenis NAT, dalam beberapa kondisi penggunaan komputer dan software Mikrotik merupakan solusi terbaik. Mikrotik adalah perusahaan kecil berkantor pusat di Latvia, bersebelahan dengan Rusia, pembentukannya diprakarsai oleh John Trully dan Arnis Riekstins. John Trully adalah orang Amerika yang berimigrasi ke Latvia dan berjumpa Arnis yang sarjana Fisika dan Mekanik di sekitar tahun 1995.
Tahun 1996 John dan Arnis mulai me-routing dunia (visi Mikrotik adalah me-routing seluruh dunia). Mulai dengan sistem Linux dan MS DOS yang dikombinasikan dengan teknologi Wireless LAN (W-LAN) Aeronet berkecepatan 2Mbps di Molcova, tetangga Latvia, baru kemudian melayani lima pelanggannya di Latvia. Ketika saya menanyakan berapa jumlah pelanggan yang dilayaninya saat ini, Arnis menyebut antara 10 sampai 20 pelanggan saja, karena ambisi mereka adalah membuat satu peranti lunak router yang handal dan disebarkan ke seluruh dunia. Ini agak kontradiksi dengan informasi yang ada di web Mikrotik, bahwa mereka mempunyai 600 titik (pelanggan) wireless dan terbesar di dunia. Padahal dengan wireless di Jogja dan Bandung saja, kemungkinan besar mereka sudah kalah bersaing.
Prinsip dasar mereka bukan membuat Wireless ISP (WISP), tapi membuat program router yang handal dan dapat dijalankan di seluruh dunia. Latvia hanya merupakan �tempat eksperimen� John dan Arnis, karena saat ini mereka sudah membantu negara-negara lain termasuk Srilanka yang melayani sekitar empat ratusan pelanggannya.
Linux yang mereka gunakan pertama kali adalah Kernel 2.2 yang dikembangkan secara bersama-sama dengan bantuan 5 - 15 orang staf R&D Mikrotik yang sekarang menguasai dunia routing di negara-negara berkembang. Selain staf di lingkungan Mikrotik, menurut Arnis, mereka merekrut juga tenaga-tenaga lepas dan pihak ketiga yang dengan intensif mengembangkan Mikrotik secara maraton.
Ketika ditanya siapa saja pesaing Mikrotik, Arnis tersenyum dan enggan mengatakannya. Sewaktu saya simpulkan tidak ada pesaing, Arnis dengan sedikit tertawa menyebut satu nama yang memang sudah lumayan terkenal sebagai produsen perangkat keras khusus untuk teknologi W-LAN, yaitu Soekris dari Amerika. Tujuan utama mereka berdua adalah membangun software untuk routing, sementara kebutuhan akan perangkat keras juga terus berkembang, sehingga akhirnya mereka membuat berbagai macam perangkat keras yang berhubungan dengan software yang mereka kembangkan.
Semangat Mikrotik ini agak berbeda dari kebanyakan perusahaan sejenis di Amerika, karena mereka berkonsentrasi di pengembangan software lalu mencari solusi di hardware-nya dengan mengajak pihak ketiga untuk berkolaborasi. Dan kita dapat melihat ragam perangkat yang mereka tawarkan menjadi semakin banyak, mulai dari perangkat yang bekerja di frekwensi 2,4GHz dan 5,8GHz sampai ke interface dan antena.
Keahlian Mikrotik sebetulnya di perangkat lunak routernya, karena terlihat mereka berjualan perangkat W-LAN dengan antena omni yang sangat tidak dianjurkan pemakaiannya di dunia W-LAN, karena sangat sensitif terhadap gangguan dan interferensi. Walaupun punya tujuan yang sangat jelas, yaitu mendistribusikan sinyal ke segala arah sehingga merupakan solusi murah.
Kepopuleran Mikrotik menyebar juga ke Indonesia. Pertama kali masuk tahun 2001 ke Jogja melalui Citraweb oleh Valens Riyadi dan kawan-kawan, lalu meluas menjadi satu solusi murah untuk membangun ISP, terutama yang berbasis W-LAN. Kebetulan sekali, Jogja merupakan salah satu kota di Indonesia yang populasi pemakaian W-LAN-nya terbesar kalau dibandingkan luas daerahnya.
Keberhasilan Mikrotik me-routing dunia merupakan satu contoh, bahwa kita semua mampu membantu calon pemakai Internet untuk masuk ke dunia maya, terutama membantu membangun infrastrukturnya.
diambil dari majalah infolinux
http://www.infolinux.web.id
Tutorial Mikrotik VPN : Point to Point Tunnel Protocol (PPTP)
PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server.
General applications of PPTP tunnels:
* For secure router-to-router tunnels over the Internet
* To link (bridge) local Intranets or LANs (when EoIP is also used)
* For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)
Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server.
Description
PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows).
PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.
PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information.
PPTP Client Setup
Submenu level : /interface pptp-client
Property Description
name (name; default: pptp-out1) - interface name for reference
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets)
connect-to (IP address)- the IP address of the PPTP server to connect to
user (string)- user name to use when logging on to the remote server
password (string; default: "")- user password to use when logging to the remote server
profile (name; default: default) - profile to use when connecting to the remote server
add-default-route (yes | no; default: no) - whether to use the server which this client is connected to as its default router (gateway)
Example
To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway:
[admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \
\... user=john add-default-route=yes password=john
[admin@MikroTik] interface pptp-client> print
Flags: X - disabled, R - running
0 X name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john"
password="john" profile=default add-default-route=yes
[admin@MikroTik] interface pptp-client> enable 0
Monitoring PPTP Client
Command name : /interface pptp-client monitor
Property Description
Statistics:
uptime (time) - connection time displayed in days, hours, minutes, and seconds
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection
status (string) - status of the client:
# Dialing – attempting to make a connection
# Verifying password... - connection has been established to the server, password verification in progress
# Connected – self-explanatory
# Terminated – interface is not enabled or the other side will not establish a connection
Example
Example of an established connection:
[admin@MikroTik] interface pptp-client> monitor test2
uptime: 4h35s
encoding: MPPE 128 bit, stateless
status: Connected
[admin@MikroTik] interface pptp-client>
PPTP Server Setup
Submenu level : /interface pptp-server server
[admin@MikroTik] interface pptp-server server> print
enabled: no
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>
Description
The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created.
Property Description
enabled (yes | no; default: no) - defines whether PPTP server is enabled or not
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) - authentication algorithm
default-profile (name; default: default) - default profile to use
Example
To enable PPTP server:
[admin@MikroTik] interface pptp-server server> set enabled=yes
[admin@MikroTik] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@MikroTik] interface pptp-server server>
PPTP Server Users
Submenu level : /interface pptp-server
Description
There are two types of items in PPTP server configuration - static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly.
Property Description
name - interface name
user - the name of the user that is configured statically or added dynamically
Statistics:
mtu - shows (cannot be set here) client's MTU
client-address - shows (cannot be set here) the IP of the connected client
uptime - shows how long the client is connected
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection
Example
To add a static entry for ex1 user:
[admin@MikroTik] interface pptp-server> add user=ex1
[admin@MikroTik] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 DR ex 1460 10.0.0.202 6m32s none
1 pptp-in1 ex1
[admin@MikroTik] interface pptp-server>
In this example an already connected user ex is shown besides the one we just added.
PPTP Router-to-Router Secure Tunnel Example
The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet.
There are two routers in this example:
* [HomeOffice]
Interface LocalHomeOffice 10.150.2.254/24
Interface ToInternet 192.168.80.1/24
* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface LocalRemoteOffice 10.150.1.254/24
Each router is connected to a different ISP. One router can access another router through the Internet.
On the PPTP server a user must be set up for the client:
[admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.0.103.1 remote-address=10.0.103.2
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==""
[admin@HomeOffice] ppp secret>
Then the user should be added in the PPTP server list:
[admin@HomeOffice] interface pptp-server> add user=ex
[admin@HomeOffice] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 pptp-in1 ex
[admin@HomeOffice] interface pptp-server>
And finally, the server must be enabled:
[admin@HomeOffice] interface pptp-server server> set enabled=yes
[admin@HomeOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@HomeOffice] interface pptp-server server>
Add a PPTP client to the RemoteOffice router:
[admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \
\... password=lkjrht disabled=no
[admin@RemoteOffice] interface pptp-client> print
Flags: X - disabled, R - running
0 R name="pptp-out1" mtu=1460 mru=1460 connect-to=192.168.80.1 user="ex"
password="lkjrht" profile=default add-default-route=no
[admin@RemoteOffice] interface pptp-client>
Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables 'direct' communication between the routers over third party networks.
To route the local Intranets over the PPTP tunnel – add these routes:
[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2
[admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1
On the PPTP server it can alternatively be done using routes parameter of the user configuration:
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==""
[admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1"
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.0.103.1 remote-address=10.0.103.2
routes="10.150.1.0/24 10.0.103.2 1"
[admin@HomeOffice] ppp secret>
Test the PPTP tunnel connection:
[admin@RemoteOffice]> /ping 10.0.103.1
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
10.0.103.1 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms
Test the connection through the PPTP tunnel to the LocalHomeOffice interface:
[admin@RemoteOffice]> /ping 10.150.2.254
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
10.150.2.254 pong: ttl=255 time=3 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3.0/3 ms
To bridge a LAN over this secure tunnel, please see the example in the 'EoIP' section of the manual. To set the maximum speed for traffic over this tunnel, please consult the 'Queues' section.
Connecting a Remote Client via PPTP Tunnel
The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels)
Please, consult the respective manual on how to set up a PPTP client with the software You are using.
The router in this example:
* [RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24
The client computer can access the router through the Internet.
On the PPTP server a user must be set up for the client:
[admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht
local-address=10.150.1.254 remote-address=10.150.1.2
[admin@RemoteOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default
local-address=10.150.1.254 remote-address=10.150.1.2 routes==""
[admin@RemoteOffice] ppp secret>
Then the user should be added in the PPTP server list:
[admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex
[admin@RemoteOffice] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 FromLaptop ex
[admin@RemoteOffice] interface pptp-server>
And the server must be enabled:
[admin@RemoteOffice] interface pptp-server server> set enabled=yes
[admin@RemoteOffice] interface pptp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@RemoteOffice] interface pptp-server server>
Finally, the proxy APR must be enabled on the 'Office' interface:
[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled
1 R Office 1500 00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>
Tutorial Mikrotik VPN : EoIP
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
Network setups with EoIP interfaces:
- Possibility to bridge LANs over the Internet
- Possibility to bridge LANs over encrypted tunnels
- Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.
Specific Properties:
- Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
- The EoIP interface appears as an Ethernet interface under the interface list.
- This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
- The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
- Maximal count of EoIP tunnels is 65536.
This is how to set up EoIP to bridge two (or more) Mikrotik routers for central PPPoE authentication
Using 2 routers called R1 and R2 that have an IP connection between them and R2 has 2 ethernet ports, i.e. you can ping rB from R1 and R1 from R2 where the R1 facing eth port is called eth1 and its other port is called eth2.
1. create a new EoIP tunnel on R1.
2. create a new EoIP tunnel on R2, where the tunnel ID is the same as the one on R1 but the MAC addreses are different.
4. create a new bridge on R1 and R2
3. add a PPPoE server to the Bridge on R1.
4. on R2 and add eth2 and the EoIP tunnel to the bridge.
5. put an IP address onto eth2 (any address seems to work, but it maybe better to use a different subnet for routing purposes).
Now you should be able to establish a PPPoE connection from a PC plugged into the eth2 port on router R2, this PPPoE connection will terminate on router R1.
This is not the most efficient method of using the available bandwidth on a network, but is perhaps easier than having a PPPoE A/C on every Mikrotik router and using RADIUS as you can just have PPP secrets setup on one router.
Tutorial dasar Mikrotik
Mikrotik sekarang ini banyak digunakan oleh ISP, provider hotspot, ataupun oleh pemilik warnet. Mikrotik OS menjadikan computer menjadi router network yang handal yang dilengkapi dengan berbagai fitur dan tool, baik untuk jaringan kabel maupun wireless.
Dalam tutorial kali ini penulis menyajikan pembahasan dan petunjuk sederhana dan simple dalam mengkonfigurasi mikrotik untuk keperluan-keperluan tertentu dan umum yang biasa dibutuhkan untuk server/router warnet maupun jaringan lainya, konfirugasi tersebut misalnya, untuk NAT server, Bridging, BW manajemen, dan MRTG.
Versi mikrotik yang penulis gunakan untuk tutorial ini adalah MikroTik routeros 2.9.27
silahkan download disiniTraffic Monitor with Mikrotik Tools
Dalam Memantau aliran paket data yang melewati antarmuka router Mikrotik, dapat digunakan fasilitas Torch. Keterangan lebih lanjut, dapat dibaca pada Manual Mikrotik, yaitu Torch Tools
Kita dapat memantau aliran paket berdasarkan jenis protokolnya, alamat asal, alamat tujuan serta tipe port. Dengan adanya fasilitas ini yang telah disediakan pada Packet System, ketika kita menginstalasi Mikrotik RouterOS, maka memudahkan kita dalam administrasi router, dari fasilitas ini, kita bisa menebak apakah Aliran data di mesin kita sedang Normal atau tidak. Memantau terjadinya Flooding, memantau aktifitas Malware dan sebagainya.
Menggunakannya cukup mudah, biasanya agar lebih nyaman dalam Monitoring, silahkan diaktifkan melalui Winbox, untuk masuk ke Routernya. Lebih jelasnya bisa dilihat gambar dibawah ini.
Fasilitas Torch ini bisa digunakan melalui Winbox pada menu Tools - Torch. Silahkan Klik menu Torch tersebut, nanti akan ditampilkan jendela Torchnya.
Atau Bisa juga melalui IP - ARP. Pada jendela ARP List, silahkan dipilih IP Address, MAC address yang akan di Monitor. Klik kanan untuk masuk ke menu Torch.
Perhatikan, item-item yang terdapat di jendela Torch ini, pada Manual diatas telah diberikan secara jelas keterangan terhadap item-item tersebut. Klik tombol Start untuk mengaktifkan layanan Torch ini. Sekarang kita dapat bermonitoring ria terhadap aliran paket pada mesin routernya. Jika ada trafik yang mencurigakan silahkan diambil tindakan selanjutnya.
Pada List diatas, saya memantau Aliran trafik dari IP Address (Src Address) 192.168.0.13 yang melalui Interface LAN. Jika diperhatikan, pada bagian Src port terdapat port 514 (syslog) bertipe protokol UDP (17) menuju ke IP Address (Dst Address) 192.168.0.14, dan memang saya sedang menjalankan Syslog Daemon pada PC Windows XP secara Remote untuk menyimpan log router Mikrotiknya, pada PC yang memiliki IP Address 192.168.0.13, dengan router remotenya yang memiliki IP Address 192.168.0.14, aktif di port 514 (UDP). Kita bisa memilih Alamat sumber (Src Address) pada Client yang akan kita pantau, memilih Port, Alamat tujuan, serta Protokolnya
Blocking web in mikrotik
This example will explain you “How to Block Web Sites” & “How to Stop Downloading”. I have use Web-Proxy test Package.First, Configure Proxy.
/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0:0
cache-drive: system
cache-administrator: "ASHISH PATEL"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d
Now, Make it Transparent
/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
Make sure that your proxy is NOT a Open Proxy
/ip firewall filter
chain=input in-interface=src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop
Now for Blocking Websites
/ip proxy access
dst-host=www.vansol27.com action=deny
It will block website http://www.vansol27.com, We can always block the same for different networks by giving src-address. It will block for particular source address.
We can also stop downloading files like.mp3, .exe, .dat, .avi,…etc.
/ip proxy access
path=*.exe action=deny
path=*.mp3 action=deny
path=*.zip action=deny
path=*.rar action=deny.
Try with this also
/ip proxy access
dst-host=:mail action=deny
This will block all the websites contain word “mail” in url.
Example: It will block www.hotmail.com, mail.yahoo.com, www.rediffmail.com
ENJOY BLOCKING…….
Bloking Mikrotik dari Scan Winbox dan Neighbour
Kadang kala para ISP atau penyedia jasa layanan tidak terlalu jeli untuk melindungi customernya. Terutama ketika melindungi router pelanggan yang menggunakan Mikrotik RouterOS(tm). Dengan menjalankan IP >> Neighbor kita bisa melihat router mikrotik lainnya yang secara fisik terhubung dengan router kita melalui jaringan di provider kita.
Untuk itu kita bisa melindunginya dengan berbagai cara misalnya memblok scan dari winbox dan neighbor kita. Berikut adalah cara yang paling mudah :admin@mikrotik] interface bridge> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; block discovery mikrotik
chain=forward in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
1 ;;; block discovery mikrotik
chain=input in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
2 ;;; block discovery mikrotik
chain=output mac-protocol=ip dst-port=5678 ip-protocol=udp action=drop
3 ;;; block discovery mikrotik
chain=input in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
4 ;;; block winbox mikrotik
chain=forward in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
5 ;;; block request DHCP
chain=input mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
6 ;;; block request DHCP
chain=forward mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
7 ;;; block request DHCP
chain=output mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
Dengan perintah tersebut kita bisa menutup beberapa scan terutama yang menggunakan winbox dan ip neighbor. Port diatas adalah bagian dari share Mikrotik RouterOS yang memang di perlukan untuk monitoring.
Tipe Antena Mikrotik
5G/O8L 5.7-5.867 GHz 10 dBi Omnidirectional Antenna
5G/O8H 5.7-5.867 GHz 13 dBi Omnidirectional Antenna
5G/O4L 5.4-5.7 GHz 10 dBi Omnidirectional Antenna
5G/O4H 5.4-5.7 GHz 13 dBi Omnidirectional Antenna
5 GHz Directional Antennas
5G/PAR 5GHz Parabolic Antenna with Feed
5G/FED 5 GHz Antenna Feed
5 GHz Flat antennas
5G/522F 5.2-5.8 GHz Flat Panel 22 dBi Client Site Antenna without antenna cable
5G/MTA 5.2-5.8 GHz Flat Panel 22 dBi Client Site Antenna with antenna cable
5 GHz Sectoral Antennas
5G/BS8 5.7-5.867 GHz 14 dBi Base Station Sector Antenna
2.4 GHz Omnidirectional Antennas
2G/AO7 7.4 dBi Omnidirectional Antenna
2G/AO2 12 dBi Omnidirectional Antenna
2G/AO5 15.4 dBi Omnidirectional Antenna
2.4GHz Directional Antennas
2G/ADF 18dBi Flat Panel Antenna
2G/ADFW 18dBi Flat Panel Antenna
Lightning Arresters
AC/LAR58 Lightning Arrester for 5GHz
AC/LAR Lightning Arrester for 2.4GHz
Cables and Connectors
AC/L1A Low-Loss Cable (- 21.7dB/100m)
AC/CML N Connector for Low-Loss Cable - male
AC/CFL N Connector for Low-Loss Cable - female
The dude network monitoring dari mikrotik
Anda kesulitan memantau jaringan LAN/ WAN, atau anda penguna Whats up?
Mikrotikers gak usah khawatir, sekarang ada "the Dude" sebuah program free dari mikrotik yg berfungsi untuk network monitoring.
The Dude network monitor is a new application by MikroTik which can dramatically improve the way you manage your network environment. It will automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems.
Some of it's features:
- The Dude is free of charge!
- Auto network discovery and layout
- Discovers any type or brand of device
- Device, Link monitoring, and notifications
- Includes SVG icons for devices, and supports custom icons and backgrounds
- Easy installation and usage
- Allows you to draw your own maps and add custom devices
- Supports SNMP, ICMP, DNS and TCP monitoring for devices that support it
- Individual Link usage monitoring and graphs
- Direct access to remote control tools for device management
- Supports remote Dude server and local client
- Runs in Linux Wine environment, MacOS Darwine, and Windows
- Best price/value ratio compared to other products (free of charge)
Standar Setting Mikrotik
- pilihlah paket – paket dibawah ini untuk install OS Microtik :
System, dhcp, Advance Tools, RouTing, Security, Web – Proxy.
- ganti nama system sesuai dengan selera anda :
[admin@microtik] > system identity set name=warnet
Selanjutnya promt shell akan berubah menjadi :
Seperti yg anda inginkan :
[admin@warnet] >
- Ubahlah Password OS microtik anda dengan cara :
[admin@warnet] >user set admin password=………………………………
- aktivkan kedua Ethernet pada PC yang telah anda install OS Microtik :
[admin@warnet] >interface ethernet enable ether1
[admin@warnet] >interface ethernet enable ether2
- Berikan nama pada kedua ethernet untuk memudahkan konfigurasi :
[admin@warnet] >interface Ethernet set ether1 name=modem =====è Ethernet yg utk modem
[admin@warnet] >interface ethernet set ether2 name=local ===è Ethernet yg untuk ke HUB
- Masukan IP pada kedua landcard :
[admin@warnet] >ip address add interface=modem address= ( Diisi IP address dari ISP ) / netmask
[admin@warnet] >ip address add interface=lokal address= 192.168.0.1/255.255.255.0
- masukkan IP gateway yg di berikan dari ISP :
[admin@warnet] > ip route add gateway=10.11.1.1560
- SETTING DNS :
[admin@warnet] >ip dns set primary-dns=10.11.155.1secondary-dns=10.11.155.2
setelah itu coba ping semua IP yang telah di setting di atas.
[b][font=”]KONFIGURASI FIREWALL DAN NETWORK
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
[font=”]/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept
/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept
ip firewall filter add chain=input action=drop
ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”” yahuu.net=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128 /ip firewall nat add in-interface=modem
dst-port=80 protocol=tcp action=redirect
to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24
================================================== ================
yang 3128 semuanya di ganti 8080 : caranya :
ip web-proxy set enable=yes
/ip web-proxy set port=3128
/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )
/ip web-proxy set hostname=”proxy.prima”
/ip web-proxy set allow-remote-requests=yes
/ip web-proxy set cache-administrator: “primanet.slawi@yahoo.com”
================================================== ================================================== ========
FILTERING :
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php/ ip firewall filter
add chain=input connection-state=invalid action=drop \comment=”Drop Invalid connections”
add chain=input connection-state=established action=accept \comment=”Allow Established connections”
add chain=input protocol=udp action=accept \ comment=”Allow UDP”
add chain=input protocol=icmp action=accept \ comment=”Allow ICMP”
add chain=input src-address=192.168.0.0/24 action=accept \ comment=”Allow access to router from known network”
add chain=input action=drop comment=”Drop anything else”
ANTI VIRUS UTK MICROTIK :
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain” ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++
add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else”================================================== =====
SECURITY ROUTER MICROTIK ANDA :
/ ip firewall filteradd chain=input connection-state=established comment=”Accept established connections”add chain=input connection-state=related comment=”Accept related connections”add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” add chain=input protocol=udp action=accept comment=”UDP” disabled=no add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” add chain=input protocol=icmp action=drop comment=”Drop excess pings” add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit #add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”add chain=input action=drop comment=”Drop everything else”
================================================== ========================================
SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :
/ip firewall filteradd chain=forward connection-state=established comment=”allow established connections” add chain=forward connection-state=related comment=”allow related connections”add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++
#MatikanPort yang Biasa di pakai Spam :
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-p
lihat di system resource
dan 2/3 dari system resource di gunakan atau di alokasikan untuk : system resource print
************************************************** ******************************************
Graphing /tool graphing set store-every=hour[admin@MikroTik] tool graphing> print store-every: hour[admin@MikroTik] tool graphing> [admin@MikroTik] tool graphing interface> add interface=ether1 \allow-address=192.168.0.0/24 store-on-disk=yes[admin@MikroTik] tool graphing interface> printFlags: X - disabled # INTERFACE ALLOW-ADDRESS STORE-ON-DISK 0 ether1 192.168.0.0/24 yes[admin@MikroTik] tool graphing interface> [admin@VLP InWay] tool graphing> export
# oct/12/2005 09:51:23 by RouterOS 2.9.5
# software id = 1TLC-xxx
#
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=10.8.2.99/32 store-on-disk=yes allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=Inway allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=LAN allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=DMZ allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
source = http://crypt0gr4phy.wordpress.com/2007/02/02/setting-mikrotik/
Spesifikasi Router Board Mikrotik untuk berbagai Kebutuhan
5 GHz Base Stations
RB/APO MikroTik 5GHz Access Point OUTDOOR Package
5 GHz Client Packages
RIC/522 5.1-5.8Ghz Integrated Router Antenna
RIC/522E 5.1-5.8Ghz Integrated Router Antenna
RB/RPO MikroTik 5GHz OUTDOOR Client Package
5 GHz Repeaters
RB/BCO MikroTik 5GHz Repeater Outdoor Package
5 GHz All in Ones
RB/B2O MikroTik 5GHz Access Point OUTDOOR Package with Directional Antenna
RB/B4O MikroTik 5GHz Outdoor Access Point Package with Three Directional Antennas
RB/OM18 MikroTik 2.4GHz Integrated Access Point + Backbone
RB/KAO MikroTik 2.4GHz Access Point OUTDOOR Package
2.4GHz Client Packages
RB/2018 MikroTik 2.4GHz Client Package with Integrated 18 dBi Antenna
Setup Mikrotik used as a wireless Hotspot server/authenticator
The Mikrotik Router OS system is software designed to run on an "IBM type" Personal Computer. It has many capabilities including operating as a Wireless HotSpot controller, router, firewall, PPPoE controller, among many other capabilities. This router basically can be used to operate a small ISP. In our example, we are setting up a three port system which is designed to have one port going to the internet, a second to provide HotSpot services via an external access point and a third port to serve the user's local LAN. Separation and firewall protection is provided to prevent intrusion from the internet and from the HotSpot port into the user's local LAN. Be sure to verify the firewall protection for yourself. Advantages/Limitations of the Mikrotik Hotspot System as seen by the author can be viewed HERE.
The basic features that I need in this Home Hotspot installation are:
* Provide isolation of computers on my home LAN from internet traffic and users on the WIRELESS HotSpot Access Point. This needed to be done without the use of encription on the wireless link so "anyone" could easily log in without first getting permission.
* Allow my normal household internet traffic to/from the internet to use the same connection as traffic from my wireless HotSpot
* Allow traffic on the Internet to access my mail server and any other servers on my Home LAN.
* Provide "Casual" users of the Home HotSpot to "log in" and access their WebMail and normal Internet while limiting their bandwidth usage.
* Allow "Trusted" users of the Home Hotspot to "log in" to access whatever ports and services may be allowed for them on an individual basis.
* Allow "Me" to access anything I want to over the Wireless Hotspot connection to the local LAN or to the Internet.
* Provide the capability to have a direct PPPoE connection to a DSL/Cable modem or alternatively a direct connection to a router LAN port. LOCAL
Setup DNS Mikrotik
ALTERNATIVE PROCEDURE IF YOU WANT TO INPUT A FIXED IP/GATEWAY/DNS SERVER ADDRESS
(instead of using DHCP on the ether1 port)
Caution:
Use care in selecting the DNS SERVER IP address in the setup below. You MUST select an actual DNS server or a router which provides DNS services. Some routers (such as the Hawking FR24) provide a "DNS RELAY" feature on the gateway address which redirects DNS service requests that are sent to the router Gateway Address to some downstream DNS Server. Such "dns relay" service is not always compatible with the Mikrotik system. Other routers (such as the NexLand 800 Turbo and many other router setups) do provide normal DNS Services on the gateway address. In many routers it may depend on user programming.
The Mikrotik router will NOT resolve DNS properly for the Hotspot unless the pointer to a DNS server source points to a "real" DNS Server or a router which actually provides DNS SERVICES on the Gateway address. The result of no DNS service will be that your hotspot login screen will not be loaded when "any URL" is transmitted to the ether2 (Hotspot) port via your browser. This problem can be very confusing to diagnose.
You can test what DNS address you should setup in the Mikrotik unit by running an ip configuration test on a Windows equipped computer connected to your router that you also intend your Mikrotik to use for internet access. Proceed as follows:
b) In your windows computer, in network settings, select tcp/ip properties, and select "obtain an IP address automatically" and "obtain DNS server address automatically". Click OK and exit and reboot if necessary to activate the new settings. Then execute Setup>Run>
then enter <winipcfg>, click OK, (windows 95/98), or <ipconfig>, (or perhaps wntipcfg), click OK, (windows XP/NT/2000), In Windows , you may have to download the winipcfg.exe (or similar) module from the resources folder on the install disk to get this to work. You will get a display such as the image below when you get the ip configuration display and click
Note in this example, the DNS SERVER reported is 192.168.168.1 which IS the same as the Default Gateway and the downstream router (not Mikrotik) IP address. THIS IS NOT ALWAYS SO! The DNS server found by the DHCP operation of your windows computer may be in an entirely different range from the default gateway IP address. Thus, if you use a fixed IP address/Gateway/DNS Server selection, your Mikrotik router DNS Server setup MUST use the DNS Server found by a computer with DHCP Client operating as above. You cannot assume it is the same as your router's default gateway address.
Once you have the downstream router's Gateway address and DNS Server address defined, select an IP address for your Mikrotik unit and proceed as follows. (Here, we are assuming that your Mikrotik System's IP address and mask is 128.1.1.120/255.255.255.0, Gateway of the downstream router is 128.1.1.1 and that the DNS Server's IP address is 207.69.188.186. Make any changes you deem necessary.)
29a)
(Note: The address 128.1.1.120 (below) represents the PUBLIC INTERNET side IP address of the Mikrotik Router. Change to your own suitable address as may be required.)
29b) [admin@MikroTik] ip> address add address=128.1.1.120/24 comment="TechNet LAN to Internet" interface=ether1
29c) [admin@MikroTik] ip> route add gateway=128.1.1.1
(The following test will locate your
29d) [admin@MikroTik] ip> /ip dns set primary-dns=128.1.1.1 (Change to YOUR ISPs DNS servers. Or- This may be the gateway IP address of a LAN router (as this actually is) which has DNS services. You may be able to change to YOUR ISP's recommended DNS server IP address if permitted by your router and operation will likely be faster.)
29e) [admin@MikroTik] ip> /ip dns set secondary-dns=207.69.188.186 (Add a secondary DNS server if your ISP has one. This example is one of earthlink's DNS servers.)
IF you wish to install a DNS Cache in your Hotspot router so DNS requests will be handled out of the local cache instead of going to the router (or external ISP) each time, enter the following line.
29f) [admin@MikroTik] ip> /ip dns-cache set primary-server=128.1.1.1 (This sets up the dns-cache to access from the LOCAL ROUTER’s DNS server. You may wish to change the above two IP addresses to your ISP’s DNS IP address if permitted by your router. You can also use the
/ip dns-cache set secondary-server=xxx.xxx.xxx.xxx
to set up a secondary DNS-CACHE server if you wish. )
29g) [admin@MikroTik] ip> dns print
resolve-mode: remote-dns
primary-dns: 128.1.1.1 (This should be your primary DNS server IP address.)
secondary-dns: 207.69.188.186 (You should setup a secondary-dns server if you have one.)
and then:
29h) [admin@MikroTik] ip> dns-cache print
enabled: no (You get to enable it later when you setup the hotspot.)
primary-server: 128.1.1.1 (This should be your primary DNS server IP address.)
secondary-dns: 0.0.0.0 (You should setup a secondary-dns server (in step #19) if you have one.)
running: no (It will start running if you enable "use DNS CACHE" when you setup the hotspot.)
usage: 0%
entries: 0
taken from http://www.gpsinformation.org/hotspot/fixedether1ipsetup.html
Quick Setup Guide
The most noticeable difference in user experience setting up HotSpot system in version 2.9 from the previous RouterOS versions is that it has become in order of magnitude easier to set up a correctly working HotSpot system.
Given a router with two interfaces: Local (where HotSpot clients are connected to) and Public, which is connected to the Internet. To set up HotSpot on the Local interface:
- first, a valid IP config is required on both interfaces. This can be done with /setup command. In this example we will assume the configuration with DHCP server on the Local interface
- valid DNS configuration must be set up in the /ip dns submenu
- To put HotSpot on the Local interface, using the same IP address pool as DHCP server uses for that interface:
/ip hotspot add interface=local address-pool=dhcp-pool-1
- and finally, add at least one HotSpot user:
/ip hotspot user add name=admin
These simple steps should be sufficient to enable HotSpot system
Please find many HotSpot How-to's, which will answer most of your questions about configuring a HotSpot gateway, at the end of this manual. It is still recommended that you read and understand all the Description section below before deploying a HotSpot system.
for complete configuration please visit:http://www.mikrotik.com/testdocs/ros/2.9/ip/hotspot.php
PCQ
Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth yang ada secara merata untuk para pelahap-bandwidth™ saat jaringan pada posisi peak.
Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria, maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10 Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek e-mail & blog .
OK, langsung saja ke caranya :
- Asumsi : Network Address 192.168.169.0/28, interface yang mengarah ke pengguna diberi nama LAN, dan interface yang mengarah ke upstream provider diberi nama INTERNET;
- Ketikkan di console atau terminal :
> /ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
> /ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
> /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
> /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
> /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
> /queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM - Good Luck!!
MIKROTIK USER MEETING
tanggal 9-12 Juni 2008 di Bali (Hotel Kuta Paradiso), yang akan
diselenggarakan sebelum Mikrotik User Meeting (13-14 Juni 2008).
Pelatihan ini dikhususkan untuk teknisi ISP, network engineer dan
system
integrator yang berkeinginan untuk mempelajari lebih dalam mengenai
routing, dynamic routing, bandwidth management, hotspot system,
wireless
access, dan hampir seluruh materi yang menyangkut penggunaan hardware
dan software Mikrotik.
Pada sessi terakhir di hari keempat, akan diselenggarakan test
sertifikasi, peserta yang lulus akan mendapatkan sertifikat dari
Mikrotik.
Pelatihan ini akan dibawakan pengajar dari Mikrotik dan menggunakan
bahasa Inggris.
Setiap peserta yang mengikuti training ini wajib membawa sendiri 1 buah
laptop yang memiliki port ethernet dan jika dimungkinkan memiliki
interface serial (console)
PEMBAYARAN
Biaya untuk mengikuti pelatihan ini sebesar : Rp 3.200.000,-
Anda akan mendapatkan 1 buah lisensi level 4.
atau jika Anda ingin membawa pulang sebuah routerboard, biayanya
adalah:
Rp 4.600.000,-
PENDAFTARAN
Pendaftaran untuk training ini bisa dilakukan melalui partner kami :
Citraweb, dengan mengirimkan email ke info@mikrotik.co.id
Informasikanlah Nama, Email, Nama Perusahaan, No telp Anda pada email
tersebut. Pembayaran dapat dilakukan dengan transfer ke rekening BCA
dalam mata uang rupiah.
Info lebih lengkap mengenai training ini :
http://training.mikrotik.com/course/view.php?id=95
-------------------------------------------------------------------
MIKROTIK USER MEETING
Setelah pelaksanaan training, akan diadakan juga Mikrotik User Meeting.
Acara ini adalah wadah bertukar informasi dan pengalaman mengenai cara
penggunaan Mikrotik.
MUM akan diselenggarakan pada tanggal 13 - 14 Juni 2008 bertempat di
Kuta Paradiso Hotel, Bali.
Bagi Anda yang berminat untuk menghadiri acara ini, dapat menghubungi
juga partner kami Citraweb untuk mendapatkan free voucher.
Pada email, harap sebutkan nama Anda dan cantumkan "free voucher MUM"
pada subjek email Anda. Kirimkan email Anda ke sales@mikrotik.com
Daftarkan diri Anda sekarang juga, mengingat tempat yang terbatas.
Info lebih lengkap mengenai MUM bisa dilihat di :
http://mum.mikrotik.com
---------------------------------------
Akomodasi :
Kuta Paradiso Hotel
Bali, Indonesia
Jalan Kartika Plaza, Kuta P.O Box 1133 & 1134 Tuban, Bali, Indonesia
Phone : + 62 361 761414
Fax : +62 361 756944
e-mail: info[at]kutaparadisohotel.com
http://www.kutaparadisohotel.com/kph/default.asp
Create Dota dimesin Mikrotik
DOTA merupakan salah satu games Warcraft untuk versi online. pada gamenet games ini merupakan games terlaris selain games-games online lain seperti ragnarok, sealonline, pangya, deco dan masih banyak lagi. selain games ini gratis alias nda pake pocer, juga sangat asyik dimaenkan. disini saya coba menulis tentang bagaimana create DOTA di mesin mikrotik.
Ikuti langkah-langkah berikut :
[admin@mendem] >ip firewall nat add chain=srcnat action=masquerade out-interface=Public
[admin@mendem] >ip address add address=202.xxx.xxx.xxx/32 interface=Public (xxx diisi sesuai IP public kamu)
[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.xxx action=dst-nat to-addresses=192.168.***.*** (*** diisi sesuai dengan IP lokal yang ingin bisa create game)
[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.*** action=src-nat to-addresses=202.xxx.xxx.xxx
Agar client yg tergabung dalam LAN atau yang satu network bisa bermain bersama tambahkan perintah :
[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.1-202.xxx.xxx.254 action=netmap to-addresses=192.168.***.1-192.168.***.254
[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.1-192.168.***.254 action=netmap to-addresses=202.xxx.xxx.1-202.xxx.xxx.254
Sampai disini sudah berhasil , namun ternyata ada masalah yang saya hadapi, yaitu mesin mikrotik tidak dapat saya akses atau remote dari luar jaringan dan masalah lain, port SNMP ikut-ikutan ketutup sehingga untuk menampilkan traffic cacti jadi blank …ada yang bisa membantu
Fix Dota Mik
Sebelumnya saya pernah menulis tentang Rules Create Dota di Mikrotik, namun ada kendala saat rules diaktifkan maka routerbox tidak dapat di remote, diping bahkan tidak bisa menampilkan grafik MRTG/Cacti.
Setelah beberapa kali mencoba dan mencari literatur dari mbah google akhirnya ketemu rules yang cocok untuk kepentingan remote dari luar jaringan, bisa di ping dan tentunya saya bisa melihat grafik pemakaian bandwitdh lewat MRTG/Cacti.
Rules nya seperti ini :
ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=tcp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113
ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=udp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=tcp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=udp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x -192.168. x . x action=netmap to-address=202. x . x . x -202. x . x . x to-ports=0-65535
Mungkin sudah banyak yang tahu tentang rules diatas, harapan saya rules diatas bisa dipakai siapa saja yang memerlukannya, karena dari pengalaman yang ada sungguh sulit mencari literatur atau googling tentang rules create dota di mikrotik.
semoga membantuMikrotik Hotspot Advantages/Limitations
Mikrotik is a software company in Latvia that has been developing their version of a Linux router since about 1995. In 2002, they first offered a WiFi Hotspot capability which operated with specific internal (to the Linux computer) wireless cards and a few APs. In mid 2003, this range has expanded to allow working with a wide range of vendor’s standard Wireless Access Points. This recently includes the Dlink 900AP+ and similar inexpensive APs as well as the old standbys such as Cisco. Some specific features and advantages of the Mikrotik Router with HotSpot in (the latest) version 2.7.4 are:
1) It is supported software with a constant stream of feature enhancements and fixes for problems experience by users. Bug fixes are frequent and severe problems seem to be fixed pretty fast.The Mikrotik system has a very complete (500+ page) reference manual as the system has functions that allow it to do about everything an ISP could dream of doing and more than most casual users will ever need. But.. If you need some routing feature, likely it is already available.
2) The bad news is Mikrotik Tech Support is not the best even after you buy a license so they will assist. :( The Mikrotik technicians know a lot about their system but: Most answers to emailed questions seem to be references to the manual and if you send three questions, they likely will only answer part of them. Some answers I did receive had errors that are just killers for a beginning router programmer/user.
There are lots of command examples in the manual but almost zero overall application examples. The exception is a HotSpot example, but even with this, only someone already familiar with router ip table setup can get through the complete design without outside help. I did get some excellent help from Eje Gustaffason at
3) The system software itself is inexpensive. A fully working basic software system with PPPoE and limited to 4 simultaneous Hotspot users and 4 total NAT entries is FREE to download and use from
4) The Mikrotik system is quite complex and will take most people a good while to learn in detail. HOWEVER, with the cook book application guide that I have worked up HERE, a three port Hotspot router can be assembled and made operational in one evening by someone who just knows how to do medium complexity software installs on a PC.
5) The system allows the HotSpot owner/operator (OO) to edit the locally stored html files used for login, FAQs, Help pages, etc. The user can freely add or change links between these pages and the main login page using FrontPage or Dreamweaver or even Netscape Composer except for the login.html page which has tables.
6) It is possible to allow internet access to specific websites (with fixed IP addresses) without login when desired.
7) Hotspot User Authentication can be done from a local list (default) or from a local or remote RADIUS authentication server. The system can be programmed to use local authentication when it is available and to query a RADIUS server when the desired entry is not in the local list. The RADIUS server is expected to periodically update the local list. If the RADIUS server or link should fail, the local authentication will continue uninterrupted. In my opinion, a feature like this is an essential ingredient for our growing Atlanta Free Net system.
6) The Mikrotik “UNIVERSAL CLIENT” optionally permits “any” roaming user with “any” normal IP address and gateway setup in his networking to access the Hotspot without changing his networking setup. I really like this feature. :) Note: The Universal Client feature is mutually exclusive with use of the DWL-900AP+ as a REPEATER of Mikrotik data packets. The "address mangling" done to accommodate the Universal Client confuses the DWL-900 Repeaters.
7) It is easy to give any number of user “groups” different privileges on the Hotspot. For instance, group “guests” could be given 32kbps internet service speed upon login. Registered Guests could be (for instance) given 144kbps. Members could be given 1mbps and Owners could be given “full” speed. It is possible to configure queues so that even if the higher speed users are using “all available” bandwidth, low priority users still get most of their allocated bandwidth. "Burst" modes can also be configured so that users get a "burst" of traffic for some seconds and then get throttled to some lower speed. This can give even low speed users the feel of higher speed, yet throttle their download speed on game or file download.
8) The Mikrotik system can be configured with multiple NICs with varying capabilities. In my “cook book” system design, I have the router configured to accept one “public” LAN (could be PPPoE) input for the internet connection. A second NIC is the connection for the Hotspot Access Point. A third NIC port is provided to connect the local home LAN to the internet. web-proxy and NAT filters are used to insure that users on the Hotspot cannot access computers on the home LAN and vice versa. This eliminates the need in most cases for a separate router as the Mikrotik system can provide full NAT and firewall services for both the Hotspot and for the local LAN services at the same time..
9) Inbound service via the Mikrotik OS Router can direct traffic to mail servers and/or other computers or servers on the home local LAN.
10) The Hotspot provided can accommodate multiple simultaneous logins with the same username and password. In my own setup, I instruct "roaming guests" to sign in as “guest” with a blank password. This gives internet connectivity and mail service at low speed. If a user registers with me, I will give him connectivity speeds as negotiated. For now, everyone is at DSL speed but I can change that at will.
11) The one thing I know of that the Mikrotik does not now offer that is provided in the NoCatAuth box is SELF REGISTRATION. With the Mikrotik box, registration and user enabling past the “guest” stage requires an email to the hotspot supervisor and manual input of a user ID and password. This input takes about half a minute via a windows based GUI.
12) The bandwidth throttling system allows the user to throttle bandwidth for individual user groups, and for entire NIC ports. Thus, you can prevent your hotspot users from using all of your bandwidth even if a number of users simultaneously download large files.
13) Perhaps most useful for the Owner/Operator of Hotspots, programming changes can be done by most any user who has a reasonable amount of computer skills in the area being changed. By this, I mean “anybody” can change a user name, password, and user group or setup a new usergroup with different capabilities and bandwidth allocations. But while changing the bandwidth offered a user group is straightforward, the OO
14) The Mikrotik is undoubtedly an extremely complex system overall, but straightforward if you just need to put up a three port system in accord with my new Hotspot Application Note. The draft document is available at the link below. I am continuing to add features and it will be fleshing out more in the weeks to come. The basic hotspot and authentication all work fine and I am in the process of refining the firewall features. I will also be adding PPPoE as an option so the router can connect directly to a DSL or Cable modem. You can manually input the commands in just a couple of hours. See http://www.gpsinformation.org/hotspot/mikrotik_hotspot_article.html
Menemukan dengan mudah MRTG dari graphing mikrotik
Mikrotik memiliki fasilitas tersebut namanya tool graphing, idealnya MRTG mikrotik di batesi agar tidak bisa dilihat sembarang orang. Mungkin bisa di tambahkan rule allow acces IP mana saja yang diijinkan untuk melihatnya.
Kita dapat menemukan dengan mudah MRTG dari graphing mikrotik yang tidak di filter, caranya:
buka www.google.co.id
ketikkan key word = "mikrotik intitle:graphing"
pilih seach the web untuk semua web/IP yang ingin dicari
atau page from Indonesia untuk hanya web/IP indonesia saja
Mikrotik DHCP Server
1. Membuat address pool dan menentukan IP Range
2. Mengaktifkan DHCP server.
Sedangkan untuk membuat Internet Gateway Server, inti langkahnya adalah melakukan masquerading yang akan melewatkan paket-paket data ke user.
Berikut ini adalah gambaran dari network dan servernya :
1. Mikrotik di install pada CPU dengan 2 ethernet card, 1 interface utk koneksi ke internet, 1 interface utk konek ke lokal.
2. IP address :
- gateway (mis: ADSL modem) : 192.168.100.100
- DNS : 192.168.100.110
- interface utk internet : 192.168.100.1
- interface utk lokal : 192.168.0.1
Untuk memulainya, kita lihat interface yang ada pada Mikrotik Router
[admin@Mikrotik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500[admin@Mikrotik] >
kemudian set IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.100.1 dan ether2 akan kita gunakan untuk network local kita dengan IP 192.168.0.1
[admin@mikrotik] > ip address add address=192.168.100.1 netmask=255.255.255.0 interface=ether1
[admin@mikrotik] > ip address add address=192.168.0.1 netmask=255.255.255.0 interface=ether2
[admin@mikrotik] >ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.100.1/24 192.168.100.0 192.168.100.255 ether1
1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether2
[admin@mikrotik] >
Setelah selesai Barulah kita bisa melakukan setup DHCP server pada Mikrotik.
1. Membuat address pool
/ip pool add name=dhcp-pool ranges=192.168.0.2-192.168.0.100
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1
2. Tentukan interface yang dipergunakan dan aktifkan DHCP Server.
/ip dhcp-server add interface=ether2 address-pool=dhcp-pool enable 0
[admin@mikrotik] > ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 dhcp1 ether2
sampai tahap ini, DHCP server telah selesai untuk dipergunakan dan sudah bisa di test dari user.
Langkah Selanjutnya adalah membuat internet gateway, Misalnya IP ADSL Modem sebagai gateway untuk koneksi internet adalah 192.168.100.100 dan DNS Servernya 192.168.100.110, maka lakukan setting default gateway dengan perintah berikut :
[admin@mikrotik] > /ip route add gateway=192.168.100.100
3. Melihat Tabel routing pada Mikrotik Routers
[admin@mikrotik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.0.0/24 192.168.0.1 ether2
1 ADC 192.168.100.0/24 192.168.100.1 ether1
2 A S 0.0.0.0/0 r 192.168.100.100 ether1
[admin@mikrotik] >
Lanjutkan dengan Setup DNS
[admin@mikrotik] > ip dns set primary-dns=192.168.100.110 allow-remoterequests=no
[admin@mikrotik] > ip dns print
primary-dns: 192.168.100.110
secondary-dns: 0.0.0.0
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@mikrotik] >
4. Tes untuk akses domain, misalnya dengan ping nama domain
[admin@mikrotik] > ping yahoo.com
216.109.112.135 64 byte ping: ttl=48 time=250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 571/571.0/571 ms
[admin@mikrotik] >
Jika sudah berhasil reply berarti seting DNS sudah benar.
5. Setup Masquerading, ini adalah langkah utama untuk menjadikan Mikrotik sebagai gateway server
[admin@mikrotik] > ip firewall nat add action=masquerade outinterface=ether1chain: srcnat
[admin@mikrotik] >
[admin@mikrotik] ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether1 action=masquerade
[admin@mikrotik] >
Selesai, tinggal test koneksi dari user. seharusnya dengan cara ini user sudah bisa terhubung ke internet.
Cara ini memang cara yang paling mudah untuk membuat user dapat terhubung ke internet, namun tingkat keamanannya masih rendah dan diperlukan pengaturan firewall. Mudah-mudahan saya bisa membahasnya dilain waktu.
Mikrotik crack download at local server
MikroTik Certified Training Partners
Please let us know what course do you plan to deliver, how is the training class going to be organized, class setup, how many days, what equipment is going to be provided, what is going to be included into the curriculum, who is going to be the trainer, what is his/her previous experience teaching IT in general and data networking particularly. MikroTik is offering Train-the-Trainer classes for those who want to become MikroTik Trainers.
Untuk mempercepat menguasaan dan pemahaman terhadap Mikrotik RouterOS dan juga perangkat-perangkat wireless Mikrotik, kami mengadakan pelatihan Mikrotik, yang dapat diikuti oleh orang-orang yang berminat untuk dapat menggunakan Mikrotik. Citraweb Nusa Infomedia telah ditunjuk oleh Mikrotik sebagai Mikrotik Certified Training Partner, yang berhak untuk mengadakan acara-acara pelatihan dan mengeluarkan sertifikat yang juga terdaftar secara resmi di Mikrotik.
Pelatihan tentang Mikrotik ini akan membahas hampir semua aspek mengenai
penggunaan router Mikrotik dan perangkat kerasnya, sangat sesuai untuk
network administrator pada Wireless ISP, ISP, ataupun perusahaan yang
menginginkan untuk dapat menggunakan teknologi Mikrotik pada
jaringannya. Pelatihan ini akan dibawakan dalam Bahasa Indonesia oleh
teknisi-teknisi dari Mikrotik Indonesia, yang telah tersertifikasi oleh
Mikrotik.
Pilihan kelas yang tersedia untuk pelatihan ini:
* Kelas Basic dan Advance
Harga: Rp 3.750.000,00
Kapasitas: 20 orang
Materi yang akan diberikan pada pelatihan ini meliputi:
* Introduction to Mikrotik
* Mangle & IP Address List
* Firewall & NAT
* Static Routing & Policy Routing
* Quality of Service (Basic)
* Tunnel & VPN
* Wireless Network Planning
* Wireless Interface Configuration
* Dynamic Routing
* Scripting
* VRRP
* Quality of Service (Advance)
* Hotspot Configuration
* Intrution Detection System
* Bonding
Fasilitas yang akan didapatkan oleh peserta:
1. Makan siang setiap hari pelatihan
2. Coffee Break pagi dan sore
3. Sertifikat
4. Gratis Disk on Module 128 MB (tanpa lisensi)
5. Materi pelatihan
6. Router Mikrotik untuk latihan, 1 router per peserta
7. Kaos Mikrotik
Yang tidak termasuk dalam harga pelatihan ini adalah :
* Biaya konsumsi selain disebutkan di atas
* Biaya akomodasi dan transportasi peserta ke tempat pelatihan
Setiap peserta wajib membawa laptop, dengan spesifikasi :
* WiFi ready
* 10/100 ethernet port ready
* 1 buah kabel cross UTP cat5 (2 meter)
* Operating system Windows 2000 atau XP
Tata cara pendaftaran:
- Seluruh proses pendaftaran training akan dilakukan secara online.
- Pendaftar harus memiliki account di website www.mikrotik.co.id. Jika Anda berminat mendaftarkan diri dan belum memiliki accout, segeralah lakukan proses pembuatan account.
- Setelah pendaftaran dilakukan, kami akan mengkonfirmasikan apakah masih tersedia tempat via email.
- Pembayaran harus dilakukan selambat-lambatnya 10 hari setelah konfirmasi ketersediaan tempat diberikan. Calon peserta yang tidak dapat melakukan pembayaran sampai batas yang ditentukan akan dibatalkan pendaftarannya dan dapat diisi oleh peserta lain.
- Pendaftaran Anda baru dianggap lengkap setelah kami menerima pembayaran.
- Karena banyaknya minat pendaftar, kami membatasi 1 perusahaan hanya boleh mengirimkan maksimal 2 orang peserta dalam training ini.
- Seluruh proses pendaftaran dan pesan yang berkaitan dengan pendaftaran dapat dilihat di halaman user area training.
- Mikrotik Indonesia berhak untuk menerima ataupun menolak pendaftar training tanpa perlu memberikan alasan.
Citraweb Nusa Infomedia
Yogyakarta, Indonesia
Tel: +62 274 554444
Web: http://www.mikrotik.co.id/
e-mail: info[at]mikrotik.co.id
Mikrotik Bandwidth Test
Overview
The Bandwidth Tester can be used to monitor the throughput only to a remote MikroTik router (either wired or wireless) and thereby help to discover network ‘bottlenecks’.
The TCP test uses the standard TCP protocol with acknowledgments and follows the TCP algorithm on how many packets to send according to latency, dropped packets, and other features in the TCP algorithm. Please review the TCP protocol for details on its internal speed settings and how to analyze its behavior. Statistics for throughput are calculated using the entire size of the TCP packet. As acknowledgments are an internal working of TCP, their size and usage of the link are not included in the throughput statistics. Therefore this statistic is not as reliable as the UDP statistic when estimating throughput.
The UDP tester sends 110% or more packets than currently reported as received on the other side of the link. To see the maximum throughput of a link, the packet size should be set for the maximum MTU allowed by the links – usually this is 1500 bytes. There is no acknowledgment required by UDP; this implementation means that the closest approximation of the throughput can be seen.
Bandwidth Test Server Configuration
[admin@MikroTik] tool> bandwidth-serverSetting description:
Configure network bandwidth tester service. Use authentication for disabling
unwanted bandwidth wasting. Note that remote router must be MikroTik router in
order to run the test.
session
get get value of property
set
export
[admin@MikroTik] tool> bandwidth-server print
enabled: yes
authenticate: no
allocate-udp-ports-from: 2000
max-sessions: 10
[admin@MikroTik] tool>
enable - enable client connections for bandwidth testThe list of current connections can be get in session submenu:
authenticate - communicate only with authenticated (by valid username and password) clients
allocate-udp-ports-from - allocate UDP ports from
max-sessions - maximal number of bandwidth-test clients
[admin@MikroTik] tool> bandwidth-server session
print print values of item properties
remove remove item
[admin@MikroTik] tool> bandwidth-server session print
# FROM PROTOCOL DIRECTION USER
0 10.0.0.202 tcp send
[admin@MikroTik] tool>
Bandwidth Test Client Configuration
Bandwidth Test uses TCP or UDP protocol for test. The test tries to use maximum or partial amount of bandwidth to test link speed. Be aware that default test uses all available bandwidth and may impact network usability.
[admin@MikroTik] tool> bandwidth-test
Run TCP or UDP bandwidth test. Tries to use maximum or partial amount of
bandwidth to test link speed. Note that remote router must be MikroTik router
in order to run the test. Be aware that default test uses all available
bandwidth and may impact network usability.
assume-lost-time
direction Direction of data flow
do
duration
interval
local-tx-speed
once print statistics once and quit
password Password for remote user
protocol Protocol to use for test
remote-tx-speed
size UDP packet size or TCP segment size
user
[admin@MikroTik] tool> bandwidth-test
Descriptions of arguments:
address - IP address of destination host
assume-lost-time - If Bandwidth Server is not responding for that time, assume that connection is lost
direction - specify the direction of the test (receive, transmit, both, default is transmit)
do - Script source
duration - Duration of the test
interval - Delay between messages (in seconds). Default is 1 second. Can be 20ms...5s
local-tx-speed - Transfer test maximum speed (given in bits per second)
password - Password for remote user
protocol - Type of protocol to use (UDP or TCP, default TCP)
remote-tx-speed - Receive test maximum speed (given in bits per second)
size - Packet size in bytes (50..1500, default 512). Works only with UDP protocol
user - Remote user