Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER I
INTRODUCTION

1.1 Background
MikroTik RouterOSTM is an operating system that is used as network
router. By their mission “Routing The World”, this operating system becomes the
cheap and smart solution to build a router. This manner becomes the need which
will be implemented in Matrixatama Warnet Company.
Raise all of complete features, modern and also user friendly, all of it will
give the good services to the customer as well. And any matter that can’t be
separated in MikroTik RouterOSTM about the easy implementation as router or as
gateway in the office, in this case, will implemented at the Matrixatama Warnet
Company. The other hands, that is so special in MikroTik RouterOSTM is about
installable in the standar (PC) so that, it will not require high resource to operate it
continuously.
The writer try to configure the first configuration needed by MikroTik
RouterOSTM to operate it well, such as everything connected to the network
configuration, configuration of server and client computer, configuration of
Winbox, configuration of local connection LAN and configuration of bandwidth
computer client.

1.2 Problem Formulation

1. What is the MikroTik RouterOSTM?
2. How to configure the configuration inside?
3. How to configure computer server and client using Winbox?
4. How to configure LAN?
5. How to configure bandwidth in computer client?

1
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

1.3 Purpose
Many purposes that writer wants in this project one of them are:
1. Get easy to the customer of Matrixatama Warnet to access information in
fast and reliable.
2. To press the outcome of company because MikroTik RouterOSTM cheaper
and efficient than other.
3. To give the alternative implementation of router technology except Cisco
Router.

1.4 Benefit
We can get some benefit for explaining this project, some of them are:
1. Give knowledge to the reader about how to configure MikroTik
RouterOSTM.
2. Give knowledge to the reader about how to create router to build secure
and cheap system Client - Server.
3. This thesis can be useful as materials reference to other researcher that
enthusiastic to perform a research about similar theme.

1.5 Problem Boundaries

Problems which we discuss in this Project include:
1. Explanation at glance of MikroTik RouterOSTM .
2. The configuration of IP Address.
3. The configuration of computer server and client with Winbox.
4. The configuration of configuration of LAN.
5. About the bandwidth allocation in the computer client.

2
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

1.6 Writing Systematic

This is the complete writing systematic:

CHAPTER I INTRODUCTION
This chapter explains about background, problem formulation, purpose
benefit, problem boundaries and writing systematic in creating Project
Documentation.
CHAPTER II THEORY
This chapter explains about the theoretical of MikroTik and Its
implementation and configuration, also generally the theory of Networking itself.
CHAPTER III ANALYSIS
This chapter consists of the Existing System and Envisioned System.
CHAPTER IV DESIGN SYSTEM
This chapter consist the Network Specification, Logical Design and
Physical Design, Subnetting and IP Allocation, Routing, Design Server, Security.
CHAPTER V IPLEMENTATION AND TESTING
This chapter consist the Software and Hardware Specification, Diagram
Network Schema, Cost Implementation, File Configuration Server, Testing
Result, and Result Testing Table.
CHAPTER VI CLOSING
This chapter explains about conclusion and suggestion.
BIBLIOGRAPHY

3
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

1.7 Time Schedule

Table 1.1 Time Schedule
May 2009
No Activities
8 9 14 15 16 17 18 19 20 21 22

1 Looking of Data

Making Abstraction and

2
Preface

3 Make Chapter I – IV

4 Make Closing

6 Making Slide Show

4
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER II
THEORY

2.1 Description of MikroTik RouterOSTM

Generally, MikroTik RouterOSTM is operating system and
software that can be used to make the computer becomes the
router network, and also has many features for the LAN
Network or Wireless Network. Some of features are
Firewall & NAT, Routing, Hotspot, Point to Point
Tunneling Protocol, DNS server, DHCP server, Hotspot, and many more.
Based on http://linto.jmn.net.id MikroTik firstly is small company located
in Latvia that was founded by John Trully and Arnis Riekstins. John is American
that migrated in Latvia then he met Arnis a physic and mechanical Engineer near
in 1995. Then in 1996 they started “routing the world” using the Linux system
combined by MS DOS and Wireless LAN technology Aeronet 2Mbps in Molcova
near Latvia.
The main logical in MikroTik is about creating router program that can run
in every country, firstly they used Linux kernel 2.2 that improved by 5-15 their
staff R&D MikroTik and also out of R&D or volunteers help them in
improvisation. So that now we have it as solving problem in building the small
company or large that need internet as connectivity, already helped using
MikroTik.
The computer that will be used as router network is not need a high level,
just a middle specification such as CPU with Pentium III 800 MHz, RAM 512
MB and HDD 10 GB as server to give services to the for about 150 users, can run
properly.
Based on the manual book of MikroTik, MikroTik RouterOS™ v2.9.pdf,
MikroTik RouterOS allows user to use all its features without registration for
about 24 hours from the first run. During this period we must get a key, otherwise
we will need to reinstall the system. A purchased license key allows you to use
RouterOS features according to the chosen license level for unlimited time, and

5
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

gives you rights to freely upgrade and downgrade its Versions for the term of one
year since the key was purchased. A free registred License key that allows us to
use a restricted set of functions for unlimited period of time, but does not allows
upgrading and downgrading versions.
There are 6 licensing levels, each providing some additional features.
Level 0 means that there is nokey and all the features are enabled for one day.
Level 2 is a transitional license level from versions prior 2.8, that allows to use all
the features were allowed by your original license key for a previous version

Table of Service in MikroTik

6
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

2.2 Basic Examples of Matrixatama Network

Assume you need to configure the MikroTik router for the following
network setup:
In the current example we use two networks:
a. The local LAN with network address 192.168.10.0 and 28-bit netmask:
255.255.255.0. The router's address is 192.168.10.1 in this network
b. The ISP's network with address 192.168.1.0 and 24-bit netmask
255.255.255.0. The router's address is 192.168.1.1 in this network

The addresses can be added and viewed using the following commands:
[admin@MikroTik] ip address> add address 192.168.1.1/24 interface
Public
[admin@MikroTik] ip address> add address 192.168.10.1/28 interface
Local
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/24 192.168.1.0 192.168.1.255 Public
1 192.168.10.1/28 192.168.10.0 192.168.10.15 Local
[admin@MikroTik] ip address>

Here, the network mask has been specified in the value of the address
argument. Alternatively, the argument 'netmask' could have been used with the
value '255.255.255.0'. The network and broadcast addresses were not specified in
the input since they could be calculated automatically.

2.3 Viewing Routes

You can see two dynamic (D) and connected (C) routes, which have been
added automatically when the addresses were added in the example above:

7
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

These routes show that IP packets with destination to 192.168.1.0/24

would be sent through the interface Public, whereas IP packets with destination to
192.168.10.0/28 would be sent through the interface Local. However, you need to
specify where the router should forward packets, which have destination other
than networks connected directly to the router.

2.4 Adding Default Routes

In the following example the default route (destination 0.0.0.0 (any),
netmask 0.0.0.0 (any)) will be added. In this case it is the ISP's gateway
192.168.1.1, which can be reached through the interface Public

[admin@MikroTik] ip route> add gateway=192.168.1.1

[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.10.0/24 Local
1 ADC 192.168.1.0/24 Public
2 A S 0.0.0.0/0 r 192.168.1.1 0 Public
[admin@MikroTik] ip route>

Here, the default route is listed under #2. As we see, the gateway
192.168.1.1 can be reached through the interface 'Public'. If the gateway was
specified incorrectly, the value for the argument 'interface' would be unknown.
If you have added an unwanted static route accidentally, use the remove
command to delete the unneeded one. You will not be able to delete dynamic
(DC) routes. They are added automatically and represent routes to the networks
the router connected directly

8
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

2.5 Testing the Network Connectivity

From now on, the /ping command can be used to test the network
connectivity on both interfaces. You can reach any host on both connected
networks from the router. How the /ping command works. The workstation and
the laptop can reach (ping) the router at its local address 192.168.10.1, If the
router's address 192.168.10.1 is specified as the default gateway in the TCP/IP
configuration of both the workstation and the laptop, then you should be able to
ping the router:

Notes
You cannot access anything beyond the router (network 192.168.1.0/24 and the
Internet), unless you do the one of the following:
a. Use source network address translation (masquerading) on the MikroTik
router to 'hide' your private LAN 192.168.10.0/24 (see the information
below), or
b. Add a static route on the ISP's gateway 192.168.1.1, which specifies the
host 192.168.1.1 as the gateway to network 192.168.1.0/24.

Then all hosts on the ISP's network, including the server, will be able to
communicate with the hosts on the LAN to set up routing, it is required that you
have some knowledge of configuring TCP/IP networks. We strongly recommend
that you obtain more knowledge, if you have difficulties configuring your network
setup.

9
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

2.6 Masquerading
If you want to 'hide' the private LAN 192.168.1.0/24 'behind' one address
192.168.1.1 given to you by the ISP, you should use the source network address
translation (masquerading) feature of the MikroTik router. Masquerading is
useful, if you want to access the ISP's network and the Internet appearing as all
requests coming from the host 192.168.1.1 of the ISP's network. The
masquerading will change the source IP address and port of the packets originated
from the network 192.168.1.0/24 to the address 192.168.1.1 of the router when the
packet is routed through it.
Masquerading conserves the number of global IP addresses required and it
lets the whole network use a single IP address in its communication with the
world. To use masquerading, a source NAT rule with action 'masquerade' should
be added to the firewall configuration:

[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade

out-interface=Public
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=Public action=masquerade

2.7 NAT
Assume we have moved the server in our previous examples from the
public network to our local one:

The server's address is now 192.168.0.4, and we are running web server on
it that listens to the TCP port 80. We want to make it accessible from the Internet
at address:port 10.0.0.217:80. This can be done by means of Static Network
Address translation (NAT) at the MikroTik Router. The Public address:port
10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One
destination NAT rule is required for translating the destination address and port:

[admin@MikroTik] ip firewall nat> add chain=dstnat action=dst-nat

protocol=tcp
dst-address=192.168.1.1/24
dst-port=80 to-addresses=192.168.1.4
[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic

10
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

0 chain=dstnat dst-address=192.168.1.1/24 protocol=tcp dst-port=80

action=dst-nat to-addresses=192.168.1.4 to-ports=0-65535

2.8 Bandwidth Management

Assume you want to limit the bandwidth to 128kbps on downloads and
64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by
applying queues for outgoing interfaces regarding the traffic flow. It is enough to
add a single queue at the MikroTik router:

Leave all other parameters as set by default. The limit is approximately

128kbps going to the LAN (download) and 64kbps leaving the client's LAN
(upload).

2.9 Packet Sniffer

Packet sniffer is a feature that catches all the data travelling over the
network, that it is able to get (when using switched network, a computer may
catch only the data addressed to it or is forwarded through it).

Running Packet Sniffer

Command name: /tool sniffer start, /tool sniffer stop, /tool sniffer save
The commands are used to control runtime operation of the packet sniffer.
The start command is used to start/reset sniffering, stop - stops sniffering. To
save currently sniffed packets in a specific file save command is used.

11
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

Example
In the following example the packet sniffer will be started and after some time -
stopped:
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop

Below the sniffed packets will be saved in the file named test:
[admin@MikroTik] tool sniffer> save file-name=test
[admin@MikroTik] tool sniffer> /file print
# NAME TYPE SIZE CREATION-TIME
0 test unknown 1350 apr/07/2003 16:01:52

12
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER III
ANALYSIS

2.1 Current System of Matrixatama

At the time, the system of Matrixatama Warnet was very simple and not so
good speed and configuration. All the system use MikroTik as the router only in
the server that facilitates all clients without good management bandwidth. All
users can connect to the server easily but not have a good bandwidth as we say
before. In other that the bandwidth is not completely configured in fix condition,
so the user in any time gets the good speed, outside that user get bad speed also.
The MikroTik generally has many functions not only as the router; user
needs a system that allows good service and connection. But here, no action
implemented to build that, the connection still use the conventional way without
using ISP from speedy, so the speed connection depends on the weather and
climate, here using tower antenna to connect one warnet to another. No proxy
server to limit the connection or another connected to the unsecure website, porn
website or same as like that. And no monitoring phase in the server that
periodically monitors the client connected to the server.

2.2 Envisioned System of Matrixatama

Matrixatama as warnet designed in secure and simple configuration using
MikroTik, as a router and for the bandwidth management. So the implementation
of the warnet is secured, beside that here has a mechanism IP sniffer and IP
Firewalling. For the bandwidth management gives service to the VIP client and
general client is different for download and its bandwidth given, VIP is complete
and fast bandwidth is about 256 Mbps, and the general client just 64 Mbps.
Besides that IP sniffer monitor the client and its traffic followed there, so if there
is founded bad packet of sniffing process, system will blocked it immediately.

13
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER IV
SPECIFICATION REQUIREMENT AND DESIGN

3.1 Specification of Network

The network will be implemented in our system is about LAN in star
topology that centralized in one router and several switch in each classes, because
in Matrixatama has four rooms, admin, VIP Client, General Client and Print
Room.
Table 4.1 Technical Requirement
No. Technical Requirements

Available:
 VIP Client : 10 Host
1. Hosts  General Client : 12 Host
 Admin : 2 Host
 Print Room: 3 Device
2. Servers  Web Server
 The network should be easy
to install and configuration
2. Topology
 Setting minimize bandwidth
at network
 Provide connectivity across
computers running on
3. Network Protocol
different operating system
and of different configuration
4. Transmission Media  Cable UTP Cat 5e
6. Bandwidth  Speedy Office/Unlimited
 Redhat Enterprise 4
7. Network Operating System  Windows XP
 MikroTik OS
9. Security  Firewall in MikroTik

14
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

 IP Sniffer
 Chain IP
10. Router  MikroTik OS 2.9
10. Cost Allocation for equipments Less Available

3.1.1 Network Components

Based on the technical requirement, the enterprise will use the following
network components:
1. Network Topology

The start topology meets the above-mentioned requirements because

switch used to connect nodes. So, start topology is the best option.

2. Network Cabling

Cat-5E UTP (Unshielded Twisted Pair) cabling with a 100-Mbps of

transmission speed meets the above-mentioned requirements, so Cat-5E
UTP should be used. Fiber optic cables are fast but expensive, because the
enterprise less available of cost allocation and co-axial cables has a
limitation of transmission speed, so CAT-5E UTP is the best option.

3. Network Operating System

On the Web Server using Redhat Enterprise 4 and on client using

Windows XP service pack 2 and also as router we used MikroTik OS.

4. Network Protocol

TCP/IP (Transmission Control Protocol/Internet Protocol) is the network

protocol that will be used in the enterprise network to connect all
computers in all department each other, because TCP/IP meets the above-
mentioned requirement and protocol addressing will be use IPv4.

3.2 Schema of Physical and Logical Network

This sub chapter describes about physical and logical network design in
Matrixatama, for details one please look at this about.

15
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

3.2.1 Logical Design

In the logical design explains about the design of the system in general
view. At this time, Matrixatama used the usual design, as can be shown bellow.

Internet -- ISP Speedy

Web Server,
Firewall,

Router

Switch Switch Switch Switch

General Printer
Admin VIP Client
Client Room

Picture 3.1 Logical Design Network of Matrixatama

3.2.2 Physical Design

The detail configuration of all devices about called the Physical Design
which represents the entire network device, so they are set into one good system
network used by Matrix Photo Studio. Here is the illustration of it.

16
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

INTERNET

Firewall Enabled

Mikrotik Router

DNS, Web
Server

Switch 16 port Switch 8 port Switch 16 port

VIP Client

Admin Print
Room
General Client

Picture 3.2 Physical Design Network of Matrixatama

3.3 Subneting and IP Allocation

3.3.1 Subnetting
Matrix Photo Studio make the subnetting for making a secure transmission
and privacy sharing from one host to another. We have five groups of subnetting,
Admin, VIP Client, General Client, Printer Room. It should be depends on host
for allocating the subnetting.
Maximum host = 12 Computer
So the formula, in 192.168.10.1/28
2n-2>=12 computer
N=4
255.255.255.0

17
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

11111111.11111111.11111111.00000000
11111111.11111111.11111111.11110000
New Subnet Mask >> 255.255.255.240
Block Per Subnet = 256-240
= 16 Block
Address Range = 192.168.10.0 - 192.168.10.15
192.168.10.16 - 192.168.10.31
192.168.10.32 - 192.168.10.47
192.168.10.48 - 192.168.10.63
.……..

3.3.2 IP Allocation
In a real implementation, Matrixatama has IP Allocation according the
Server or Department to make easy in security settings and privacy, also for
development phase in the next time. Here is the allocation.

Table of IP Allocation
No. Department/Server IP Address/Network ID
1. Web Server 192.168.1.4
2. Public IP Address 192.168.1.1
3. Router 192.168.1.1
4. Admin 192.168.10.49
5. VIP Client 192.168.10.6
6. General Client 192.168.10.18
7. Print Server 192.168.10.49

3.4 Routing
These routes show that IP packets with destination to 192.168.1.0/24
would be sent through the interface Public, whereas IP packets with destination to
192.168.10.0/28 would be sent through the interface Local. However, you need to

18
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

specify where the router should forward packets, which have destination other
than networks connected directly to the router

3.5 Server Design

The server using Redhat Enterprise 4 for storing the web server, that gives
the service to the client assumed directed connect to the internet, so the simulation
of network schema.
No. Operating System Description
1. Redhat Enterprise 4 Assumed as the direct internet access from
server
2. Windows XP SP 2 As the client Operating System
3. MikroTik OS As the router, bandwidth management, and
security combined by winbox.exe

3.6 Security Network

1. IP Sniffing
It allows you to "sniff" packets going through the router and any other
traffic that gets to the router, when there is no switching in the network and also
view them using specific software.
In the following example the packet sniffer will be started and after some
time - stopped:
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop
Below the sniffed packets will be saved in the file named test:
[admin@MikroTik] tool sniffer> save file-name=test

19
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

[admin@MikroTik] tool sniffer> /file print

# NAME TYPE SIZE CREATION-TIME
0 test unknown 1350 apr/07/2003 16:01:52
[admin@MikroTik] tool sniffer>

2. Firewall Filter
Home menu level: /ip firewall filter
Network firewalls keep outside threats away from sensitive data available
inside the network. Whenever different networks are joined together, there is
always a threat that someone from outside of your network will break into your
LAN.
Such break-ins may result in private data being stolen and distributed,
valuable data being altered or destroyed, or entire hard drives being erased.
Firewalls are used as a means of preventing or minimizing the security risks
inherent in connecting to other networks. Properly configured firewall plays a key
role in efficient and secure network infrastructure deployment

3. Filter Chain
As mentioned before, the firewall filtering rules are grouped together in
chains. It allows a packet to be matched against one common criterion in one
chain, and then passed over for processing against some other common criteria to
another chain.
IP Filter is connected with chain properties; chain can be divided in three
types that is chain input, chain forward, chain output. The packet from network to
the router called chain input, example do the SSH/remote to the router. Packets
that cross the interface router from and to the network called chain forward and
packets that out to the router interface called chain output.

4. Protect your RouterOS router

To protect your router, you should not only change admin's password but
also set up packet filtering. All packets with destination to the router are processed
against the IP firewall input chain.

20
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

Note: that the input chain does not affect packets which are being
transferred through the router.
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop Invalid connections"
add chain=input connection-state=established action=accept \
comment="Allow Established connections"
add chain=input protocol=udp action=accept \
comment="Allow UDP"
add chain=input protocol=icmp action=accept \
comment="Allow ICMP"
add chain=input src-address=192.168.0.0/24 action=accept \
comment="Allow access to router from known network"
add chain=input action=drop comment="Drop anything else"

5. Protecting the Customer's Network

To protect the customer's network, we should check all traffic which goes
through router and block unwanted. For ICMP, TCP, UDP traffic we will create
chains, where will be dropped all unwanted packets:
/ip firewall filter
add chain=forward protocol=tcp connection-state=invalid \
action=drop comment="drop invalid connections"
add chain=forward connection-state=established action=accept \
comment="allow already established connections"
add chain=forward connection-state=related action=accept \
comment="allow related connections"

21
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER V
IMPLEMENTATION AND TESTING

5.1 Software and Hardware Specification

A. Software Detail in the Server
Item Apache IIS
Point Reason Point Reason
Based on the To the server Easy to To the client Easy to
client - server implement and implement and
default system default system
in Redhat in Windows
Enterprise 4 XP

B. Operating System Offered

Specification Scoring
Redhat Enterprise 4 (Server) Windows XP (Client)
Implementation Not easy for beginner Easy
Troubleshooting Not easy for beginner Easy and familiar
Security Secure and not contained by Easy to be infected by
viruses viruses

C. Program Developer Utility

It is describing the software that is used in the Matrixatama warnet, this
one will be shown in table.
No. Software Used in Server Description
1. Firefox To display the web and its services
2. McAfee Internet To prevent some attach by spyware, virus, and
Security 2009 other threats.

No. Software Used in Client Description

1. Firefox To display the web and its services
2. Microsoft Office 2007 To write something

22
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

3. Yahoo Messenger To chat over the internet

4. McAfee Free Antivirus To prevent viruses and friends
8.5i
5. Footkit Reader To read pdf format by free software
6. Winrar To rar or zip file

D. Hardware Specification
No. Hardware Unit Minimal Specification

5.2 Diagram Design of Network System.

23
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

5.3 Cost Implementation

This one is describing the cost implementation in our warnet, is taken
from BEC’s cost in Rupiah. Here is the complete one see the draft:
Table of Cost Implementation
Product : Router Item Price Total Justification
License of 1 Rp. 400.000 Rp. 400.000 Because this
MikroTikOS router have a
speed 100Mbps

Product : Item Price Total Justification

Antivirus
McAfee Internet 1 Rp.500.000 Rp.500.000 We would to
Security 2009 use it because
of the security
are complete

Product : RJ 45 Item Price Total Justification

RJ 45 2 RP. 15000/box RP. 30000 connector from
switch
computer and
etc.

Product : Cable Item Price Total Justification

UTP
UTP CAT 5e 50 m Rp. 4.000/meter Rp. 200.000 Because this
version can
handle of
transmission
data up to 100
Mbps so the
speed in
transmission is
fast.

Product : Item Price Total Justification

Complete CPU
Complete CPU 24 Rp 2.100.000 Rp 50.400.000 This computer is
AMD Atlon enough for
Monitor 2nd requirements

24
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

Product : Switch Item Price Total Justification

D-link DES- 2 Rp. 175.000 Rp. 350.000 Because the
1008D 8 port flexibly connect
to Ethernet and
have a speed
810/100 Mbps
Port
D-link DES- 2 Rp. 204.900 Rp. 409.800
1008D 16 port

Product : Printer Item Price Total Justification

Canon IP 1980 i 2 Rp. 500.000 Rp. 1.000.000 Because the
printer is enough
for used in the
system and the
price is low.

Total Cost Implementation Total Justification

All needs above Rp. 69.998.000 It is enough for
serve all clients
in Warnet, in a
year we hope
invest can back
well.

5.4 File Server Configuration

5.4.1 Installation of MikroTik
Setting BIOS
You must to set the configuration in the VMWare to specified requirement,
prepare the source installation of MikroTik-2.9.27.iso. You should download
in a free of charge and already cracked version. Ok let’s begin the step as
follow me:
1. Enter the source of iso MikroTikOS into CDROM drive in VMWare.
2. After booting in VMWare will appears the packages installation as you
want to install, choose as the requirements.
3. To select all the service offered by MikroTikOS please press ―i‖ button
in keyboard. After that press ―y‖ button to start installation. And then

25
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

press ―y” button again to real starting installation. Note: due to the
MikroTikOS will create auto partition; the all size of data in the drive
prepared will be erased absolutely.
4. After done the installation process, the system will require restart or
reboot computer, press Enter to restart.
5. If the installation had done well, it will appear the Login MikroTik. To
login, enter the username admin and you let the password blank, by
pressing twice Enter.

Picture of MikroTik Login

5.4.2 Service Configuration
The step for building the configuration as follow this schema that is LAN
—> MikroTik RouterOS —> Modem ADSL —> INTERNET

For the LAN, we use IP Address C Class, with the network ID

192.168.10.0/24. For the MikroTik RouterOS, we need two ethernet cards. For the
first Ethernet (ether1 (public) - 192.168.1.2/24) and that is connecting to the
Modem ADSL and the other hands, (ether2 (local)- 192.168.10.1/24) that is
connecting to the LAN. For the Modem ADSL, IP will be set as 192.168.1.1/24.
Before that we should to be root menu position by pressing ―/‖

26
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

1. Set IP for Each Ethernet Card

ip address add address=192.168.1.2/24 interface=ether1 (public)

ip address add address=192.168.10.1/24 interface=ether2 (local)

To show the result we just type the command:

ip address print

Then do the testing by trying ping to the gateway or to the computer stored
in the LAN. If the result completed successfully, so the configuration is correct.

ping 192.168.1.1
ping 192.168.10.10

1. Add the Routing Schema

Routing is used to ensure the address allocated in the true path and route,
so in this case, gateway as the place on 192.168.1.1. It’s means that every packet
will across first via gateway in this address.

ip route add gateway=192.168.1.1

2. Setting DNS

ip dns set primary-dns=192.168.1.3 allow-remote-requests=yes

ip dns set secondary-dns=192.168.1.4 allow-remote-requests=yes

Because we use the ISP from Speedy, so the DNS we use from Telkom,
but in this case we assume that the connection public IP 192.168.1. as the given
address by ISP.
Short for Domain Name System is an Internet service that translates
domain names into IP addresses. Because domain names are alphabetic, they are
easier to remember. The Internet however, is really based on IP addresses. Every
time you use a domain name, therefore, a DNS service must translate the name
into the corresponding IP address. For example, the domain name
www.yahoo.com might translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't
know how to translate a particular domain name, it asks another one, and so on,
until the correct IP address is returned.

27
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

3. Source NAT (Network Address Translation) / Masquerading

To make all computers connected to LAN, we need to set NAT
(Masquerade) in MikroTik. Short for Network Address Translation, an Internet
standard that enables a local-area network (LAN) to use one set of IP addresses
for internal traffic and a second set of addresses for external traffic. A NAT box
located where the LAN meets the Internet makes all necessary IP address
translations.
This way used to set the NAT in our MikroTik.
ip firewall nat add chain=srcnat action=masquerade out interface=public

4. Management Bandwidth
To all the computer clients in this LAN configuration is not taking
bandwidth each other, so we need the bandwidth management or bandwidth
control, so for simple configure we used simple queue in MikroTikOSTM:

queue simple add name=”VIP Client” target-address=192.168.10.6/32 dst-

address=0.0.0.0/0 interface=Local queue=default priority=8 limit-
at=16000/32000 max-limit=16000/64000

queue simple add name=”Client” target-addresses=192.168.10.2/32 dst-

address=0.0.0.0/0 interface=Local parent=Shaping priority=8
queue=default/default limit-at=0/8000 maxlimit=
0/256000 total-queue=default

5. Graphing
MikroTikOSTM has service of monitoring traffic as like MRTG. So we can
see how much packet aver the PC MikroTikOSTM.
tool graphing set store-every=5min

We will monitor the packets in the MikroTikOSTM of course in all interfaces

we have, local and public.
tool graphing interface add interface=all store-on-disk=yes

To test the result we just type http://192.168.10.1/graphs/ in browser so we

can see the picture as shown bellow:

28
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

29
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

3.4 Result Server Testing

Result server testing describes the result of Matrixatama configuration
system, includes in MikroTik, server and all need of this networking. And will be
shown in the print screen.
1. Testing Download File From Web Server
Means that client at 192.168.10.6 (VIP Client) download the file from
server at 192.168.1.4 called www.matrix.com in very high speed
download is about 256 kbps

30
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

2. Traffic Download Monitoring (Graphs)

3. Ping the local gateway from client

31
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

4. Ping the Server IP Address from client

3.5 Table of Testing Result

Table testing result describes about the result of configuration in whole
implementation at Matrixatama, and can be seen bellow.
Table of Testing Result
No. Testing Function Testing Method Result Real Condition Conclusion
1. Download file Via web server at Success Downloaded Bandwidth
from client www.matrix.com not so fast management
success
2. Download file Via web server Success Downloaded Bandwidth
from VIP client www.matrix.com so fast management
success
3. Graph interface Via Success Appears graph Graphing
local http://192.168.10.1/ success
graphs/iface/local
4. Graph interface Via Success Appears graph Graphing
public http://192.168.10.1/ success
graphs/iface/public
5. Ping gateway Ping 192.168.10.1 Success Replay ping Gateway
local local work
6. Ping gateway Ping 192.168.1.1 Success Replay ping Gateway
public public work

32
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

CHAPTER VI
CLOSING

3.1 Conclusion
After explaining about Matrixatama above, we can get some of the
conclusion for making sharpness in understanding the content and all about our
problem formulation. Here, one of them:
1. MikroTik RouterOSTM is an operating system that is used as network router
and becomes the cheap and smart solution to build a router PC was
founded by John Trully and Arnis Riekstins in Latvia in 1996 that used
combination of MS DOS and Linux kernel 2.2 and Wireless LAN Aeronet
2Mbps technology inside.
2. To configure the MikroTik router we need to set the Ethernet becomes
public and local, then set the given IP in each Ethernet 192.168.10.1/28 for
local and 192.168.1.1 for public.
3. Then router must set the default gateway in each subnet, to eliminate the
attachment that is 192.168.10.1, 192.168.10.17, 192.168.10.33,
192.168.10.47. Because we have four room in different subnet.
4. In winbox.exe we can set the bandwidth management, the VIP client has
256 Kbps for download, 64 Kbps for Client and Print Room, and
Unlimited for admin in winbox > queues.
5. To configure LAN we need routing to follow up the route to the best path
according the given rule in winbox > IP > routing tab.

3.2 Suggestion
Here we suggest when wants to built the same service ensure that all
requirements, costs are planned well. Then on the next arrangement of paper we
suggest explain more detail of process of securing the service in MikroTik, about
the other service given in MikroTik, because we just explain the connection and
bandwidth management.

33
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company

BIBLIOGRAPHY

[1] http://www.redhat.com/docs [January 19 2008]

[2] http://id.wikipedia.org/wiki/MikroTik [January 19 2008]
[3] http://id.wikipedia.org/wiki/Web Server [January 19 2008]
[4] Copyrigth@NIIT.Student Guide Linux Networking and Security
Administration
[5] http://www.MikroTik.co.id/index.php
[6] http://www.mikrotik.co.id/artikel.php?kategori=2
[7] Copyrigth@NIIT.Student Guide Implementing and Managing Security
[8] Copyrigth@NIIT.Project and Reference reading guide

34