Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CHAPTER I
INTRODUCTION
1.1 Background
MikroTik RouterOSTM is an operating system that is used as network
router. By their mission “Routing The World”, this operating system becomes the
cheap and smart solution to build a router. This manner becomes the need which
will be implemented in Matrixatama Warnet Company.
Raise all of complete features, modern and also user friendly, all of it will
give the good services to the customer as well. And any matter that can’t be
separated in MikroTik RouterOSTM about the easy implementation as router or as
gateway in the office, in this case, will implemented at the Matrixatama Warnet
Company. The other hands, that is so special in MikroTik RouterOSTM is about
installable in the standar (PC) so that, it will not require high resource to operate it
continuously.
The writer try to configure the first configuration needed by MikroTik
RouterOSTM to operate it well, such as everything connected to the network
configuration, configuration of server and client computer, configuration of
Winbox, configuration of local connection LAN and configuration of bandwidth
computer client.
1
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
1.3 Purpose
Many purposes that writer wants in this project one of them are:
1. Get easy to the customer of Matrixatama Warnet to access information in
fast and reliable.
2. To press the outcome of company because MikroTik RouterOSTM cheaper
and efficient than other.
3. To give the alternative implementation of router technology except Cisco
Router.
1.4 Benefit
We can get some benefit for explaining this project, some of them are:
1. Give knowledge to the reader about how to configure MikroTik
RouterOSTM.
2. Give knowledge to the reader about how to create router to build secure
and cheap system Client - Server.
3. This thesis can be useful as materials reference to other researcher that
enthusiastic to perform a research about similar theme.
2
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER I INTRODUCTION
This chapter explains about background, problem formulation, purpose
benefit, problem boundaries and writing systematic in creating Project
Documentation.
CHAPTER II THEORY
This chapter explains about the theoretical of MikroTik and Its
implementation and configuration, also generally the theory of Networking itself.
CHAPTER III ANALYSIS
This chapter consists of the Existing System and Envisioned System.
CHAPTER IV DESIGN SYSTEM
This chapter consist the Network Specification, Logical Design and
Physical Design, Subnetting and IP Allocation, Routing, Design Server, Security.
CHAPTER V IPLEMENTATION AND TESTING
This chapter consist the Software and Hardware Specification, Diagram
Network Schema, Cost Implementation, File Configuration Server, Testing
Result, and Result Testing Table.
CHAPTER VI CLOSING
This chapter explains about conclusion and suggestion.
BIBLIOGRAPHY
3
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
1 Looking of Data
3 Make Chapter I – IV
4 Make Closing
4
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER II
THEORY
5
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
gives you rights to freely upgrade and downgrade its Versions for the term of one
year since the key was purchased. A free registred License key that allows us to
use a restricted set of functions for unlimited period of time, but does not allows
upgrading and downgrading versions.
There are 6 licensing levels, each providing some additional features.
Level 0 means that there is nokey and all the features are enabled for one day.
Level 2 is a transitional license level from versions prior 2.8, that allows to use all
the features were allowed by your original license key for a previous version
6
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
The addresses can be added and viewed using the following commands:
[admin@MikroTik] ip address> add address 192.168.1.1/24 interface
Public
[admin@MikroTik] ip address> add address 192.168.10.1/28 interface
Local
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/24 192.168.1.0 192.168.1.255 Public
1 192.168.10.1/28 192.168.10.0 192.168.10.15 Local
[admin@MikroTik] ip address>
Here, the network mask has been specified in the value of the address
argument. Alternatively, the argument 'netmask' could have been used with the
value '255.255.255.0'. The network and broadcast addresses were not specified in
the input since they could be calculated automatically.
7
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
Here, the default route is listed under #2. As we see, the gateway
192.168.1.1 can be reached through the interface 'Public'. If the gateway was
specified incorrectly, the value for the argument 'interface' would be unknown.
If you have added an unwanted static route accidentally, use the remove
command to delete the unneeded one. You will not be able to delete dynamic
(DC) routes. They are added automatically and represent routes to the networks
the router connected directly
8
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
Notes
You cannot access anything beyond the router (network 192.168.1.0/24 and the
Internet), unless you do the one of the following:
a. Use source network address translation (masquerading) on the MikroTik
router to 'hide' your private LAN 192.168.10.0/24 (see the information
below), or
b. Add a static route on the ISP's gateway 192.168.1.1, which specifies the
host 192.168.1.1 as the gateway to network 192.168.1.0/24.
Then all hosts on the ISP's network, including the server, will be able to
communicate with the hosts on the LAN to set up routing, it is required that you
have some knowledge of configuring TCP/IP networks. We strongly recommend
that you obtain more knowledge, if you have difficulties configuring your network
setup.
9
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
2.6 Masquerading
If you want to 'hide' the private LAN 192.168.1.0/24 'behind' one address
192.168.1.1 given to you by the ISP, you should use the source network address
translation (masquerading) feature of the MikroTik router. Masquerading is
useful, if you want to access the ISP's network and the Internet appearing as all
requests coming from the host 192.168.1.1 of the ISP's network. The
masquerading will change the source IP address and port of the packets originated
from the network 192.168.1.0/24 to the address 192.168.1.1 of the router when the
packet is routed through it.
Masquerading conserves the number of global IP addresses required and it
lets the whole network use a single IP address in its communication with the
world. To use masquerading, a source NAT rule with action 'masquerade' should
be added to the firewall configuration:
2.7 NAT
Assume we have moved the server in our previous examples from the
public network to our local one:
The server's address is now 192.168.0.4, and we are running web server on
it that listens to the TCP port 80. We want to make it accessible from the Internet
at address:port 10.0.0.217:80. This can be done by means of Static Network
Address translation (NAT) at the MikroTik Router. The Public address:port
10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One
destination NAT rule is required for translating the destination address and port:
10
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
11
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
Example
In the following example the packet sniffer will be started and after some time -
stopped:
[admin@MikroTik] tool sniffer> start
[admin@MikroTik] tool sniffer> stop
Below the sniffed packets will be saved in the file named test:
[admin@MikroTik] tool sniffer> save file-name=test
[admin@MikroTik] tool sniffer> /file print
# NAME TYPE SIZE CREATION-TIME
0 test unknown 1350 apr/07/2003 16:01:52
12
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER III
ANALYSIS
13
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER IV
SPECIFICATION REQUIREMENT AND DESIGN
Available:
VIP Client : 10 Host
1. Hosts General Client : 12 Host
Admin : 2 Host
Print Room: 3 Device
2. Servers Web Server
The network should be easy
to install and configuration
2. Topology
Setting minimize bandwidth
at network
Provide connectivity across
computers running on
3. Network Protocol
different operating system
and of different configuration
4. Transmission Media Cable UTP Cat 5e
6. Bandwidth Speedy Office/Unlimited
Redhat Enterprise 4
7. Network Operating System Windows XP
MikroTik OS
9. Security Firewall in MikroTik
14
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
IP Sniffer
Chain IP
10. Router MikroTik OS 2.9
10. Cost Allocation for equipments Less Available
Based on the technical requirement, the enterprise will use the following
network components:
1. Network Topology
2. Network Cabling
4. Network Protocol
15
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
Web Server,
Firewall,
Router
General Printer
Admin VIP Client
Client Room
16
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
INTERNET
Firewall Enabled
Mikrotik Router
DNS, Web
Server
VIP Client
Admin Print
Room
General Client
17
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
11111111.11111111.11111111.00000000
11111111.11111111.11111111.11110000
New Subnet Mask >> 255.255.255.240
Block Per Subnet = 256-240
= 16 Block
Address Range = 192.168.10.0 - 192.168.10.15
192.168.10.16 - 192.168.10.31
192.168.10.32 - 192.168.10.47
192.168.10.48 - 192.168.10.63
.……..
3.3.2 IP Allocation
In a real implementation, Matrixatama has IP Allocation according the
Server or Department to make easy in security settings and privacy, also for
development phase in the next time. Here is the allocation.
Table of IP Allocation
No. Department/Server IP Address/Network ID
1. Web Server 192.168.1.4
2. Public IP Address 192.168.1.1
3. Router 192.168.1.1
4. Admin 192.168.10.49
5. VIP Client 192.168.10.6
6. General Client 192.168.10.18
7. Print Server 192.168.10.49
3.4 Routing
These routes show that IP packets with destination to 192.168.1.0/24
would be sent through the interface Public, whereas IP packets with destination to
192.168.10.0/28 would be sent through the interface Local. However, you need to
18
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
specify where the router should forward packets, which have destination other
than networks connected directly to the router
19
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
2. Firewall Filter
Home menu level: /ip firewall filter
Network firewalls keep outside threats away from sensitive data available
inside the network. Whenever different networks are joined together, there is
always a threat that someone from outside of your network will break into your
LAN.
Such break-ins may result in private data being stolen and distributed,
valuable data being altered or destroyed, or entire hard drives being erased.
Firewalls are used as a means of preventing or minimizing the security risks
inherent in connecting to other networks. Properly configured firewall plays a key
role in efficient and secure network infrastructure deployment
3. Filter Chain
As mentioned before, the firewall filtering rules are grouped together in
chains. It allows a packet to be matched against one common criterion in one
chain, and then passed over for processing against some other common criteria to
another chain.
IP Filter is connected with chain properties; chain can be divided in three
types that is chain input, chain forward, chain output. The packet from network to
the router called chain input, example do the SSH/remote to the router. Packets
that cross the interface router from and to the network called chain forward and
packets that out to the router interface called chain output.
20
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
Note: that the input chain does not affect packets which are being
transferred through the router.
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop Invalid connections"
add chain=input connection-state=established action=accept \
comment="Allow Established connections"
add chain=input protocol=udp action=accept \
comment="Allow UDP"
add chain=input protocol=icmp action=accept \
comment="Allow ICMP"
add chain=input src-address=192.168.0.0/24 action=accept \
comment="Allow access to router from known network"
add chain=input action=drop comment="Drop anything else"
21
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER V
IMPLEMENTATION AND TESTING
22
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
D. Hardware Specification
No. Hardware Unit Minimal Specification
23
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
24
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
25
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
press ―y” button again to real starting installation. Note: due to the
MikroTikOS will create auto partition; the all size of data in the drive
prepared will be erased absolutely.
4. After done the installation process, the system will require restart or
reboot computer, press Enter to restart.
5. If the installation had done well, it will appear the Login MikroTik. To
login, enter the username admin and you let the password blank, by
pressing twice Enter.
26
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
ip address print
Then do the testing by trying ping to the gateway or to the computer stored
in the LAN. If the result completed successfully, so the configuration is correct.
ping 192.168.1.1
ping 192.168.10.10
Routing is used to ensure the address allocated in the true path and route,
so in this case, gateway as the place on 192.168.1.1. It’s means that every packet
will across first via gateway in this address.
2. Setting DNS
Because we use the ISP from Speedy, so the DNS we use from Telkom,
but in this case we assume that the connection public IP 192.168.1. as the given
address by ISP.
Short for Domain Name System is an Internet service that translates
domain names into IP addresses. Because domain names are alphabetic, they are
easier to remember. The Internet however, is really based on IP addresses. Every
time you use a domain name, therefore, a DNS service must translate the name
into the corresponding IP address. For example, the domain name
www.yahoo.com might translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't
know how to translate a particular domain name, it asks another one, and so on,
until the correct IP address is returned.
27
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
4. Management Bandwidth
To all the computer clients in this LAN configuration is not taking
bandwidth each other, so we need the bandwidth management or bandwidth
control, so for simple configure we used simple queue in MikroTikOSTM:
5. Graphing
MikroTikOSTM has service of monitoring traffic as like MRTG. So we can
see how much packet aver the PC MikroTikOSTM.
tool graphing set store-every=5min
28
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
29
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
30
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
31
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
32
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
CHAPTER VI
CLOSING
3.1 Conclusion
After explaining about Matrixatama above, we can get some of the
conclusion for making sharpness in understanding the content and all about our
problem formulation. Here, one of them:
1. MikroTik RouterOSTM is an operating system that is used as network router
and becomes the cheap and smart solution to build a router PC was
founded by John Trully and Arnis Riekstins in Latvia in 1996 that used
combination of MS DOS and Linux kernel 2.2 and Wireless LAN Aeronet
2Mbps technology inside.
2. To configure the MikroTik router we need to set the Ethernet becomes
public and local, then set the given IP in each Ethernet 192.168.10.1/28 for
local and 192.168.1.1 for public.
3. Then router must set the default gateway in each subnet, to eliminate the
attachment that is 192.168.10.1, 192.168.10.17, 192.168.10.33,
192.168.10.47. Because we have four room in different subnet.
4. In winbox.exe we can set the bandwidth management, the VIP client has
256 Kbps for download, 64 Kbps for Client and Print Room, and
Unlimited for admin in winbox > queues.
5. To configure LAN we need routing to follow up the route to the best path
according the given rule in winbox > IP > routing tab.
3.2 Suggestion
Here we suggest when wants to built the same service ensure that all
requirements, costs are planned well. Then on the next arrangement of paper we
suggest explain more detail of process of securing the service in MikroTik, about
the other service given in MikroTik, because we just explain the connection and
bandwidth management.
33
Implementing MikroTik RouterOSTM in Matrixatama Warnet Company
BIBLIOGRAPHY
34