This is my Mikrotik configuration that I have done some days
ago.
The
network design is like
image below.
Note :
· Mikrotik, have 2 interface. IP WAN (Public) : 1xx.9x.xx.xx/27 and the IP LAN:
10.17.123.5 & 10.17.123.6 And the version
of mikrotik is 5.20 version, level 6
· Hub or
switch unmanageable.
· Cacti : for making
graph of network
traffic. IP :
10.17.123.1
· Cisco, actually is
router, but there is
no NAT (Network Address
Translation).
So the function of Cisco is like just a bridge. IP 10.17.123.1
& 10.254.128.1
· Users,
there are many users, get IP address
from Cisco, 10.254.128.0/22 (DHCP).
My Mikrotik configuration is a
result from command
"export" in the new-terminal. Some
lines have deleted,
because it’s
not important. IP Public has
been changed etc…
(just
to make secure my network :) ). And I have changed the sequence of
lines to classify according to
the
goal. So
that you
can
easily understand.
Warning…!!!
If you
want to use my code configuration
of Mikrotik, please be careful.
Read the requirements
below.
1. You must understand the purpose
of the configuration that you take.
2. You should already understand
the risks you take. Failure to
do so may result in you being unable
to access to
the router or to access Internet.
3. I am
not responsible for your actions
to perform copy and
paste
my
code configuration.
Step 1.
Basic Mikrotik Configuration. Configuration the interface.
# feb/27/2014 11:31:59
by RouterOS 5.20
# software id = W5EY-LHT9
#
/interface ethernet
set 0 arp=enabled disable-running-check=yes disabled=no full-duplex=yes \
mtu=1500 name=WAN
speed=100Mbps
set 1 arp=enabled disable-running-check=yes disabled=no full-duplex=yes \
mtu=1500 name=LAN
speed=100Mbps
/ip address
add address=1xx.9x.xx.xx/27 disabled=no
interface=WAN network=1xx.9x.xx.xx
add
address=10.17.123.5/24 disabled=no interface=LAN network=10.17.123.0 add address=10.17.123.6/24 disabled=no interface=LAN network=10.17.123.0
I usually change the interface with
name WAN and LAN,
to make easy to remember
and configure later. There are 2 IP addresses
on the LAN interface.
IP address, 10.17.123.5 is gateway.
Users
client know
this IP (if they know how
to trace route the IP.), because this
IP as gateway.
IP address
10.17.123.6, just administrator know about
this
IP. Users/client not
need to know about this. This IP used to
access the Mikrotik port
80, to find out the network traffic.
Configure Route (Default
Gateway)
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1x.9x.xx.xx scope=\
30 target-scope=10
add disabled=no distance=1 dst-address=10.254.128.0/22 gateway=LAN scope=30 \
target-scope=10
“gateway = 1x.9x.xx.xx” is a gateway for my Public IP address.
Look at carefully, I add
network 10.254.128.0/22. This is the network of Users.
And just this network ID
that allowed to destination internet.
Configure NAT
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN src-
address=\
10.254.128.0/22
In
my
network design, Local area network
(LAN) have 2
network. Yeah… 10.17.123.0/24 and
10.254.128.0/22. But, for
my secure...
just network 10.254.128.0/22 to
be configured nat.
and allowed to destination
internet.
Configure IP DNS
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=8.8.8.8,8.8.4.4
At this point, the client should
be able internet. Test
ping
from the computer (make sure the client's IP address is
correct).
Users get IP address from Cisco, 10.254.128.0/22 (dhcp).
Do not continue with
next
stage, if this step
has not been successful.
No comments:
Post a Comment