Scribd Logo
Upload

Welcome to Scribd!

  • 49 views

    Materi Ukk TKJ 2019

    Uploaded by

    Willy Arifan
    1. The document discusses network topology and configuration of a MikroTik router to provide internet access and wireless connectivity. It includes steps to configure the WAN interface, DHCP, DNS, firewall rules, and wireless access point. 2. Instructions are provided to redirect requests for mikrotik.com to another website using static DNS entries and a web proxy on the router. Issues caused by protocol and port mismatches are analyzed. 3. Additional configuration steps include blocking ping requests from local devices to the router, and logging all access to the router firewall for monitoring.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    Materi Ukk TKJ 2019

    Uploaded by

    Willy Arifan
    49 views6 pages
    1. The document discusses network topology and configuration of a MikroTik router to provide internet access and wireless connectivity. It includes steps to configure the WAN interface, DHCP, DNS, firewall rules, and wireless access point. 2. Instructions are provided to redirect requests for mikrotik.com to another website using static DNS entries and a web proxy on the router. Issues caused by protocol and port mismatches are analyzed. 3. Additional configuration steps include blocking ping requests from local devices to the router, and logging all access to the router firewall for monitoring.

    Original Description:

    Pembahasan materi

    Original Title

    Materi Ukk Tkj 2019

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. The document discusses network topology and configuration of a MikroTik router to provide internet access and wireless connectivity. It includes steps to configure the WAN interface, DHCP, DNS, firewall rules, and wireless access point. 2. Instructions are provided to redirect requests for mikrotik.com to another website using static DNS entries and a web proxy on the router. Issues caused by protocol and port mismatches are analyzed. 3. Additional configuration steps include blocking ping requests from local devices to the router, and logging all access to the router firewall for monitoring.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    49 views6 pages

    Materi Ukk TKJ 2019

    Uploaded by

    Willy Arifan
    1. The document discusses network topology and configuration of a MikroTik router to provide internet access and wireless connectivity. It includes steps to configure the WAN interface, DHCP, DNS, firewall rules, and wireless access point. 2. Instructions are provided to redirect requests for mikrotik.com to another website using static DNS entries and a web proxy on the router. Issues caused by protocol and port mismatches are analyzed. 3. Additional configuration steps include blocking ping requests from local devices to the router, and logging all access to the router firewall for monitoring.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 6

    Pembahasan Materi UKK TKJ 2019 oleh tkj_smkn1kediri

    Topologi :

    Laptop --------->-Wireless(WLAN1)->-------> MIKROTIK RB-951 <-----<-ether1-<-----


    Internet
    ^
    |
    |
    |
    |
    ^
    Wired (ether2)
    ^
    |
    |
    |
    ^
    PC ( Komputer )

    ===================================================================================
    ====================
    ===================================================================================
    ====================

    Pembahasan :
    PC
    A. Konfigurasi Wifi Router Dan Ether1
    1. Sediakan koneksi Internet.
    2. tancapkan sumber internet(Kabel LAN) ke "ether1".
    3. Login Winbox
    4. Obtain IP address dari ISP.

    - masuk menu IP > DHCP Client > klik "+" > Interface : ether1 >
    langsung klik OK.

    5. Jika berhasil maka interface ether1 akan mendapatkan IP address dari


    internet.
    6. Setting DNS.

    - IP > DNS > centang "Allow Remote Requests" > OK.

    7. Setting NTP.

    - masuk menu System > SNTP Client > centang "enable" > Primary NTP
    Server : 52.166.120.77 > Apply > Ok.
    - 52.166.120.77 adalah server NTP microsoft windows
    ( time.windows.com )

    ===================================================================================
    ====================
    ===================================================================================
    ====================

    B. Ether2
    1. Hubungkan PC Komputer dengan Mikrotik menggunakan kabel LAN di "ether2".
    2. Setting IP di Ether2.
    - IP > Addresses > "+" > Address : 192.168.100.1/24 , Interface :
    ether2 > OK.

    3. Setting DHCP Server.


    - IP > DHCP Server > masuk tab DHCP > DHCP Setup > ...
    DHCP Server Interface : Ether2
    DHCP Address Space : 192.168.100.0/24
    Gateway for DHCP Network : 192.168.100.1
    Addresses to Give Out : 192.168.100.2-192.168.100.100
    DNS Server : 192.168.100.1
    Lease Time : Default (00:10:00)
    OK.

    4. Buat Firewall Masquerade supaya PC bisa terkoneksi dengan internet.


    - IP > Firewall > masuk tab NAT > klik "+" > ...
    masuk tab General > Chain : srcnat , src. address :
    192.168.100.0/24 , out-interface : ether1
    masuk tab Action > Action : masquerade

    5. Obtain IP address PC Komputer yang terhubung ke Ether2.


    - Win + R > cmd > Enter > ipconfig /renew
    perintah ipconfig /renew pada cmd digunakan untuk memperbarui IP
    address yang ada di Ethernet PC.

    6. sampai disini seharusnya PC (ether2) sudah bisa terkoneksi dengan


    internet. bisa testing dengan cara ping google di PC (ether2).

    //=================================================================================
    ===================================================================================
    ================================================================================
    //
    // 7. Static DNS : ketika akses ke http://www.mikrotik.com dialihkan ke website
    http://bnsp-indonesia.org . (PART 1 : Menganalisa Error)
    //
    // *NOTE : - untuk mengalihkan alamat http://www.mikrotik.com ke website
    http://bsnp-indonesia.org diperlukan adanya "duet" antara DNS Static dan Web Proxy
    Mikrotik.
    //
    // - Jika hanya mengandalkan DNS STATIC "SAJA" maka nantinya akan
    terjadi response error di Web Browser sbb :
    // *Error pada Microsoft Edge : Can�t connect securely to this
    page. This might be because the site uses outdated or unsafe TLS security settings.
    If this keeps happening, try contacting the website�s owner.
    // *Error pada Chrome : Situs ini tidak dapat menyediakan
    sambungan aman. mikrotik.com menggunakan protokol yang tidak didukung.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
    //
    // *Kemungkinan Penyebab Error :
    // > berdasarkan error yang ditampilkan maka saya menarik kesimpulan
    bahwa error terjadi karena :
    // -Ketidakcocokan "Protokol & Port" yg digunakan dimana
    website mikrotik.com menggunakan protokol "HTTPS serta Port 443" dan website bsnp-
    indonesia.org menggunakan protokol "HTTP serta Port 80".
    // hal ini menjadi error karena pada saat server
    mentranslasikan DNS mikrotik.com ke alamat IP bsnp-indonesia.org(104.18.49.30) maka
    akan menimbulkan ketidakcocokan sehingga Browser menjadi Error.
    //
    // > kemungkinan ke-2 yaitu karena website bsnp-indonesia.org
    menggunakan banyak IP address dalam 1 nameserver.
    // -Hal ini bisa dilihat dengan menggunakan perintah nslookup
    pada cmd, dan berikut adalah hasilnya :
    //
    // C:\Users\Ibnu Ai>nslookup bsnp-indonesia.org
    // Server: UnKnown
    // Address: 192.168.100.1
    //
    // Non-authoritative answer:
    // Name: bsnp-indonesia.org
    // Addresses: 2606:4700:30::6812:311e
    // 2606:4700:30::6812:301e
    // 104.18.48.30
    // 104.18.49.30
    //
    //
    // *SOLUSI ERROR yang terjadi :
    // > Solusi yang tepat adalah dengan mengikutsertakan web Proxy
    mikrotik untuk mengalihkan website mikrotik.com ke bsnp-indonesia.org
    // - solusi ini sudah saya test dan hasilnya BISA.
    //
    //
    //=================================================================================
    ===================================================================================
    ================================================================================

    7. Static DNS : ketika akses ke http://www.mikrotik.com dialihkan ke website


    http://bnsp-indonesia.org .(PART 2 : Pembahasan DNS STATIC)
    - menu IP > DNS > Static > klik "+" > Name : mikrotik.com , Address :
    104.18.49.30 > OK.
    - -----------------------> klik "+" > Name : www.mikrotik.com , Address
    : 104.18.49.30 > OK.
    - OK.

    8. Setting Web Proxy Mikrotik.


    - IP > Web Proxy > centang "Enabled" > Cache Administrator :
    nama_peserta@sekolah.sch.id > centang "cache on disk" > Access > klik "+" > Src.
    Address : 192.168.100.0/24 > Dst. Host : mikrotik.com , Action : Deny , Redirect To
    : bsnp-indonesia.org > OK.
    -
    -----------------------------------------------------------------------------------
    ---------------------------------------> klik "+" > Src. Address : 192.168.100.0/24
    > Dst. Host : www.mikrotik.com , Action : Deny , Redirect To : bsnp-indonesia.org >
    OK.
    - OK.
    - OK.

    9. Setting Firewall supaya Web Proxy bisa Transparent.


    - menu Firewall > masuk Tab NAT > klik "+" > ...
    masuk Tab General > Chain : dstnat ,Protocol : tcp , Dst. Port :
    80 .
    masuk Tab Action > Action : redirect , To Ports : 8080 > OK.
    10. Testing.
    - Sebelum testing DNS biasakan Clear cache terlebih dahulu, cache DNS
    resolver maupun History Browser.
    *Clear cache DNS Mikrotik :
    IP > DNS > Cache > Flush Cache.
    *Clear Cache resolver Windows :
    Win + R > cmd > Enter > ipconfig /flushdns
    *Clear Cache Web Browser(tergantung browser masing-masing yaa) :
    11. Seharusnya sampai disini Website mikrotik.com sudah teralihkan ke website
    bsnp-indonesia.org

    ===================================================================================
    ===============================================================

    12. Buat firewall agar IP 192.168.100.2-192.168.100.50 tidak dapat ping ke


    router.
    - IP > Firewall > masuk Tab Filter Rules > klik "+" > ...
    masuk tab General > Chain : input , src. Address : 192.168.100.2-
    192.168.100.50 , Dst. Address : 192.168.100.1 , Protocol : icmp , In. Interface :
    ether2
    masuk tab Action > Action > Drop.
    OK

    masuk tab General > Chain : input , src. Address : 192.168.100.2-


    192.168.100.50 , Dst. Address : 192.168.200.1 , Protocol : icmp , In. Interface :
    ether2
    masuk tab Action > Action > Drop.
    OK

    masuk tab General > Chain : input , src. Address : 192.168.100.2-


    192.168.100.50 , Dst. Address : 10.40.40.254 , Protocol : icmp , In. Interface :
    ether2
    masuk tab Action > Action > Drop.
    OK

    *keterangan : disini saya membuat 3 rules karena nantinya


    Mikrotik akan memiliki 3 IP. yang pertama yaitu IP gateway Ether2, kedua IP Gateway
    WLAN, dan ketiga yaitu IP dari Internet (10.40.40.1).

    ===================================================================================
    ===============================================================

    13. Buat rule agar setiap akses ke router tercatat di logging ( padahal
    defaultnya semua sudah tercatat di Log, tapi masih disuruh membuat Rule lagi, tapi
    tidak apa" kita turuti saja maunya Soal UKK satu ini. )
    - IP > Firewall > masuk tab Filter Rules > klik "+" > ...
    masuk tab General > Chain : Input
    masuk tab Action > Action : Log > centang "log" > Log Prefix :
    Akses

    *Note : untuk Log Prefix bebas mau diisi apa, ini hanya sebuah prefix
    saja.
    ===================================================================================
    ===============================================================

    14. Buat rule filter yang mengijinkan permintaan "HTTP" dan "HTTPS" dari
    CLIENT network ke Internet
    *Soal ini maksudnya yaitu, kita hanya boleh mengakses protokol HTTP dan
    HTTPS (browsing) saja melalui ether2.

    - menu IP > Firewall > masuk tab Filter Rules > klik "+" > ...
    masuk tab General > Chain : forward , Src. Address :
    192.168.100.0/24 , Protocol : tcp , Dst.Port : (Not)!80,443
    masuk tab Action > Drop > OK.

    -testing
    web browser -> snmptn.ac.id:3000
    jika rule berhasil, maka situs tidak akan bisa dijangkau. supaya
    lebih yakin gunakan teknik befor after dengan menonaktifkan rule firewal kemudian
    test ulang.

    ===================================================================================
    ==============================================================

    C. WLAN (WLAN1---Laptop)

    1. IP WLAN 1 = 192.168.200.1/24
    - menu IP > Addresses > klik "+" > Address : 192.168.200.1/24 >
    interface : WLAN1 > OK.
    IP address akan berwarna merah karena interface wlan belum
    aktif/enable.
    ===================================================================================
    =========================
    2. SSID = nama_peserta@Proxy
    - menu Wireless > klik 2x Wlan1 > ...
    masuk tab Wireless > mode : AP Bridge > SSID : nama_peserta@Proxy
    > Enable > OK
    ===================================================================================
    =========================

    3. DHCP Pool = 192.168.200.2-192.168.200.100


    - IP > DHCP Server > masuk tab DHCP > DHCP Setup > ...
    DHCP Server Interface : Wlan1
    DHCP Address Space : 192.168.200.0/24
    Gateway for DHCP Network : 192.168.200.1
    Addresses to Give Out : 192.168.200.2-192.168.200.100
    DNS Server : 10.40.40.1, 8.8.8.8
    Lease Time : Default (00:10:00)
    OK.

    *NOTE :
    -perhatikan pada bagian DNS Server, disitu saya menggunakan DNS
    ISP dan OPEN DNS Google, karena jika saya menggunakan DNS Mikrotik Internal maka
    koneksi pada WLAN akan ikut teralihkan saat mengakses website mikrotik.com.
    - DHCP Server akan berwarna merah karena belum ada user yang
    terhubung.

    ===================================================================================
    =========================

    4. Blocking Site = http://www.linux.or.id ,Blocking File = .mp3, .mkv

    - IP > Web Proxy > Access > klik "+" > Src. Address :
    192.168.200.0/24 , Dst. Host : linux.or.id , Action : Deny > OK.

    ---------------------------------------------------------------------, Dst. Host :


    www.linux.or.id ------------> OK.

    - IP > Web Proxy > Access > klik "+" > Src. Address :
    192.168.200.0/24 , Path : *.mp3 , Action : Deny > OK.

    ---------------------------------------------------------------------, Path : *.mkv


    ----------------> OK.

    ===================================================================================
    =========================
    5. Blocking Content = Block setiap konten yg mengandung kata �mikrotik�

    - menu IP > Firewall > masuk tab Filter Rules > klik "+" > ...
    masuk tab General > Chain : forward , Src. Address :
    192.168.200.0/24 , In. Interface : Wlan1
    masuk tab Advanced > Content : mikrotik
    masuk tab Action > Action : drop
    OK.
    ===================================================================================
    ========================

    6. Buat firewall yang memblokir akses internet melalui jalur wireless mulai
    pukul 19:00 (malam)� 07:00 (pagi).
    *Logika, jika internet mati pada jam 19.00(malam) - 07.00(pagi) berarti
    internet akan nyala pada "jam 07.01(pagi)-18.59(malam)"

    - menu IP > Firewall > masuk tab NAT > klik "+" > ...
    masuk tab General > Chain : srcnat > Src. Address :
    192.168.200.0/24 , Out. Interface : ether1
    masuk tab Extra > Time > Time : 00:07:01 - 18:59:00
    masuk tab Action > Action : masquerade
    OK.

    ===================================================================================
    =========================

    You might also like