BUILDING INTERNET GATEWAY
(Build PC Router and Proxy Server)
With Mikrotik Router OS
Configuration options:
Configuration Server:
ISP SPEEDY:
IP: 192.168.1.1
Primary DNS: 202.134.1.10
Secondary DNS: 202.134.0.155
1. IP Internet (Public) = 192.168.1.2/26 (In accordance with the IP from the ISP)
2. IP LAN (Local) = 192.168.55.1//26
3. Gateway = 192.168.1.1 (In accordance with the IP from the ISP)
4. Primary DNS = 202.134.1.10
Secondary DNS = 202.134.0.155
Client configuration:
1. IP LAN = 192.168.55.2/26
2. Gateway = 192.168.55.1
3. Primary DNS = 202.134.1.10
Secondary DNS = 202.134.0.155
Proxy Server Configuration:
1. Port Proxy = 3128
2. Cache Manager = nama_administrator@studyitmudah.blogspot.com
3. Visible Host = Studyitmudah.blogspot.com
4. Transparent Proxy
5. Blocking Site = www.faacebook.com, www.yahoo.com
Router Configuration:
1. NAT = yes
Steps Configure Router Gateway Server
1. Configure IP Address Gateway Server Mikrotik
a) Looking at the interface / Ethernet installed:
[maestro @ TKJ-SDL]> interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-TX-RATE RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[maestro @ TKJ-SDL]> interface edit 0
value-name: name
[maestro @ TKJ-SDL]> interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-TX-RATE RATE MTU
0 R local ether 0 0 1500
1 R public ether 0 0 1500
Via winbox:
a) Setting IP Address
[maestro @ TKJ-SDL]> ip address add
Address: 192.168.1.2/26
Interface: public
[maestro @ TKJ-SDL]> ip address add address = 192.168.55.1 / 26 interface = local
[maestro @ TKJ-SDL]> ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS BROADCAST NETWORK INTERFACE
0 192.168.1.2/26 192.168.1.0 192.168.1.255 public
1 192.168.55.1/26 192.168.55.0 192.168.55.255 local
2. Provide Default Gateway
[maestro @ TKJ-SDL]> ip route add gateway = 192.168.1.1
To view gateway configuration
[maestro @ TKJ-SDL]> ip route print
Ping test to the gateway to ensure the configuration is correct
[maestro @ TKJ-SDL]> ping 192.168.1.1 (press enter)
3. Setup DNS (Name Server)
[maestro @ TKJ-SDL]> set dns servers ip = 202.134.1.10,202.134.0.155 allow-remote-requests = no
To view the DNS configuration
[maestro @ TKJ-SDL]> ip dns print (press enter)
Access test domain, for example by pinging the domain name
[maestro @ TKJ-SDL]> ping fecebook.com
4. Setup DHCP Server (Dynamic Host Configuration Protocol)
[admin @ Gateway]> ip dhcp-server setup
Select interface to run a DHCP server on
dhcp server interface: local
Select the network for DHCP addresses
dhcp address space: 192.168.55.0/26
Select gateway for given network
dhcp gateway for the network: 192.168.55.1
Select pool of IP addresses given out by the DHCP server
addresses to give out: 192.168.55.2-192.168.55.3
Select DNS servers
dns servers: 192.168.55.1
Select lease time
lease time: 00:20:00
[maestro @ TKJ-SDL]>
5. Setup Masquerading and transparency of proxy
a) A firewall nat
[maestro @ TKJ-SDL]> ip firewall nat add chain = srcnat action = masquerade out-interface = public
To view the configuration masquerading
[maestro @ TKJ-SDL]> ip nat firewall print
b) Setting transparency Proxy
[maestro @ TKJ-SDL]> ip proxy set enabled = yes
[maestro @ TKJ-SDL]> ip proxy sets of parent-proxy = 0.0.0.0 port = 3128 cache-administrators=abdul@studyitmudah.blogspot.com enabled = yes
To view the configuration Masquerading
[maestro @ TKJ-SDL]> ip proxy print
c) Setting the firewall for transparent proxy
[maestro @ TKJ-SDL]> ip firewall nat add chain = dstnat protocol = tcp dst-port = 80 action = redirect to-ports = 3128
6. Blocking Site
[maestro @ TKJ-SDL]> ip proxy access add action = deny disabled = no dst-
host = www.facebook.com
[maestro @ TKJ-SDL]> ip proxy access add action = deny disabled = no path = * porn * (blocking by name)
[maestro @ TKJ-SDL]> ip proxy access add action = deny disabled = no dst-host =: mail (e-mail blocking the search machine)
