by k3c04k2000

Tujuan :

  • Memperkecil delay ping dari sisi klien ke arah Internet.
  • Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

  1. Memanipulasi Type of Service untuk ICMP Packet :
    > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
    > ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
    > ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
  2. Memanipulasi Type of Service untuk DNS Resolving :
    > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
    > ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
    > ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
    > ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
  3. Menambahkan Queue Type :
    > queue type add name="PFIFO-64" kind=pfifo pfifo-limit=64
  4. Mengalokasikan Bandwidth untuk ICMP Packet :
    > queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
  5. Mengalokasikan Bandwidth untuk DNS Resolving :
    > queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
  6. Good Luck!!

/ip firewall filter
add chain=virus protocol=udp action=drop dst-port=1 comment=”Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=2 comment=”Death”
add chain=virus protocol=tcp action=drop dst-port=20 comment=”Senna Spy FTP server”
add chain=virus protocol=tcp action=drop dst-port=21 comment=”Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash”
add chain=virus protocol=tcp action=drop dst-port=22 comment=”Shaft”
add chain=virus protocol=tcp action=drop dst-port=23 comment=”Fire HacKer, Tiny Telnet Server TTS, Truva Atl”
add chain=virus protocol=tcp action=drop dst-port=25 comment=”Ajan, Antigen, Barok, Email Password Sender EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy”
add chain=virus protocol=tcp action=drop dst-port=30 comment=”Agent 40421″
add chain=virus protocol=tcp action=drop dst-port=31 comment=”Agent 31, Hackers Paradise, Masters Paradise”
add chain=virus protocol=tcp action=drop dst-port=41 comment=”Deep Throat, Foreplay”
add chain=virus protocol=tcp action=drop dst-port=48 comment=”DRAT”
add chain=virus protocol=tcp action=drop dst-port=50 comment=”DRAT”
add chain=virus protocol=tcp action=drop dst-port=58 comment=”DMSetup”
add chain=virus protocol=tcp action=drop dst-port=59 comment=”DMSetup”
add chain=virus protocol=tcp action=drop dst-port=79 comment=”CDK, Firehotcker”
add chain=virus protocol=tcp action=drop dst-port=80 comment=”711 trojan, Seven Eleven, AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, Executor, God Message, God Message Creator, Hooker, IISworm, MTX, NCX, Reverse WWW Tunnel Backdoor, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader”
add chain=virus protocol=tcp action=drop dst-port=81 comment=”RemoConChubo”
add chain=virus protocol=tcp action=drop dst-port=99 comment=”Hidden Port, NCX”
add chain=virus protocol=tcp action=drop dst-port=110 comment=”ProMail trojan”
add chain=virus protocol=tcp action=drop dst-port=113 comment=”Invisible Identd Deamon, Kazimas”
add chain=virus protocol=tcp action=drop dst-port=119 comment=”Happy99″
add chain=virus protocol=tcp action=drop dst-port=121 comment=”Attack Bot, God Message, JammerKillah”
add chain=virus protocol=tcp action=drop dst-port=123 comment=”Net Controller”
add chain=virus protocol=tcp action=drop dst-port=133 comment=”Farnaz”
add chain=virus protocol=tcp action=drop dst-port=135-139 comment=”Blaster worm”
add chain=virus protocol=udp action=drop dst-port=135-139 comment=”messenger worm
add chain=virus protocol=tcp action=drop dst-port=142 comment=”NetTaxi”
add chain=virus protocol=tcp action=drop dst-port=146 comment=”Infector”
add chain=virus protocol=udp action=drop dst-port=146 comment=”Infector”
add chain=virus protocol=tcp action=drop dst-port=170 comment=”A-trojan”
add chain=virus protocol=tcp action=drop dst-port=334 comment=”Backage”
add chain=virus protocol=tcp action=drop dst-port=411 comment=”Backage”
add chain=virus protocol=tcp action=drop dst-port=420 comment=”Breach, Incognito”
add chain=virus protocol=tcp action=drop dst-port=421 comment=”TCP Wrappers trojan”
add chain=virus protocol=tcp action=drop dst-port=445 comment=”Blaster worm
add chain=virus protocol=udp action=drop dst-port=445 comment=”Blaster worm
add chain=virus protocol=tcp action=drop dst-port=455 comment=”Fatal Connections”
add chain=virus protocol=tcp action=drop dst-port=456 comment=”Hackers Paradise”
add chain=virus protocol=tcp action=drop dst-port=513 comment=”Grlogin”
add chain=virus protocol=tcp action=drop dst-port=514 comment=”RPC Backdoor”
add chain=virus protocol=tcp action=drop dst-port=531 comment=”Net666, Rasmin”
add chain=virus protocol=tcp action=drop dst-port=555 comment=”711 trojan, Seven Eleven, Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy”
add chain=virus protocol=tcp action=drop dst-port=605 comment=”Secret Service”
add chain=virus protocol=tcp action=drop dst-port=666 comment=”Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3rz Therippers”
add chain=virus protocol=tcp action=drop dst-port=667 comment=”SniperNet”
add chain=virus protocol=tcp action=drop dst-port=669 comment=”DP trojan”
add chain=virus protocol=tcp action=drop dst-port=692 comment=”GayOL”
add chain=virus protocol=tcp action=drop dst-port=777 comment=”AimSpy, Undetected”
add chain=virus protocol=tcp action=drop dst-port=808 comment=”WinHole”
add chain=virus protocol=tcp action=drop dst-port=911 comment=”Dark Shadow”
add chain=virus protocol=tcp action=drop dst-port=999 comment=”Deep Throat, Foreplay, WinSatan”
add chain=virus protocol=tcp action=drop dst-port=1000 comment=”Der Spaeher, Direct Connection”
add chain=virus protocol=tcp action=drop dst-port=1001 comment=”Der Spaeher, Le Guardien, Silencer, WebEx”
add chain=virus protocol=tcp action=drop dst-port=1010-1016 comment=”Doly Trojan”
add chain=virus protocol=tcp action=drop dst-port=1020 comment=”Vampire”
add chain=virus protocol=tcp action=drop dst-port=1024 comment=”Jade, Latinus, NetSpy”
add chain=virus protocol=tcp action=drop dst-port=1025 comment=”Remote Storm”
add chain=virus protocol=udp action=drop dst-port=1025 comment=”Remote Storm”
add chain=virus protocol=tcp action=drop dst-port=1035 comment=”Multidropper”
add chain=virus protocol=tcp action=drop dst-port=1042 comment=”BLA trojan”
add chain=virus protocol=tcp action=drop dst-port=1045 comment=”Rasmin”
add chain=virus protocol=tcp action=drop dst-port=1049 comment=”sbin initd”
add chain=virus protocol=tcp action=drop dst-port=1050 comment=”MiniCommand”
add chain=virus protocol=tcp action=drop dst-port=1053 comment=”The Thief”
add chain=virus protocol=tcp action=drop dst-port=1054 comment=”AckCmd”
add chain=virus protocol=tcp action=drop dst-port=1080-1083 comment=”WinHole”
add chain=virus protocol=tcp action=drop dst-port=1090 comment=”Xtreme”
add chain=virus protocol=tcp action=drop dst-port=1095-1098 comment=”Remote Administration Tool RAT”
add chain=virus protocol=tcp action=drop dst-port=1099 comment=”Blood Fest Evolution, Remote Administration Tool RAT”
add chain=virus protocol=tcp action=drop dst-port=1150-1151 comment=”Orion”
add chain=virus protocol=tcp action=drop dst-port=1170 comment=”Psyber Stream Server PSS, Streaming Audio Server, Voice”
add chain=virus protocol=udp action=drop dst-port=1200-1201 comment=”NoBackO”
add chain=virus protocol=tcp action=drop dst-port=1207 comment=”SoftWAR”
add chain=virus protocol=tcp action=drop dst-port=1208 comment=”Infector”
add chain=virus protocol=tcp action=drop dst-port=1212 comment=”Kaos”
add chain=virus protocol=tcp action=drop dst-port=1234 comment=”SubSeven Java client, Ultors Trojan”
add chain=virus protocol=tcp action=drop dst-port=1243 comment=”BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles”
add chain=virus protocol=tcp action=drop dst-port=1245 comment=”VooDoo Doll”
add chain=virus protocol=tcp action=drop dst-port=1255 comment=”Scarab”
add chain=virus protocol=tcp action=drop dst-port=1256 comment=”Project nEXT”
add chain=virus protocol=tcp action=drop dst-port=1269 comment=”Matrix”
add chain=virus protocol=tcp action=drop dst-port=1272 comment=”The Matrix”
add chain=virus protocol=tcp action=drop dst-port=1313 comment=”NETrojan”
add chain=virus protocol=tcp action=drop dst-port=1338 comment=”Millenium Worm”
add chain=virus protocol=tcp action=drop dst-port=1349 comment=”Bo dll”
add chain=virus protocol=tcp action=drop dst-port=1394 comment=”GoFriller, Backdoor G-1″
add chain=virus protocol=tcp action=drop dst-port=1441 comment=”Remote Storm”
add chain=virus protocol=tcp action=drop dst-port=1492 comment=”FTP99CMP”
add chain=virus protocol=tcp action=drop dst-port=1524 comment=”Trinoo”
add chain=virus protocol=tcp action=drop dst-port=1568 comment=”Remote Hack”
add chain=virus protocol=tcp action=drop dst-port=1600 comment=”Direct Connection, Shivka-Burka”
add chain=virus protocol=tcp action=drop dst-port=1703 comment=”Exploiter”
add chain=virus protocol=tcp action=drop dst-port=1777 comment=”Scarab”
add chain=virus protocol=tcp action=drop dst-port=1807 comment=”SpySender”
add chain=virus protocol=tcp action=drop dst-port=1966 comment=”Fake FTP”
add chain=virus protocol=tcp action=drop dst-port=1967 comment=”WM FTP Server”
add chain=virus protocol=tcp action=drop dst-port=1969 comment=”OpC BO”
add chain=virus protocol=tcp action=drop dst-port=1981 comment=”Bowl, Shockrave”
add chain=virus protocol=tcp action=drop dst-port=1999 comment=”Back Door, SubSeven, TransScout”
add chain=virus protocol=tcp action=drop dst-port=2000 comment=”Der Spaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator”
add chain=virus protocol=tcp action=drop dst-port=2001 comment=”Der Spaeher, Trojan Cow”
add chain=virus protocol=tcp action=drop dst-port=2023 comment=”Ripper Pro”
add chain=virus protocol=tcp action=drop dst-port=2080 comment=”WinHole”
add chain=virus protocol=tcp action=drop dst-port=2115 comment=”Bugs”
add chain=virus protocol=udp action=drop dst-port=2130 comment=”Mini Backlash”
add chain=virus protocol=tcp action=drop dst-port=2140 comment=”The Invasor”
add chain=virus protocol=udp action=drop dst-port=2140 comment=”Deep Throat, Foreplay”
add chain=virus protocol=tcp action=drop dst-port=2155 comment=”Illusion Mailer”
add chain=virus protocol=tcp action=drop dst-port=2255 comment=”Nirvana”
add chain=virus protocol=tcp action=drop dst-port=2283 comment=”Hvl RAT”
add chain=virus protocol=tcp action=drop dst-port=2300 comment=”Xplorer”
add chain=virus protocol=tcp action=drop dst-port=2311 comment=”Studio 54″
add chain=virus protocol=tcp action=drop dst-port=2330-2339 comment=”Contact”
add chain=virus protocol=udp action=drop dst-port=2339 comment=”Voice Spy”
add chain=virus protocol=tcp action=drop dst-port=2345 comment=”Doly Trojan”
add chain=virus protocol=tcp action=drop dst-port=2565 comment=”Striker trojan”
add chain=virus protocol=tcp action=drop dst-port=2583 comment=”WinCrash”
add chain=virus protocol=tcp action=drop dst-port=2600 comment=”Digital RootBeer”
add chain=virus protocol=tcp action=drop dst-port=2716 comment=”The Prayer”
add chain=virus protocol=tcp action=drop dst-port=2773-2774 comment=”SubSeven, SubSeven 2.1 Gold”
add chain=virus protocol=tcp action=drop dst-port=2801 comment=”Phineas Phucker”
add chain=virus protocol=udp action=drop dst-port=2989 comment=”Remote Administration Tool RAT”
add chain=virus protocol=tcp action=drop dst-port=3000 comment=”Remote Shut”
add chain=virus protocol=tcp action=drop dst-port=3024 comment=”WinCrash”
add chain=virus protocol=tcp action=drop dst-port=3031 comment=”Microspy”
add chain=virus protocol=tcp action=drop dst-port=3128 comment=”Reverse WWW Tunnel Backdoor, RingZero”
add chain=virus protocol=tcp action=drop dst-port=3129 comment=”Masters Paradise”
add chain=virus protocol=tcp action=drop dst-port=3150 comment=”The Invasor”
add chain=virus protocol=udp action=drop dst-port=3150 comment=”Deep Throat, Foreplay, Mini Backlash”
add chain=virus protocol=tcp action=drop dst-port=3456 comment=”Terror trojan”
add chain=virus protocol=tcp action=drop dst-port=3459 comment=”Eclipse 2000, Sanctuary”
add chain=virus protocol=tcp action=drop dst-port=3700 comment=”Portal of Doom”
add chain=virus protocol=tcp action=drop dst-port=3777 comment=”PsychWard”
add chain=virus protocol=tcp action=drop dst-port=3791-3801 comment=”Total Solar Eclypse”
add chain=virus protocol=tcp action=drop dst-port=4000 comment=”SkyDance”
add chain=virus protocol=tcp action=drop dst-port=4092 comment=”WinCrash”
add chain=virus protocol=tcp action=drop dst-port=4242 comment=”Virtual Hacking Machine VHM”
add chain=virus protocol=tcp action=drop dst-port=4321 comment=”BoBo”
add chain=virus protocol=tcp action=drop dst-port=4444 comment=”Prosiak, Swift Remote”
add chain=virus protocol=tcp action=drop dst-port=4567 comment=”File Nail”
add chain=virus protocol=tcp action=drop dst-port=4590 comment=”ICQ Trojan”
add chain=virus protocol=tcp action=drop dst-port=4950 comment=”ICQ Trogen Lm”
add chain=virus protocol=tcp action=drop dst-port=5000 comment=”Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=5001 comment=”Back Door Setup, Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=5002 comment=”cd00r, Shaft”
add chain=virus protocol=tcp action=drop dst-port=5010 comment=”Solo”
add chain=virus protocol=tcp action=drop dst-port=5011 comment=”One of the Last Trojans OOTLT, One of the Last Trojans OOTLT, modified”
add chain=virus protocol=tcp action=drop dst-port=5025 comment=”WM Remote KeyLogger”
add chain=virus protocol=tcp action=drop dst-port=5031-5032 comment=”Net Metropolitan”
add chain=virus protocol=tcp action=drop dst-port=5321 comment=”Firehotcker”
add chain=virus protocol=tcp action=drop dst-port=5333 comment=”Backage, NetDemon”
add chain=virus protocol=tcp action=drop dst-port=5343 comment=”wCrat WC Remote Administration Tool”
add chain=virus protocol=tcp action=drop dst-port=5400-5402 comment=”Back Construction, Blade Runner”
add chain=virus protocol=tcp action=drop dst-port=5512 comment=”Illusion Mailer”
add chain=virus protocol=tcp action=drop dst-port=5534 comment=”The Flu”
add chain=virus protocol=tcp action=drop dst-port=5550 comment=”Xtcp”
add chain=virus protocol=tcp action=drop dst-port=5555 comment=”ServeMe”
add chain=virus protocol=tcp action=drop dst-port=5556-5557 comment=”BO Facil”
add chain=virus protocol=tcp action=drop dst-port=5569 comment=”Robo-Hack”
add chain=virus protocol=tcp action=drop dst-port=5637-5638 comment=”PC Crasher”
add chain=virus protocol=tcp action=drop dst-port=5742 comment=”WinCrash”
add chain=virus protocol=tcp action=drop dst-port=5760 comment=”Portmap Remote Root Linux Exploit”
add chain=virus protocol=tcp action=drop dst-port=5880-5889 comment=”Y3K RAT”
add chain=virus protocol=tcp action=drop dst-port=6000 comment=”The Thing”
add chain=virus protocol=tcp action=drop dst-port=6006 comment=”Bad Blood”
add chain=virus protocol=tcp action=drop dst-port=6272 comment=”Secret Service”
add chain=virus protocol=tcp action=drop dst-port=6400 comment=”The Thing”
add chain=virus protocol=tcp action=drop dst-port=6661 comment=”TEMan, Weia-Meia”
add chain=virus protocol=tcp action=drop dst-port=6666 comment=”Dark Connection Inside, NetBus worm”
add chain=virus protocol=tcp action=drop dst-port=6667 comment=”Dark FTP, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, Trinity, WinSatan”
add chain=virus protocol=tcp action=drop dst-port=6669 comment=”Host Control, Vampire”
add chain=virus protocol=tcp action=drop dst-port=6670 comment=”BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame”
add chain=virus protocol=tcp action=drop dst-port=6711 comment=”BackDoor-G, SubSeven, VP Killer”
add chain=virus protocol=tcp action=drop dst-port=6712 comment=”Funny trojan, SubSeven”
add chain=virus protocol=tcp action=drop dst-port=6713 comment=”SubSeven”
add chain=virus protocol=tcp action=drop dst-port=6723 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=6771 comment=”Deep Throat, Foreplay”
add chain=virus protocol=tcp action=drop dst-port=6776 comment=”2000 Cracks, BackDoor-G, SubSeven, VP Killer”
add chain=virus protocol=udp action=drop dst-port=6838 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=6883 comment=”Delta Source DarkStar”
add chain=virus protocol=tcp action=drop dst-port=6912 comment=”Shit Heep”
add chain=virus protocol=tcp action=drop dst-port=6939 comment=”Indoctrination”
add chain=virus protocol=tcp action=drop dst-port=6969-6970 comment=”GateCrasher, IRC 3, Net Controller, Priority”
add chain=virus protocol=tcp action=drop dst-port=7000 comment=”Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold”
add chain=virus protocol=tcp action=drop dst-port=7001 comment=”Freak88, Freak2k”
add chain=virus protocol=tcp action=drop dst-port=7215 comment=”SubSeven, SubSeven 2.1 Gold”
add chain=virus protocol=tcp action=drop dst-port=7300-7308 comment=”NetMonitor”
add chain=virus protocol=tcp action=drop dst-port=7424 comment=”Host Control”
add chain=virus protocol=udp action=drop dst-port=7424 comment=”Host Control”
add chain=virus protocol=tcp action=drop dst-port=7597 comment=”Qaz”
add chain=virus protocol=tcp action=drop dst-port=7626 comment=”Glacier”
add chain=virus protocol=tcp action=drop dst-port=7777 comment=”God Message, Tini”
add chain=virus protocol=tcp action=drop dst-port=7789 comment=”Back Door Setup, ICKiller”
add chain=virus protocol=tcp action=drop dst-port=7891 comment=”The ReVeNgEr”
add chain=virus protocol=tcp action=drop dst-port=7983 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=8787 comment=”Back Orifice 2000″
add chain=virus protocol=tcp action=drop dst-port=8988 comment=”BacHack”
add chain=virus protocol=tcp action=drop dst-port=8989 comment=”Rcon, Recon, Xcon”
add chain=virus protocol=tcp action=drop dst-port=9000 comment=”Netministrator”
add chain=virus protocol=udp action=drop dst-port=9325 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=9400 comment=”InCommand”
add chain=virus protocol=tcp action=drop dst-port=9872-9875 comment=”Portal of Doom”
add chain=virus protocol=tcp action=drop dst-port=9876 comment=”Cyber Attacker, Rux”
add chain=virus protocol=tcp action=drop dst-port=9878 comment=”TransScout”
add chain=virus protocol=tcp action=drop dst-port=9989 comment=”Ini-Killer”
add chain=virus protocol=tcp action=drop dst-port=9999 comment=”The Prayer”
add chain=virus protocol=tcp action=drop dst-port=10000-10005 comment=”OpwinTRojan”
add chain=virus protocol=udp action=drop dst-port=10067 comment=”Portal of Doom”
add chain=virus protocol=tcp action=drop dst-port=10085-10086 comment=”Syphillis”
add chain=virus protocol=tcp action=drop dst-port=10100 comment=”Control Total, Gift trojan”
add chain=virus protocol=tcp action=drop dst-port=10101 comment=”BrainSpy, Silencer”
add chain=virus protocol=udp action=drop dst-port=10167 comment=”Portal of Doom”
add chain=virus protocol=tcp action=drop dst-port=10520 comment=”Acid Shivers”
add chain=virus protocol=tcp action=drop dst-port=10528 comment=”Host Control”
add chain=virus protocol=tcp action=drop dst-port=10607 comment=”Coma”
add chain=virus protocol=udp action=drop dst-port=10666 comment=”Ambush”
add chain=virus protocol=tcp action=drop dst-port=11000 comment=”Senna Spy Trojan Generator”
add chain=virus protocol=tcp action=drop dst-port=11050-11051 comment=”Host Control”
add chain=virus protocol=tcp action=drop dst-port=11223 comment=”Progenic trojan, Secret Agent”
add chain=virus protocol=tcp action=drop dst-port=12076 comment=”Gjamer”
add chain=virus protocol=tcp action=drop dst-port=12223 comment=”Hack´99 KeyLogger”
add chain=virus protocol=tcp action=drop dst-port=12345 comment=”Ashley, cron  crontab, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill”
add chain=virus protocol=tcp action=drop dst-port=12346 comment=”Fat Bitch trojan, GabanBus, NetBus, X-bill”
add chain=virus protocol=tcp action=drop dst-port=12349 comment=”BioNet”
add chain=virus protocol=tcp action=drop dst-port=12361-12363 comment=”Whack-a-mole”
add chain=virus protocol=udp action=drop dst-port=12623 comment=”DUN Control”
add chain=virus protocol=tcp action=drop dst-port=12624 comment=”ButtMan”
add chain=virus protocol=tcp action=drop dst-port=12631 comment=”Whack Job”
add chain=virus protocol=tcp action=drop dst-port=12754 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=13000 comment=”Senna Spy Trojan Generator, Senna Spy Trojan Generator”
add chain=virus protocol=tcp action=drop dst-port=13010 comment=”Hacker Brasil HBR”
add chain=virus protocol=tcp action=drop dst-port=13013-13014 comment=”PsychWard”
add chain=virus protocol=tcp action=drop dst-port=13223 comment=”Hack´99 KeyLogger”
add chain=virus protocol=tcp action=drop dst-port=13473 comment=”Chupacabra”
add chain=virus protocol=tcp action=drop dst-port=14500-14503 comment=”PC Invader”
add chain=virus protocol=tcp action=drop dst-port=15000 comment=”NetDemon”
add chain=virus protocol=tcp action=drop dst-port=15092 comment=”Host Control”
add chain=virus protocol=tcp action=drop dst-port=15104 comment=”Mstream”
add chain=virus protocol=tcp action=drop dst-port=15382 comment=”SubZero”
add chain=virus protocol=tcp action=drop dst-port=15858 comment=”CDK”
add chain=virus protocol=tcp action=drop dst-port=16484 comment=”Mosucker”
add chain=virus protocol=tcp action=drop dst-port=16660 comment=”Stacheldraht”
add chain=virus protocol=tcp action=drop dst-port=16772 comment=”ICQ Revenge”
add chain=virus protocol=tcp action=drop dst-port=16959 comment=”SubSeven, Subseven 2.1.4 DefCon 8″
add chain=virus protocol=tcp action=drop dst-port=16969 comment=”Priority”
add chain=virus protocol=tcp action=drop dst-port=17166 comment=”Mosaic”
add chain=virus protocol=tcp action=drop dst-port=17300 comment=”Kuang2 the virus”
add chain=virus protocol=tcp action=drop dst-port=17449 comment=”Kid Terror”
add chain=virus protocol=tcp action=drop dst-port=17499-17500 comment=”CrazzyNet”
add chain=virus protocol=tcp action=drop dst-port=17569 comment=”Infector”
add chain=virus protocol=tcp action=drop dst-port=17593 comment=”Audiodoor”
add chain=virus protocol=tcp action=drop dst-port=17777 comment=”Nephron”
add chain=virus protocol=udp action=drop dst-port=18753 comment=”Shaft”
add chain=virus protocol=tcp action=drop dst-port=19864 comment=”ICQ Revenge”
add chain=virus protocol=tcp action=drop dst-port=20000 comment=”Millenium”
add chain=virus protocol=tcp action=drop dst-port=20001 comment=”Millenium, Millenium Lm”
add chain=virus protocol=tcp action=drop dst-port=20002 comment=”AcidkoR”
add chain=virus protocol=tcp action=drop dst-port=20005 comment=”Mosucker”
add chain=virus protocol=tcp action=drop dst-port=20023 comment=”VP Killer”
add chain=virus protocol=tcp action=drop dst-port=20034 comment=”NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job”
add chain=virus protocol=tcp action=drop dst-port=20203 comment=”Chupacabra”
add chain=virus protocol=tcp action=drop dst-port=20331 comment=”BLA trojan”
add chain=virus protocol=tcp action=drop dst-port=20432 comment=”Shaft”
add chain=virus protocol=udp action=drop dst-port=20433 comment=”Shaft”
add chain=virus protocol=tcp action=drop dst-port=21544 comment=”GirlFriend, Kid Terror”
add chain=virus protocol=tcp action=drop dst-port=21554 comment=”Exploiter, Kid Terror, Schwindler, Winsp00fer”
add chain=virus protocol=tcp action=drop dst-port=22222 comment=”Donald Dick, Prosiak, Ruler, RUX The TIc.K”
add chain=virus protocol=tcp action=drop dst-port=23005-23006 comment=”NetTrash”
add chain=virus protocol=tcp action=drop dst-port=23023 comment=”Logged”
add chain=virus protocol=tcp action=drop dst-port=23032 comment=”Amanda”
add chain=virus protocol=tcp action=drop dst-port=23432 comment=”Asylum”
add chain=virus protocol=tcp action=drop dst-port=23456 comment=”Evil FTP, Ugly FTP, Whack Job”
add chain=virus protocol=tcp action=drop dst-port=23476 comment=”Donald Dick”
add chain=virus protocol=udp action=drop dst-port=23476 comment=”Donald Dick”
add chain=virus protocol=tcp action=drop dst-port=23477 comment=”Donald Dick”
add chain=virus protocol=tcp action=drop dst-port=23777 comment=”InetSpy”
add chain=virus protocol=tcp action=drop dst-port=24000 comment=”Infector”
add chain=virus protocol=tcp action=drop dst-port=25685-25982 comment=”Moonpie”
add chain=virus protocol=udp action=drop dst-port=26274 comment=”Delta Source”
add chain=virus protocol=tcp action=drop dst-port=26681 comment=”Voice Spy”
add chain=virus protocol=tcp action=drop dst-port=27374 comment=”Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven Muie, Ttfloader”
add chain=virus protocol=udp action=drop dst-port=27444 comment=”Trinoo”
add chain=virus protocol=tcp action=drop dst-port=27573 comment=”SubSeven”
add chain=virus protocol=tcp action=drop dst-port=27665 comment=”Trinoo”
add chain=virus protocol=tcp action=drop dst-port=28678 comment=”Exploit”er
add chain=virus protocol=tcp action=drop dst-port=29104 comment=”NetTrojan”
add chain=virus protocol=tcp action=drop dst-port=29369 comment=”ovasOn”
add chain=virus protocol=tcp action=drop dst-port=29891 comment=”The Unexplained”
add chain=virus protocol=tcp action=drop dst-port=30000 comment=”Infector”
add chain=virus protocol=tcp action=drop dst-port=30001 comment=”ErrOr32″
add chain=virus protocol=tcp action=drop dst-port=30003 comment=”Lamers Death”
add chain=virus protocol=tcp action=drop dst-port=30029 comment=”AOL trojan”
add chain=virus protocol=tcp action=drop dst-port=30100-30133 comment=”NetSphere”
add chain=virus protocol=udp action=drop dst-port=30103 comment=”NetSphere”
add chain=virus protocol=tcp action=drop dst-port=30303 comment=”Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=30947 comment=”Intruse”
add chain=virus protocol=tcp action=drop dst-port=30999 comment=”Kuang2″
add chain=virus protocol=tcp action=drop dst-port=31335 comment=”Trinoo”
add chain=virus protocol=tcp action=drop dst-port=31336 comment=”Bo Whack, Butt Funnel”
add chain=virus protocol=tcp action=drop dst-port=31337 comment=”Back Fire, Back Orifice 1.20 patches, Back Orifice Lm, Back Orifice russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron  crontab, Freak88, Freak2k, icmp_pipe.c, Sockdmini”
add chain=virus protocol=udp action=drop dst-port=31337 comment=”Back Orifice, Deep BO”
add chain=virus protocol=tcp action=drop dst-port=31338 comment=”Back Orifice, Butt Funnel, NetSpy DK”
add chain=virus protocol=udp action=drop dst-port=31338 comment=”Deep BO”
add chain=virus protocol=tcp action=drop dst-port=31339 comment=”NetSpy DK”
add chain=virus protocol=tcp action=drop dst-port=31666 comment=”BOWhack”
add chain=virus protocol=tcp action=drop dst-port=31785-31792 comment=”Hack a Tack”
add chain=virus protocol=udp action=drop dst-port=31791-31792 comment=”Hack a Tack”
add chain=virus protocol=tcp action=drop dst-port=32001 comment=”Donald Dick”
add chain=virus protocol=tcp action=drop dst-port=32100 comment=”Peanut Brittle, Project nEXT”
add chain=virus protocol=tcp action=drop dst-port=32418 comment=”Acid Battery”
add chain=virus protocol=tcp action=drop dst-port=33270 comment=”Trinity”
add chain=virus protocol=tcp action=drop dst-port=33333 comment=”Blakharaz, Prosiak”
add chain=virus protocol=tcp action=drop dst-port=33577-33777 comment=”Son of PsychWard”
add chain=virus protocol=tcp action=drop dst-port=33911 comment=”Spirit 2000, Spirit 2001″
add chain=virus protocol=tcp action=drop dst-port=34324 comment=”Big Gluck, TN”
add chain=virus protocol=tcp action=drop dst-port=34444 comment=”Donald Dick”
add chain=virus protocol=udp action=drop dst-port=34555-35555 comment=”Trinoo for Windows”
add chain=virus protocol=tcp action=drop dst-port=37237 comment=”Mantis”
add chain=virus protocol=tcp action=drop dst-port=37651 comment=”Yet Another Trojan YAT”
add chain=virus protocol=tcp action=drop dst-port=40412 comment=”The Spy”
add chain=virus protocol=tcp action=drop dst-port=40421 comment=”Agent 40421, Masters Paradise”
add chain=virus protocol=tcp action=drop dst-port=40422-40426 comment=”Masters Paradise”
add chain=virus protocol=tcp action=drop dst-port=41337 comment=”Storm”
add chain=virus protocol=tcp action=drop dst-port=41666 comment=”Remote Boot Tool RBT, Remote Boot Tool RBT”
add chain=virus protocol=tcp action=drop dst-port=44444 comment=”Prosiak”
add chain=virus protocol=tcp action=drop dst-port=44575 comment=”Exploiter”
add chain=virus protocol=udp action=drop dst-port=47262 comment=”Delta Source”
add chain=virus protocol=tcp action=drop dst-port=49301 comment=”OnLine KeyLogger”
add chain=virus protocol=tcp action=drop dst-port=50130 comment=”Enterprise”
add chain=virus protocol=tcp action=drop dst-port=50505 comment=”Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=50766 comment=”Fore, Schwindler”
add chain=virus protocol=tcp action=drop dst-port=51966 comment=”Cafeini”
add chain=virus protocol=tcp action=drop dst-port=52317 comment=”Acid Battery 2000″
add chain=virus protocol=tcp action=drop dst-port=53001 comment=”Remote Windows Shutdown RWS”
add chain=virus protocol=tcp action=drop dst-port=54283 comment=”SubSeven, SubSeven 2.1 Gold”
add chain=virus protocol=tcp action=drop dst-port=54320 comment=”Back Orifice 2000″
add chain=virus protocol=tcp action=drop dst-port=54321 comment=”Back Orifice 2000, School Bus”
add chain=virus protocol=tcp action=drop dst-port=55165 comment=”File Manager trojan, File Manager trojan, WM Trojan Generator”
add chain=virus protocol=tcp action=drop dst-port=55166 comment=”WM Trojan Generator”
add chain=virus protocol=tcp action=drop dst-port=57341 comment=”NetRaider”
add chain=virus protocol=tcp action=drop dst-port=58339 comment=”Butt Funnel”
add chain=virus protocol=tcp action=drop dst-port=60000 comment=”Deep Throat, Foreplay, Sockets des Troie”
add chain=virus protocol=tcp action=drop dst-port=60001 comment=”Trinity”
add chain=virus protocol=tcp action=drop dst-port=60068 comment=”Xzip 6000068″
add chain=virus protocol=tcp action=drop dst-port=60411 comment=”Connection”
add chain=virus protocol=tcp action=drop dst-port=61348 comment=”Bunker-Hill”
add chain=virus protocol=tcp action=drop dst-port=61466 comment=”TeleCommando”
add chain=virus protocol=tcp action=drop dst-port=61603 comment=”Bunker-Hill”
add chain=virus protocol=tcp action=drop dst-port=63485 comment=”Bunker-Hill”
add chain=virus protocol=tcp action=drop dst-port=64101 comment=”Taskman”
add chain=virus protocol=tcp action=drop dst-port=65000 comment=”Devil, Sockets des Troie, Stacheldraht”
add chain=virus protocol=tcp action=drop dst-port=65390 comment=”Eclypse”
add chain=virus protocol=tcp action=drop dst-port=65421 comment=”Jade”
add chain=virus protocol=tcp action=drop dst-port=65432 comment=”The Traitor th3tr41t0r”
add chain=virus protocol=udp action=drop dst-port=65432 comment=”The Traitor th3tr41t0r”
add chain=virus protocol=tcp action=drop dst-port=65534 comment=”sbin initd”
add chain=virus protocol=tcp action=drop dst-port=65535 comment=”RC1 trojan”
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”

khusus yang extra paranoid aja nih kek nya

klo buat email di disable aja yang https (443), pop3 (110) sama smtp (25)

LATAR BELAKANG

  • Untuk meningkatkan jarak jangkauan wireless LAN diperlukan antena eksternal dengan gain yang lebih tinggi dari antenna standard
  • Antena eksternal High Gain harganya relative mahal
  • Banyak barang-barang yang sering dijumpai dalam kehidupan sehari-hari yang dapat digunakan untuk membuat antenna High Gain dengan cara mudah dan biaya ringan

wajanbolic_antena.jpg

Photo : Antena WajanBolic

TUJUAN

  • Sharing pengetahuan/ pengalaman dalam hal pembuatan homebrew antenna khususnya Antenna WajanBolic dan hal-hal seputar Wireless Network

RUANG LINGKUP

Dalam Workshop ini akan dibuat Antena WajanBolic dengan N Connector dan Pigtail

SEKILAS WIRELESS/ WiFi

WiFi (Wireless Fidelity) adalah istilah generik untuk peralatan Wireless Lan atau WLAN. Biasa menggunakan keluarga standar IEEE 802.11. Oleh karena itu didukung banyak vendor.

STANDAR PROTOKOL

Peralatan wireless yang biasa digunakan adalah menggunakan standar IEEE 802.11x, dimana x adalah sub dari:

IEEE 802.11IEEE 802.11aIEEE 802.11a 2X

IEEE 802.11b

IEEE 802.11b+

IEEE 802.11g

2.4GHz5GHz5GHz

2.4GHz

2.4GHz

2.4GHz

2 Mbps54 Mbps108 Mbps

11 Mbps

22 Mbps

54 Mbps

DASAR HUKUM

Keputusan Mentri No.2 Tahun 2005 tentang penggunaan pita frekuensi 2400-2483.5MHz yang ditandatangani pada tanggal 5 januari 2005 aleh Mentri Perhubungan M. Hatta Rajasa.

Beberapa hal yang penting dari Keputusan Mentri No.2 Tahun 2005 adalah Anda tidak memerlukan izin stasiun radio dari pemerintah untuk menjalankan peralatan internet pada frekuensi 2.4GHz, tetapi dibatasi dengan:

1. Maksimum daya pemancar ada 100mW (20dBm).

2. Effective Isotropic Radiated Power/ EIRP di antenna adalah 36dBm

3. Semua peralatan yang digunakan harus di-approve/ disertifikasi oleh POSTEL

ANTENA WAJANBOLIC

Kenapa disebut WajanBolic?

  • Wajan : penggorengan, alat dapur buat masak
  • Bolic : parabolic
  • WajanBolic : Antena parabolic yg dibuat dari wajan

Karena berasal dari wajan maka kesempurnaannya tidak sebanding dg antenna parabolic yg sesungguhnya. Dalam workshop akan dibuat Antena WajanBolic dengan N Connector dan Pigtail dengan pertimbangan :

Beberapa kekurangan antenna WajanBolic :

Karena berupa solid dish maka pengaruh angin cukup besar sehingga memerlukan mounting ke tower yang cukup kuat

ANTENA 2.4 GHz

Beberapa Contoh Design Antena 2.4 GHz

Kebanyakan antenna homebrew wifi yg ada di internet : antenna yagi, antenna kaleng (tincan antenna), antenna biquad, antenna helix, antenna slotted waveguide. Komponen yg selalu ada dlm design antenna-antena tsb : N-type Connector & pigtail

Konektor : N-type Male, N-type Female, RP TNC Male, RP TNC Female, Pigtail

Ok..!! kita langsung saja ke pembuatan WajanBolic

Persiapan

Peralatan dan bahan yang perlu di siapkan:

BAHAN

  1. Wajan diameter 36″ (semakin besar diametr semakin bagus)
  2. PVC paralon tipis diameter 3″ 1 meter
  3. Doff 3″ (tutup PVC paralon) 2 buah
  4. Aluminium foil
  5. Baut + mur ukuran 12 atau 14
  6. N Connector female
  7. kawat tembaga no.3
  8. Double tape + lakban

PERALATAN

  1. Penggaris
  2. Pisau/ Cutter
  3. Solder + timah nya
  4. Gergaji besi

PERKIRAAN HARGA

Perkiraan harga yang dikeluarkan untuk membeli bahan WajanBolic adalah kurang dari Rp 100.000,-. Bandingkan jikan Anda harus membeli antenna Grid 24db, yang bikinan local saja mencapai Rp 500.000,- lebih dan yang import bisa mencapai Rp 1.000.000,- lebih. Atau membeli antenna grid local yang harga nya Rp 200.000,- sedangkan yang import bisa mencapai Rp 300.000 lebih.

TAHAP PENGERJAAN

  1. Siapkan semua bahan dan peralatan yang dibutuhkan.
  2. Lubangi wajan tepat di tengah wajan tersebut seukuran baut 12 atau 14, cukup satu lubang saja.

Kemudia, ukur diametr wajan, kedalaman wajan dan feeder/ titik focus. Untuk lebih jelas nya silahkan liat gambar di bawah.

Contoh :

Parabolic dish dg D = 70 cm, d = 20 cm maka jarak titik focus dari center dish : F = D^2/(16*d) = 70^2 / (16*20) = 15.3 cm

Pada titik focus tsb dipasang ujung feeder. Untuk mendapatkan gain maksimum.

  1. Potong PVC paralon sepanjang 30 cm, kemudian beri tanda untuk jarak feeder nya (daerah bebas aluminium foil). Untuk menentukan panjang feeder nya gunakan rumus di atas.
  2. Beri lubang pada bagian paralon untuk meletakkan N Connector, untuk itu gunakan rumus antenna kaleng. Bias di lihat di http://www.saunalahti.fi/elepal/antenna2calc.php
  3. Potong kawat tembaga yang sudah disiapkan sesuai dengan ukuran yang didapatkan dari hasil kalkulasi website di atas. Dan solderkan pada N Connector yang telah di siapkan
  4. Selanjut nya, bungkus PVC paralon dengan dgn aluminium foil pada daerah selain feeder, klo aluminium foil yang ada tanpa perekat, maka untuk merekatkan nya bisa menggunakan double tape
  5. Lalu pasangkan N connector ke PVC Paralon yang telah dilubangi td
  6. Pada bagian doff (tutup PVC paralon) yang akan di pasang pada ujung dekat dengan N Connector harus di beri aluminium foil, sedangkan doff yang di pasang pada wajan tidak perlu di beri aluminium foil
  7. Dan pasangkan doff tersebut ke PVC paralon
  8. Kemudian, wajan yang telah di bolongi tadi dipasangkan dengan doff yang satu nya lagi, sebelum nya doff tersebut dilubangi sesuai dengan ukuran bautyang sudah di siapkan, dan kencangkan secukup nya.
  9. Kemudian tinggal pasangkan PVC paralon tadi ke wajan yang sudah di pasang doff.
  10. Dan Wajan bolic sudah siap untuk digunakan browsing, atau paling tidak untuk wardriving.

wajan5.jpg

wajan1.jpg

wajan2.jpg

wajan3.jpg

wajan4.jpg

wajan8.jpg

wajan9.jpg

wajan10.jpg

wajan11.jpg

wajan16.jpg

Contoh ini menjelaskan bagaimana memblock websites dan bagaimana untuk stop download dari client

Pertama, Konfigure Proxy

/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0:0
cache-drive: system
cache-administrator: "webmaster"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d

Sekarang, Buat Transparan proxy

/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

Pastikan proxy anda bukan open proxy

/ip firewall filter
chain=input in-interface=<ether WAN loe> src-address=0.0.0.0/0 protocol=tcp dst-port=8080 /
action=drop

nge-Block Website

/ip proxy access
dst-host=www.wow.com action=deny

itu akan memblock client untuk mengunjungi website http://www.tuyul.com,

Kita juga bisa nyetop download file seperti .mp3, .exe, .dat, .avi,…dll.

/ip proxy access
path=*.exe action=deny
path=*.mp3 action=deny
path=*.zip action=deny
path=*.rar action=deny.

Coba dengan ini juga

/ip proxy access
dst-host=:mail action=deny

Point to Point

50 km link, as low as $598!

Multipoint

Connect Up to 100 clients!

Backbone + AP

High speeds at distant sites!

Nstreme

DOUBLE the Speed!

WDS

Roaming!

High-speed wireless systems are used to provide internet access to end-users using point-to-point or point-to-multipoint architecture. Wireless data links take place where there is no infrastructure for internet access or in places where bandwidth offered by current channels is too low. With our wireless equipment you can get high bandwidth on a very long distances at very reasonable price. Our equipment provides various features including firewall, NAT, VPN, Bandwidth Management, QoS and many more.

Why choose Mikrotik?

  • Cost effective solution
  • High-speed wireless data links (Up to 108Mbps)
  • Connection distance up to 70 km without repeater sites.
  • IP – NAT, Routing, DHCP
  • Security – Firewall, Secure Tunnels
  • Control – Queues, Proxy, Accounting, HotSpot
  • Fast and simple installation for base station and clients
  • Reliable and instant 24 hour internet access

Basic requirements to create a wireless links are:

  • Direct Line of sight between both points of presence
  • Distance between points of presence is:
    • up to 25 km for point-to-multipoint links
    • up to 70 km for point-to-point links
  • Use of 2.4 or 5.2-5.8 GHz solutions according to the local regulations. In some countries obtaining a special license might be required.

Our wireless systems come with Mikrotik RouterOS software preinstalled. RouterOS will enable you to use many features such as: firewall, NAT, bandwidth management, different kinds of tunnels, HotSpot and others.



Point to Point link

Point-to-point links

PtP links are an excellent way how to make connections between two sites and achieve high data transfer speeds. This is an ideal way how to connect two offices. Also these type of wireless links are very useful if you need to create backbone link from some distant radio access point to your main Internet source. For creating such connections we recommend to use our 5 GHz and 2.4 GHz wireless client kits.

A customer from Bulgaria reports:

“This 35Mbit at 57km is with non-turbo mode, unidirectional, with random-data=no. Machines on both ends are 700MHz C3. During the test, both routers (that have few more Atheros interfaces each), were not transporting traffic.”

To make this setup, you can use:

Click here for setup instructions



Point to Multipoint link

Point-to-multipoint setup

PtM connections are the most usual way how wireless ISPs connect their customers. They put access point somewhere high in the tower above the city or on some high building and then point their client antennas to this access point.

To make this setup, you can use:

Click here for setup instructions



Backbone link + AP

Backbone link + AP

This is a point to multi-point link with additional wireless cards and antenna for a backbone connection. Such links are useful when creating a WISP infrastructure, for example you have main Internet source with 5 GHz base station and lots of 2.4 GHz clients in various sides of the city. Such kits can be but in localized parts of the city and contain 2.4 GHz omnidirectional antenna and 5 GHz directional antenna to main base station.

To make this setup, you can use:

Click here for setup instructions



Nstreme2 link

Nstreme and Nstreme2

These are MikroTik proprietary wireless protocols to achieve outstanding performance on a very long range links. Regular wireless links will have large time delays for data traveling on a long distances, with nstreme you do not have to worry about this anymore.

Nstreme 2 goes even further by using two wireless cards in each end – one for transmit and one for receive.

Our customers have links of 60 km and speed of 35 Mbps without turbo mode.

A customer from Bulgaria reports:

“65 km, AR5213, 37 Mbit with n-streme (TCP test), We’re using 2.4 GHz proccesors or better, 5GHz-turbo mode”

To make this setup, you can use:

  • Two PCs with Celeron 700 or higher
  • Four Atheros PCI wireless cards with pigtails
  • Four antennas
  • Two IDE flash disks with latest version of RouterOS software.

Click here for setup instructions



WDS link

WDS

WDS (Wireless Distribution System) is the best way how to interconnect many access points and allow users to move around without getting disconnected from network. Using this system you can cover large areas and allow users to move for large distances while still being on-line. This system allows packets to pass from one wireless AP (Access Point) to another, just as if the APs were ports on a wired Ethernet switch. APs must use the same standard (802.11a, 802.11b or 802.11g) and work on the same frequencies in order to connect to each other.

<!–

Success story goes here

–>To make this setup, you can use:

for example:

(RB/APO) 5GHz Access Point Package
(RB/KAO) 2.4GHz Access Point Package

Sering kali, kita ingin menggunakan Mikrotik Wireless untuk solusi point to point dengan mode jaringan bridge (bukan routing). Namun, Mikrotik RouterOS sendiri didesain bekerja dengan sangat baik pada mode routing. Kita perlu melakukan beberapa hal supaya link wireless kita bisa bekerja untuk mode bridge.

Mode bridge memungkinkan network yang satu tergabung dengan network di sisi satunya secara transparan, tanpa perlu melalui routing, sehingga mesin yang ada di network yang satu bisa memiliki IP Address yang berada dalam 1 subnet yang sama dengan sisi lainnya.

Namun, jika jaringan wireless kita sudah cukup besar, mode bridge ini akan membuat traffic wireless meningkat, mengingat akan ada banyak traffic broadcast dari network yang satu ke network lainnya. Untuk jaringan yang sudah cukup besar, saya menyarankan penggunaan mode routing.

Berikut ini adalah diagram network yang akan kita set.

Konfigurasi Pada Access Point

1. Buatlah sebuah interface bridge yang baru, berilah nama bridge1

2. Masukkan ethernet ke dalam interface bridge

3. Masukkan IP Address pada interface bridge1

4. Selanjutnya adalah setting wireless interface. Kliklah pada menu Wireless (1), pilihlah tab interface (2) lalu double click pada nama interface wireless yang akan digunakan (3). Pilihlah mode AP-bridge (4), tentukanlah ssid (5), band 2.4GHz-B/G (6), dan frekuensi yang akan digunakan (7). Jangan lupa mengaktifkan default authenticated (8) dan default forward (9). Lalu aktifkankanlah interface wireless (10) dan klik OK (11).

5. Berikutnya adalah konfigurasi WDS pada wireless interface yang digunakan. Bukalah kembali konfigurasi wireless seperti langkah di atas, pilihlah tab WDS (1). Tentukanlah WDS Mode dynamic (2) dan pilihlah bridge interface untuk WDS ini (3). Lalu tekan tombol OK.

6. Langkah selanjutnya adalah menambahkan virtual interface WDS. Tambahkan interface WDS baru seperti pada gambar, lalu pilihlah interface wireless yang kita gunakan untuk WDS ini. Lalu tekan OK.

7. Jika WDS telah ditambahkan, maka akan tampak interface WDS baru seperti pada gambar di bawah.

Konfigurasi pada Wireless Station

Konfigurasi pada wireless station hampir sama dengan langkah-langkah di atas, kecuali pada langkah memasukkan IP Address dan konfigurasi wirelessnya. Pada konfigurasi station, mode yang digunakan adalah station-wds, frekuensi tidak perlu ditentukan, namun harus menentukan scan-list di mana frekuensi pada access point masuk dalam scan list ini. Misalnya pada access point kita menentukan frekuensi 2412, maka tuliskanlah scan-list 2400-2500.


Pengecekan link

Jika link wireless yang kita buat sudah bekerja dengan baik, maka pada menu wireless, akan muncul status R (lihat gambar di bawah).

Selain itu, mac-address dari wireless yang terkoneksi juga bisa dilihat pada jendela registration (lihat gambar di bawah).


Konfigurasi keamanan jaringan wireless

Pada Mikrotik, cara paling mudah untuk menjaga keamanan jaringan adalah dengan mendaftarkan mac-address wireless pasangan pada access list. Hal ini harus dilakukan pada sisi access point maupun pada sisi client. Jika penginputan access-list telah dilakukan, maka matikanlah fitur default authenticated pada wireless, maka wireless lain yang mac addressnya tidak terdaftar tidak akan bisa terkoneksi ke jaringan kita.

Jika kita menginginkan fitur keamanan yang lebih baik, kita juga bisa menggunakan enkripsi baik WEP maupun WPA.

Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang dikonfigurasikan untuk jaringan

sederhana sebagai gateway server.

1. Langkah pertama adalah install Mikrotik RouterOS pada PC atau pasang DOM.

2. Login Pada Mikrotik Routers melalui console :
MikroTik v2.9.7
Login: admin <enter>
Password: (kosongkan) <enter>

Sampai langkah ini kita sudah bisa masuk pada mesin Mikrotik. User default adalah admin
dan tanpa password, tinggal ketik admin kemudian tekan tombol enter.

3. Untuk keamanan ganti password default
[admin@Mikrotik] > password
old password: *****
new password: *****
retype new password: *****
[admin@ Mikrotik]] >

4. Mengganti nama Mikrotik Router, pada langkah ini nama server akan diganti menjadi “XAVIERO” (nama ini sih bebas2 aja mo diganti)
[admin@Mikrotik] > system identity set name=XAVIERO
[admin@XAVIERO] >

5. Melihat interface pada Mikrotik Router
[admin@XAVIERO] > interface print
Flags: X – disabled, D – dynamic, R – running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[admin@XAVIERO] >

6. Memberikan IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.0.1 dan ether2 akan kita gunakan untuk network local kita dengan IP 172.16.0.1

[admin@XAVIERO] > ip address add address=192.168.0.1
netmask=255.255.255.0 interface=ether1
[admin@XAVIERO] > ip address add address=172.16.0.1
netmask=255.255.255.0 interface=ether2

7. Melihat konfigurasi IP address yang sudah kita berikan
[admin@XAVIERO] >ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether1
1 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2
[admin@XAVIERO] >

8. Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah 192.168.0.254
[admin@XAVIERO] > /ip route add gateway=192.168.0.254

9. Melihat Tabel routing pada Mikrotik Routers
[admin@XAVIERO] > ip route print
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 172.16.0.0/24 172.16.0.1 ether2
1 ADC 192.168.0.0/26 192.168.0.1 ether1
2 A S 0.0.0.0/0 r 192.168.0.254 ether1
[admin@XAVIERO] >

10. Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar
[admin@XAVIERO] > ping 192.168.0.254
192.168.0.254 64 byte ping: ttl=64 time<1 ms
192.168.0.254 64 byte ping: ttl=64 time<1 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
[admin@XAVIERO] >

11. Setup DNS pada Mikrotik Routers
[admin@XAVIERO] > ip dns set primary-dns=192.168.0.10 allow-remoterequests=no
[admin@XAVIERO] > ip dns set secondary-dns=192.168.0.11 allow-remoterequests=no

12. Melihat konfigurasi DNS
[admin@XAVIERO] > ip dns print
primary-dns: 192.168.0.10
secondary-dns: 192.168.0.11
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[admin@XAVIERO] >

13. Tes untuk akses domain, misalnya dengan ping nama domain
[admin@XAVIERO] > ping yahoo.com
216.109.112.135 64 byte ping: ttl=48 time=250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 571/571.0/571 ms
[admin@XAVIERO] >

Jika sudah berhasil reply berarti seting DNS sudah benar.

14. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway server maka agar client computer pada network dapat terkoneksi ke internet perlu kita masquerading.
[admin@XAVIERO]> ip firewall nat add action=masquerade outinterface=
ether1 chain:srcnat
[admin@XAVIERO] >

15. Melihat konfigurasi Masquerading
[admin@XAVIERO]ip firewall nat print
Flags: X – disabled, I – invalid, D – dynamic
0 chain=srcnat out-interface=ether1 action=masquerade
[admin@XAVIERO] >

Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local. Dan jika berhasil berarti kita sudah berhasil melakukan instalasi Mikrotik Router sebagai Gateway server. Setelah terkoneksi dengan jaringan Mikrotik dapat dimanage menggunakan WinBox
yang bisa di download dari Mikrotik.com atau dari server mikrotik kita.

Misal Ip address server
mikrotik kita 192.168.0.1, via browser buka http://192.168.0.1 dan download WinBox dari situ.
Jika kita menginginkan client mendapatkan IP address secara otomatis maka perlu kita setup dhcp server pada Mikrotik. Berikut langkah-langkahnya :

1.Buat IP address pool
/ip pool add name=dhcp-pool ranges=172.16.0.10-172.16.0.20

2. Tambahkan DHCP Network dan gatewaynya yang akan didistribusikan ke client Pada contoh ini networknya adalah 172.16.0.0/24 dan gatewaynya 172.16.0.1
/ip dhcp-server network add address=172.16.0.0/24 gateway=172.16.0.1

3. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada interface ether2 )
/ip dhcp-server add interface=ether2 address-pool=dhcp-pool

4. Lihat status DHCP server
[admin@XAVIERO]> ip dhcp-server print
Flags: X – disabled, I – invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 X dhcp1 ether2
Tanda X menyatakan bahwa DHCP server belum enable maka perlu dienablekan terlebih dahulu pada langkah 5.

5. Jangan Lupa dibuat enable dulu dhcp servernya
/ip dhcp-server enable 0

kemudian cek kembali dhcp-server seperti langkah 4, jika tanda X sudah tidak ada berarti sudah aktif.

6. Tes Dari client
c:\>ping www.yahoo.com

untuk bandwith controller, bisa dengan sistem simple queue ataupun bisa dengan mangle
[admin@XAVIERO] queue simple> add name=Komputer01
interface=ether2 target-address=172.16.0.1/24 max-limit=65536/131072
[admin@XAVIERO] queue simple> add name=Komputer02
interface=ether2 target-address=172.16.0.2/24 max-limit=65536/131072
dan seterusnya…

Awan Tag

Ikuti

Get every new post delivered to your Inbox.