Sunday, January 06, 2013

Backup Konfigurasi Mikrotik

Bagan Network

bagan network mikrotik and squid proxy

Konfigurasi Mikrotik

[admin@MikroTik] > interface print

#
NAME TYPE MTU L2MTU
0
ether1 ether 1500 1526
1 R eth2-LAN ether 1500 1522
2 R eth3-SPEEDY1 ether 1500 1522
3 R eth4-PROXY ether 1500 1522
4
ether5 ether 1500 1522

[admin@MikroTik] > ip address print 
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.10.30/24 192.168.10.0 192.168.10.255 eth2-LAN
1 192.168.1.30/24 192.168.1.0 192.168.1.255 eth3-SPEEDY1
2 192.168.3.30/24 192.168.3.0 192.168.3.255 eth4-PROXY
3 192.168.1.28/32 192.168.1.28 192.168.1.28 eth3-SPEEDY1
4 192.168.1.31/32 192.168.1.31 192.168.1.31 eth3-SPEEDY1
5 192.168.1.32/32 192.168.1.32 192.168.1.32 eth3-SPEEDY1
6 192.168.1.33/32 192.168.1.33 192.168.1.33 eth3-SPEEDY1

[admin@MikroTik] > ip route print
#
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0
192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.30 eth3-SPEEDY1 0
2 ADC 192.168.1.28/32 192.168.1.28 eth3-SPEEDY1 0
3 ADC 192.168.1.31/32 192.168.1.31 eth3-SPEEDY1 0
4 ADC 192.168.1.32/32 192.168.1.32 eth3-SPEEDY1 0
5 ADC 192.168.1.33/32 192.168.1.33 eth3-SPEEDY1 0
6 ADC 192.168.3.0/24 192.168.3.30 eth4-PROXY 0
7 ADC 192.168.10.0/24 192.168.10.30 eth2-LAN 0

[admin@MikroTik] > ip firewall address-list print
0 compatas 192.168.10.15
1 compatas 192.168.10.16
2 compatas 192.168.10.17
3 compatas 192.168.10.18
4 compatas 192.168.10.19
5 compatas 192.168.10.21
6 compatas 192.168.10.22
7 compatas 192.168.10.23
8 compatas 192.168.10.24
9 compatas 192.168.10.25
10 compatas 192.168.10.26
11 compatas 192.168.10.29
12 compatas 192.168.10.31
13 compatas 192.168.10.32
14 compbawah 192.168.10.1
15 compbawah 192.168.10.2
16 compbawah 192.168.10.3
17 compbawah 192.168.10.4
18 compbawah 192.168.10.5
19 compbawah 192.168.10.6
20 compbawah 192.168.10.7
21 compbawah 192.168.10.8
22 compbawah 192.168.10.9
23 compbawah 192.168.10.10
24 compbawah 192.168.10.11
25 op 192.168.10.20
26 op 192.168.10.28
27 ipsecure 1xx.2xx.0.0/16
28 ipsecure 1xx.9x.xx.0/24
29 ipsecure 1xx.1xx.0.0/16
30 conipterbatas 11x.11x.7x.0/24
31 conipterbatas 7x.1xx.1x.0/24
32 conipterbatas 5.3x.2xx.0/24

[admin@MikroTik] > ip dns print 
servers: 192.168.1.1,202.134.1.10,8.8.8.8
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 390KiB

[admin@MikroTik] > ip firewall filter print      
0 chain=input action=accept protocol=tcp src-address-list=ipsecure in-interface=eth3-SPEEDY1 dst-port=22,8291,23


1 chain=input action=drop protocol=tcp in-interface=eth3-SPEEDY1 dst-port=22,23,8291


2 ;;; allow established connections

chain=forward action=accept connection-state=established


3 ;;; allow related connections

chain=forward action=accept connection-state=related


4 ;;; drop invalid connections

chain=forward action=drop connection-state=invalid


5 ;;; ________

chain=virus action=drop protocol=tcp dst-port=1024-1030


6 ;;; ________

chain=virus action=drop protocol=tcp dst-port=1214


7 ;;; hromgrafx

chain=virus action=drop protocol=tcp dst-port=1373


8 ;;; cichlid

chain=virus action=drop protocol=tcp dst-port=1377


9 ;;; Worm

chain=virus action=drop protocol=tcp dst-port=1433-1434


10 ;;; Worm

chain=virus action=drop protocol=tcp dst-port=4444


11 ;;; Worm

chain=virus action=drop protocol=udp dst-port=4444


12 ;;; Drop Blaster Worm

chain=virus action=drop protocol=tcp dst-port=135-139


13 ;;; Drop Messenger Worm

chain=virus action=drop protocol=udp dst-port=135-139


14 ;;; Drop Blaster Worm

chain=virus action=drop protocol=tcp dst-port=445


15 ;;; Drop Conficker Worm

chain=virus action=drop protocol=udp dst-port=445


16 ;;; Drop Kido Worm

chain=virus action=drop protocol=tcp dst-port=593


17 ;;; ________

chain=virus action=drop protocol=tcp dst-port=1024-1030


18 ;;; Drop MyDoom

chain=virus action=drop protocol=tcp dst-port=1080


19 ;;; ________

chain=virus action=drop protocol=tcp dst-port=1214


20 ;;; ndm requester

chain=virus action=drop protocol=tcp dst-port=1363


21 ;;; ndm server

chain=virus action=drop protocol=tcp dst-port=1364


22 ;;; screen cast

chain=virus action=drop protocol=tcp dst-port=1368


23 ;;; hromgrafx

chain=virus action=drop protocol=tcp dst-port=1373


24 ;;; cichlid

chain=virus action=drop protocol=tcp dst-port=1377


25 ;;; Worm

chain=virus action=drop protocol=tcp dst-port=1433-1434


26 ;;; Bagle Virus

chain=virus action=drop protocol=tcp dst-port=2745


27 ;;; Drop Dumaru.Y

chain=virus action=drop protocol=tcp dst-port=2283


28 ;;; Drop Beagle

chain=virus action=drop protocol=tcp dst-port=2535


29 ;;; Drop Beagle.C-K

chain=virus action=drop protocol=tcp dst-port=2745


30 X ;;; Drop MyDoom

chain=virus action=drop protocol=tcp dst-port=3127-3128


31 ;;; Drop Backdoor OptixPro

chain=virus action=drop protocol=tcp dst-port=3410


32 ;;; Worm

chain=virus action=drop protocol=tcp dst-port=4444


33 ;;; Worm

chain=virus action=drop protocol=udp dst-port=4444


34 ;;; Drop Sasser

chain=virus action=drop protocol=tcp dst-port=5554


35 ;;; Drop Beagle.B

chain=virus action=drop protocol=tcp dst-port=8866


36 ;;; Drop Dabber.A-B

chain=virus action=drop protocol=tcp dst-port=9898


37 ;;; Drop Dumaru.Y

chain=virus action=drop protocol=tcp dst-port=10000


38 ;;; Drop MyDoom.B

chain=virus action=drop protocol=tcp dst-port=10080


39 ;;; Drop NetBus

chain=virus action=drop protocol=tcp dst-port=12345


40 chain=virus action=drop protocol=tcp dst-port=17300


41 ;;; Drop SubSeven

chain=virus action=drop protocol=tcp dst-port=27374


42 ;;; Drop PhatBot, Agobot, Gaobot

chain=virus action=drop protocol=tcp dst-port=65506


43 ;;; Drop Kuang2

chain=virus action=drop protocol=tcp dst-port=17300


44 chain=forward action=jump jump-target=virus


[admin@MikroTik] > ip firewall nat print  
Flags : X - disabled, I - invalid, D - dynamic
0 ;;; Computer Atas

chain=srcnat action=masquerade src-address-list=compatas


1 ;;; Computer Bawah

chain=srcnat action=masquerade src-address-list=compbawah


2 ;;; Computer OP

chain=srcnat action=masquerade src-address-list=op


3 ;;; Proxy

chain=srcnat action=masquerade src-address=192.168.3.1 out-interface=eth3-SPEEDY1


4 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp src-address-list=compbawah dst-port=80,8080,3128


5 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp src-address-list=compatas dst-port=80,8080,3128


6 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp src-address-list=op dst-port=80,8080,3128


7 chain=dstnat action=dst-nat to-addresses=192.168.10.28 to-ports=5900 protocol=tcp dst-address=192.168.1.28 src-address-list=ipsecure dst-port=5903


8 chain=dstnat action=dst-nat to-addresses=192.168.10.32 to-ports=80 protocol=tcp dst-address=192.168.1.32 src-address-list=ipsecure dst-port=82


9 chain=dstnat action=dst-nat to-addresses=192.168.10.31 to-ports=80 protocol=tcp dst-address=192.168.1.31 src-address-list=ipsecure dst-port=81


10 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=22 protocol=tcp dst-address=192.168.1.33 dst-port=23


11 chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=22 protocol=tcp dst-address=192.168.1.33 src-address-list=ipsecure dst-port=222


[admin@MikroTik] > ip firewall mangle print  
0 chain=prerouting action=mark-connection new-connection-mark=con-terbatas passthrough=yes protocol=tcp dst-address-list=conipterbatas dst-port=80,8080,3128


1 chain=prerouting action=mark-packet new-packet-mark=mark-con-terbatas passthrough=yes connection-mark=con-terbatas


2 chain=prerouting action=mark-connection new-connection-mark=dns-con passthrough=yes protocol=tcp src-address=192.168.10.0/24 dst-port=53,5353


3 chain=prerouting action=mark-connection new-connection-mark=dns-con passthrough=yes protocol=udp src-address=192.168.10.0/24 dst-port=53,5353


4 chain=prerouting action=mark-connection new-connection-mark=icmp-con passthrough=yes protocol=icmp src-address=192.168.10.0/24


5 chain=prerouting action=mark-packet new-packet-mark=dns-mark passthrough=yes connection-mark=dns-con


6 chain=prerouting action=mark-packet new-packet-mark=dns-mark passthrough=yes connection-mark=icmp-con


7 chain=prerouting action=change-dscp new-dscp=0 packet-mark=dns-mark


8 ;;; GAME ONLINE

chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,6675,7777


9 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011,10424


10 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100


11 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=14009-14010,12683,5222,5223,9015,6203,6210,6217,6320,10360


12 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=47611,8401-8408,8000-8010,36456,36567,36570,37466


13 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=14300,14400-14406,14500-14600,10009,30001-30003,10089


14 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=udp src-address=192.168.10.0/24

dst-port=13933,14001-14999,31928,31929,5222,5223,10074,28941


15 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=udp src-address=192.168.10.0/24

dst-port=1151,1293,1479,6100-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010


16 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=udp src-address=192.168.10.0/24

dst-port=42001-42052,10112,10201-10210,10294-10295,11100-11125,11440-11460,16400-16410,18061,19223


17 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=udp src-address=192.168.10.0/24

dst-port=8001-8010,40100-42000,12060-12070,27005-27015,31929,9647,42406-42441


18 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=udp src-address=192.168.10.0/24

dst-port=15100-15200,9001-9099,39030-39040,42106,42423,17327,17565


19 ;;; GAME FACEBOOK

chain=prerouting action=mark-connection new-connection-mark=GAME FACEBOOK passthrough=yes protocol=tcp src-address=192.168.10.0/24 dst-port=9339,843,8890


20 chain=prerouting action=mark-connection new-connection-mark=GAME ONLINE passthrough=yes protocol=tcp src-address=192.168.10.0/24

dst-port=10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19000


21 ;;; SEMUA GAME DIPAKETKAN

chain=forward action=mark-packet new-packet-mark=GAME PAKET passthrough=yes connection-mark=GAME ONLINE


22 ;;; SEMUA GAME DIPAKETKAN

chain=forward action=mark-packet new-packet-mark=GAME PAKET passthrough=yes connection-mark=GAME FACEBOOK


23 chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12


24 chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12


[admin@MikroTik] > system ntp client print  
enabled: yes
mode: unicast
primary-ntp: 152.118.24.8
secondary-ntp: 202.169.224.16
poll-interval: 15m
active-server: 202.169.224.16
last-update-from: 202.169.224.16
last-update-before: 11m25s240ms
last-adjustment: 1ms191us

No comments:

Post a Comment