[LAB 2.1] Security Router with 2 Methode
Jaringan Nirkabel
Assalamualaikum
Wr.Wb
Assalamualaikum Wr.Wb
Disini saya akan menjelaskan cara mengatur
security router dengan 2 metode, sebelumnya aturlah terlebih dahulu IP Routes,
IP DNS, IP Firewall, dan tambahkan IP Address wlan1 nya dan ether2 yang
diinginkan, dan jangan menggunakan DHCP. Cara mensetting IP IP diatas bisa
kalian lihat di LAB 1.6 dengan link http://indryanisrj.blogspot.com/2015/02/lab-16-connection-internet-lewat.html.
Here I will explain how to set up security router with 2 methods, previously set the first IP Routes, DNS IP, IP Firewall, and add the IP Address and ether2 wlan1 desired, and do not use DHCP. How to set up the IP above you can see in the LAB 1.6 with a link http://indryanisrj.blogspot.com/2015/02/lab-16-connection-internet-lewat.html.
Fungsi dari Chain Input
:
Function of Chain Input:
1. Berperan untuk melakukan filter terhadap
paket-paket yang ditujukan bagi interface router.
1. Contribute to filter against packets addressed to the router interface.
2. Berguna untuk membatasi akses terhadap
mikrotik.
2. Allows you to limiting access to the mikrotik.
3. Membatasi akses terhadap port yang ada
disetiap interface untuk keamanan router tersebut.
3. Limiting access to ports on every interface to the router security.
Ada dua teknik Firewall
:
There are two techniques Firewall:
- Teknik 1 ( drop some and accept all)
- Technique 1 (drop some and accept all)
Membuang (drop)
beberapa paket yang tidak dibutuhkan kemudian menerima (accept) semua paket.
Discard (drop) some packets that are not needed then receive (accept) all packets.
- Teknik 2 (accept some and drop all)
- Technique 2 (accept some and drop all)
Menerima (accept)
beberapa paket yang dibutuhkan kemudian membuang (drop) semua paket.
Receive (accept) some needed packages then discard (drop) all packets.
Firewall Filter Rule
THEN (Action) :
Filter Firewall Rule THEN (Action):
1. Accept
= berarti
bahwa paket tersebut memenuhi kriteria dalam kondisi IF akan diterima untuk
pindah ke proses berikutnya.
1. Accept = means that the package meets the criteria in the IF condition will be accepted to move to the next process.
2. Drop
=
packet yang memenuhi kriteria ini akan Dropped-out dan tidak akan diteruskan ke
proses lainnya.
2. Drop = packet that meets these criteria will Dropped-out and will not be passed to other processes.
3. Log
=
packet hanya akan diperiksa untuk ditulis ke log ( ada proses lebih lanjut) dan
akan diteruskan ke rule selanjutnya.
3. Log = packet will only be checked to be written to the log (no further processing) and will be forwarded to the next rule.
3. Log = packet will only be checked to be written to the log (no further processing) and will be forwarded to the next rule.
4. Reject
=
sama seperti drop, akan tetapi router akan mengirimkan tanggapan ke pengirim
dengan menggunakan pesan respon ICMP.
4. Reject = the same as the drop, but the router will send a response to the sender by using the ICMP response message.
5. Add to address list = untuk menambahkan address baik itu source address atau destination address ke dalam daftar isi tertentu.
5. Add to address list = untuk menambahkan address baik itu source address atau destination address ke dalam daftar isi tertentu.
5. Add to the address list = to add address both the source address or destination address specified in the table of contents.
6. Jump = untuk redirect (mengalihkan) proses tertentu ke chain yang lain (costum chain).
6. Jump = untuk redirect (mengalihkan) proses tertentu ke chain yang lain (costum chain).
6. Jump = to redirect (divert) a specific process to another chain (chain costume).
7. Passthrough = digunakan secara luas untuk memeriksa apakah aturan ini pernah memenuhi kriteria.
7. Passthrough = digunakan secara luas untuk memeriksa apakah aturan ini pernah memenuhi kriteria.
7. Passthrough = used extensively to examine whether this rule never meet the criteria.
8. Tarpit = digunakan untuk kembali sebelum TCP/ACK signal.
8. Tarpit = used to back before the TCP / ACK signal.
8. Tarpit = digunakan untuk kembali sebelum TCP/ACK signal.
8. Tarpit = used to back before the TCP / ACK signal.
9. Return
=
digunakan bersamaan dengan JUMP utnu kembali ke rule sebelumnya.
9. Return = used in conjunction with JUMP utnu back to the previous rule.
A. Tujuan
A. Purpose
A. Purpose
1. Dapat
mengetahui cara menggunakan teknik 1 pada routerboard.
1. Can know how to use one technique on routerboard.
1. Can know how to use one technique on routerboard.
2. Dapat
mengetahui cara menggunakan teknik 2 pada routerboard.
2. Can know how to use the second technique on routerboard.
2. Can know how to use the second technique on routerboard.
3. Dapat
mengetahui cara Security Router di mikrotik.
3. Can know how Security Router in the Mikrotik.
3. Can know how Security Router in the Mikrotik.
4. Dapat
mengetahui Firewall Filter Rule THEN (Action).
4. Can know Firewall Filter Rule THEN (Action).
4. Can know Firewall Filter Rule THEN (Action).
5. Dapat
mengetahui cara blocking semua port kecuali DNS.
5. Can know how blocking all ports except the DNS.
5. Can know how blocking all ports except the DNS.
6. Dapat
mengetahui setting IP Address admin agar bisa mengakses semua port.
6. Can know the IP Address admin settings in order to access all ports.
6. Can know the IP Address admin settings in order to access all ports.
B. Bahan dan Alat
B. Materials and Tools
1. RouterBoard 951G-2HnD
1. RouterBoard 951G-2HnD
1. RouterBoard 951G-2HnD
2. Kabel
Power
2. Power Cable
2. Power Cable
3. PC
/Laptop
3. PC/Laptop
3. PC/Laptop
4. Internet
Wifi
4. WIFI Internet
4. WIFI Internet
5. Nmap
5. Nmap
5. Nmap
6. Winbox
6. Winbox
6. Winbox
C. Topologi
C. Topologi
C. Topologi
D. Langkah – langkah
D. Steps
1. Bukalah
Winbox.
1. Open the Winbox.
2. Klik icon “...” lalu masuklah menggunakan MAC Address Mikrotik.
2. Click Icon "..." then enter with the MAC Address Mikrotik.
3. Kemudian klik "Connect" untuk Login.
3. Then click "Connect" to Login.
4. Tunggu sampai proses Login selesai.
4. Wait until the Login process is complete
5. Click "IP" select "Address" to set the IP.
6. Klik Icon plus "+" untuk menambahkan IP Address.
6. Click Icon plus "+" to add the IP Address.
7. Masukan IP Address /24 dengan belakangnya menggunakan nomor absen anda, dan pilih interfacenya "Wlan1" jika sudah klik "Apply" lalu "OK".
7. Enter the IP Address / 24 with the back using your absence number, and select the interface "Wlan1" if you have clicked "Apply" then "OK".
7. Enter the IP Address / 24 with the back using your absence number, and select the interface "Wlan1" if you have clicked "Apply" then "OK".
8. Jika sudah akan muncul seperti gambar dibawah ini.
8. If it will appear as shown below.
9. Klik "IP" pilih "Address" untuk mengatur IP.
9. Click "IP" select "Address" to set the IP.
10. Klik Icon plus "+" untuk menambahkan IP Address.
10. Click Icon plus "+" to add the IP Address.
11. Enter the IP address using your absent number with / 24, select the interface "Ether2" then if you have clicked "Apply" and "OK".
12. Jika sudah akan muncul seperti gambar dibawah ini. Ether2 dan Wlan1 nya.
12. If it will appear as shown below. Ether2 and Wlan1.
13. Klik kanan pada Icon Komputer, lalu pilih "Open Network and Sharing Center".
13. Right-click on the Computer Icon, then select "Open Network and Sharing Center".
14. Kemudian klik "Local Area Connection".
14. Then click "Local Area Connection".
15. Lalu klik "Properties".
15. Then click "Properties".
16. Lalu klik "Internet Protocol Version 4 (TCP/IPv4)" kemudian klik "Properties".
16. Then click "Internet Protocol Version 4 (TCP / IPv4)" then click "Properties".
17. Masukan Alamat IP menggunakan nomer absen anda, contohnya 22.22.22.2 kemudian isi juga DNSnya, jika sudah klik "OK".
17. Enter the IP address using your absent number, for example 22.22.22.2 then fill in the DNS, if you click "OK".
17. Enter the IP address using your absent number, for example 22.22.22.2 then fill in the DNS, if you click "OK".
18. Lalu tunggu sampai gamabr internetnya seperti gambar dibawah ini, tandanya sudah terhubung.
18. Then wait for the internet picture as shown below, the sign is connected.
19. Kemudian bukalah "New Terminal" lakukanlah PING ke google.com.
19. Then open "New Terminal" do PING to google.com.
20. Lakukan juga PING ke Wlan1 dan Ether2.
20. Also do PING to Wlan1 and Ether2.
21. Kemudian buka cmd, lakukan PING ke google.com dan PING ke Wlan1. Jika sudah ada tanda seperti gambar dibawah berarti kalian berhasil.
21. Then open cmd, do PING to google.com and PING to Wlan1. If there is already a sign like the picture below it means you are successful.
22. Lakukan juga PING ke Ether2.
22. Also PING to Ether2.
23. Kemudian buka Zenmap, lalu ketikkan Ip Address Ether2 di kolom "Target", kemudian klik bacaan "Scan".
23. Then open Zenmap, then type Ip Address Ether2 in the "Target" column, then click "Scan" reading.
24. Nanti jika terlihat bacaan dibawah ini yang diberi tanda hijau, itu adalah daftar port mana saja yang terbuka.
24. Later if you see the reading below that is marked with green, it is a list of which ports are open.
25. Ini tampilan selanjtunya. Jika sama, berarti kalian berhasil.
25. This is the next display. If it's the same, then you are successful.
26. Kemudian kembali ke Mikrotik, lalu ketik ip firewall filter add chain=input in-interface=ether2 protocol=tcp dst-port=53 action=accept.
26. Then go back to Mikrotik, then type the firewall ip filter add chain = input in-interface = ether2 protocol = tcp dst-port = 53 action = accept.
27. Lalu ketik ip firewall filter add chain=input in-interface=ether2 protocol=tcp action=drop.
27. Then type the firewall ip filter add chain = input in-interface = ether2 protocol = tcp action = drop.
28. Dan ketik ip firewall filter print, maka akan muncul tampilan dibawah ini.
28. And type ip firewall filter print, the display will appear below.
29. Lalu klik "IP" dan pilih "Firewall".
29. Then click "IP" and select "Firewall".
30. Kemudian akan muncul secara virtualnya yang tadi kita sudah masukan scriptnya.
30. Then it will appear virtually which we have already entered the script.
31. Sekarang jika kembali lagi ke zenmap dan masukan IP 22.22.22.1 maka yang akan keluar portnya adalah seperti dibawah ini.
31. Now if you go back to Zenmap and enter IP 22.22.22.1 then the port that will exit is as below.
32. Ini tampilannya jika berhasil.
32. It looks if it works.
33. Lalu ketikkan script ip firewall filter add chain=input in-interface=ether2 protocol=tcp src-address=22.22.22.2 action=accept.
33. Then type the firewall ip script filter add chain = input in-interface = ether2 protocol = tcp src-address = 22.22.22.2 action = accept.
34. Kemudian ketik lagi ip firewall filter print, maka akan muncul seperti tampilan dibawah ini.
34. Then type the ip firewall filter print again, it will appear as shown below.
35. To see visually back again to the proxy, and open "Firewall" then it will appear that is accepted and dropped.
36. Kemudian ketik script ip firewall filter move 2 1 dan ip firewall filter move 1 0, untuk memindahkan port.
36. Then type the ip firewall filter script move 2 1 and the ip firewall filter moves 1 0, to move the port.
37. Ketik ipfirewall filter print, untuk melihatnya.
37. Type ipfirewall filter print, to see it.
38. Visualnya akan berubah sesuai yang dipindah tadi posisi drop jadi ada dipaling atas.
38. The visual will change according to what was moved before the drop position so there is a turn up.
39. Kemudian ketik ip firewall filter move 2 0 dan ip firewall filter print, untuk melihatnya.
39. Then type ip firewall filter move 2 0 and ip firewall filter print, to see it.
40. Sekarang posisi drop ada diposisi kedua.
40. Now the drop position is in the second position.
41. Kembali lagi ke Zenmap dan "Scan" kembali, maka akan muncul tampilan seperti dibawah ini jika berhasil.
41. Returning to Zenmap and "Scan" again, the display will appear as below if successful.
42. Ini tampilan selanjutnya.
42. This is the next display.
43. Ketik perintah ip firewall filter move 2 1, untuk posisi agar drop berada dibawah.
43. Type the ip firewall filter command to move 2 1, for the position to drop below.
44. Ini tampilan pada miktoriknya.
44. This is the view on the mictoric.
45. Kemudian coba ke Wifi dan masukkan Ip Address seperti gambar dibawah ini, ikuti saja.
45. Then try to Wifi and enter Ip Address as shown below, just follow it.
46. Klik "Local Area Connection".
46. Click "Local Area Connection".
47. Kemudian di Zenmap, "Scan" lagi untuk melihat port.
47. Then in Zenmap, "Scan" again to see the port.
48. Ini tampilan selanjutnya.
48. This is the next display.
Sekian penjelasan dari saya tentang Security Router, silahkan mencoba dan semoga bermanfaat :) Jangn lupa like dan share artikel ini jika kalian suka, atau beri komen, kritik, dan saran untuk masukkan saya kedepannya agar menjadi blog yang lebih baik lagi di tahun 2019. Terimakasih :)
So many explanations from me about the Security Router, please try and hopefully be useful :) Don't forget like and share this article if you like it, or comment, criticize and suggest to enter me in the future so that it becomes a better blog in 2019. Thank you