• Translate

2/03/2015

Memahami konsep Web-Proxy MikroTik dan penerapannya

Tutorial Network |
Memahami konsep Web-Proxy MikroTik dan penerapannya | Tutorial ini merupakan kelanjutan dari tutorial sebelumnya, yang akan membahas tentang bagaimana cara mengimplementasikan MikroTik routerOS sebagai proxy server yang merupakan tempat penyimpanan file-file sementara saat kita hendak melakukan browsing internet.

alltutorials.info web proxy
1. IP web-proxy 
Agar mesin MikroTik routerOS menjadi proxy server, maka buatkan konfigurasi berikut:

[admin@proxy] >/ip wob-proxy
[admin@proxy] ip web-proxy> set enabled=yes ->> to maka ip wab proxy enable
[admin@proxy] ip wab-proxy>
sat arc-address=0.0.0.0 ->> to maka source address to access web proxy will allow
[admin@proxy] ip web-proxy> set port=8080  ->> to make port for web proxy
[admin@proxy] ip web-proxy>
set hostname="proxy.lab.ac.id" -» setting for visble hostname web proxy
[admin@proxy] ip web-proxy>
set transparent-proxy=yes ->> make transparant proxy enable
[admin@proxy] ip web-proxy>
set parent-proxy=0.0.0.0:0 ->> if we used parent proxy x
[admin@proxy] ip web-proxy>
set cache-administrator="webmaster" -» make set administrator's e-mail displayed on proxy error page

[admin@proxy] ip web-proxy> set max-object-size=4096KiB ->> maximal object can cactb with the proxy server
[admin@proxy] ip web-proxy> set cache-drive=system ->> where drive position that cache wil be saved
[admin@proxy] ip web-proxy> set max-cache-size=unlimited ->> maximal harddrive we used for cache
set max-ram-cache-size=unlimited ->> maximal ram we used for cache.
[admin@proxy] ip web-proxy> set reserved-for-cache=4733952K1B
[admin@proxy] ip web-proxy> set reserved-for-ram-cache=2048KiB
[admin@proxy] ip web-proxy> set status=running

Untuk melihat hasil konfigurasi proxy server diatas ketikan :

[admin@proxy] ip web-proxy>pr
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “proxy.lab.acid"
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: "webmaster"
max-object-size: 4096K1B
cache-drive: system
max-cache-size: unlimited max-ram-cache-size: unlimited
status: running
reserved-for-cache: 4733952KiB reserved-for-ram-cache: 2048KiB


2. Proxy transparent
Setelah melakukan konfigurasi diatas, kemudian kita harus mentransparankan IP Local (Lan) agar IP address dibawahnya di redirect melalui mesln proxy. Perintah untuk mentransparankan proxy tersebut adalah sebagai berikut:

[admin@proxy]>/ip tirewall nat
[admin@proxy]ip firewall nat> add chain=dstnat in-interface=lan protocol=tcp dst-port=80 arc-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 ->> setting can redirect port 80 to 8080 for proxy server
[admin@proxy]ip firewall nat> add chain=dstnat in-interface=lan protocol=tcp dst-port=3128 arc-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 ->> setting can redirect port 3128 to 8080 for proxy server
[admin@proxy]ip firewall nat> add chain=dstnat in-interface=lan protocol=tcp dst-port=8080 arc-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080 ->> setting can redirect port 8080 to 8080 for proxy server
[admin@proxy] ip firewall nat > add chain=dstnat protocol=tcp dst-port=80 action=accept
->> setting can redirect port 80 to 8080 for proxy server
[admin@proxy] ip firewall nat> add chain=dstnat protocol=tcp dst-port=3128 action=accept ->> setting can redirect port 3128 to 8080 for proxy server
[admin@proxy] ip firewall nat> add chain=dstnat protocol=tcp dst-port=8080 action=accept ->> setting can redirect port 8080 to 8080 for proxy server

Setelah konfigurasi diatas, maka mesin anda sudah menjadi mesin Proxy Transparant. Untuk melihat hasil konfigurasi dengan perintah:

[admin@proxy]ip firewall nat>pr

Flags: X - disabled, I - invalid, D - dynamic
0    chain=srcnat out-interface=public src-address=192.168.0.0/24 action=masquerade
1    chain=dstnat in-interface=lan protocol=tcp dst-port=80 src-address-list=iplan dst-address-              list=192.168.0.0/24 action=redirect to-porta=8080
2    chain=dstnat in-interface=lan protocol=tcp dat-port=3128
arc-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-porta=8080
3    chain=dstnat in-interface=lan protocol=tcp dst-port=8080        src-address-list=iplan dst-address-list=192.168.0.0/24 action=redirect to-ports=8080
4    chain=dstnat protocol=tcp dst-port=80 action=accept
5    chain=dstnat protocol=tcp dst-port=3128 action=accept
6    chain=dstnat protocol=tcp dst-port=8080 action=accept


3. IP Firewall Filter
IP Firewall Filter berfungsi untuk membatasi hak akses terhadap suatu situs tertentu dengan melakukan sedikit settingan seperti dibawah ini, ada beberapa macam setting IP Firewall Filter ini, sebagai berikut :

A.  Protek situs Internet dengan IP address
[admin@proxy]>/ip firewall filter [admin@proxy]ip firewall filter> add chain=forward src-address=82.0.0.0/8 action=drop
[admin@proxy]ip firewall filter> add chain=forward dst-address=82.0.0.0/8 action=drop
[admin@proxy]ip firewall filter> add chain=forward src-ddress=82.98.86.0/8 action=drop
[admin@proxy]ip firewall filter> add chain=forward dst-address=82.98.86.0/8 action=drop
[admin@proxy]ip firawall filter> add chain=forward src-ddress=64.0.0.0/8 action=drop
[admin@proxy] ip firewall filter>add chain=forward dst-address=64.0.0.0/8 action=drop
[admin@proxy]ip firewall filter> add chain=forward src-adress=202.159.57.178 action=drop
[admin@proxy] ip firewall fliter> add chain=forward dst-address=202.159.57.178 action=drop

Untuk melihat hasil konfigurasinya dengan perintah :
[admin@proxy]ip firewall filter>pr

Flags: X-disabled, I - invalid, D - dynamic
0    chain=forward dst-address=202.159.57.178 action=drop
1    chain=forward src-address=202.159.57.178 action=drop
2    chain=forward dst-address=64.0.0.0/8 action=drop
3    chain=forward src-address=64.0.0.0/8 action=drop
4    chain=forward src-address=82.0.0.0/8 action=drop
5    chain=forward dst-address=82.0.0.0/8 action=drop
6    chain=forward dst-address=82.0.0.0/8 action=drop
7    chain=forward src-address=82.0.0.0/8 action=drop

B.  Protek situs internet dengan protocol & port
[admin@proxy]>/ip firewall filter [admin@proxy] ip firewall filter>


Protek protokol tcp:
[admin@proxy]ip firewall filter> add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP"
[admin@proxy]ip firewall filter> add chain=tcp protocol=tcp dst-port=111 action=drop
comment="deny RPC portmapper"
[admin@proxy] ip firewall filter> add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT”
[admin@proxy]ip firewall filter> add chain=input protocol=tcp dst-port=23 action=drop (protek router via telnet)
[admin@proxy]ip firewall filter> add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop (protek klien lebih dari 5 user)

Untuk melihat hasil konfigurasinya dengan perintah :
[admin@proxy]ip firewall filter>pr 

Flags:X disabled, I invalid. D-dynamlc
0    chain=forward dst-address=202.159.57.178 action=drop
1    chain=forward src-address=202.159.57.178 action=drop
2    chain=forward dst-address=64.0.0.0/8 action=drop
3    chain=forward src-address=64.0.0.0/8 action=drop
4    chain=forward src-address=82 .0.0.0/8 action=drop
5    chain=forward dst-address=82. 0.0.0/8 action=drop
6    chain=forward dst-address=82. 0.0.0/8 action=drop
7    chain=forward src-address=82.0.0.0/8 action=drop
8    ;;; deny TFTP chain=tcp protocol=tcp dst-port=69 action=drop
9    ;;; deny RPC portmapper chain=tcp protocol=tcp dst-port=111 action=drop
10    ;;; deny NBT chain=tcp protocol=tcp dst-port=137-139 action=drop
11    chain=input protocol=tcp dst-port=23 action=drop
12    chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

Protek situs internet dengan protokol udp:
[admin@proxy]ip firewall fliter> add chain=udp protocol=udp dst-port-69 action=drop comment-"deny TFTP"
[admin@proxy]ip firewall filter > add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper"

[admin@proxy]ip firewall filter> add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT"

Untuk melihat hasil konfigurasinya dengan perintah :
[admin@proxy] ip firewall filter>pr

Flags:  X-disabled,   I-invalid, D-dynamic
0    ;;; deny TFTP chain=udp protocol=udp dst-port=69 action=drop
1    ;;;  deny RPC portmapper chain=udp protocol=udp dst-port=111 action=drop
2    ;;;  deny NBT
chain=udp protocol=udp dst-port=137-139 action=drop

Proteksi protokol iemp:
[admin@proxy]ip firewall filter> add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop invalid connections"
[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=3:0 action-accept comment="allow established connec-tions"
[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=3:l action=accept comment="allow already establised connections"
[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow source quench"
[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow echo request"

[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow time exceed"
[admin@proxy] ip firewall filter> add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow paramater bad"
[admin@proxy] ip firewall filter> add chain=icmp action=drop comment="deny all other types"

Untuk melihat hasil konfigurasinya dengan perintah:
[admin@proxy] ip firewall filter>pr

Flags: X-disabled, I-invalld, D-dynamic
0    ;;; drop invalid connections chain=icmp protocol=icmp icmp-options=0:0 action-accept
1    ;;; allow established connections chain=icmp protocol=icmp icmp-options=3:0 action=accept
2  ;;; allow already established connections chain=icmp protocol=icmp icmp-options=3:1 act ion=accept
3    ;;; allow source quench chain=icmp protocol=icmp icmp-options=4:0 action=accept
4    ;;; allow echo request chain=icmp protocol=icmp icmp-options=8:0 action=accept
5    ;;; allow time exceed chain=icmp protocol=icmp icmp-options=11:0 action=accept
6    ;;; allow parameter bad chain=icmp protocol=icmp icmp-options=12:0 action=accept
7    ;;; deny all other types chain=icmp action=drop

Protek situs dengan url
Untuk lebih jelasnya perhatikan langkah berikut:

[admin@proxy] ip web-proxy access> add url="http: //www.xxx.com" action=deny
untuk melihat hasil konfigurasinya dengan perintah:
[admin@proxy] ip web-proxy access> pr

Flags t X - disabled, I - invalid
0    ;;; block telnet & spam e-mail relaying dst-port=23-25 action-deny
1    url="http://www.sex.com" action=deny
2    url=":\\telanjang” action=deny
3    url="http://www-yahoo.co.id" action=deny
4    url=”http: //www.google.co.id” action=deny
5    url="http://www.gooole.com” action=deny [admin@proxy] ip web-proxy access>


4.  Log Manajemen
Untuk mengetahui akses komputer klien ke sen/er proxy bisa di pantau dari log manajemen yang ada dalam MikroTik routerOS. Contoh.

[admin@proxy] >/system logging action [admin@proxy] system logging action>add name-monitoring target=memory memory-lines=l00 memory-stop-on-full=yes

saya rasa cara diatas sudah bisa anda gunakan untuk belajar bagaimana membuat web proxy di Mikrotik RouterOS dengan mengetahui perintah-perintah dasar dari Mikrotik OS

Semoga bermamfaat sobat blogger,
Loading...

Disqus
Blogger
Comment
How to style text in Disqus comments Top Disqus Commentators
  • To write a bold letter please use <strong></strong> or <b></b>.
  • To write a italic letter please use <em></em> or <i></i>.
  • To write a underline letter please use <u></u>.
  • To write a strikethrought letter please use <strike></strike>.
  • To write HTML code, please use <code></code> or <pre></pre> or <pre><code></code></pre>, and please parse the code in the parser box below.
Show Parser Box

1 comment Add Comment

Bagaimana caranya membaca cache web proxymicrotik dalam bentuk grafik ?

Reply

Comments not appropriate topic will sign SPAM.

Loading...