Beranda » Archives for 2018

How to Set load balancing failover mikrotik

How to Set load balancing failover mikrotik - How to setting mikrotik 2 ISP PCC Load Balancing With Fail Over Without Scripts, this is the example of ni is your mikrotik router has dual wan using PCC method for load balancing. Well the difference in this example all failover or automatic use only wan / isp live. And this difference again without netwatch.

di 6:47 PM 0 komentar

How to setup dynamic server dns mikrotik

How to setup dynamic server dns mikrotik - How to Set Update Dynamic DNS in MikroTik, DDNS (Dynamic DNS) IS a system in the network that allows to translate domain names into dynamic Public IPs (changing). The administrator does not need to update the DNS server every time there is an IP update request. The given IP Public will change when the ADSL modem breaks or when the modem turns off and then on again, for example if we use telkom speedy service. In mikrotik we can take advantage of script and scheduler features for automatic update of our IP Dynamic DNS.
How to Set Update Dynamic DNS in MikroTik

When do you need Dynamic DNS service?

There are several scenarios that determine when you use the Dynamic DNS service, which does not want to mess around with a changing IP Public. When you need Dynamic DNS service:

  • When you use an ISP service that delivers dynamic public IP (changing).
  • You have a server or application on your internal network. With IP Public & DDNS we can do some things, such as:
  • Want remote mikrotik with winbox from outside, for example remote from home, office, campus or internet cafe for example.
  • Monitoring offices, homes, campuses or internet cafes via CCTV cameras from anywhere. Like the example of DVR / CCTV forwarding setting in Mikrotik in my previous article.
  • Internal server application that can be accessed from outside / internet, for example web server, VPN server, FTP, email server etc.


What to prepare for Dynamic DNS settings in MikroTik?

To implement dynamic dns in mikrotik, there are some steps you should do and know the network scenario. 

Register to a dynamic DNS service site in this article site that provides free Dynamic DNS service and support with mikrotik. Example in this script I use 2 free Dynamic DNS service sites: 

ChangeIP.com 
Free 7 sub domains, in the sense you can have 7 sub domain names with different Public IP. 

NoIP.com 
Free 3 sub domains, in the sense you can have 3 sub domain names with different Public IP. 

Example of network scenario with ADSL modem telkom speedy
ADSL Modem -----> MikroTik -> IP Server Internal 
Bridge / IP Forwarding-> NAT ---> Local IP destination

In the above scenario, we will determine the setting of our ADSL / speedy modem. Whether the bridge mode ( Dial PPPoE Speedy in MikroTik ), or use forwarding mode (Setting Forwarding in ADSL Modem). If in forwarding mode, it means that your mikrotik is behind the ADSL NAT modem, or my language is routed by the modem. You must first forwarding settings (virtual server, port mapping, etc) on your ADSL modem. If in bridge mode, your IP public speedy will be directly in interfaces wan mikrotik you.

Setting Script Update Dynamic DNS in MikroTik For Dyndns, No-IP or ChangeIP


As I mentioned earlier, we can take advantage of the script and scheduler features for automatic update of our IP Dynamic DNS. In this script has the function:

  • Automatic update of our IP Dynamic DNS for Dyndns, No-IP or ChangeIP services.
  • IP public catch option behind NAT or not.
  • Log update date, and previous IP changes with new IP.
  • Automatically deletes our internal DNS records (mikrotik flush DNS) to keep the DDNS hostname updated with its new IP.


Enter this script in winbox System> Scripts , column " Name: update_ip_ddns" and in the " Source: " field fill in the script below:

# ************************************************************** * * * * * * * * * * * * * * * *
# Script Update Dynamic DNS in MikroTik For Dyndns, No-IP and ChangeIP
# Thanks to: forum . mikrotik . com , the thread forgot ^ _ ^
# Adam Rachmad / Tested & Work @ ROS v.6.13 18-6-2014
# http : // adamonline . the web . id
# ************************************************************** * * * * * * * * * * * * * * * *
# replace with your account information, your username / password / DDNS hostname
# ************************************************************** * * * * * * * * * * * * * * * *
 
: local username "username_anda"
: local password "password_anda"
: local hostname "hostname.anda"
 
# 2 option to capture your public IP "http" or "iface"
# - http: will catch / search the public IP you use (the scenario if you are behind the ADSL ADSL modem)
# - iface: will use public ip which is set in your mikrotik WAN interface
 
: local discoverBy "http"
 
# the name of the WAN interface to be used to capture your public IP (if the discoverBy = iface option)
 
: local iface "nama_interface_wan_anda"
 
# choose one of the Dynamic DNS services you use: "dyndns", "noip", and "changeip"
 
: local service "changeip"
 
# Schedule (days) to update if the IP does not change (to keep your DDNS account active)
: local forceUpdate 15
 
# ************************************************************** * * * * * * * * * * * * * * * *
# below do not change if you do not know what you are doing
# ************************************************************** * * * * * * * * * * * * * * * *
 
: local force
: global lastUpdate
: local currentIP
 
: if ($ discoverBy = "http") do = { 
   / tool fetch mode = http address = "checkip.dyndns.org" src-path = "/" dst-path = "/ dyndns.checkip.html"
   : local result [/ file get dyndns.checkip.html contents]
   : local resultLen [: len $ result]
   : local startLoc [: find $ result ":" -1]
   : set startLoc ($ startLoc + 2)
   : local endLoc [: find $ result "" -1]
   : set currentIP [: pick $ result $ startLoc $ endLoc]
} else = {
   : set currentIP [/ ip address get [find interface = $ iface disabled = no] address]
   : for i from = ([: len $ currentIP] - 1) to = 0 do = {
      : if ([: pick $ currentIP $ i] = "/") do = {: set currentIP [: pick $ currentIP 0 $ i]} 
   }
}
 
: local resolvedIP [: resolve $ hostname]
: local date [/ system clock get date]
: local months ("jan", "feb", "mar", "apr", "may," "jun", "jul", "aug", "sep", "oct", "nov", "dec ");
: local month [: pick $ date 0 3]; : local day [: pick $ date 4 6]; : local year [: pick $ date 7 11];
: local mm ([: find $ months $ month -1] + 1);
: if ($ mm <10) do = {: set month ("0". $ mm); } else = {: set month $ mm; }
: set date ($ year. $ month. $ day);
 
: if ([: typeof $ lastUpdate] = [: nothing] || (($ date- $ lastUpdate)> = $ forceUpdate && $ forceUpdate> 0)) do = { 
   : set force true 
}
 
: put ("Current IP: $ currentIP ($ discoverBy), Last update: $ lastUpdate")
 
# Determine if dyndns update is needed
: if (($ currentIP! = $ resolvedIP) || ($ force = true)) do = {
    
    : if ($ service = "dyndns") do = {
       / tool fetch user = $ username password = $ password mode = http address = "members.dyndns.org" \
            src-path = "/ nic / update? hostname = $ hostname & myip = $ currentIP" dst-path = "/ output.txt"
    }
    : if ($ service = "noip") do = {
       / tool fetch user = $ username password = $ password mode = http address = "dynupdate.no-ip.com" \
            src-path = "/ nic / update? hostname = $ hostname & myip = $ currentIP" dst-path = "/ output.txt"
    }
    : if ($ service = "changeip") do = {
       / tool fetch user = $ username password = $ password mode = http address = "nic.changeip.com" \
            src-path = "/ nic / update? hostname = $ hostname & myip = $ currentIP" dst-path = "/ output.txt"
    }
    : local result [/ file get output.txt contents]
    : log info ("dynamic-dns-updater: Service = $ service, Hostname = $ hostname")
    : log info ("dynamic-dns-updater: CurrentIP = $ currentIP, Resolved IP = $ resolvedIP")
    : log info ("dynamic-dns-updater: Update result:". $ result)
    / ip dns cache flush
    : set lastUpdate $ date
}

Then we create Schedule for DDNS update every 5 Minutes

/ system scheduler
add disabled = no interval = 5m name = "Update DDNS every 5 minutes" on-event = update_ip_ddns policy = \
ftp, reboot, read, write, policy, test, winbox, password, sniff, sensitive, fire start-date = mar / 30/2014 start-time = 14: 24: 00

Now just verify whether it works well or not, by looking at the updated IP address on your DDNS site. Or try to access with the hostname you have specified.

di 12:33 AM 0 komentar

How to Block TOR Browser Connection in MikroTik

How to Block TOR Browser Connection in MikroTik - This time one of the network admins is confused, the employees in his office are many who try to bypass the internet connection of the office in use for the benefit outside the job affairs. He was confused when he found many office employees using TOR Browser software.


What is TOR Browser?

If you want to browse anonymously, say if your internet connection is limited. With TOR software is the easiest way to overcome it, you are free to surf in a restricted internet network. You can Download TOR Browser Software here.


How to block TOR Browser software connection?

When your network uses mikrotik router and want to block / drop connection software TOR Browser. You can use the setting techniques in mikrotik in this article. I've tried trial and error, for how to detect TOR Browser connection and SUCCESS !!! * till now ^ _ ^.


Setting in MikroTik to Block TOR Browser


First you have to do is detect the connection used TOR software, where the destination IP-IP him or use port how. You can use TORCH tool in mikrotik or the easiest way to know the IP address used tor you can see here List of IP Address TOR Browser . In the list is the IP Server used TOR. You just input the IP-IP server in your mikrotik address-list. Or you can download this scripts , upload them to your mikrotik and import to add IP TOR server list. After you enter the IP-IP list of TOR servers, it's time to drop the connection. 

- This is just an example, download the full address-list here  -

/ ip firewall address-list
add address = 100.0.120.66 comment = "" disabled = no list = IP-TOR
add address = 100.0.180.196 comment = "" disabled = no list = IP-TOR
add address = 100.2.103.234 comment = "" disabled = no list = IP-TOR
add address = 100.33.8.35 comment = "" disabled = no list = IP-TOR
add address = 100.4.25.207 comment = "" disabled = no list = IP-TOR
add address = 101.103.3.201 comment = "" disabled = no list = IP-TOR
add address = 101.140.198.73 comment = "" disabled = no list = IP-TOR
add address = 101.142.85.171 comment = "" disabled = no list = IP-TOR
add address = 101.167.6.96 comment = "" disabled = no list = IP-TOR
add address = 101.55.12.75 comment = "" disabled = no list = IP-TOR
add address = 101.98.158.72 comment = "" disabled = no list = IP-TOR
add address = 103.10.197.50 comment = "" disabled = no list = IP-TOR
add address = 103.15.178.137 comment = "" disabled = no list = IP-TOR
add address = 103.16.26.71 comment = "" disabled = no list = IP-TOR
add address = 103.22.146.158 comment = "" disabled = no list = IP-TOR

The easiest way is to drop the connection to IP-IP Server TOR with the following script:

/ ip firewall filter
add action = drop chain = forward comment = "Drop TOR, www.adamonline.web.id" \
 disabled = no dst-address-list = IP-TOR

If successful, when you open the TOR Browser software it will look like this:
SSS
di 12:25 AM 1 komentar

How to restrict download bandwidth in Mikrotik

How to restrict download bandwidth in Mikrotik - How to Restrict Downloadable Traffic Files In MikroTik - This time I will try to share how to limit / limit the activity of file download in mikrotik. Many of us complain to the behavior of users who like to download big files or weird ones. Maybe this is necessary if in mikrotik network topology, for example in office network, network cafe, rt net network or ISP that sell internet connection Up To or not dedicated 1: 1. We will be bothered by one user who behaves a downloader and eliminate other users bandwidth allocation.

How to Setup Limit Download File With L7 Filtering


Here we use L7 Filtering technique to limit file download according to the extension of file you specified, can for bandwidth limit download exe file, rar, zip, iso and others. 

First, we create filtering regex content L7, specify the string we are looking for.

/ ip firewall layer7-protocol
add name = "Extension \" .exe \ "" regexp = "^. * get. + \\. exe. * \ $"
add name = "Extension \" .mp4 \ "" regexp = "^. * get. + \\. mp4. * \ $"
add name = "Extension \" .rar \ "" regexp = "^. * get. + \\. rar. * \ $"
add name = "Extension \" .zip \ "" regexp = "^. * get. + \\. zip. * \ $"

The example here I will use a string or file extension download only for files with extension exe, mp4, rar, and zip. You can add as needed. 

Secondly, we are signaling / connecting user connections based on L7 regex previously created for further processing in queue bandwidth management mikrotik

/ ip firewall mangle
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .exe \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .mp4 \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .rar \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .zip \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local new-connection-mark = all_conn
add action = mark-packet chain = prerouting connection-mark = download_conn new-packet-mark = download_packet
add action = mark-packet chain = prerouting connection-mark = all_conn new-packet-mark = all_packet

In Winbox it will look like this:



How to Setup Separate Bandwidth Browsing and Download


In this step I also consider the way the setting separates the bandwidth speed for browsing and the speed for downloading files. 

Third, we make the bandwidth management the simple queue.

/ queue simple
add comment = \
    "adamonline.web.id - Separating bandwidth browsing & downloading files" \
    max-limit = 128k / 1M name = Browsing packet-marks = all_packet target = \
    192.168.88.0/24
add max-limit = 128k / 128k name = "Download File" packet-marks = download_packet \
    target = 192.168.88.0 / 24

In the simple queue setting above I example to separate the speed for browsing and to download files:

  • Browsing Activity: Download Speed ​​1Mbps & Upload Speed ​​128Kbps
  • Download File Activity: Download Speed ​​128Kbps & Upload Speed ​​128Kbps


Fourth, we test whether the setting separates the browsing speed and download goes well:



In the picture above, seen when I download the file berekstensi. Zip ter limit speed. As per the speed I set in the simple queue mikrotik. Also visible though the user use internet download manager (IDM) follow the limit speed limit. Or if you do not allow users to use IDM (internet download manager) application on your network, you can try the technique below:

How to Drop Download Connection IDM (Internet Download Manager) In Mikrotik

You can add rules in this kind of mikrotik firewall, still using layer-7 filtering that we previously created:

/ ip firewall filter
add action = drop chain = forward connection-limit = 4.32 in-interface = bridge-local \
    layer7-protocol = "Extension \" .zip \ "" protocol = tcp

The firewall makes if anyone downloads the file using IDM, will be dropped by mikrotik. Because IDM uses more than 1 connection, the firewall will drop IDM if it uses 4 more connections in 1 download file (see connection-limit = 4.32). The above script note "in-interface" adjust your local ether port. 

There may be some other techniques like using connection-bytes, but so far melimit file download speeds in mikrotik more effectively using L7 Filtering, but burden your router load (so heavy). There is also if you use a proxy server can use "Delay-Pool" in squid to limit the download speed of the file.
di 12:20 AM 0 komentar