Konfigurasi Mikrotik DHCP-Firewall-User Manager Hotspot-Blok Site
Table of Contents
Introduction
This tutorial provides a comprehensive guide to configuring basic MikroTik settings, including internet connectivity, setting up a DHCP server, ensuring network security, creating filter rules, blocking IP addresses and websites, and managing users through a hotspot. This step-by-step approach will help you establish a well-functioning network with enhanced security and control.
Step 1: Set Up Internet Connection
To start, ensure your MikroTik router is connected to the internet.
- Access the MikroTik interface using Winbox or WebFig.
- Navigate to IP > Addresses.
- Click on Add to create a new IP address:
- Enter the IP address provided by your ISP.
- Set the interface to the WAN port (usually ether1).
- Click OK to save the changes.
Practical Tip
Always check your ISP documentation for specific settings related to your connection type (DHCP, static IP, etc.).
Step 2: Configure DHCP Server
Setting up a DHCP server allows your router to assign IP addresses automatically to devices on your network.
- Go to IP > DHCP Server.
- Click on DHCP Setup.
- Choose the interface that connects to your local network (usually ether2).
- Follow the prompts to set:
- DHCP address space (e.g., 192.168.88.0/24).
- Gateway (the router's IP address, e.g., 192.168.88.1).
- DNS servers (you can use public DNS such as Google’s 8.8.8.8).
- Confirm the settings and finish the setup.
Common Pitfall
Ensure that the DHCP server address range does not overlap with static IP addresses assigned to devices on your network.
Step 3: Implement Firewall Security
To protect your network from unauthorized access, set up firewall rules.
- Navigate to IP > Firewall.
- Go to the Filter Rules tab.
- Click on Add to create a new rule:
- Set Chain to 'forward'.
- Set Src. Address to the IP range you want to protect.
- Choose Action as 'drop' to block unwanted traffic.
- Repeat this for other rules as necessary, adjusting the criteria based on your security needs.
Practical Tip
Regularly review and update your firewall rules to adapt to new security threats.
Step 4: Block Specific IP Addresses
To block unwanted IP addresses from accessing your network:
- In the Filter Rules tab of the firewall settings, click Add.
- Set Chain to 'input' or 'forward' based on your needs.
- Enter the specific Src. Address you want to block.
- Set Action to 'drop' and click OK.
Real-World Application
Blocking known malicious IPs can significantly reduce the risk of attacks on your network.
Step 5: Block Access to Specific Sites
To restrict access to certain websites:
- Go to IP > Firewall and select the Layer7 Protocols tab.
- Click Add to create a new entry:
- Set the name (e.g., BlockedSites).
- In the Regexp field, enter the regular expression for the site (e.g.,
^.+(example\.com|example\.org).*$).
- Next, go to the Filter Rules tab and click Add.
- Set the Chain to 'forward'.
- In Layer7 Protocol, select your newly created protocol.
- Set Action to 'drop'.
Practical Tip
Test your regular expressions to ensure they correctly match the intended sites.
Step 6: Set Up User Manager for Hotspot
To manage users effectively, configure the User Manager for your hotspot:
- Go to IP > Hotspot.
- Use the Hotspot Setup wizard to configure your hotspot interface.
- Follow the prompts to specify:
- Hotspot interface.
- Address pool.
- Login details.
- Access User Manager under Radius and create user profiles as needed.
Common Pitfall
Ensure that the User Manager is properly integrated with your Hotspot settings to manage users seamlessly.
Conclusion
In this tutorial, we covered the essential steps to configure a MikroTik router for internet connectivity, set up a DHCP server, implement firewall security, block unwanted IPs and sites, and manage users through a hotspot. Regular maintenance and updates to these configurations will help ensure your network remains secure and efficient. Consider exploring advanced features of MikroTik for further optimization.