Mikrotik Hotspot Setup

15.07    

Mikrotik Hotspot
Disamping usaha warnet, ciputih juga menyediakan layanan Wireless Hotspot dengan memanfaatkan Mikrotik sebagai power dalam sistem billing hotspot. Alhamdulillah untuk bisnis ini sudah 5 tahun berjalan untuk melayani internet connection untuk para mahasiswa yang indekos diseputaran warnet ciputih.

Langsung aja saya share rule pembangunannya, pertama-tama tentunya install mikrotiknya dulu lah.. cara menginstall tidak dibahas,
yang jelas harus menginstal package NPK Hotspot dan UserManager.

Setelah terinstall maka mengsetup Interface ip, untuk hal ini kita menggunakan contoh sbb:

MEBERI NAMA BARU INTERFACE
--------------------------
/ interface ethernet set ether1 name=public
/ interface ethernet set ether2 name=hotspot

MEMBERI IP Interface
--------------------
/ ip address add address=192.168.10.101/24 interface=public
/ ip address add address=192.168.100.1/24 interface=hotspot


MEMBERI AKSES KE GATEWAY 192.168.10.111
------------------------
/ ip route add gateway=192.168.10.111


MEMBERI IP DNS
--------------
/ ip dns set primary-dns=202.134.0.155
/ ip dns set secondary-dns=202.134.0.61
/ ip dns set allow-remote-request=yes


===============================
SETING HOTSPOT
===============================

Supaya mudah maka =>> Lakukan dulu "Setup Hotspot" dengan menggunakan Winbox


#### USER MANAGER ####
=====>>cek login perhatikan cookieLifetime "jangan terlalu lama" mis.1d
=====>>nama subcriber dan username/name seterusnya hrs sama login customer

/ ip hotspot profile set hsprof1 hotspot-address=192.168.100.1 dns-name="hotspot.com" http-proxy=192.168.100.1:3128 use-radius=yes radius-accounting=yes radius-interim-update=received nas-port-type=ethernet
/ ip hotspot user profile set default address-pool=hs-pool-2 idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=http-login advertise=no
/ ip hotspot set hotspot1 addresses-per-mac=1

/ radius add service=hotspot address=192.168.100.1 secret=12345678
/ tool user-manager customer add login="admin" password="admin" permissions=owner
/ tool user-manager router add subscriber=admin ip-address=192.168.100.1 shared-secret=12345678
/ tool user-manager user add username=admin password=admin subscriber=admin

--------------------------------------------------------------------------------
for ver3 / tool user-manager user add name=admin password=admin subscriber=admin
for ver4 / tool user-manager user add name=admin password=admin customer=admin
--------------------------------------------------------------------------------


##### NAT rules #####
----the authorized clients chain www.yahoo.com = 74.125.235.19 -----

/ip fi nat add chain=dstnat hotspot=from-client action=jump jump-target=hotspot
/ip fi nat add chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872
/ip fi nat add chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872
/ip fi nat add chain=hotspot protocol=tcp dst-port=80 hotspot=local-dst action=redirect to-ports=64873
/ip fi nat add chain=hotspot protocol=tcp dst-port=443 hotspot=local-dst action=redirect to-ports=64875
/ip fi nat add chain=hotspot protocol=tcp action=jump hotspot=!auth jump-target=hs-unauth
/ip fi nat add chain=hotspot protocol=tcp action=jump hotspot=auth jump-target=hs-auth
/ip fi nat add chain=hs-unauth dst-address=74.125.235.19 protocol=tcp dst-port=80 action=return
/ip fi nat add chain=hs-unauth protocol=tcp dst-port=80 action=redirect to-ports=64874
/ip fi nat add chain=hs-unauth protocol=tcp dst-port=3128 action=redirect to-ports=64874
/ip fi nat add chain=hs-unauth protocol=tcp dst-port=8080 action=redirect to-ports=64874
/ip fi nat add chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875
/ip fi nat add chain=hs-unauth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp
/ip fi nat add chain=hs-auth protocol=tcp hotspot=http action=redirect to-ports=64874
/ip fi nat add chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp


##### FILTER rules #####
----the authorized clients chain www.yahoo.com = 74.125.235.19 -----

/ip fi fi add chain=forward hotspot=from-client,!auth action=jump jump-target=hs-unauth
/ip fi fi add chain=forward hotspot=to-client,!auth action=jump jump-target=hs-unauth-to
/ip fi fi add chain=input hotspot=from-client action=jump jump-target=hs-input
/ip fi fi add chain=hs-input protocol=udp dst-port=64872 action=accept
/ip fi fi add chain=hs-input protocol=tcp dst-port=64872-64875 action=accept
/ip fi fi add chain=hs-input hotspot=!auth action=jump jump-target=hs-unauth
/ip fi fi add chain=hs-unauth protocol=icmp action=return
/ip fi fi add chain=hs-unauth dst-address=74.125.235.19 protocol=tcp dst-port=80 action=return
/ip fi fi add chain=hs-unauth protocol=tcp action=reject reject-with=tcp-reset
/ip fi fi add chain=hs-unauth action=reject reject-with=icmp-net-prohibited
/ip fi fi add chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited


##### MANGLE rules #####
## Memanipulasi Service ICMP & DNS Resolving

/ ip firewall mangle add chain=prerouting src-address=192.168.100.0/24 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
/ ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
/ ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
/ ip firewall mangle add chain=prerouting src-address=192.168.100.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
/ ip firewall mangle add chain=prerouting src-address=192.168.100.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
/ ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
/ ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay

# Menambahkan Queue Bandwidth DNS & ICMP :
/ queue type add name="PFIFO-64" kind=pfifo pfifo-limit=64
/ queue tree add name=ICMP parent=public packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
/ queue tree add name=DNS parent=public packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64


##### WEB PROXY MANGLE RULE & QUEUE PCQ Banwit speedy 2 mega down 384kb, Up 128kb #####

/ ip firewall mangle add chain=prerouting in-interface=hotspot src-address=192.168.100.0/24 action=mark-packet new-packet-mark=test-up passthrough=no
/ ip firewall mangle add chain=forward src-address=192.168.100.0/24 action=mark-connection new-connection-mark=test-conn passthrough=yes
/ ip firewall mangle add chain=forward in-interface=public connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
/ ip firewall mangle add chain=output out-interface=hotspot dst-address=192.168.100.0/24 action=mark-packet new-packet-mark=test-down passthrough=no

/ queue type add name="PCQ-HOT" kind=pcq pcq-rate=384000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
/ queue type add name="PCQ-HOT2" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
/ queue tree add name="Downsload" parent=hotspot packet-mark=test-down queue=PCQ-HOT priority=8 max-limit=2000000
/ queue tree add name="Upsload" parent=global-in packet-mark=test-up queue=PCQ-HOT2 priority=8 max-limit=450000

/ ip web-proxy set enabled=yes port=3128 transparent-proxy=yes max-object-size=10000KiB cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access add action=allow
/ ip web-proxy cache add action=allow



+++++==================++++++
/sys reboot


####User manager###
Buka mozilla isi address http://192.168.10.101/userman
Login : admin
pass : admin

dan silahkan atur hotspotnya... semoga manfaat dan suksess