Remote Radio AP dibelakang Mikrotik Router

Setelah seminggu utak-atik dibimbing oleh rekan2 FMI (credit buat bro "Chepoek" ) akhirnya bs jg remote radio AP (ubnt & mikrotik RB433 serta modem Speedy dari luar kota....

Berikut konfigurasi NAT & Filter yg sy gunakan (mhn dikoreksi kalo msh kurang sempurna):

Fokus di script warna merah

NAT
Quote:0 chain=srcnat action=masquerade out-interface=pppoe-Speedy

1 chain=srcnat action=masquerade out-interface=radio

2 chain=srcnat action=masquerade out-interface=Hotspot

3 chain=dstnat action=dst-nat to-addresses=192.168.7.102 to-ports=8291 protocol=tcp dst-address=xxx.xxx.xxx.xx in-interface=pppoe-Speedy
dst-port=8292

4 chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=80 protocol=tcp dst-address=xxx.xxx.xxx.xx in-interface=pppoe-Speedy dst-port=8293

5 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=80 protocol=tcp dst-address=xxx.xxx.xxx.xx in-interface=pppoe-Speedy dst-port=8294

6 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=80 protocol=tcp dst-address=xxx.xxx.xxx.xx in-interface=pppoe-Speedy dst-port=8295

FILTER:
Quote:
0 ;;; Allow NTP Traffic
chain=input action=accept protocol=udp in-interface=pppoe-Speedy src-port=123

1 ;;; Allow DNS Traffic
chain=input action=accept protocol=udp in-interface=pppoe-Speedy src-port=53

2 ;;; Allow Ping Trace Route Traffic
chain=input action=accept protocol=icmp in-interface=pppoe-Speedy

3 ;;; Allow Remote Winbox From Public
chain=input action=accept protocol=tcp dst-port=8291

4 ;;; Allow Remote RB433 from Public
chain=input action=accept protocol=tcp dst-port=8292

5 ;;; Allow Remote Radio UBNT 2 from Public
chain=input action=accept protocol=tcp dst-port=8293

6 ;;; Allow Remote Radio UBNT 1 from Public
chain=input action=accept protocol=tcp dst-port=8294

7 ;;; Allow Remote Modem from Public
chain=input action=accept protocol=tcp dst-port=8295

8 ;;; Log Rejected IP
chain=input action=add-src-to-address-list connection-state=new address-list=spam address-list-timeout=30m in-interface=pppoe-Speedy

9 ;;; Drop Unauthenticated Connection
chain=input action=drop in-interface=pppoe-Speedy

10 ;;; Allow PC Warnet Access
chain=forward action=accept src-address-list=allow in-interface=Warnet

11 ;;; Allow Internet Access to Warnet
chain=forward action=accept dst-address=192.168.8.0/24 in-interface=pppoe-Speedy out-interface=Warnet

12 ;;; Drop Unauthenticated PC Warnet
chain=forward action=drop in-interface=Warnet

13 ;;; Allow RT/RW Client
chain=forward action=accept src-address-list=allow in-interface=Hotspot

14 ;;; Allow Internet Access to RT/RW Net
chain=forward action=accept dst-address=192.168.7.0/24 in-interface=pppoe-Speedy out-interface=Hotspot

15 ;;; Drop Unauthenticated RT/RW Client
chain=forward action=drop in-interface=Hotspo

Keterangan:
Interface:
Interface "radio" : ke radio UBNT NB M5
Interface "Hotspot" : ke hotspot utama RT/RW Net, Mikrotik RB433
Interface "pppoe-Speedy" : ke jaringan internet

IP Address
xxx.xxx.xxx.xx --> IP Public dari Speedy
192.168.7.102 --> IP Mikrotik RB433
192.168.1.3 --> IP UBNT NB M5 #1 (PtP dgn UBNT NB M5 #2)
192.168.1.3 --> IP UBNT NB M5 #2 (PtP dgn UBNT NB M5 #1)
192.168.1.1 --> IP Modem Speedy

Skema jaringan:
Speedy--Modem (bridge)--UBNT NB M5 #1 (AP WDS) <<<PtP>>> UBNT NB M5 #2 (Station WDS)--Mikrotik Router RB450--Mikrotik AP/hotspot RB433


NB: Filter # 15 masih msh harus sy disable dulu jk pengen remote ke RB433 (mhn saran untuk perbaikan..)


Semoga bermanfaat

Credit to : FMI