Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 13 of 13
  1. #1
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [Help] OS 3.30 x86 Masih banyak bugs?

    nubie mau tanya gan..

    apakah os 3.30 x86 masih banyak bugs nya?
    karna saya buat rule block website melalui layer 7 masih banyak yg lolos
    dan saya buat rule block content di mangle pun banyak yg lolos
    saya sempat coba downgarde ke V 3.13 namun lisencenya ilang dan saya upgarde lagi ke 3.30 tidak mau Click here to enlarge

    akhirnya saya coba install ulang dan untungnya software id nya masih sama
    Click here to enlarge

    apakah memang benar masih banyak bugsnya?
    saya memang ada niat mau saya upgrade ke V4

    mohon bantuannya Click here to enlarge

  2. #2
    Status
    Offline
    wsputra's Avatar
    Member
    Join Date
    Jul 2008
    Location
    Planet Mars
    Posts
    261
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba posting sini gan rule nya,
    biar kita kita bisa lihat.
    tempat kami masalahnya gak masalah gan.
    Click here to enlarge

  3. #3
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wsputra Click here to enlarge
    coba posting sini gan rule nya,
    biar kita kita bisa lihat.
    tempat kami masalahnya gak masalah gan.
    Click here to enlarge
    ini gan :

    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="Sharing Lan" disabled=no \
    dst-address-list=Ournetwork new-packet-mark="Share Lan" passthrough=yes \
    src-address-list=Ournetwork
    add action=mark-connection chain=forward comment=International disabled=no \
    new-connection-mark=International_Link passthrough=yes src-address-list=\
    !nice
    add action=mark-connection chain=forward comment="" disabled=no \
    dst-address-list=!nice new-connection-mark=International_Link \
    passthrough=yes
    add action=mark-packet chain=prerouting comment="" disabled=no \
    new-packet-mark=International passthrough=yes
    add action=mark-connection chain=forward comment=Lokal disabled=no \
    new-connection-mark=Lokal_Link passthrough=yes src-address-list=nice
    add action=mark-connection chain=forward comment="" disabled=no \
    dst-address-list=nice new-connection-mark=Lokal_Link passthrough=yes
    add action=mark-packet chain=prerouting comment="" disabled=no \
    new-packet-mark=Lokal passthrough=yes


    add action=mark-connection chain=forward comment="Block Website" disabled=no \
    layer7-protocol=indowebster new-connection-mark=Ilegal_Conn passthrough=\
    yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=tube8 new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=indonettube new-connection-mark=Ilegal_Conn passthrough=\
    yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol="You Porn" new-connection-mark=Ilegal_Conn passthrough=\
    yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=metacafe new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol="porn tube" new-connection-mark=Ilegal_Conn passthrough=\
    yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=redtube new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=X-tube new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=Mivo new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=4shared new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol="Binus Streaming" new-connection-mark=Ilegal_Conn \
    passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=streaming new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-connection chain=forward comment="" disabled=no \
    layer7-protocol=Pornhub new-connection-mark=Ilegal_Conn passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    Ilegal_Conn disabled=no new-packet-mark=Ilegal passthrough=yes


    add action=mark-connection chain=prerouting comment="Mangle Content Download" \
    content=*.avi disabled=yes new-connection-mark=con-download passthrough=\
    yes
    add action=mark-connection chain=prerouting comment="" content=*.mp3 \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.mov \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.mkv \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.flv \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.rmvb \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.wmv \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.wma \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.3gp \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.3gpp \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-connection chain=prerouting comment="" content=*.exe \
    disabled=yes new-connection-mark=con-download passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    con-download disabled=yes new-packet-mark=download passthrough=yes

    untuk mark connectionnya sudah di buat prerouting sama saja masih loss
    Last edited by Brindz; 20-04-2010 at 11:29.

  4. #4
    Status
    Offline
    pesonk's Avatar
    Member
    Join Date
    Jul 2009
    Posts
    176
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    blocking rule bikinnya di mangle !? knapa gak di filter !?
    /ip fi fi add chain=forward L7-protocol="nama L7" action=drop

    klo di mangle bukannya untuk ngelimit paketnya !?
    sori, nyubi juga Click here to enlarge

  5. #5
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    tambahan gan,
    liat status regexnya di sourceforge.net. ada klasifikasi regexnya, ada yang maknyoss dan ada yang nggak...
    saya masih pake 3.30 buat limit video streaming masih ok....Click here to enlarge

    nambahin link pattern
    Last edited by sum14rdi; 20-04-2010 at 13:02.

  6. #6
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pesonk Click here to enlarge
    blocking rule bikinnya di mangle !? knapa gak di filter !?
    /ip fi fi add chain=forward L7-protocol="nama L7" action=drop

    klo di mangle bukannya untuk ngelimit paketnya !?
    sori, nyubi juga Click here to enlarge
    sudah di coba gan...
    di buat lebih spesifik juga sama saja

    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    tambahan gan,
    liat status regexnya di sourceforge.net. ada klasifikasi regexnya, ada yang maknyoss dan ada yang nggak...
    saya masih pake 3.30 buat limit video streaming masih ok....Click here to enlarge

    nambahin link pattern
    itu di pakai untu limit video streaming aja gan?
    klo block website?

  7. #7
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    yupe cuma block video streaming, untuk block website saya pake squid cache +squidguard yang diinstall terpisah dari mikrotiknya alias bikin server proxy sendiri.
    klo block website kenapa gak memanfaatkan option content di tab advanced yang ada di /ip firewall filter ??

  8. #8
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    yupe cuma block video streaming, untuk block website saya pake squid cache +squidguard yang diinstall terpisah dari mikrotiknya alias bikin server proxy sendiri.
    klo block website kenapa gak memanfaatkan option content di tab advanced yang ada di /ip firewall filter ??
    saya mau memastikan tidak ada masalah di mangle
    klo di filter seh bisa
    cuma ya itu tadi saya hanya mau make sure untuk persentasi saya klo 3.30 itu masih banyak bugs nya

  9. #9
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kenapa ga pake filter aja trus yg website nya di drop pake content

    kelemahannya pada filter akan berjejer banyak rule block

    ....
    untuk file extension mesti di buat dulu address-list nya kemudian baru di foward d mangle

    /ip filter

    Code:
    add chain=forward src-address=18.18.18.0/24 protocol=tcp content=.exe \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00 comment="Cekek"
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mov \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mpg \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mp3 \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.3gpp \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.wma \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.flv \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.dat \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    /ip mangle
    Code:
    add chain=forward protocol=tcp src-address-list=cekek action=mark-packet new-packet-mark=cekek-bw comment="Cekek"
    /queue simple
    Code:
    add name=download-files max-limit=64000/64000 packet-marks=cekek-bw
    tuc saya ambil dari batas download limit extension... klo mau di blok
    pada que simple nya di buat kecil aja max-limit=1k/1kClick here to enlarge

  10. #10
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by putra_maiwa Click here to enlarge
    kenapa ga pake filter aja trus yg website nya di drop pake content

    kelemahannya pada filter akan berjejer banyak rule block

    ....
    untuk file extension mesti di buat dulu address-list nya kemudian baru di foward d mangle

    /ip filter

    Code:
    add chain=forward src-address=18.18.18.0/24 protocol=tcp content=.exe \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00 comment="Cekek"
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mov \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mpg \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.mp3 \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.3gpp \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.wma \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.flv \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    add chain=forward src-address=[ip LAN]/24 protocol=tcp content=.dat \
    action=add-dst-to-address-list address-list=cekek address- \
    list-timeout=01:00:00
    /ip mangle
    Code:
    add chain=forward protocol=tcp src-address-list=cekek action=mark-packet new-packet-mark=cekek-bw comment="Cekek"
    /queue simple
    Code:
    add name=download-files max-limit=64000/64000 packet-marks=cekek-bw
    tuc saya ambil dari batas download limit extension... klo mau di blok
    pada que simple nya di buat kecil aja max-limit=1k/1kClick here to enlarge
    iya seh...
    saya juga pake filter juga jalan
    cuma saya mau mastiin di layer 7 nya
    saya sudah coba juga pake filter seh bisa Click here to enlarge

  11. #11
    Status
    Offline
    pesonk's Avatar
    Member
    Join Date
    Jul 2009
    Posts
    176
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nah, trus kesimpulannya apaan !?
    setahu saya, pada thread tahun kemaren soal L7, emang gak bisa buat ngeBlock nama situs, tapi seperti kata suhu sum14rdi, pattern-nya dipake untuk content-content traffic semacam itu, dan juga biasanya untuk P2P..
    sedangkan untuk ngeBlock nama situs secara langsung, lebih efektif jika pake fitur PROXY..

    dan kendala yang ente hadapi bukan BUGS dari 3.30, tapi emang penggunaan dan penempatan fitur yang kurang tepat..
    mohon koreksi jika ini fitnah Click here to enlarge

  12. #12
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gw sdh pernah coba pake layer7 untuk blok... tapi urung di laksanakan..

    masih bingung Click here to enlarge dan juga blng para suhu2 agak ribet..

    terpaksa kembali pake filter.. maunya di squit aja, cuma sampai sekarang squidku ga bisa dibuka.. yg gawe lupa username dan pass nya
    hayooo ngaku....Click here to enlarge

  13. #13
    Status
    Offline
    Brindz's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    29
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pesonk Click here to enlarge
    nah, trus kesimpulannya apaan !?
    setahu saya, pada thread tahun kemaren soal L7, emang gak bisa buat ngeBlock nama situs, tapi seperti kata suhu sum14rdi, pattern-nya dipake untuk content-content traffic semacam itu, dan juga biasanya untuk P2P..
    sedangkan untuk ngeBlock nama situs secara langsung, lebih efektif jika pake fitur PROXY..

    dan kendala yang ente hadapi bukan BUGS dari 3.30, tapi emang penggunaan dan penempatan fitur yang kurang tepat..
    mohon koreksi jika ini fitnah Click here to enlarge
    hmmm...
    tapi di v yg lain seperti 3.13 tidak masalah gan..
    ini yg jadi adi pertanyaan saya dan belum ketemu jawabannya Click here to enlarge
    Click here to enlarge Originally Posted by putra_maiwa Click here to enlarge
    gw sdh pernah coba pake layer7 untuk blok... tapi urung di laksanakan..

    masih bingung Click here to enlarge dan juga blng para suhu2 agak ribet..

    terpaksa kembali pake filter.. maunya di squit aja, cuma sampai sekarang squidku ga bisa dibuka.. yg gawe lupa username dan pass nya
    hayooo ngaku....Click here to enlarge
    memang seh lebih enak pake filter Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 1 Userman Banyak Hotspot
    By nyoman in forum HotSpot, The Dude & User Manager
    Replies: 14
    Last Post: 14-08-2010, 20:11
  2. wta=log pr ada banyak ip mau login
    By xxx123 in forum Beginner Basics
    Replies: 5
    Last Post: 19-07-2010, 22:38
  3. Replies: 70
    Last Post: 02-03-2010, 11:24
  4. (ask) apakah ini bugs di v3.13 ????
    By sum14rdi in forum General Networking
    Replies: 6
    Last Post: 20-09-2008, 09:27
  5. [ask] torch : pc berkoneksi banyak bgt
    By sefri in forum General Networking
    Replies: 4
    Last Post: 01-02-2008, 14:49

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •