Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 52
  1. #1
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Melindungi Mikrotik dari serangan luar...

    nih filter yg gwa pake utk melindungi MK gwa.

    TOC :
    - ISP Speedy
    - Mikrotik Dial PPoE, so mikrotik yg lgsg dpt IP Publik, so dia kliatan lgsg dr luar.
    - mis IP Gateway speedy kita 110.139.xxx.yyy.
    - setingan ini gwa pake smpe skrg...

    nih dia...

    ;;; Speedy Filter
    1 chain=input action=accept protocol=udp in-interface=Speedy src-port=53
    2 chain=input action=accept src-address=110.139.xxx.yyy
    3 in-interface=Speedy chain=input action=drop in-interface=Speedy

    ;;; Reject DNS Query
    4 chain=forward action=reject reject-with=icmp-network-unreachable protocol=udp out-interface=Speedy dst-port=53


    Penjelasan :

    Line 1 berfungsi utk menerima smua koneksi yg berasal dari DNS server yg biasanya memakai protokol UDP n port 53 utk koneksinya. kalo mo lbh sangar lagi, tambain source address dgn DNS yg kita pake. hanya sja kalo DNS kita ganti, maka source addr di rules ini jga hrs kita ubah.

    Line 2 berfungsi untuk menerima koneksi yg berasal dari Gateway kita. biasanya koneksi ini dipakai untuk menjaga stabilitas koneksi antara kita dgn gateway. misalx aja protokol icmp ato igmp.

    Line 3 berfungsi untuk menolak smua koneksi2 yg nda jelas, so aman dah MK kita. di ping dari luarpun akan RTO. tapi koneksi klien tetap maknyooosssss...

    Line 4 bonus....nih utk memaksa agar klien mengarahkan DNSnya ke mikrotik kita. kalo dia mo pake DNS lain, maka nda bisa deh... so kita bsa pake DNS Nawala, n klien nda bsa napa2.

    oke...skian dri sya, moga2 bsa membantu.
    Last edited by Blue Angel; 17-06-2010 at 08:12.

  2. The Following 14 Users Say Thank You to Blue Angel For This Useful Post:

    + Show/Hide list of the thanked


  3. #2
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sepi...no comen...no say thanks...cuma dilirik doang

  4. #3
    Status
    Offline
    vgate's Avatar
    Forum Guru
    Join Date
    Apr 2008
    Posts
    2,624
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    11 (100%)
    nice tuts, keep posting, semoga bisa berguna untuk yang lainnya

  5. #4
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Blue Angel Click here to enlarge
    nih filter yg gwa pake utk melindungi MK gwa.

    TOC :
    - ISP Speedy
    - Mikrotik Dial PPoE, so mikrotik yg lgsg dpt IP Publik, so dia kliatan lgsg dr luar.
    - mis IP Gateway speedy kita 110.139.xxx.yyy.
    - setingan ini gwa pake smpe skrg...

    nih dia...

    ;;; Speedy Filter
    1 chain=input action=accept protocol=udp in-interface=Speedy src-port=53
    2 chain=input action=accept src-address=110.139.xxx.yyy
    3 in-interface=Speedy chain=input action=drop in-interface=Speedy

    ;;; Reject DNS Query
    4 chain=forward action=reject reject-with=icmp-network-unreachable protocol=udp out-interface=Speedy dst-port=53


    Penjelasan :

    Line 1 berfungsi utk menerima smua koneksi yg berasal dari DNS server yg biasanya memakai protokol UDP n port 53 utk koneksinya. kalo mo lbh sangar lagi, tambain source address dgn DNS yg kita pake. hanya sja kalo DNS kita ganti, maka source addr di rules ini jga hrs kita ubah.

    Line 2 berfungsi untuk menerima koneksi yg berasal dari Gateway kita. biasanya koneksi ini dipakai untuk menjaga stabilitas koneksi antara kita dgn gateway. misalx aja protokol icmp ato igmp.

    Line 3 berfungsi untuk menolak smua koneksi2 yg nda jelas, so aman dah MK kita. di ping dari luarpun akan RTO. tapi koneksi klien tetap maknyooosssss...

    Line 4 bonus....nih utk memaksa agar klien mengarahkan DNSnya ke mikrotik kita. kalo dia mo pake DNS lain, maka nda bisa deh... so kita bsa pake DNS Nawala, n klien nda bsa napa2.

    oke...skian dri sya, moga2 bsa membantu.
    terimakasih utk share-gan semoga diterima amal baktinya Click here to enlargeClick here to enlarge

  6. #5
    Status
    Offline
    capcay_99's Avatar
    Baru Gabung
    Join Date
    Jun 2008
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    than;s bro... mantap Click here to enlarge Click here to enlarge

  7. #6
    Status
    Offline
    oik_oik's Avatar
    Newbie
    Join Date
    Sep 2009
    Location
    wong mbatu
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Thanks ya mas Blue Angel....
    makin lama mkin siip aja....
    Click here to enlargeClick here to enlargeClick here to enlarge

  8. #7
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah....trnyata ada yg krg dgn rules d atas. apa ya? Click here to enlargeClick here to enlargeClick here to enlarge

  9. #8
    Status
    Offline
    chupest's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Location
    balikpapan
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlargemantep kang. . .... .. .makasih infonya.....maur thankyouClick here to enlargeClick here to enlarge

  10. #9
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Blue Angel Click here to enlarge
    wah....trnyata ada yg krg dgn rules d atas. apa ya? Click here to enlargeClick here to enlargeClick here to enlarge
    yang kurang tuh rules ngga bisa dial kl ampe disconnected Click here to enlarge

  11. #10
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by oktama Click here to enlarge
    yang kurang tuh rules ngga bisa dial kl ampe disconnected Click here to enlarge
    ah masa sih...dsni bsa2 aja kok... yg krg tuh speedanya krg cepat d daerah sy...

  12. #11
    Status
    Offline
    masdidit57's Avatar
    Member
    Join Date
    Jul 2008
    Location
    Papua
    Posts
    139
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Nie kayak tuts bang adhilesmana ya?

  13. #12
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    masa sih??? yg mana tuh? yg sy lihat di forum ini smua rules2 yg dibuat sgt pnjang n membebani kerja mikrotik apalagi sekelas RB750. makax gwa posting ke sini rules yg gwa pake, biar smua bsa nikmati rules yg singkat tapi mumpuni.

  14. #13
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Blue Angel Click here to enlarge
    ah masa sih...dsni bsa2 aja kok... yg krg tuh speedanya krg cepat d daerah sy...
    ip firewall filter chain=output out-interface=PPPoE connection-state=new action accept
    ip firewall filter chain=input in-interface=PPPoE connection-state=established action accept Click here to enlarge

    rules pertama agar kegiatan dial out lancar jaya
    rules kedua agar connection dari radius server bisa tetap aman sesuai dengan yg diatas ngga ada packet yang didrop apabila sudah established Click here to enlarge

  15. #14
    Status
    Offline
    Blue Angel's Avatar
    Member
    Join Date
    Aug 2009
    Posts
    198
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by oktama Click here to enlarge
    ip firewall filter chain=output out-interface=PPPoE connection-state=new action accept
    ip firewall filter chain=input in-interface=PPPoE connection-state=established action accept Click here to enlarge

    rules pertama agar kegiatan dial out lancar jaya
    rules kedua agar connection dari radius server bisa tetap aman sesuai dengan yg diatas ngga ada packet yang didrop apabila sudah established Click here to enlarge
    mksd sy tuh speedynya mmg d limit 450 kbps. 2 rules yg anda tambahkan nda ngaruh apa2, justru i2 memberikan lgi kesempatan dri luar utk coba masuk, krn nda ada filter ip, cuma filter conn state. chain output nda prlu diterapkan, krn yakinlah selama mikrotik kita nda terinfeksi virus atopun trojan (ada nda ya virus di mikrotik ???) maka chain output ilegal nda pernah ada. chain output yg ada hanyalah icmp ato igmp ke gateway dan output utk req DNS dan NTP.

    makanya gw bilang byk rules yg nda ptg yg dimasukkan, yg hanya membebani mikrotik.

  16. #15
    Status
    Offline
    joko_kuno's Avatar
    Member Super Senior
    Join Date
    Apr 2010
    Posts
    601
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mas nubie mau tanya... kalo ppoenya di modem pa perlu dikasih firewall lagi maz mikrotiknya......Click here to enlarge

 

 
Page 1 of 4 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Gimana cara Akses (log in) ke VPN luar dari Mikrotik
    By @reeff in forum Beginner Basics
    Replies: 8
    Last Post: 14-05-2015, 22:56
  2. tanya remot mikrotik dari luar...
    By babytux in forum General Networking
    Replies: 22
    Last Post: 22-04-2010, 09:06
  3. ask : mikrotik gk bisa di ping & traceroue dari luar?
    By nobita.ciber in forum General Networking
    Replies: 4
    Last Post: 25-01-2010, 00:51
  4. Melindungi Server dari IP Conflict
    By mybiring in forum General Networking
    Replies: 5
    Last Post: 16-01-2010, 22:43
  5. remote mikrotik dari luar
    By superbejo in forum General Networking
    Replies: 9
    Last Post: 16-09-2009, 16:06

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •