Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 15 of 15
  1. #1
    Status
    Offline
    fr0ch1m's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Port Forwarding (2 Wan + 1 Lan)

    Dear master2 mikrotik, mohon pencerahannya..
    sesuai thread, topologi saat ini :

    ADSL1 KOMP1
    | |
    ----- Mikrotik ---- Switch ----
    | |
    ADSL2 KOMP2


    Modem
    ADSL1 : 192.168.1.254
    ADSL1 : 192.168.2.254
    Mikrotik
    IP Address
    LAN : 192.168.0.254
    INT1 : 192.168.1.253
    INT2 : 192.168.2.253
    Firewall Mangle
    Conn1 : prerouting in-interface=LAN conn-state=new action=mark-conn
    Route1 : prerouting in-interface=LAN conn-mark=Conn1 action=mark-route
    Conn2 : prerouting in-interface=LAN conn-state=new action=mark-conn
    Route2 : prerouting in-interface=LAN conn-mark=Conn2 action=mark-route

    Percobaan pertama : ADSL1 + ADSL2 di set PPoE di modem
    - Port forwarding dari ADSL1 ke KOMP1 + KOMP2, gagal.
    - Port forwarding dari ADSL2 ke KOMP1 + KOMP2, gagal.

    Percobaan kedua : ADSL1 + ADSL2 di set PPoE di Mikrotik
    - Port forwarding dari ADSL1 ke KOMP1 + KOMP2, ok.
    - Port forwarding dari ADSL2 ke KOMP1 + KOMP2, gagal.

    Note :
    ADSL1 + ADSL2 pake speedy
    Mikrotik pake 450G

    Setting port forwarding kedua di NAT bagaimana?
    - Apakah perlu dibuatkan route tambahan?
    - Apakah perlu dibuatkan bridge? contohnya bagaimana..

    Thanks b4 buat pencerahannya....

  2. #2
    Status
    Offline
    p4w1r0's Avatar
    Member
    Join Date
    Jul 2007
    Location
    dimana_mana_hatiku_senang
    Posts
    252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yg bener kedua line speedy d dial pk MikroTik
    jgn lp d gateway MikroTik jg d kasih kedua gw speedy itu
    baru ntr tinggal d NAT dr msg2 IP Public

  3. #3
    Status
    Offline
    wonkfeihung's Avatar
    Newbie
    Join Date
    Jan 2010
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    betul...dialnya pake mikrotik, trus buat 2 mangle buat mendefinisikan jalurnya, abis itu buat address list, siapa aja yg lewat speedy 1 dan speedy 2. untuk settingan dial up speedy jgn di centang add to default route-nya, buat routing statik sesuai dengan mark-routing yang kita buat di mangle.
    bisa diliat contahnya dibawah.

    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="Mangle Speedy1" \
    disabled=no dst-port=80,443 new-connection-mark=SPEEDY1-C passthrough=yes \
    protocol=tcp src-address-list=SPEEDY1
    add action=mark-routing chain=prerouting comment="" connection-mark=SPEEDY1-C \
    disabled=no new-routing-mark=SPEEDY1-R passthrough=yes src-address-list=\
    SPEEDY1
    add action=mark-connection chain=prerouting comment="Mangle Speedy2" \
    disabled=no dst-port=80,443 new-connection-mark=SPEEDY2-C \
    passthrough=yes protocol=tcp src-address-list=SPEEDY2
    add action=mark-routing chain=prerouting comment="" connection-mark=SPEEDY2-C \
    disabled=no new-routing-mark=SPEEDY2-R passthrough=yes src-address-list=\
    SPEEDY2
    /ip route
    add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=speedy-1 routing-mark=SPEEDY1-R scope=30 target-scope=10
    add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=speedy-2 routing-mark=SPEEDY2-R scope=30 target-scope=10

    nah, script diatas untuk menjadikan 2 line speedy jalan berbarengan, dengan kita yang menentukan jalur mana yang dipakai. Bisa juga ditambahkan metode fail-over, supaya kalo salah satunya mati otomatis langsung pake jalur yg up. semoga membantu

  4. #4
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by fr0ch1m Click here to enlarge
    Dear master2 mikrotik, mohon pencerahannya..
    sesuai thread, topologi saat ini :

    ADSL1 KOMP1
    | |
    ----- Mikrotik ---- Switch ----
    | |
    ADSL2 KOMP2


    Modem
    ADSL1 : 192.168.1.254
    ADSL1 : 192.168.2.254
    Mikrotik
    IP Address
    LAN : 192.168.0.254
    INT1 : 192.168.1.253
    INT2 : 192.168.2.253
    Firewall Mangle
    Conn1 : prerouting in-interface=LAN conn-state=new action=mark-conn
    Route1 : prerouting in-interface=LAN conn-mark=Conn1 action=mark-route
    Conn2 : prerouting in-interface=LAN conn-state=new action=mark-conn
    Route2 : prerouting in-interface=LAN conn-mark=Conn2 action=mark-route

    Percobaan pertama : ADSL1 + ADSL2 di set PPoE di modem
    - Port forwarding dari ADSL1 ke KOMP1 + KOMP2, gagal.
    - Port forwarding dari ADSL2 ke KOMP1 + KOMP2, gagal.

    Percobaan kedua : ADSL1 + ADSL2 di set PPoE di Mikrotik
    - Port forwarding dari ADSL1 ke KOMP1 + KOMP2, ok.
    - Port forwarding dari ADSL2 ke KOMP1 + KOMP2, gagal.

    Note :
    ADSL1 + ADSL2 pake speedy
    Mikrotik pake 450G

    Setting port forwarding kedua di NAT bagaimana?
    - Apakah perlu dibuatkan route tambahan?
    - Apakah perlu dibuatkan bridge? contohnya bagaimana..

    Thanks b4 buat pencerahannya....
    untuk dial di modem
    anda harus men-DMZ ke IP interface Mikrotik yang mengarah ke modem tersebut
    buat rule NAT dengan dst-address=IP_Interface_Mikrotik yang mengarah ke modem, jadi bukan dengan IP Public nya langsung
    karena mikrotik tidak mengenal IP Public Speedy
    buat mark-con pada prerouting in-interface masing-masing modem dan gunakan mark-routing pada prerouting in-interface=Local, agar traffic yang di NAT ke Local dapat di kembalikan ke Interface Public mana traffic itu datang

  5. #5
    Status
    Offline
    fr0ch1m's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @p4w1r0 : thanks...
    @wonkfeihung : thanks...
    @electrix_85 : thanks...

    saat ini udah berhasil port forwarding dari ADSL1+ADSL2 ke komp yang dituju menggunakan setting PPPoE Client di Interface. untuk setting nat menggunakan chain dstnat ke ip lokal yg dituju berdasarkan in-interface INT1 dan INT2. karena gateway dari 2 koneksi wan sama, selain menambahkan satu2 gateway PPPoE1 dan PPPoE2 di route juga ditambahkan gabungan gateway PPPoE1 dan PPPoE2.
    awalnya lancar2 aja kemudian setelah beberapa koneksi masuk dan di forward, dari firewall connection banyak antrian dan akhirnya timeout.
    pertanyaan baru...
    bagaimana supaya koneksi yg masuk bisa lancar tanpa timeout? (dari winbox tab firewall - connection status tidak langsung establish)
    apa perlu ditambahkan filter atau mangle, jika perlu menambahkan filter atau mangle bisa minta tolong diberikan contohnya?

    Thanks b4...

  6. #6
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wonkfeihung Click here to enlarge
    betul...dialnya pake mikrotik, trus buat 2 mangle buat mendefinisikan jalurnya, abis itu buat address list, siapa aja yg lewat speedy 1 dan speedy 2. untuk settingan dial up speedy jgn di centang add to default route-nya, buat routing statik sesuai dengan mark-routing yang kita buat di mangle.
    bisa diliat contahnya dibawah.

    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="Mangle Speedy1" \
    disabled=no dst-port=80,443 new-connection-mark=SPEEDY1-C passthrough=yes \
    protocol=tcp src-address-list=SPEEDY1
    add action=mark-routing chain=prerouting comment="" connection-mark=SPEEDY1-C \
    disabled=no new-routing-mark=SPEEDY1-R passthrough=yes src-address-list=\
    SPEEDY1
    add action=mark-connection chain=prerouting comment="Mangle Speedy2" \
    disabled=no dst-port=80,443 new-connection-mark=SPEEDY2-C \
    passthrough=yes protocol=tcp src-address-list=SPEEDY2
    add action=mark-routing chain=prerouting comment="" connection-mark=SPEEDY2-C \
    disabled=no new-routing-mark=SPEEDY2-R passthrough=yes src-address-list=\
    SPEEDY2
    /ip route
    add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=speedy-1 routing-mark=SPEEDY1-R scope=30 target-scope=10
    add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=speedy-2 routing-mark=SPEEDY2-R scope=30 target-scope=10

    nah, script diatas untuk menjadikan 2 line speedy jalan berbarengan, dengan kita yang menentukan jalur mana yang dipakai. Bisa juga ditambahkan metode fail-over, supaya kalo salah satunya mati otomatis langsung pake jalur yg up. semoga membantu
    yang bertanya nanya port forwarding om kok malah di kasih Pembagian beban 2 Modem Click here to enlargeClick here to enlarge

    ---------- Post added at 09:04 ---------- Previous post was at 09:01 ----------

    Click here to enlarge Originally Posted by fr0ch1m Click here to enlarge
    @p4w1r0 : thanks...
    @wonkfeihung : thanks...
    @electrix_85 : thanks...

    saat ini udah berhasil port forwarding dari ADSL1+ADSL2 ke komp yang dituju menggunakan setting PPPoE Client di Interface. untuk setting nat menggunakan chain dstnat ke ip lokal yg dituju berdasarkan in-interface INT1 dan INT2. karena gateway dari 2 koneksi wan sama, selain menambahkan satu2 gateway PPPoE1 dan PPPoE2 di route juga ditambahkan gabungan gateway PPPoE1 dan PPPoE2.
    awalnya lancar2 aja kemudian setelah beberapa koneksi masuk dan di forward, dari firewall connection banyak antrian dan akhirnya timeout.
    pertanyaan baru...
    bagaimana supaya koneksi yg masuk bisa lancar tanpa timeout? (dari winbox tab firewall - connection status tidak langsung establish)
    apa perlu ditambahkan filter atau mangle, jika perlu menambahkan filter atau mangle bisa minta tolong diberikan contohnya?

    Thanks b4...
    tidak ada penggunaan filter tuh
    yang ada jelas mangle mark-con dan mark-route
    coba copas mangle settingan MKT dirimu biar keliatan dimana kesalahan nya

  7. #7
    Status
    Offline
    fr0ch1m's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @electrix_85
    Berikut ini settingan terakhir di MT RB450G
    Code :
    /interface
    set ether1 name=Speedy-1
    set ether2 name=Speedy-2
    set ether5 name=LAN

    /ip address
    add address=192.168.1.253/24 interface=Speedy-1
    add address=192.168.11.253/24 interface=Speedy-2
    add address=192.168.0.254/24 interface=LAN

    /interface pppoe-client
    add name="PPPoE-1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-1 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
    add name="PPPoE-2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-2 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2

    /ip firewall address-list
    add address=192.168.0.0/24 list=local
    add address=192.168.1.0/24 list=local
    add address=192.168.11.0/24 list=local

    /ip firewall filter
    add chain=forward protocol=tcp in-interface=PPPoE-1 action=jump jump-target=webserver comment="" disabled=no
    add chain=forward protocol=tcp in-interface=PPPoE-2 action=jump jump-target=webserver comment="" disabled=no
    add chain=webserver protocol=tcp action=accept dst-port=8080 comment="Allow Webserver" disabled=no
    add chain=webserver protocol=tcp action=accept dst-port=8181 comment="Allow Webserver" disabled=no
    add chain=forward in-interface=PPPoE-1 out-interface=LAN dst-address=192.168.0.0/24 action=accept comment="Allow semua akses internet to client" disabled=no
    add chain=forward in-interface=PPPoE-2 out-interface=LAN dst-address=192.168.0.0/24 action=accept comment="" disabled=no
    add chain=input in-interface=PPPoE-1 protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
    add chain=input in-interface=PPPoE-2 protocol=tcp dst-port=8291 action=accept comment="" disabled=no
    add chain=input in-interface=PPPoE-1 protocol=udp src-port=123 action=accept comment="Allow NTP Traffic" disabled=no
    add chain=input in-interface=PPPoE-2 protocol=udp src-port=123 action=accept comment="" disabled=no
    add chain=input in-interface=PPPoE-1 protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
    add chain=input in-interface=PPPoE-2 protocol=udp src-port=53 action=accept comment="" disabled=no
    add chain=input in-interface=PPPoE-1 protocol=icmp action=drop comment="Do not Allow Ping Traceroute Traffic" disabled=no
    add chain=input in-interface=PPPoE-2 protocol=icmp action=drop comment="" disabled=no
    add chain=input in-interface=PPPoE-1 connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
    add chain=input in-interface=PPPoE-2 connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="" disabled=no
    add chain=input in-interface=PPPoE-1 action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no
    add chain=input in-interface=PPPoE-2 action=drop comment="" disabled=no

    /ip firewall nat
    add chain=srcnat action=masquerade out-interface=PPPoE-1 comment="" disabled=no
    add chain=srcnat action=masquerade out-interface=PPPoE-2 comment="" disabled=no
    add chain=dstnat protocol=tcp action=dst-nat in-interface=PPPoE-1 dst-port=8080 to-address=192.168.0.9 comment="Forward Server-1" disabled=no
    add chain=dstnat protocol=tcp action=dst-nat in-interface=PPPoE-2 dst-port=8181 to-address=192.168.0.1 comment="Forward Server-2" disabled=no

    /ip route
    add gateway=PPPoE-1 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-1,PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    kali ini tidak di setting mangle mark-con + mark-route karena terakhir kali coba tidak berhasil so coba setting di filter untuk input dst-port tapi hasilnya masih sama alias banyak antrian kalau dilihat dari tab firewall connection dan akhirnya banyak yg kena timeout/request timeout.
    Mohon pencerahan dari master2 MT, thanks b4.....

  8. #8
    Status
    Offline
    vzouh's Avatar
    Member Super Senior
    Join Date
    Jun 2009
    Location
    Solo-Sragen PP
    Posts
    682
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    aku kok malah Bingung ma pertanyaan juga jawaban"nya Click here to enlarge

  9. #9
    Status
    Offline
    maestro_smd's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    235
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by vzouh Click here to enlarge
    aku kok malah Bingung ma pertanyaan juga jawaban"nya Click here to enlarge
    Maksud TS mungkin Load Balancing Click here to enlarge

  10. #10
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by maestro_smd Click here to enlarge
    Maksud TS mungkin Load Balancing Click here to enlarge
    Port Forwarding

  11. #11
    Status
    Offline
    cw-12's Avatar
    Member Senior
    Join Date
    Jan 2010
    Posts
    391
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    2
    Feedback Score
    0
    yng nyimak ikutan bingung, nunggu ts nya aja deh Click here to enlargeClick here to enlarge

  12. #12
    Status
    Offline
    fr0ch1m's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    aduh...jawaban yg terakhir buat electrix_85 kok g nongol yaa.... Click here to enlarge mulai dari awal lagi deh... Click here to enlarge
    it's ok lah Click here to enlarge sekalian ngasih hasil percobaan terakhir
    Code:
    /interface 
    set ether1 name=Speedy-1
    set ether2 name=Speedy-2
    set ether5 name=LAN
    
    /ip address
    add address=192.168.1.253/24 interface=Speedy-1
    add address=192.168.11.253/24 interface=Speedy-2
    add address=192.168.0.254/24 interface=LAN
    
    /interface pppoe-client
    add name="PPPoE-1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-1 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 
    add name="PPPoE-2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-2 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 
    
    /ip firewall address-list 
    add address=192.168.0.0/24 list=local 
    add address=192.168.1.0/24 list=local 
    add address=192.168.11.0/24 list=local 
    
    /ip firewall mangle
    add action=mark-connection chain=prerouting in-interface=PPPoE-1 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb passthrough=yes comment="Webserver" disabled=no 
    add action=mark-routing chain=prerouting connection-mark=cWeb in-interface=PPPoE-1 new-routing-mark=rWeb passthrough=no comment="" disabled=no
    add action=mark-connection chain=prerouting in-interface=PPPoE-2 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb passthrough=yes comment="" disabled=no 
    add action=mark-routing chain=prerouting connection-mark=cWeb in-interface=PPPoE-2 new-routing-mark=rWeb passthrough=no comment="" disabled=no
    
    /ip firewall nat
    add action=masquerade chain=srcnat src-address=192.168.0.0/24 comment="" disabled=no
    add action=dst-nat to-address=192.168.0.9 chain=dstnat in-interface=PPPoE-1 protocol=tcp dst-port=80 connection-mark=cWeb comment="Forward Webserver" disabled=no
    add action=dst-nat to-address=192.168.0.9 chain=dstnat in-interface=PPPoE-2 protocol=tcp dst-port=80 connection-mark=cWeb comment="" disabled=no
    
    /ip route
    add gateway=LAN distance=1 dst-address=192.168.0.9 routing-mark=rWeb scope=255 target-scope=10 comment="Route Webserver" disabled=no 
    add gateway=PPPoE-1 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-1,PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    
    /ip firewall filter
    add action=accept chain=input in-interface=PPPoE-1 protocol=tcp dst-port=80
    add action=accept chain=input in-interface=PPPoE-2 protocol=tcp dst-port=80
    add action=accept chain=forward connection-state=established comment="allow established connections" disabled=no 
    add action=accept chain=forward connection-state=related comment="allow related connections" disabled=no 
    add action=drop chain=forward connection-state=invalid comment="drop invalid connections" disabled=no
    Dari hasil percobaan terakhir ini user (dari luar akses webserver lokal) masih sering kena request timeout.
    Padahal kalo dari modem langsung (g pake masuk mikrotik) lancar2 wae...
    rencananya, kalo ini berhasil mo coba...
    input => PPPoE-1 => Webserver => PPPoE-2 => output
    Masuk pertama kali dari pintu PPPoE-1 trus diolah ama webserver then kluarnya lewat pintu PPPoE-2. kira2 bisa g yaa..... Click here to enlarge
    Mohon pencerahan dari master2 MT, thanks b4.....

  13. #13
    Status
    Offline
    wonkfeihung's Avatar
    Newbie
    Join Date
    Jan 2010
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    yang bertanya nanya port forwarding om kok malah di kasih Pembagian beban 2 Modem Click here to enlargeClick here to enlarge

    ---------- Post added at 09:04 ---------- Previous post was at 09:01 ----------



    tidak ada penggunaan filter tuh
    yang ada jelas mangle mark-con dan mark-route
    coba copas mangle settingan MKT dirimu biar keliatan dimana kesalahan nya
    maksudnya, portnya tinggal dirubah sesuai kebutuhan...so ga cuma buat 80 n 443 doang...mungkin ane salah tolong di koreksi Click here to enlarge

  14. #14
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by fr0ch1m Click here to enlarge
    Code:
    /interface 
    set ether1 name=Speedy-1
    set ether2 name=Speedy-2
    set ether5 name=LAN
    
    /ip address
    add address=192.168.1.253/24 interface=Speedy-1
    add address=192.168.11.253/24 interface=Speedy-2
    add address=192.168.0.254/24 interface=LAN
    
    /interface pppoe-client
    add name="PPPoE-1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-1 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 
    add name="PPPoE-2" max-mtu=1480 max-mru=1480 mrru=disabled interface=Speedy-2 user="xxxxxx@telkom.net" password="yyyyyy" profile=default service-name="" ac-name="" add-default-route=yes dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 
    
    /ip firewall address-list 
    add address=192.168.0.0/24 list=local 
    add address=192.168.1.0/24 list=local 
    add address=192.168.11.0/24 list=local 
    
    /ip firewall mangle
    add action=mark-connection chain=prerouting in-interface=PPPoE-1 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb passthrough=yes comment="Webserver" disabled=no >>>> harus di bedakan connection-mark dari PPPoE-1
    add action=mark-routing chain=prerouting connection-mark=cWeb in-interface=PPPoE-1 new-routing-mark=rWeb passthrough=no comment="" disabled=no >>> mark-route di berikan ke traffic yang keluar menuju WAN bukan yang masuk ke WAN
    add action=mark-connection chain=prerouting in-interface=PPPoE-2 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb passthrough=yes comment="" disabled=no >>>> harus di bedakan connection-mark dari PPPoE-2
    add action=mark-routing chain=prerouting connection-mark=cWeb in-interface=PPPoE-2 new-routing-mark=rWeb passthrough=no comment="" disabled=no >>> mark-route di berikan ke traffic yang keluar menuju WAN bukan yang masuk ke WAN
    
    /ip firewall nat
    add action=masquerade chain=srcnat src-address=192.168.0.0/24 comment="" disabled=no
    add action=dst-nat to-address=192.168.0.9 chain=dstnat in-interface=PPPoE-1 protocol=tcp dst-port=80 connection-mark=cWeb comment="Forward Webserver" disabled=no >>> to-port nya mana ???
    add action=dst-nat to-address=192.168.0.9 chain=dstnat in-interface=PPPoE-2 protocol=tcp dst-port=80 connection-mark=cWeb comment="" disabled=no >>> to-port nya mana ???
    
    /ip route
    add gateway=LAN distance=1 dst-address=192.168.0.9 routing-mark=rWeb scope=255 target-scope=10 comment="Route Webserver" disabled=no >>> kok gateway Interface LAN ???
    add gateway=PPPoE-1 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-1,PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    harus di tambah gateway sesuai routing-mark buat masing-masing interface WAN
    
    /ip firewall filter
    add action=accept chain=input in-interface=PPPoE-1 protocol=tcp dst-port=80
    add action=accept chain=input in-interface=PPPoE-2 protocol=tcp dst-port=80
    add action=accept chain=forward connection-state=established comment="allow established connections" disabled=no 
    add action=accept chain=forward connection-state=related comment="allow related connections" disabled=no 
    add action=drop chain=forward connection-state=invalid comment="drop invalid connections" disabled=no 
    coba disable dulu filter !!
    Code:
    /ip firewall mangle
    add action=mark-connection chain=prerouting in-interface=PPPoE-1 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb-1 passthrough=yes comment="Webserver" disabled=no 
    add action=mark-routing chain=prerouting connection-mark=cWeb-1 in-interface=LAN new-routing-mark=rWeb-1 passthrough=no comment="" disabled=no
    add action=mark-connection chain=prerouting in-interface=PPPoE-2 protocol=tcp dst-port=80 connection-state=new new-connection-mark=cWeb-2 passthrough=yes comment="" disabled=no 
    add action=mark-routing chain=prerouting connection-mark=cWeb-2 in-interface=LAN new-routing-mark=rWeb-2 passthrough=no comment="" disabled=no
    
    /ip firewall nat
    add action=masquerade chain=srcnat src-address=192.168.0.0/24 comment="" disabled=no
    add action=dst-nat to-address=192.168.0.9 to-port=80 chain=dstnat in-interface=PPPoE-1 protocol=tcp dst-port=80 comment="Forward Webserver" disabled=no
    add action=dst-nat to-address=192.168.0.9 to-port=80 chain=dstnat in-interface=PPPoE-2 protocol=tcp dst-port=80 comment="" disabled=no
    
    /ip route
    add gateway=PPPoE-1 routing-mark=rWeb-1
    add gateway=PPPoE-2 routing-mark=rWeb-2
    add gateway=PPPoE-1 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    add gateway=PPPoE-1,PPPoE-2 dst-address=0.0.0.0/0 distance=1 disabled=no
    perhatikan perbedaan nya

    logika port forwarding multiple WAN dan di tujukan ke satu LAN
    anda harus membentuk connection-mark yang berbeda yang masuk dari interface WAN yang berbeda
    routing-mark di berikan ke traffic yang keluar menuju WAN dari suatu LAN dengan menggunakan connection-mark yang sudah di buat dan diberikan routing-mark yang berbeda
    agar traffic yang masuk dari suatu WAN benar2 bisa keluar dari WAN dari mana dia masuk

    JANGAN LUPA THANX nya !!!
    Last edited by adiputrolds; 18-11-2010 at 13:01.

  15. The Following 2 Users Say Thank You to adiputrolds For This Useful Post:


  16. #15
    Status
    Offline
    fr0ch1m's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @electrix_85 : thanks gan....
    Ntar ane kasih tau hasil percobaan terakhir na.

    Sebenernya, metode PF (Port Forwarding) ini bisa di gabungin ama LB (Load Balance) g yaa? masuk dari pintu A trus kluarnya dari pintu B.
    tujuannya : sewaktu masuk dari pintu A di forward ke webserver, hasil olah dari webserver akan dikembalikan lewat pintu A ternyata dah banyak antrian akhirnya dikeluarkan dari pintu B yg tidak banyak antriannya.

    Dari hasil baca2 postingan baik dalem ma luar, kebanyakan kalo masuk dari pintu A keluarnya dari pintu A juga dengan alasan metode post ke IP-A maka get dari IP-A pula.

    kalau dari master2 MT ada yg pernah coba dan berhasil, mohon clue na...thanks.

 

 

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. forwarding port untuk remote desktop
    By koetoecyber in forum General Networking
    Replies: 6
    Last Post: 11-06-2016, 16:25
  2. port forwarding
    By eternity in forum General Networking
    Replies: 4
    Last Post: 09-07-2010, 02:17
  3. tidak bisa port forwarding ke web server
    By grizzly in forum HotSpot, The Dude & User Manager
    Replies: 0
    Last Post: 02-02-2010, 16:19
  4. POrt Forwarding
    By apixbuanget in forum General Networking
    Replies: 1
    Last Post: 27-08-2009, 11:50

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •