Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 50
  1. #1
    Status
    Offline
    ElangLiar's Avatar
    Newbie
    Join Date
    Feb 2010
    Posts
    25
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    bagaimana caranya supaya client tidak bisa merubah ip

    para master mikrotik, bagaimana caranya supaya client tidak bisa merubah ip?seumpama client merubah ip pun tidak akan bisa konek ke internet, saya sudah mencoba dengan cara

    /ip firewall address-list
    add address=192.168.0.1 list=yes disabled=no

    /ip firewall nat
    add chain=srcnat disabled=no src-address-list=yes action=masquerade

    setelah saya coba ganti ip dengan 192.168.0.20 tetap saja masih bisa konek internet , tlong beri solusi ya sekian dan terimakasih.

  2. #2
    Status
    Offline
    yohanexz's Avatar
    Member Super Senior
    Join Date
    Sep 2010
    Location
    Rawamangun, Jakarta
    Posts
    613
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    1
    Feedback Score
    0
    Bikin filter rule aja sperti ini.

    /ip firewall filter
    add action=drop chain=input src-address=192.168.0.2-192.168.0.30

    maksud nya ip 192.168.0.2-192.168.0.30 tidak bisa internet sama sekali. tapi range diatas ip address 192.168.0.31-192.168.0.254 bisa internet. sesuaikan dengan kebutuhan jumlah user sampean aja. semoga sedikt membantu Click here to enlargeClick here to enlargeClick here to enlarge SUKSES YAAAAAA

  3. #3
    Status
    Offline
    ElangLiar's Avatar
    Newbie
    Join Date
    Feb 2010
    Posts
    25
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yohanexz Click here to enlarge
    Bikin filter rule aja sperti ini.

    /ip firewall filter
    add action=drop chain=input src-address=192.168.0.2-192.168.0.30

    maksud nya ip 192.168.0.2-192.168.0.30 tidak bisa internet sama sekali. tapi range diatas ip address 192.168.0.31-192.168.0.254 bisa internet. sesuaikan dengan kebutuhan jumlah user sampean aja. semoga sedikt membantu Click here to enlargeClick here to enlargeClick here to enlarge SUKSES YAAAAAA
    masih tetap ga bisa bro, saya coba seperti yang bro terapkan....koneksi masih tetap jalan jika saya coba ubah ip.

  4. #4
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kata kunci, ARP : Reply-Only

  5. The Following 2 Users Say Thank You to zdienos For This Useful Post:


  6. #5
    Status
    Offline
    ElangLiar's Avatar
    Newbie
    Join Date
    Feb 2010
    Posts
    25
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zdienos Click here to enlarge
    kata kunci, ARP : Reply-Only
    maksudnya gmana yah? ARP:Reply-Only ? maaf saya newbie banget bs dijelaskan engga bos?makasih sebelumnya

  7. #6
    Status
    Offline
    NeoS's Avatar
    Member
    Join Date
    Jul 2008
    Location
    Cikarang
    Posts
    113
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalo menurut pertanyaan tadi
    "walaupun client merubah ip tidak bisa internet", jika client tsb merubah ip tetapi masih dalam list ip yang bisa konek ke internet..
    mending kunci aja IP dan MAC addressnya..
    mudah2an membantu.. Click here to enlarge

  8. #7
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0

    Red face

    memahami pertanyaan TS..

    ini mau di aplikasikan ke warnet atau sejenisnya yang menggunakan media kabel, pembagian IP tidak menggunakan DHCP server alias IP statis, tolong di koreksi..

    mengembangkan penjelasan dari om yohanexz, saya justru membalikkan address-listnya, yang di tambahkan ke address-list adalah klien, yang di drop adalah yang selain klien

    Code:
    /ip firewall filter
    add action=drop chain=input src-address-list=!klien in-interface=wan
    semestinya sama aja kok, cuma kalo lebih defenitif, filter akan semakin baik..

  9. The Following User Says Thank You to Anto.PJ For This Useful Post:


  10. #8
    Status
    Offline
    yohanexz's Avatar
    Member Super Senior
    Join Date
    Sep 2010
    Location
    Rawamangun, Jakarta
    Posts
    613
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    memahami pertanyaan TS..

    ini mau di aplikasikan ke warnet atau sejenisnya yang menggunakan media kabel, pembagian IP tidak menggunakan DHCP server alias IP statis, tolong di koreksi..

    mengembangkan penjelasan dari om yohanexz, saya justru membalikkan address-listnya, yang di tambahkan ke address-list adalah klien, yang di drop adalah yang selain klien

    Code:
    /ip firewall filter
    add action=drop chain=input src-address-list=!klien in-interface=wan
    semestinya sama aja kok, cuma kalo lebih defenitif, filter akan semakin baik..

    SETUJU OM Click here to enlargeClick here to enlarge

  11. #9
    Status
    Offline
    uburcumi's Avatar
    :: Gw Banget Cing ::
    Join Date
    Jun 2009
    Location
    www.mikrotikservice.net
    Posts
    2,281
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    /ip firewall address-list
    add address=192.168.0.1 list=yes disabled=no

    /ip firewall nat
    add chain=srcnat disabled=no src-address-list=yes action=masquerade
    dari rule itu seharusnya selain ip list=yes gak bisa konek internet, mungkin ada nat/filter lain yg membuat lolos ip selain yg di maksud...coba di cek lagi.

  12. #10
    Status
    Offline
    marteen's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    128
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    setubuh ma bro cumi

    coba ane tambahin om..

    /ip firewall filter
    add action=drop chain=forward comment=client 1 disabled=no src-address=\
    172.22.2.2 src-mac-address=!xx:xx:xx:xx:xx:xx
    add action=drop chain=forward comment="" disabled=no src-address=\
    !172.22.2.2 src-mac-address=xx:xx:xx:xx:xx:xx

  13. The Following User Says Thank You to marteen For This Useful Post:


  14. #11
    Status
    Offline
    gezr's Avatar
    Calon Member
    Join Date
    Jun 2011
    Location
    Box OutDoor
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by marteen Click here to enlarge
    setubuh ma bro cumi

    coba ane tambahin om..

    /ip firewall filter
    add action=drop chain=forward comment=client 1 disabled=no src-address=\
    172.22.2.2 src-mac-address=!xx:xx:xx:xx:xx:xx
    add action=drop chain=forward comment="" disabled=no src-address=\
    !172.22.2.2 src-mac-address=xx:xx:xx:xx:xx:xx
    setubuh ma bro yg ini,uda ane terapin di tempat ane user jadi gak bisa seenaknya sendiri ganti ip sehingga bikin kacau bw limiter yg uda kita buat

  15. The Following User Says Thank You to gezr For This Useful Post:


  16. #12
    Status
    Offline
    xtremeshell's Avatar
    Newbie
    Join Date
    May 2008
    Posts
    27
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba ikut bantu ya..

    setelah kita memberikan rules pada firewall untuk mencegah ip lan untuk mengakses internet, ada baiknya "mengunci" IP address per klien dengan "mac address"... spt yg sudah bro2 sebutkan di atas, ane mo nambahin dikit..

    pertama2, pada winbox klik interface, kemudian pilih ethernet (pilih ethernet yg mengarah ke LAN, misalnya eth2). pilih, ARP: reply-only.

    kemudian pilh menu IP > ARP , kita add, masukin ip address PC klien, misalnya 192.168.1.100, dan masukin pasangan mac addy nya (misal 00:22:33:44) Click here to enlarge pilih OK. Logika ini kira2, hasilnya adalah.. PC klien yg ber ip address 192.168.1.100 bila ingin mengakses NAT pada router, harus dengan mac 00:22:33:44 bila TRUE, boleh masuk, bila FALSE, denied.

    jadi, kalo misalnya ada pelangan warnet yang iseng gonta ganti IP pada pc itu, ga bisa konek, karena mac nya dibaca router beda...

    itu aja semoga membantu.. Click here to enlarge

  17. #13
    Status
    Offline
    aankoe's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    246
    Reviews
    Read 0 Reviews
    Downloads
    16
    Uploads
    0
    Feedback Score
    0
    setubuh ma bro yang diatas.
    cuman kalau saya sich terbalik prosesnya.
    1. masuk ke menu IP > ARP
    2. klik kanan ip/mac yang ada di list tersebut trus pilih mac static
    3. masuk ke INTERFACE > ETHERCLIENT kemudian ubah ARP jadi reply-only.

    semoga bisa membantu... Click here to enlarge

  18. #14
    Status
    Offline
    coco_nk4l's Avatar
    Member
    Join Date
    Aug 2009
    Location
    Tanjung Duren - Jakarta Barat
    Posts
    136
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    2
    Feedback Score
    0
    Pertama buat address List Clientnya dulu
    /ip firewall address-list
    add address=10.10.10.2 comment="" disabled=no list=Client
    add address=xx.xx.xx.xx comment="" disabled=no list=client

    /ip firewall filter
    add action=accept chain=forward comment="Allow IP client Connect Internet" \
    disabled=no dst-address-list=Client in-interface=pppoe-out1 \
    out-interface=LAN
    add action=drop chain=forward comment="Reject yg ganti IP" disabled=no \
    dst-address=10.10.10.0/24 in-interface=pppoe-out1 out-interface=LAN


    ato juga bisa pake ARP-Replay Only

  19. #15
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Ada banyak cara sih, bisa pake cara bro aankoe (static ARP+reply only ARP), bisa tambahin manual IP yang mau di-accept di firewall filter dengan menambahkan parameter src-MAC-address, bisa pertimbangkan sistem PPPoE, HotSpot, dan sebagainya.
    A person's junk is another person's treasure.

 

 
Page 1 of 4 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 13
    Last Post: 12-12-2011, 17:57
  2. gimana caranya supaya tx/rx ccq 100% ?
    By asking in forum Wireless Networking
    Replies: 35
    Last Post: 10-08-2011, 11:17
  3. Replies: 1
    Last Post: 05-02-2011, 09:40
  4. Bagaimana supaya tidak bisa dilolosi dengan Proxy??
    By toe_tomtom in forum Beginner Basics
    Replies: 11
    Last Post: 18-06-2010, 09:25
  5. [ask]gmn caranya supaya antar 2 antenna bs connect?
    By dedinho78 in forum Beginner Basics
    Replies: 2
    Last Post: 29-02-2008, 15:28

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •