Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 15 of 15
  1. #1
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ask] mslh Bittorent n Mikrotik

    bro2 senior skalian... saya ada mslh..

    setiap saya dunload Bittorent di kompi A, ntah pd saat sedang donload ataupun dah slesai, trus mau browse lg, lgsg gk bs... klo di ping k mikrotik ether1(LAN) hasilnya timeout. pdhal klo di ping dr kompi B, OK2 az. pdhal sblm donload Bittorent, browse OK2 az di kompi A. begitu jg di kompi B, klo hbs dunload bittorent, trus mau browse lg gk bs..

    awal2nya, saya tunggu kira2 10 mnt, sambil saya ping k mikrotik ether1, tgu ping ny Reply. br bs browse lg. trus, klo gk mau nunggu, saya ganti az IP saya, lgsg bs browse lg.

    trus, anehny lg, klo YM lg hdp, trus dunload Bittorent, lgsg gk bs browse n ping k mikrotik ether1. tp YM msh ttp jln. kcuali di sign out, trus klo mau msk lg.. dah gk bs, hrs nunggu 10 mnt lg, atau gnti IP.

    saya pernah tny2 k tmn2 yg lain. ktnya mereka jg gt... dan ini bkn hanya pada saat dunload Bittorent az.

    jd, yg mau saya tny,
    1. bagaimana dgn Mikrotik bro2 yang ada di sini, apakah pernah gini jg?
    2. apakah ini salah di setting an mikrotik saya? tau az kali ada yg kurang?
    3. apakah ini mmg salah satu fitur mikrotik? mksdny gini, klo ada satu IP dlm LAN melakukan koneksi yg banyak k luar(biasanya sih, ini dr program2 donload manager), maka IP itu akan di-ban(maaf klo istilah kurang tepat) utk sementara.

    Sblum ny saya ucapkan trima kasih buat bantuannya. THX.Click here to enlarge

  2. #2
    Status
    Offline
    septiadi's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    69
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    1. bagaimana dgn Mikrotik bro2 yang ada di sini, apakah pernah gini jg?
    saya sih ga pernah ngalami kaya gitu soalna semua trafik P2P kaya torrent dll aq blok Click here to enlarge

    2. apakah ini salah di setting an mikrotik saya? tau az kali ada yg kurang?
    coba la paste settingan di forum, biar bisa tau salah atau kurangnya di mana Click here to enlarge

    3. apakah ini mmg salah satu fitur mikrotik? mksdny gini, klo ada satu IP dlm LAN melakukan koneksi yg banyak k luar(biasanya sih, ini dr program2 donload manager), maka IP itu akan di-ban(maaf klo istilah kurang tepat) utk sementara.
    tergantung dari settingan firewall nya bro

  3. #3
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sori br post lg. byk kerjaan soalny
    ok. ini setting an mikrotik saya, tp gk tau dah smua apa blum, soalnya bkn saya yang install Mikrotik ny.. tp teknisi yg dulu kerja di sini.

    ether1 =NIC Lan
    Ether2 = NIC ke ISP
    >>ip route print
    Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
    # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
    0 ADC 192.168.88.140/30 192.168.88.142 ether2
    1 ADC 192.168.123.0/24 192.168.123.250 ether1
    2 A S 0.0.0.0/0 r 192.168.88.141 ether2

    >> ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat src-address=192.168.123.100-192.168.123.130 action=masquerade

    >>> ip address print
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 192.168.88.142/30 192.168.88.140 192.168.88.143 ether2
    1 192.168.123.250/24 192.168.123.0 192.168.123.255 ether1

    stau saya, kyk ny ini az. selebihnya saya buka2 di winbox rata2 kosong.
    Tolong di cek y. Click here to enlarge

  4. #4
    Status
    Offline
    jhoe412's Avatar
    Member
    Join Date
    Nov 2007
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile

    Click here to enlarge Originally Posted by silindric Click here to enlarge
    sori br post lg. byk kerjaan soalny
    ok. ini setting an mikrotik saya, tp gk tau dah smua apa blum, soalnya bkn saya yang install Mikrotik ny.. tp teknisi yg dulu kerja di sini.



    >>ip route print
    Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
    # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
    0 ADC 192.168.88.140/30 192.168.88.142 ether2
    1 ADC 192.168.123.0/24 192.168.123.250 ether1
    2 A S 0.0.0.0/0 r 192.168.88.141 ether2

    >> ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat src-address=192.168.123.100-192.168.123.130 action=masquerade

    >>> ip address print
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 192.168.88.142/30 192.168.88.140 192.168.88.143 ether2
    1 192.168.123.250/24 192.168.123.0 192.168.123.255 ether1

    stau saya, kyk ny ini az. selebihnya saya buka2 di winbox rata2 kosong.
    Tolong di cek y. Click here to enlarge
    Brooo....coba paste jugak firewallnya kayaknya ada beberapa port yang kenak block tu.........atau coba Nat dibawah ini ndak pakai web-proxykan:
    Code:
     add chain=srcnat out-interface=ether2 action=netmap 
     to-addresses=192.168.88.142 to-ports=0-65535
    nat diatas saya lihat berdasarkan data yang anda tampilkan....Click here to enlarge
    Last edited by jhoe412; 08-05-2008 at 08:25.

  5. #5
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by jhoe412 Click here to enlarge
    Brooo....coba paste jugak firewallnya kayaknya ada beberapa port yang kenak block tu.........atau coba Nat dibawah ini ndak pakai web-proxykan:
    Code:
     add chain=srcnat out-interface=ether2 action=netmap 
     to-addresses=192.168.88.142 to-ports=0-65535
    nat diatas saya lihat berdasarkan data yang anda tampilkan....Click here to enlarge
    Bro jhoe412, mksdnya yg ini bkn?
    >> ip firewall service-port print
    Flags: X - disabled, I - invalid
    # NAME PORTS
    0 ftp 21
    1 tftp 69
    2 irc 6667
    3 X h323
    4 quake3
    5 X gre
    6 X pptp
    oy, mksd saya, bkn kena blok gt, tp,
    bs download Torrent, tp IP yg donload Torrent tersebut seperti tidak bisa membuat koneksi yang baru lg.
    Cthnya, saya lg buka YM(online), trus saya donload Torrent, nah pas lg donload, saya coba browsing, gk bs. tp YM ttp Online n bs chat. begitu YM Offline, mau Online lg, gk bs.
    Ini jg terjadi wkt maen game, pas maen Game, trus saya coba donload Torrent, nah pas saya pindah k map/peta berikutny(artinya permintaan informasi map k server game), lgsg muncul, "koneksi terputus".
    Kalo saya hentikan Donload Torrent, trus kompinya ganti IP, bs browsing lg.
    Tp klo kembali k IP semula gk bs lg, kecuali menunggu krg lbh 10 mnt lg, br pake IP yg semula br bs Browsing lg.

  6. #6
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Emang Torrent ngabisin bandwidth, terutama Bandwidth Upstream terlebih jika upstream nya kecil. Bahkan ketika selesai download, traffic upload tetap digunakan (berperan sebagai seeder), kecuali file tersebut telah dihapus dari BT client yang digunakan (atau IP diubah Click here to enlarge ).

    Kalo mau tetep bisa menjalankan lainnya sambil download torrent, mesti membatasi traffic torrent (terutama uploadnya). Ini bisa dilakukan dengan mangle + queue tree di Mikrotik, atau langsung di komputer client-nya dengan mengubah setting di BT client (kebanyakan BT client menyediakan opsi membatasi bandwidth yang digunakan).

  7. #7
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yosanpro Click here to enlarge
    Emang Torrent ngabisin bandwidth, terutama Bandwidth Upstream terlebih jika upstream nya kecil. Bahkan ketika selesai download, traffic upload tetap digunakan (berperan sebagai seeder), kecuali file tersebut telah dihapus dari BT client yang digunakan (atau IP diubah Click here to enlarge ).

    Kalo mau tetep bisa menjalankan lainnya sambil download torrent, mesti membatasi traffic torrent (terutama uploadnya). Ini bisa dilakukan dengan mangle + queue tree di Mikrotik, atau langsung di komputer client-nya dengan mengubah setting di BT client (kebanyakan BT client menyediakan opsi membatasi bandwidth yang digunakan).
    Ini jg dah saya coba. Di Flashget, saya batasi bandwidth ny sampe 1KBps, baik UPstream maupun DownStream.. tp tetap az sama. saya juga dah coba di BitComet, dan tetap sama. Click here to enlarge

  8. #8
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba diliat pake komputer b
    setelah donlot beres, ada traffic yg masuk atau keluar ngga dari komputer a

  9. #9
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by c0nf Click here to enlarge
    coba diliat pake komputer b
    setelah donlot beres, ada traffic yg masuk atau keluar ngga dari komputer a
    sori, br post lg..
    setelah donload beres, saya biasanya nge-stop flashget/Bitcomet ny supaya gk upload lg (seeder).
    saya cek di Mikrotik dr kompi b, ada traffic k server yahoo.. krn saya lg buka YM.
    tp, stlh saya tutup YM, saya cek di Mikrotik, gk ada traffic.

    oiy, satu lg, pd saat gk bs browsing, saya pernah coba ping k Mikrotik, tp hasilnya RTO... pdhal klo saya ping dr kompi lain, ada reply..

    apa yg salah y??Click here to enlarge

    msh blum ada solusi nih..Click here to enlarge

  10. #10
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah... sepi nih thread..

    Click here to enlarge

    mana y senior2 ny?
    msh gantung nih mslh.

    tolong pencerahannya..
    Thx.
    Click here to enlarge

  11. #11
    Status
    Offline
    prv
    prv's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    31
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sy pernah mengalami kejadian seperti itu di router mikrotik di kostan teman... hal ini terjadi apabila ada salah satu komputer/notbuk yang mengaktifkan download manager menggunakan bittorent tau-tau mereka tidak dapat koneksi ke internet (ping ke router jadi RTO).Saya pikir ada masalah di router tersebut.

    Tapi setelah saya amati, mungkin ada hubungannya dengan script di firewall (/ip firewall filter) yang berguna untuk mendeteksi port-scanner, memasukkan ip address yang melakukan port-scanner kedalam daftar /ip firewall address-list. Setelah itu ada script yang bertugas men-drop traffic yang telah masuk dalam daftar port-scanner.
    16 ;;; Port scanners to list
    chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
    address-list=port scanners address-list-timeout=2w

    17 chain=forward protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
    address-list=port scanners address-list-timeout=2w

    18 ;;; NMAP FIN Stealth scan
    chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    19 chain=forward protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    20 ;;; SYN/FIN scan
    chain=input protocol=tcp tcp-flags=fin,syn
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w


    21 chain=forward protocol=tcp tcp-flags=fin,syn
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    22 ;;; SYN/RST scan
    chain=input protocol=tcp tcp-flags=syn,rst
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    23 chain=forward protocol=tcp tcp-flags=syn,rst
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    24 ;;; FIN/PSH/URG scan
    chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    25 chain=forward protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w


    26 ;;; ALL/ALL scan
    chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    27 chain=forward protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    28 ;;; dropping port scanners
    chain=input src-address-list=port scanners action=drop

    29 chain=forward src-address-list=port scanners action=drop
    Tapi jika kita hapus port-scanner list, IP tersebut dapat normal terkoneksi kembali.
    Apakah ada yang mengalami kejadian serupa?

  12. #12
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    emang dari download manager nge scan mikrotik ?
    kalau emang komputer nya di block gara2 scan router, jangan2 ada...

  13. #13
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sori br post lg..

    Click here to enlarge Originally Posted by prv Click here to enlarge
    Tapi jika kita hapus port-scanner list, IP tersebut dapat normal terkoneksi kembali.
    Apakah ada yang mengalami kejadian serupa?
    hm.. ini maksudnya hapus yang mana y?

    Click here to enlarge Originally Posted by c0nf Click here to enlarge
    emang dari download manager nge scan mikrotik ?
    kalau emang komputer nya di block gara2 scan router, jangan2 ada...
    Download manager scan Mikrotik??? cara ngelihat ny??

    jd bingung gw.
    sori msh newbie, jd tolong jelasin dikit dung. gk ngerti soalnya..
    Click here to enlarge

  14. #14
    Status
    Offline
    unlimited_me's Avatar
    VIP Member
    Join Date
    Jul 2007
    Posts
    955
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    7 (100%)
    @silindric

    maksudnya gini,
    coba kamu cek rule /ip firewall filter
    ada ga rule tentang port scanning?

    klo ada, coba disable dulu.
    bisa jadi karena rule tsb, ip komputer yang menggunakan bittorrent di blok secara kurun waktu tertentu.

    thanks

  15. #15
    Status
    Offline
    silindric's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mikrotik saya punya sih, yang begini

    84 ;;; Port scanners to list
    chain=portscan protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

    85 ;;; NMAP FIN Stealth scan
    chain=portscan protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    action=add-src-to-address-list address-list=port scanners address-list-timeout=30m

    86 ;;; SYN/FIN scan
    chain=portscan protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

    87 ;;; SYN/RST scan
    chain=portscan protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

    88 ;;; FIN/PSH/URG scan
    chain=portscan protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

    89 ;;; ALL/ALL scan
    chain=portscan protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

    90 ;;; NMAP NULL scan
    chain=portscan protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    action=add-src-to-address-list address-list=port scanners address-list-timeout=30m

    91 ;;; dropping port scanners
    chain=portscan src-address-list=port scanners action=drop

    92 ;;; Allow limited pings
    chain=portscan protocol=icmp limit=50/5s,2 action=accept

    93 ;;; Drop excess pings
    chain=portscan protocol=icmp action=drop

    94 ;;; BLOCK SPAMMERS OR INFECTED USERS
    chain=portscan protocol=tcp dst-port=25 src-address-list=spammer action=drop

    95 ;;; Detect and add-list SMTP virus or spammers
    chain=portscan protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5
    action=add-src-to-address-list address-list=spammer address-list-timeout=30m
    Jd, mana yg harus di hapus? smuanya kah??

    atau yang ini az?
    ;;; Port scanners to list
    chain=portscan protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
    address-list=port scanners address-list-timeout=30m

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •